diff --git a/.cloudcannon/schemas/default.md b/.cloudcannon/schemas/default.md
index e3a9186f0..474baab89 100644
--- a/.cloudcannon/schemas/default.md
+++ b/.cloudcannon/schemas/default.md
@@ -39,7 +39,7 @@ To do xzy, take the following steps:
 
 2. Format as numbered lists.
 
-    {{< note >}}Add notes like this.{{</note>}}
+    {{< call-out "note" >}}Add notes like this.{{< /call-out >}}
 
 3. If there is only one step, you don't need to format it as a numbered list.
 
diff --git a/.cloudcannon/schemas/nms/policy.md b/.cloudcannon/schemas/nms/policy.md
index 4f5d0054c..bd2d670c3 100644
--- a/.cloudcannon/schemas/nms/policy.md
+++ b/.cloudcannon/schemas/nms/policy.md
@@ -81,7 +81,7 @@ The following table lists the configurable settings and their default values for
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out >}}
 
 To create an XYZ policy using the REST API, send an HTTP `POST` request to the Add-Endpoint-Name-Here endpoint.
 
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 47978539f..09f9c2eea 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,35 +1,31 @@
 ### Proposed changes
 
-Write a clear and concise description that helps reviewers understand the purpose and impact of your changes. Use the
-following format:
+[//]: # "Write a clear and concise description of what the pull request changes."
+[//]: # "You can use our Commit messages guidance for this."
+[//]: # "https://github.com/nginx/documentation/blob/main/documentation/git-conventions.md#commit-messages"
 
-Problem: Give a brief overview of the problem or feature being addressed.
+[//]: # "First, explain what was changed, and why. This should be most of the detail."
+[//]: # "Then how the changes were made, such as referring to existing styles and conventions."
+[//]: # "Finish by noting anything beyond the scope of the PR changes that may be affected."
 
-Solution: Explain the approach you took to implement the solution, highlighting any significant design decisions or
-considerations.
+[//]: # "Include information on testing if relevant and non-obvious from the deployment preview."
+[//]: # "For expediency, you can use screenshots to show small before and after examples."
 
-Testing: Describe any testing that you did.
+[//]: # "If the changes were defined by a GitHub issue, reference it using keywords."
+[//]: # "https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests"
 
-Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
-specific feedback, add them here.
-
-If this PR addresses an [issue](https://github.com/nginx/documentation/issues) on GitHub, ensure that you link to it here:
-
-Closes #ISSUE
+[//]: # "Do not like to any internal, non-public resources. This includes internal repository issues or anything in an intranet."
+[//]: # "You can make reference to internal discussions without linking to them: see 'Referencing internal information'."
+[//]: # "https://github.com/nginx/documentation/blob/main/documentation/closed-contributions.md#referencing-internal-information"
 
 ### Checklist
 
-Before merging a pull request, run through this checklist and mark each as complete.
+Before sharing this pull request, I completed the following checklist:
 
-- [ ] I have read the [contributing guidelines](https://github.com/nginx/documentation/blob/main/CONTRIBUTING.md)
-- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md)
-- [ ] I have rebased my branch onto main
-- [ ] I have ensured my PR is targeting the main branch and pulling from my branch from my own fork
-- [ ] I have ensured that the commit messages adhere to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/#summary)
-- [ ] I have ensured that documentation content adheres to [the style guide](/documentation/style-guide.md)
-- [ ] If the change involves potentially sensitive changes[^1], I have assessed the possible impact
-- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works
-- [ ] I have ensured that existing tests pass after adding my changes
-- [ ] If applicable, I have updated [`README.md`](/README.md)
+- [ ] I read the [Contributing guidelines](https://github.com/nginx/documentation/blob/main/CONTRIBUTING.md)
+- [ ] My branch adheres to the [Git conventions](https://github.com/nginx/documentation/blob/main/documentation/git-conventions.md)
+- [ ] My content changes adhere to the [F5 NGINX Documentation style guide](https://github.com/nginx/documentation/blob/main/documentation/style-guide.md)
+- [ ] If my changes involve potentially sensitive information[^1], I have assessed the possible impact
+- [ ] I have waited to ensure my changes pass tests, and addressed any discovered issues
 
-[^1]: Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation. Please refer to [our style guide](/documentation/style-guide.md) for guidance about placeholder content.
\ No newline at end of file
+[^1]: Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the [style guide](https://github.com/nginx/documentation/blob/main/documentation/style-guide.md) for guidance about placeholder content.
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index aedf4214e..a473c09de 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -101,6 +101,11 @@ jobs:
                     value: `${{ github.event.client_payload.author }}`,
                     short: true
                   },
+                  {
+                    title: 'Description',
+                    value: `${{ github.event.client_payload.description }}`,
+                    short: false
+                  },
                   {
                     title: 'Preview URL',
                     value: `${{ env.PREVIEW_URL }}`,
@@ -118,10 +123,10 @@ jobs:
     needs: call-docs-build-push
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.workflow_run.head_branch }}
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version: 18
       - name: Installing packages
diff --git a/.github/workflows/coveo.yml b/.github/workflows/coveo.yml
index 3f1bf42fd..b9d52f99c 100644
--- a/.github/workflows/coveo.yml
+++ b/.github/workflows/coveo.yml
@@ -72,7 +72,7 @@ jobs:
     needs: generate-coveo-search-token
     steps:
       - name: Download Coveo search token
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
 
