nginx
diff --git a/‎content/includes/nginx-one/alert-labels.md‎
Lines changed: 27 additions & 0 deletions b/‎content/includes/nginx-one/alert-labels.md‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎content/includes/nginx-one/conf/nginx-agent-conf.md‎
Lines changed: 2 additions & 5 deletions b/‎content/includes/nginx-one/conf/nginx-agent-conf.md‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎content/nginx-one/glossary.md‎
Lines changed: 4 additions & 0 deletions b/‎content/nginx-one/glossary.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎content/nginx-one/k8s/add-nic.md‎
Lines changed: 21 additions & 7 deletions b/‎content/nginx-one/k8s/add-nic.md‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎content/nginxaas-azure/getting-started/nginx-configuration/overview.md‎
Lines changed: 3 additions & 1 deletion b/‎content/nginxaas-azure/getting-started/nginx-configuration/overview.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎content/nic/installation/installing-nic/installation-with-helm.md‎
Lines changed: 19 additions & 15 deletions b/‎content/nic/installation/installing-nic/installation-with-helm.md‎
Lines changed: 19 additions & 15 deletions
diff --git a/‎content/nic/installation/integrations/nic-n1-console.md‎
Lines changed: 0 additions & 130 deletions b/‎content/nic/installation/integrations/nic-n1-console.md‎
Lines changed: 0 additions & 130 deletions
diff --git a/‎content/nic/releases.md‎
Lines changed: 5 additions & 3 deletions b/‎content/nic/releases.md‎
Lines changed: 5 additions & 3 deletions
@@ -0,0 +1,27 @@
+---
+files:
+  - content/nginx-one/secure-your-fleet/secure.md
+  - content/nginx-one/glossary.md
+---
+
+
+You can configure a variety of NGINX alerts in the F5 Distributed Cloud. If you have access to the [F5 Distributed Cloud]({{< ref "/nginx-one/getting-started.md#confirm-access-to-the-f5-distributed-cloud" >}}), log in and select the **Audit Logs & Alerts** tile. 
+
+Go to **Notifications > Alerts**. Select the gear icon and select **Alert Name > Active Alerts**. You may see one or more of the following alerts in the **Audit Logs & Alerts** Console. 
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+
+### Alert Labels
+
+| **Alertname**                  | **Description**                                                    | **Alert Level** | **Action**                                                                                                      |
+|--------------------------------|----------------------------------------------------------------------|-----------------|------------------------------------------------------------------------------------------------------------------|
+| HighCVENGINX                  | A high-severity CVE is impacting an NGINX instance                  | Critical        | Review the CVE details in the NGINX One Console. Apply updates or change configurations to resolve the vulnerability. |
+| MediumCVENGINX                | A medium-severity CVE is impacting an NGINX instance                | Major           | Review the CVE details in the NGINX One Console. Apply updates or configuration changes as needed.               |
+| LowCVENGINX                   | A low-severity CVE is impacting an NGINX instance                   | Minor           | Review the CVE details in the NGINX One Console. Consider updates or configuration changes to maintain security.  |
+| SecurityRecommendationNGINX   | A security recommendation has been found for an NGINX configuration | Critical        | Review the configuration issue in the NGINX One Console. Follow the recommendations to secure the instance or Config Sync Group.      |
+| OptimizationRecommendationNGINX| An optimization recommendation has been found for an NGINX configuration| Major          | Review the optimization details in the NGINX One Console. Update the configuration to for the instance or Config Sync Group to enhance performance.       |
+| BestPracticeRecommendationNGINX| A best practice recommendation has been found for an NGINX configuration | Minor          | Review the best practice recommendation in the NGINX One Console. Update the configuration for the instance or Config Sync Group to align with industry standards. |
+| NGINXOffline                  | An NGINX instance is now offline                                   | Major           | Verify the host is online. Check the NGINX Agent's status on the instance and ensure it is connected to the NGINX One Console. |
+| NGINXUnavailable              | An NGINX instance is now unavailable                               | Major           | Ensure the NGINX Agent and host are active. Verify the NGINX Agent can connect to the NGINX One Console and resolve any network issues. |
+| NewNGINX                      | A new NGINX instance has connected to NGINX One                   | Minor           | Review the instance details in the NGINX One Console. Confirm availability, CVEs, and recommendations to ensure the instance is operational. |
+{{</bootstrap-table>}}
@@ -8,15 +8,12 @@ files:
 ```yaml
 command:
   server:
-    host: "<NGINX-One-Console-URL>" # Command server host
+    host: "agent.connect.nginx.com" # Command server host
     port: 443                       # Command server port
   auth:
     token: "<your-data-plane-key-here>" # Authentication token for the command server
   tls:
     skip_verify: false
 ```
 
-Replace the placeholder values:
-
-- `<NGINX-One-Console-URL>`: The URL of your NGINX One Console instance, typically https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ .
-- `<your-data-plane-key-here>`: Your Data Plane key.
+Replace `<your-data-plane-key-here>` with your Data Plane key.
@@ -28,6 +28,10 @@ This glossary defines terms used in the F5 NGINX One Console and F5 Distributed
 
 {{< include "nap-waf/config/common/nginx-app-protect-waf-terminology.md" >}}
 
+## NGINX Alerts
+
+{{< include "/nginx-one/alert-labels.md" >}}
+
 ## Legal notice: Licensing agreements for NGINX products
 
 Using NGINX One is subject to our End User Service Agreement (EUSA). For [NGINX Plus]({{< ref "/nginx" >}}), usage is governed by the End User License Agreement (EULA). Open source projects, including [NGINX Agent](https://github.com/nginx/agent) and [NGINX Open Source](https://github.com/nginx/nginx), are covered under their respective licenses. For more details on these licenses, follow the provided links.
 