       - name: View files
         run: ls -R
diff --git a/.github/workflows/dot-org-content.yml b/.github/workflows/dot-org-content.yml
new file mode 100644
index 000000000..692274238
--- /dev/null
+++ b/.github/workflows/dot-org-content.yml
@@ -0,0 +1,56 @@
+name: Detect changes in documentation within nginx/nginx.org
+
+on:
+  schedule:
+    - cron: "0 */23 * * *"
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:      
+  detect-changes:
+    name: Detect changes in 'en' docs of nginx/nginx.org
+    runs-on: ubuntu-latest
+    outputs:
+      IS_CHANGES_DETECTED: ${{ steps.check_changes.outputs.changed }}
+    steps: 
+      - name: Checkout Repository
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
+        with:
+          fetch-depth: 0
+      - name: Clone the nginx/nginx-org repository
+        run: |
+            git clone --depth=2 https://github.com/nginx/nginx.org.git dot-org-repo
+      - name: Check for changes in xml/en folder
+        id: check_changes
+        run: |
+            cd dot-org-repo
+
+            if git whatchanged --since="1 day ago" -- _xml/en/; then
+              echo "Changes detected in /en"
+              echo "changed=true" >> $GITHUB_OUTPUT
+            else
+              echo "No changes in /en"
+              echo "changed=false" >> $GITHUB_OUTPUT
+            fi
+      - name: Execute make target 'make hugo-md' to generate markdown
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+            cd dot-org-repo
+            make module-markdown
+      - name: Create PR 
+        uses: peter-evans/create-pull-request@v7
+        if: steps.check_changes.outputs.changed == 'true'
+        with:
+          commit-message: "chore: Update nginx plus module reference from detected changes in nginx/nginx.org"
+          labels: product/nginx-plus, dependencies, module-reference
+          base: main
+          branch: update-nginx-module-ref
+          title: 'NGINX Plus - Module Ref: Update content for content/nginx due to detected changes'
+          add-paths: |
+            dot-org-repo/libxslt-md/
+            dot-org-repo/yaml/nginx_api.yaml
+          body: |
+            ### Proposed Changes
+            Updated NGINX Plus docs.
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 7d94f92bb..3b59e5672 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ github.event.repository.fork == false }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
       - name: Scan
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 975aad2c4..9f984f1b2 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -12,6 +12,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Apply labels based on file paths
-        uses: actions/labeler@v5
+        uses: actions/labeler@v6
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/linkchecker.yml b/.github/workflows/linkchecker.yml
index bf148bda9..4114412f7 100644
--- a/.github/workflows/linkchecker.yml
+++ b/.github/workflows/linkchecker.yml
@@ -31,7 +31,13 @@ env:
     --ignore-url ^https://lightstep.com --ignore-url ^https://www.owasp.org/ --ignore-url ^https://www.maxmind.com --ignore-url ^https://www.splunk.com/
     --ignore-url ^https://oauth2.googleapis.com --ignore-url ^https://openidconnect.googleapis.com --ignore-url ^https://www.base64url.com/
     --ignore-url ^https://go.googlesource.com/ --ignore-url ^https://go.googlesource.com/sync --ignore-url ^https://linkerd.io/2.13/
-    --ignore-url ^http://www.redirectpage.com/ --ignore-url ^https://www.gnu.org/ --ignore-url ^https://insert_your_tenant_name.console.ves.volterra.io/
+    --ignore-url ^http://www.redirectpage.com/ --ignore-url ^https://www.gnu.org/ --ignore-url ^https://insert_your_tenant_name.console.ves.volterra.io
+    --ignore-url ^https://pkgs.nginx.com
+    --ignore-url ^http://backend1.example.com --ignore-url ^http://example.com --ignore-url ^https://my-nginx.example.com
+    --ignore-url ^https://www.nginxroute53.com --ignore-url ^http://cafe --ignore-url ^http://192.168.1.23 --ignore-url ^https://company.com
+    --ignore-url ^https://my-nginx-plus.example.com --ignore-url ^https://cognito-idp --ignore-url ^https:///www.okta.com
+    --ignore-url ^http://www.maxmind.com --ignore-url ^https://www.maxmind.com --ignore-url ^https://www.opswat.com 
+    --ignore-url ^https://support.pingidentity.com --ignore-url ^https://docs.pingidentity.com --ignore-url ^https://demo.example.com
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-ingress-controller/css
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginxaas/azure/css
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-gateway-fabric/css
@@ -55,6 +61,8 @@ jobs:
           - nginx-waf
           - nginx-management-suite
           - nginx-gateway-fabric
+          - nginx-agent
+          - nginx
     steps:
       # Determine and set basepath for schedule or workflow_dispatch
       - name: Set Basepath
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 38fecbc59..30c0547b4 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
         with:
           ref: ${{ inputs.branch && inputs.branch || github.ref }}
 
diff --git a/.github/workflows/notification.yml b/.github/workflows/notification.yml
index 810345ea2..79eb389eb 100644
--- a/.github/workflows/notification.yml
+++ b/.github/workflows/notification.yml
@@ -3,7 +3,6 @@ on:
   workflow_run:
     branches: [main]
     workflows:
-      - "UI validation on prod"
       - "QE LinkChecker"
       - "Check for Broken Links"
     types: [completed]
@@ -21,7 +20,7 @@ jobs:
       checks: read
     steps:
       - name: Retrieve Job Data
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         continue-on-error: true
         id: data
         with:
diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index 864924b3a..b69359d4c 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -29,7 +29,7 @@ jobs:
       checks: read # To detect SAST tools
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.0
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.0
         with:
           persist-credentials: false
 
@@ -56,6 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload SARIF results to code scanning
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.29.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
deleted file mode 100644
index 8f0343ed2..000000000
--- a/.github/workflows/playwright.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: UI validation on prod
-on: 
-  workflow_dispatch:
-  schedule:
-    - cron: "0 * * * *"
-
-jobs:
-  run-playwright-tests:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version: lts/*
-    - name: Install dependencies
-      run: npm ci
-    - name: Install Playwright Browsers
-      run: npx playwright install --with-deps
-    - name: Run Playwright tests
-      run: npx playwright test --retries=2
-    - uses: actions/upload-artifact@v4
-      if: ${{ !cancelled() }}
-      with:
-        name: playwright-report
-        path: tests/playwright-report/
-        retention-days: 30
-    - uses: actions/upload-artifact@v4
-      if: ${{ !cancelled() }}
-      with:
-        name: test-results
-        path: tests/test-results/
-        retention-days: 30
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index a16041dc5..f10888ec3 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9.1.0
+      - uses: actions/stale@v10.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This issue is stale because it has been open for 90 days with no activity. Remove the stale label or add a comment to keep it open. If you do not take action, this will be closed in 10 days.'
diff --git a/.gitignore b/.gitignore
index 15fbca634..1573f641d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,6 @@
 # testing
 /coverage
 */test-results
-*/playwright-report
 
 # production
 ./public
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7a0af1f48..3988f3345 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -41,6 +41,7 @@ To understand how we use Git in this repository, read our [Git conventions](/doc
 The broad workflow is as follows:
 
 - Fork the NGINX repository
+  - If you're an F5/NGINX user, you can work from a clone
 - Create a branch
 - Implement your changes in your branch
 - Submit a pull request (PR) when your changes are ready for review
diff --git a/_banners/eos-acm.md b/_banners/eos-acm.md
new file mode 100644
index 000000000..e69f51b6b
--- /dev/null
+++ b/_banners/eos-acm.md
@@ -0,0 +1,8 @@
+{{< banner "warning" "End of Sale Notice:" >}}
+  <br>
+  F5 NGINX is announcing the <strong>End of Sale (EoS)</strong> for NGINX Management Suite API Connectivity Manager Module, <strong>effective January 1, 2024</strong>.
+  <br><br>
+  F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. <strong>License renewals are not available after September 30, 2024.</strong>
+  <br><br>
+  See our <a href="https://my.f5.com/manage/s/article/K000137989">End of Sale announcement</a> for more details.
+{{</ banner >}}
\ No newline at end of file
diff --git a/_banners/eos-mesh.md b/_banners/eos-mesh.md
index e69f51b6b..f2b11d535 100644
--- a/_banners/eos-mesh.md
+++ b/_banners/eos-mesh.md
@@ -1,8 +1,8 @@
 {{< banner "warning" "End of Sale Notice:" >}}
-  <br>
-  F5 NGINX is announcing the <strong>End of Sale (EoS)</strong> for NGINX Management Suite API Connectivity Manager Module, <strong>effective January 1, 2024</strong>.
-  <br><br>
-  F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. <strong>License renewals are not available after September 30, 2024.</strong>
-  <br><br>
-  See our <a href="https://my.f5.com/manage/s/article/K000137989">End of Sale announcement</a> for more details.
+  <p>
+    Commercial support for NGINX Service Mesh is available to customers who currently have active NGINX Microservices Bundle subscriptions. F5 NGINX announced the End of Sale (EoS) for the NGINX Microservices Bundles as of <strong>July 1, 2023</strong>.
+  </p>
+  <p>
+    See our <a href="https://my.f5.com/manage/s/article/K000135468">End of Sale announcement</a> for more details.
+  </p>
 {{</ banner >}}
\ No newline at end of file
diff --git a/_banners/eos-nms.md b/_banners/eos-nms.md
new file mode 100644
index 000000000..2ff86d3e3
--- /dev/null
+++ b/_banners/eos-nms.md
@@ -0,0 +1,4 @@
+{{< banner "warning" "End of Sale Notice:" >}}
+  <br>
+  <strong>This product is End of Sale.</strong> See our <a href="https://my.f5.com/manage/s/article/K000137989">End of Sale announcement</a> for more details.
+{{</ banner >}}
\ No newline at end of file
diff --git a/_banners/ngf-2.0-release.md b/_banners/ngf-2.0-release.md
index 135681553..44523d981 100644
--- a/_banners/ngf-2.0-release.md
+++ b/_banners/ngf-2.0-release.md
@@ -1,6 +1,8 @@
-{{< banner "notice" "NGINX Gateway Fabric 2.0 is now available" >}}
+{{< banner "notice" >}} 
 
-NGINX Gateway Fabric 2.0 has released! Follow [these instructions]({{< ref "/ngf/install/upgrade-version.md#upgrade-from-v1x-to-v2x" >}}) to upgrade from 1.x to 2.0.
+NGINX Gateway Fabric {{< version-ngf >}} is now available.
+
+Follow [these instructions]({{< ref "/ngf/install/upgrade-version.md#upgrade-from-v1x-to-v2x" >}}) to upgrade from 1.x to 2.0.
 