@@ -37,13 +37,27 @@ You can also create a data plane key through the NGINX One Console. Once loggged
 {{<tabs name="deploy-config-resource">}}
 {{%tab name="Helm"%}}
 
-Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console:
+Upgrade or install NGINX Ingress Controller with the following command to configure NGINX Agent and connect to NGINX One Console:
 
-```yaml
-nginxAgent:
-  enable: true
-  dataplaneKeySecretName: "<data_plane_key_secret_name>"
-```
+- For NGINX:
+
+    ```shell
+    helm upgrade --install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} \
+      --set nginxAgent.enable=true \
+      --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+      --set nginxAgent.endpointHost=agent.connect.nginx.com
+    ```
+
+- For NGINX Plus: (This assumes you have pushed NGINX Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`)
+
+    ```shell
+    helm upgrade --install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} \
+      --set controller.image.repository=myregistry.example.com/nginx-plus-ingress \
+      --set controller.nginxplus=true \
+      --set nginxAgent.enable=true \
+      --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+      --set nginxAgent.endpointHost=agent.connect.nginx.com
+    ```
 
 The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
 for instructions on how to generate your dataplane key from the NGINX One Console.
@@ -89,7 +103,7 @@ data:
     ## command server settings
     command:
       server:
-        host: product.connect.nginx.com
+        host: agent.connect.nginx.com
         port: 443
       auth:
         tokenpath: "/etc/nginx-agent/secrets/dataplane.key"
 
@@ -74,7 +74,9 @@ Some directives cannot be overridden by the user provided configuration.
 
 ## NGINX listen port restrictions
 
-- Due to port restrictions on Azure Load Balancer health probes, ports `19`, `21`, `70`, and `119` are not allowed. The NGINXaaS deployment can listen on all other ports.
+- Due to port restrictions on Azure Load Balancer health probes, certain ports are not allowed for the `listen` directive in NGINX configuration. The following ports are blocked:
+  - `19`, `21`, `70`, `119` - Azure health probe restricted ports
+  - `49151`, `49153`, `5140`, `50000`, `54141`, `54779` - reserved ports to support other NGINXaaS features
 
 - The [Basic]({{< ref "/nginxaas-azure/billing/overview.md#basic-plan" >}}) plan (and the deprecated Standard (v1) plan) supports a maximum of 5 listen ports in the NGINX configuration. Configurations that specify over 5 unique ports are rejected.
 