 For 1.x, checkout [an older version]({{< ref "/ngf/install/upgrade-version.md#access-nginx-gateway-fabric-1x-documentation" >}}) of documentation.
 
diff --git a/archetypes/landing-page.md b/archetypes/landing-page.md
index 91c1ab0d2..be1cca187 100644
--- a/archetypes/landing-page.md
+++ b/archetypes/landing-page.md
@@ -31,18 +31,16 @@ nd-product:
 [//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
 [//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
 
-{{<card-layout>}}
-  {{<card-section showAsCards="true" isFeaturedSection="true">}}
-    {{<card title="<some-title>">}}
-      <!-- Each description should be roughly 10 words or less. -->
-    {{</card>}}
-    <!-- The titleURL and icon are both optional -->
-    <!-- Lucide icon names can be found at https://lucide.dev/icons/ -->
-    {{<card title="<some-title>" titleUrl="<some-url>" icon="<some-lucide-icon>">}}
-      <!-- Each description should be roughly 10 words or less. -->
-    {{</card>}}
-  {{</card-section>}}
-{{</card-layout>}}
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="<some-title>">}}
+    <!-- Each description should be roughly 10 words or less. -->
+  {{</card>}}
+  <!-- The titleURL and icon are both optional -->
+  <!-- Lucide icon names can be found at https://lucide.dev/icons/ -->
+  {{<card title="<some-title>" titleUrl="<some-url>" icon="<some-lucide-icon>">}}
+    <!-- Each description should be roughly 10 words or less. -->
+  {{</card>}}
+{{</card-section>}}
 
 ## Other content 
 
diff --git a/content/_index.md b/content/_index.md
index d6816edad..e7ff70aa2 100644
--- a/content/_index.md
+++ b/content/_index.md
@@ -1,4 +1,49 @@
 ---
 title: NGINX Product Documentation
 description: Learn how to deliver, manage, and protect your applications using F5 NGINX products.
----
\ No newline at end of file
+---
+
+## NGINX Product Documentation 
+Learn how to deliver, manage, and protect your applications using F5 NGINX products. 
+
+{{<card-section showAsCards="true" title="NGINX One">}}
+  {{<card title="NGINX One Console" titleUrl="/nginx-one/" brandIcon="NGINX-One-product-icon.svg" isLanding="true">}}
+    Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console.
+  {{</card >}}
+  {{<card title="NGINX Plus" titleUrl="/nginx/" brandIcon="NGINX-Plus-product-icon.svg" isLanding="true">}}
+    The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
+  {{</card >}}
+  {{<card title="NGINX Instance Manager" titleUrl="/nginx-instance-manager/" brandIcon="NGINX-Instance-Manager-product-icon.svg" isLanding="true">}}
+    Track and control NGINX Open Source and NGINX Plus instances.
+  {{</card >}}
+  {{<card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon.svg" isLanding="true">}}
+    Kubernetes traffic management with API gateway, identity, and observability features.
+  {{</card >}}
+  {{<card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric/" brandIcon="NGINX-Gateway-Fabric-product-icon.svg" isLanding="true">}}
+    Next-generation Kubernetes connectivity using the Gateway API.
+  {{</card >}}
+  {{<card title="NGINX Open Source" titleUrl="https://nginx.org/en/docs/" brandIcon="NGINX-Open-Source-product-icon.svg" isLanding="true">}}
+    The open source all-in-one load balancer, content cache, and web server.
+  {{</card >}}
+  {{<card title="NGINX Agent" titleUrl="/nginx-agent/" brandIcon="NGINX-Agent-product-icon.svg" isLanding="true">}}
+    A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances.
+  {{</card >}}
+  {{<card title="Subscription licensing & solutions" titleUrl="/solutions/" brandIcon="NGINX-product-icon.svg" isLanding="true">}}
+    Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs.
+  {{</card >}}
+{{</card-section>}}
+
+{{<card-section showAsCards="true" title="NGINX App Protect">}}
+  {{<card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf/" brandIcon="NGINX-App-Protect-WAF-product-icon.svg" isLanding="true">}}
+    Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs.
+  {{</card >}}
+  {{<card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos/" brandIcon="NGINX-App-Protect-DoS-product-icon.svg" isLanding="true">}}
+    Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs.
+  {{</card >}}
+{{</card-section>}}
+
+{{<card-section showAsCards="true" title="NGINX as a Service">}}
+  {{<card title="NGINX as a Service for Azure" titleUrl="/nginxaas/azure/" brandIcon="NGINX-for-Azure-product-icon.svg" isLanding="true">}}
+    Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack.
+  {{</card >}}
+{{</card-section>}}
diff --git a/content/agent/_index.md b/content/agent/_index.md
index 478ab4f4b..c8be3a6bf 100644
--- a/content/agent/_index.md
+++ b/content/agent/_index.md
@@ -2,7 +2,7 @@
 title: NGINX Agent
 url: /nginx-agent/
 cascade:
-  logo: NGINX-product-icon.png
+  logo: NGINX-Agent-product-icon.svg
   nd-banner:
     enabled: true
     type: deprecation
@@ -33,26 +33,22 @@ configurations, collection and reporting of real-time NGINX performance and oper
 [//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
 [//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
 
-{{<card-layout>}}
-  {{<card-section showAsCards="true" isFeaturedSection="true">}}
-    {{<card title="About" titleUrl="/nginx-agent/about" icon="info">}}
-      Learn everything you need to know about NGINX Agent
-    {{</card>}}
-    <!-- The titleURL and icon are both optional -->
-    <!-- Lucide icon names can be found at https://lucide.dev/icons/ -->
-    {{<card title="Getting started" titleUrl="/nginx-agent/installation-upgrade/getting-started" icon="unplug">}}
-      Install NGINX Agent and run a mock control plane
-    {{</card>}}
-  {{</card-section>}}
-{{</card-layout>}}
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="About" titleUrl="about/" icon="info">}}
+    Learn everything you need to know about NGINX Agent
+  {{</card>}}
+  <!-- The titleURL and icon are both optional -->
+  <!-- Lucide icon names can be found at https://lucide.dev/icons/ -->
+  {{<card title="Getting started" titleUrl="installation-upgrade/getting-started/" icon="unplug">}}
+    Install NGINX Agent and run a mock control plane
+  {{</card>}}
+{{</card-section>}}
 
-{{<card-layout>}}
-  {{<card-section showAsCards="true" isFeaturedSection="true">}}
-    {{<card title="Upgrade" titleUrl="/nginx-agent/installation-upgrade/upgrade/" icon="circle-fading-arrow-up">}}
-    {{</card>}}
-    {{<card title="Configuration" titleUrl="/nginx-agent/configuration" icon="cog">}}
-    {{</card>}}
-    {{<card title="Support" titleUrl="/nginx-agent/support" icon="hand-helping">}}
-    {{</card>}}
-  {{</card-section>}}
-{{</card-layout>}}
\ No newline at end of file
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Upgrade" titleUrl="installation-upgrade/upgrade/" icon="circle-fading-arrow-up">}}
+  {{</card>}}
+  {{<card title="Configuration" titleUrl="configuration/" icon="cog">}}
+  {{</card>}}
+  {{<card title="Support" titleUrl="support/" icon="hand-helping">}}
+  {{</card>}}
+{{</card-section>}}
\ No newline at end of file
diff --git a/content/agent/about.md b/content/agent/about.md
index 19434fbb2..6bf106885 100644
--- a/content/agent/about.md
+++ b/content/agent/about.md
@@ -46,7 +46,6 @@ For NGINX Agent to work properly with an NGINX Plus instance, the API needs to b
 NGINX Agent allows a gRPC connected control system to register a listener for a specific event. The control mechanism is then invoked when NGINX Agent sends an associated system signal. The source of a notification can be either the NGINX instance or NGINX Agent itself. Here's a list of currently supported events:
 
 
-{{<bootstrap-table "table table-striped table-bordered">}}
 | Event                            | Description                                  |
 | -------------------------------- | -------------------------------------------- |
 | AGENT_START_MESSAGE              | Agent process started                        |
@@ -61,7 +60,6 @@ NGINX Agent allows a gRPC connected control system to register a listener for a
 | CONFIG_APPLY_FAILURE_MESSAGE     | Failed to apply new NGINX configuration      |
 | CONFIG_ROLLBACK_SUCCESS_MESSAGE  | Successfully rolled back NGINX configuration |
 | CONFIG_ROLLBACK_FAILURE_MESSAGE  | Failed to roll back NGINX configuration      |
-{{</bootstrap-table>}}
 
 
 
diff --git a/content/agent/configuration/_index.md b/content/agent/configuration/_index.md
index ca784b6eb..efb76f9ff 100644
--- a/content/agent/configuration/_index.md
+++ b/content/agent/configuration/_index.md
@@ -3,7 +3,7 @@ title: "Configuration"
 weight: "400"
 url: /nginx-agent/configuration/
 cascade:
-  logo: NGINX-product-icon.png
+  logo: NGINX-product-icon.svg
   layout: agent-v2-migration
 ---
 
diff --git a/content/agent/configuration/configuration-overview.md b/content/agent/configuration/configuration-overview.md
index 41086bd8a..0a85eede6 100644
--- a/content/agent/configuration/configuration-overview.md
+++ b/content/agent/configuration/configuration-overview.md
@@ -9,7 +9,7 @@ nd-content-type: how-to
 
 The following sections explain how to configure NGINX Agent using configuration files, CLI flags, and environment variables.
 
-{{<note>}}
+{{< call-out "note" >}}
 
 - NGINX Agent interprets configuration values set by configuration files, CLI flags, and environment variables in the following priorities:
 
@@ -19,7 +19,7 @@ The following sections explain how to configure NGINX Agent using configuration
 
 - You must open any required firewall ports or add SELinux/AppArmor rules for the ports and IPs you want to use.
 
-{{</note>}}
+{{< /call-out >}}
 
 ## Configure with Config Files
 
@@ -30,9 +30,9 @@ Examples of the configuration files are provided below:
 <details open>
     <summary>example nginx-agent.conf</summary>
 
-{{<note>}}
+{{< call-out "note" >}}
 In the following example `nginx-agent.conf` file, you can change the `server.host` and `server.grpcPort` to connect to the control plane.
-{{</note>}}
+{{< /call-out >}}
 
 ```nginx {hl_lines=[13]}
 #
@@ -118,11 +118,11 @@ nginx_app_protect:
 <details open>
     <summary>example dynamic-agent.conf</summary>
 
-{{<note>}}
+{{< call-out "note" >}}
 Default location in Linux environments: `/var/lib/nginx-agent/agent-dynamic.conf`
 
 Default location in FreeBSD environments: `/var/db/nginx-agent/agent-dynamic.conf`
-{{</note>}}
+{{< /call-out >}}
 
 ```yaml
 # Dynamic configuration file for NGINX Agent.
@@ -169,15 +169,15 @@ nginx-agent
 
 ### CLI Flags and Environment Variables
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 Before version 2.35.0, the environment variables were prefixed with `NMS_` instead of `NGINX_AGENT_`.
 