 
@@ -472,19 +472,23 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **serviceNameOverride** | Used to prevent cloud load balancers from being replaced due to service name change during helm upgrades. | "" |
 | **nginxServiceMesh.enable** | Enable integration with NGINX Service Mesh. See the NGINX Service Mesh docs for more details. Requires `controller.nginxplus`. | false |
 | **nginxServiceMesh.enableEgress** | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh docs for more details. Requires `nginxServiceMesh.enable`. | false |
-|**nginxAgent.enable** | Enable NGINX Agent to integrate the Security Monitoring and App Protect WAF modules. Requires `controller.appprotect.enable`. | false |
-|**nginxAgent.instanceGroup** | Set a custom Instance Group name for the deployment, shown when connected to NGINX Instance Manager. `nginx-ingress.controller.fullname` will be used if not set. | "" |
-|**nginxAgent.logLevel** | Log level for NGINX Agent. | "error |
-|**nginxAgent.instanceManager.host** | FQDN or IP for connecting to NGINX Ingress Controller. Required when `nginxAgent.enable` is set to `true` | "" |
-|**nginxAgent.instanceManager.grpcPort** | Port for connecting to NGINX Ingress Controller. | 443 |
-|**nginxAgent.instanceManager.sni** | Server Name Indication for Instance Manager. See the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. | "" |
-|**nginxAgent.instanceManager.tls.enable** | Enable TLS for Instance Manager connection. | true |
-|**nginxAgent.instanceManager.tls.skipVerify** | Skip certification verification for Instance Manager connection. | false |
-|**nginxAgent.instanceManager.tls.caSecret** | Name of `nginx.org/ca` secret used for verification of Instance Manager TLS. | "" |
-|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs]({{< ref "/nim/system-configuration/secure-traffic.md#mutual-client-certificate-authentication-setup-mtls" >}}) and the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. | "" |
-|**nginxAgent.syslog.host** | Address for NGINX Agent to run syslog listener. | 127.0.0.1 |
-|**nginxAgent.syslog.port** | Port for NGINX Agent to run syslog listener. | 1514 |
-|**nginxAgent.napMonitoring.collectorBufferSize** | Buffer size for collector. Will contain log lines and parsed log lines. | 50000 |
-|**nginxAgent.napMonitoring.processorBufferSize** | Buffer size for processor. Will contain log lines and parsed log lines. | 50000 |
-|**nginxAgent.customConfigMap** | The name of a custom ConfigMap to use instead of the one provided by default. | "" |
+|**nginxAgent.enable** | Enable NGINX Agent 3.x to allow [connecting to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}) or to integrate NGINX Agent 2.x for [Security Monitoring]({{< ref "/nic/tutorials/security-monitoring.md" >}}) . | false |
+|**nginxAgent.logLevel** | Log level for NGINX Agent. | "error" |
+|**nginxAgent.dataplaneKeySecretName** | Name of the Kubernetes Secret containing the Data Plane key used to authenticate to NGINX One Console. Learn more [here]({{< ref "/nginx-one/k8s/add-nic.md" >}}). Required when `nginxAgent.enable` is set to `true`. Requires NGINX Agent 3.x. | "" |
+|**nginxAgent.endpointHost** | Domain or IP address for the NGINX One Console. Requires NGINX Agent 3.x. | "agent.connect.nginx.com" |
+|**nginxAgent.endpointPort** | Port for the NGINX One Console endpoint. Requires NGINX Agent 3.x. | 443 |
+|**nginxAgent.tlsSkipVerify** | Skip TLS verification for the NGINX One Console endpoint. Requires NGINX Agent 3.x. | false |
+|**nginxAgent.instanceGroup** | Set a custom Instance Group name for the deployment, shown when connected to NGINX Instance Manager. `nginx-ingress.controller.fullname` will be used if not set. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.host** | FQDN or IP for connecting to NGINX Ingress Controller. Required when `nginxAgent.enable` is set to `true`. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.grpcPort** | Port for connecting to NGINX Ingress Controller. Requires NGINX Agent 2.x. | 443 |
+|**nginxAgent.instanceManager.sni** | Server Name Indication for Instance Manager. See the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.tls.enable** | Enable TLS for Instance Manager connection. Requires NGINX Agent 2.x. | true |
+|**nginxAgent.instanceManager.tls.skipVerify** | Skip certification verification for Instance Manager connection. Requires NGINX Agent 2.x. | false |
+|**nginxAgent.instanceManager.tls.caSecret** | Name of `nginx.org/ca` secret used for verification of Instance Manager TLS. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs]({{< ref "/nim/system-configuration/secure-traffic.md#mutual-client-certificate-authentication-setup-mtls" >}}) and the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.syslog.host** | Address for NGINX Agent to run syslog listener. Requires NGINX Agent 2.x. | 127.0.0.1 |
+|**nginxAgent.syslog.port** | Port for NGINX Agent to run syslog listener. Requires NGINX Agent 2.x. | 1514 |
+|**nginxAgent.napMonitoring.collectorBufferSize** | Buffer size for collector. Will contain log lines and parsed log lines. Requires NGINX Agent 2.x. | 50000 |
+|**nginxAgent.napMonitoring.processorBufferSize** | Buffer size for processor. Will contain log lines and parsed log lines. Requires NGINX Agent 2.x. | 50000 |
+|**nginxAgent.customConfigMap** | The name of a custom ConfigMap to use instead of the one provided by default. Requires NGINX Agent 2.x.| "" |
 {{</bootstrap-table>}}
@@ -10,13 +10,15 @@ nd-docs: DOCS-616
 
 08 Jul 2025
 
-This release includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources.
+This NGINX Ingress Controller release brings initial connectivity to the NGINX One Console! You can now use NGINX One Console to manage NGINX instances that are part of your NGINX Ingress Controller cluster. See [here]({{< ref "/nginx-one/k8s/add-nic.md" >}}) to configure NGINX One Console with NGINX Ingress Controller.
+
+This release also includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources.
 
 Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. This release replaces that observability capability with native NGINX Open Telemetry traces, allowing you to monitor the internal traffic of your applications.
 
 ### <i class="fa-solid fa-rocket"></i> Features
 - [7642](https://github.com/nginx/kubernetes-ingress/pull/7642) Add OpenTelemetry support
-- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for Agent V3
+- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for NGINX Agent version 3 and Connecting to NGINX One Console
 - [7884](https://github.com/nginx/kubernetes-ingress/pull/7884) Tiered rate limits with variables
 - [7765](https://github.com/nginx/kubernetes-ingress/pull/7765) Add OIDC PKCE configuration through Policy
 - [7832](https://github.com/nginx/kubernetes-ingress/pull/7832) Add request_method to rate-limit Policy
@@ -46,7 +48,7 @@ Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. Thi
 [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress),
 [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress).
 - For NGINX Plus, use the 5.1.0 images from the F5 Container registry or build your own image using the 5.1.0 source code
-- For Helm, use version 2.2.0 of the chart.
+- For Helm, use version 2.2.1 of the chart.
 
 ### <i class="fa-solid fa-life-ring"></i> Supported Platforms