 If you are upgrading from an older version, update your configuration accordingly.
 
-{{< /warning >}}
+{{< /call-out >}}
 
-{{<bootstrap-table "table table-responsive table-bordered">}}
+{{< table >}}
 | CLI flag                                    | Environment variable                 | Description                                                                 |
 |---------------------------------------------|--------------------------------------|-----------------------------------------------------------------------------|
 | `--api-cert`                                | `NGINX_AGENT_API_CERT`                       | Specifies the certificate used by the Agent API.                            |
@@ -214,11 +214,9 @@ If you are upgrading from an older version, update your configuration accordingl
 | `--tls-enable`                              | `NGINX_AGENT_TLS_ENABLE`                     | Enables TLS for secure communications.                                      |
 | `--tls-key`                                 | `NGINX_AGENT_TLS_KEY`                        | Specifies the path to the certificate key file for TLS.                     |
 | `--tls-skip-verify`                         | `NGINX_AGENT_TLS_SKIP_VERIFY`                | Insecurely skips verification for gRPC TLS credentials.                     |
-{{</bootstrap-table>}}
+{{< /table >}}
 
-<br>
-
-{{<note>}}
+{{< call-out "note" >}}
 Use the `--config-dirs` command-line option, or the `config_dirs` key in the `nginx-agent.conf` file, to identify the directories NGINX Agent can read from or write to. This setting also defines the location to which you can upload config files when using a control plane.
 
 NGINX Agent cannot write to directories outside the specified location when updating a config and cannot upload files to directories outside of the configured location.
@@ -227,15 +225,15 @@ NGINX Agent follows NGINX configuration directives to file paths outside the des
 
 - [`ssl_certificate`](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate)
 
-{{</note>}}
+{{< /call-out >}}
 
-{{<note>}} Use the `--dynamic-config-path` command-line option to set the location of the dynamic config file. This setting also requires you to move your dynamic config to the new path, or create a new dynamic config file at the specified location.
+{{< call-out "note" >}} Use the `--dynamic-config-path` command-line option to set the location of the dynamic config file. This setting also requires you to move your dynamic config to the new path, or create a new dynamic config file at the specified location.
 
 Default location in Linux environments: `/var/lib/nginx-agent/agent-dynamic.conf`
 
 Default location in FreeBSD environments: `/var/db/nginx-agent/agent-dynamic.conf`
 
-{{</note>}}
+{{< /call-out >}}
 
 ## Log Rotation
 
diff --git a/content/agent/configuration/encrypt-communication.md b/content/agent/configuration/encrypt-communication.md
index 6a1503cf6..2d8b67dde 100644
--- a/content/agent/configuration/encrypt-communication.md
+++ b/content/agent/configuration/encrypt-communication.md
@@ -94,7 +94,7 @@ NGINX_AGENT_TLS_ENABLE=true
 
 ## Enable Server-Side TLS With Self-Signed Certificate
 
-{{< warning >}}These steps are not recommended for production environments.{{< /warning >}}
+{{< call-out "warning" >}}These steps are not recommended for production environments.{{< /call-out >}}
 
 To enable server-side TLS with a self-signed certificate, you must have TLS enabled and set `skip_verify` to `true`, which disables hostname validation. Setting `skip_verify` can be done done only by updating the configuration file. See the following example:
 
diff --git a/content/agent/installation-upgrade/_index.md b/content/agent/installation-upgrade/_index.md
index d17ef4d5d..9d4f84513 100644
--- a/content/agent/installation-upgrade/_index.md
+++ b/content/agent/installation-upgrade/_index.md
@@ -4,6 +4,6 @@ description: Learn how to install, upgrade, and uninstall NGINX Agent.
 weight: 300
 url: /nginx-agent/v2/installation-upgrade/
 cascade:
-  logo: NGINX-product-icon.png
+  logo: NGINX-product-icon.svg
   type: agent-v2-migration
 ---
diff --git a/content/agent/installation-upgrade/container-environments/_index.md b/content/agent/installation-upgrade/container-environments/_index.md
index bc1eeddd7..5f5968743 100644
--- a/content/agent/installation-upgrade/container-environments/_index.md
+++ b/content/agent/installation-upgrade/container-environments/_index.md
@@ -4,6 +4,6 @@ description: Learn how to build and run NGINX Agent docker images.
 weight: 800
 url: /nginx-agent/v2/installation-upgrade/container-environments/
 cascade:
-  logo: NGINX-product-icon.png
+  logo: NGINX-product-icon.svg
   type: agent-v2-migration
 ---
diff --git a/content/agent/installation-upgrade/container-environments/docker-images.md b/content/agent/installation-upgrade/container-environments/docker-images.md
index f21c23929..93d954a97 100644
--- a/content/agent/installation-upgrade/container-environments/docker-images.md
+++ b/content/agent/installation-upgrade/container-environments/docker-images.md
@@ -27,7 +27,7 @@ This guide provides instructions on how to build images with NGINX Agent and NGI
 
 You can use [Docker](https://docs.docker.com/engine/install/) or [Podman](https://podman.io/docs/installation) to manage NGINX Agent container images. Follow the installation instructions for your preferred container engine and be sure the service is running before proceeding with the instructions in this document.
 
-{{<note>}}The examples in this document primarily use Docker commands. You can adapt these using the appropriate [Podman commands](https://docs.podman.io/en/latest/Commands.html) if you're not using Docker.{{</note>}}
+{{< call-out "note" >}}The examples in this document primarily use Docker commands. You can adapt these using the appropriate [Podman commands](https://docs.podman.io/en/latest/Commands.html) if you're not using Docker.{{< /call-out >}}
 
 ### Install the GNU Make package
 
@@ -77,7 +77,7 @@ git clone git@github.com:nginx/agent.git
 
 ### Download the NGINX Plus certificate and key {#myf5-download}
 
-{{< fa "circle-info" "text-muted" >}} **This step is required if you are using NGINX Plus. If you are using NGINX open source, you can skip this section.**
+{{< icon "circle-info" "text-muted" >}} **This step is required if you are using NGINX Plus. If you are using NGINX open source, you can skip this section.**
 
 In order to build a container image with NGINX Plus, you must provide the SSL certificate and private key files provided with your NGINX Plus license. These files grant access to the package repository from which the script will download the NGINX Plus package.
 
@@ -112,11 +112,11 @@ docker tag docker-registry.nginx.com/nginx/agent:mainline nginx-agent
 docker run --name nginx-agent -d nginx-agent
 ```
 
-{{<note>}}To learn more about the configuration options, refer to the NGINX Agent [Configuration Overview]({{< ref "/agent/configuration/configuration-overview" >}}).{{</note>}}
+{{< call-out "note" >}}To learn more about the configuration options, refer to the NGINX Agent [Configuration Overview]({{< ref "/agent/configuration/configuration-overview" >}}).{{< /call-out >}}
 
 ### Enable the gRPC interface
 
-To connect your NGINX Agent container to your NGINX One or NGINX Instance Manager instance, you must enable the gRPC interface. To do this, you must edit the NGINX Agent configuration file, *nginx-agent.conf*. For example:
+To connect your NGINX Agent container to your NGINX One Console or NGINX Instance Manager instance, you must enable the gRPC interface. To do this, you must edit the NGINX Agent configuration file, *nginx-agent.conf*. For example:
 
 ```yaml
 server:
@@ -166,7 +166,7 @@ If the REST Interface is configured correctly, then you should see a JSON object
 
 ## Build the NGINX Agent images for specific OS targets
 
-{{<important>}}The only **officially supported** base operating system is **Alpine**. The instructions below for other operating systems are provided for informational and **testing purposes only**.{{</important>}}
+{{< call-out "important" >}}The only **officially supported** base operating system is **Alpine**. The instructions below for other operating systems are provided for informational and **testing purposes only**.{{< /call-out >}}
 
 The NGINX Agent GitHub repo has a set of Make commands that you can use to build a container image for an specific operating system and version:
 
@@ -175,15 +175,12 @@ The NGINX Agent GitHub repo has a set of Make commands that you can use to build
 
 You can pass the following arguments when running the **make** command to build an NGINX Agent container image.
 
-{{<bootstrap-table "table table-striped table-border">}}
 | Argument | Definition |
 | ---------------- | -------------------------|
 | OS_RELEASE      | The Linux distribution to use as the base image. <br>Can also be set in the repo Makefile.|
 | OS_VERSION      | The version of the Linux distribution to use as the base image. <br>Can also be set in the repo Makefile.|
 | AGENT_VERSION      | The versions of NGINX agent that you want installed on the image.|
 
-{{</bootstrap-table>}}
-
 ### Build NGINX open source images
 
 Run the following `make` command to build the default image, which uses Alpine as the base image:
@@ -200,7 +197,7 @@ IMAGE_BUILD_TARGET=install-agent-repo NGINX_AGENT_VERSION=2.37.0~bullseye OS_REL
 
 ### Build NGINX Plus images
 
-{{<important>}}You need a license to use NGINX Agent with NGINX Plus. You must complete the steps in the [Download the certificate and key files from MyF5](#myf5-download) section before proceeding.{{</important>}}
+{{< call-out "important" >}}You need a license to use NGINX Agent with NGINX Plus. You must complete the steps in the [Download the certificate and key files from MyF5](#myf5-download) section before proceeding.{{< /call-out >}}
 
 Run the following `make` command to build the default image, which uses Ubuntu 24.04 (Noble) as the base image.
 
@@ -213,6 +210,3 @@ To build an image with Debian and an older version of NGINX Agent you can run th
 ```shell
 IMAGE_BUILD_TARGET=install-agent-repo NGINX_AGENT_VERSION=2.37.0~bullseye OS_RELEASE=debian OS_VERSION=bullseye-slim make image
 ```
-
-
-
diff --git a/content/agent/installation-upgrade/container-environments/docker-support.md b/content/agent/installation-upgrade/container-environments/docker-support.md
index 1a57cafab..41b7d8773 100644
--- a/content/agent/installation-upgrade/container-environments/docker-support.md
+++ b/content/agent/installation-upgrade/container-environments/docker-support.md
@@ -10,7 +10,7 @@ nd-content-type:
 
 ## Overview
 
-The NGINX Agent repository includes [Dockerfiles](https://github.com/nginx/agent/tree/main/scripts/docker) that can be used to [build custom container images]({{< ref "/agent/installation-upgrade/container-environments/docker-images.md" >}}). Images are created with an NGINX Open Source or NGINX Plus instance and are available for various operating systems.
+The NGINX Agent repository includes [Dockerfiles](https://github.com/nginx/agent/tree/dev-v2/test/docker) that can be used to [build custom container images]({{< ref "/agent/installation-upgrade/container-environments/docker-images.md" >}}). Images are created with an NGINX Open Source or NGINX Plus instance and are available for various operating systems.
 
 See the [Technical Specifications]({{< ref "/agent/technical-specifications.md" >}}) for a list of supported operationg systems.
 
diff --git a/content/agent/installation-upgrade/getting-started.md b/content/agent/installation-upgrade/getting-started.md
index c7ee427af..e415d9161 100644
--- a/content/agent/installation-upgrade/getting-started.md
+++ b/content/agent/installation-upgrade/getting-started.md
@@ -172,8 +172,8 @@ sudo systemctl enable nginx-agent
 
 NGINX Agent uses formatted log files to collect metrics. Expanding log formats and instance counts will also increase the size of the NGINX Agent log files. We recommend adding a separate partition for `/var/log/nginx-agent`.
 
-{{< important >}}
+{{< call-out "important" >}}
 Without log rotation or storage on a separate partition, log files could use up all the free drive space and cause your system to become unresponsive to certain services.
 
 For more information, see [NGINX Agent Log Rotation]({{< ref "/agent/configuration/configuration-overview.md#nginx-agent-log-rotation" >}}).
-{{< /important >}}
+{{< /call-out >}}
diff --git a/content/agent/installation-upgrade/installation-oss.md b/content/agent/installation-upgrade/installation-oss.md
index ab4016d08..6d3073998 100644
--- a/content/agent/installation-upgrade/installation-oss.md
+++ b/content/agent/installation-upgrade/installation-oss.md
@@ -50,10 +50,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     module_hotfixes=true
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo yum install nginx-agent
+    sudo yum install -y nginx-agent-2.42.0
     ```
 
     When prompted to accept the GPG key, verify that the fingerprint matches `8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46`, `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, `9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3`, and if so, accept it.
@@ -95,7 +95,7 @@ Before you install NGINX Agent for the first time on your system, you need to se
       uid                      nginx signing key <signing-key-3@nginx.com>
     ```
 
-    {{< important >}}If the fingerprint is different, remove the file.{{< /important >}}
+    {{< call-out "important" >}}If the fingerprint is different, remove the file.{{< /call-out >}}
 
 1. Add the nginx agent repository:
 
@@ -105,11 +105,13 @@ Before you install NGINX Agent for the first time on your system, you need to se
       | sudo tee /etc/apt/sources.list.d/nginx-agent.list
     ```
 
-1. To install `nginx-agent`, run the following commands:
-
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
+   
+    Update your package index and install a specific version of the nginx-agent. Replace <VERSION_CODENAME> with your current Ubuntu codename (e.g., jammy, noble).
+   
     ```shell
     sudo apt update
-    sudo apt install nginx-agent
+    sudo apt install -y nginx-agent=2.42.0~<VERSION_CODENAME>
     ```
 
 1. Verify the installation:
@@ -157,7 +159,7 @@ Before you install NGINX Agent for the first time on your system, you need to se
       uid                      nginx signing key <signing-key-3@nginx.com>
     ```
 
-    {{< important >}}If the fingerprint is different, remove the file.{{< /important >}}
+    {{< call-out "important" >}}If the fingerprint is different, remove the file.{{< /call-out >}}
 
 1. Add the `nginx-agent` repository:
 
@@ -166,12 +168,13 @@ Before you install NGINX Agent for the first time on your system, you need to se
       http://packages.nginx.org/nginx-agent/debian/ `lsb_release -cs` agent" \ | sudo tee /etc/apt/sources.list.d/nginx-agent.list
     ```
 
-1. To install `nginx-agent`, run the following commands:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
+    Update your package index and install a specific version of the nginx-agent. Replace <VERSION_CODENAME> with your current Debian codename (e.g., bullseye).
+    
     ```shell
     sudo apt update
-    sudo apt install nginx-agent
-    ```
+    sudo apt install -y nginx-agent=2.42.0~<VERSION_CODENAME>
 
 1. Verify the installation:
 
@@ -229,10 +232,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     sudo rpmkeys --import /tmp/nginx_signing.key
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo zypper install nginx-agent
+    sudo zypper install -y nginx-agent=2.42.0
     ```
 
 1. Verify the installation:
@@ -303,10 +306,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     sudo mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo apk add nginx-agent
+    sudo apk add nginx-agent=2.42.0
     ```
 
 1. Verify the installation:
@@ -334,10 +337,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     module_hotfixes=true
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo dnf install nginx-agent
+    sudo dnf install -y nginx-agent-2.42.0
     ```
 
 1. When prompted to accept the GPG key, verify that the fingerprint matches
@@ -370,10 +373,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     module_hotfixes=true
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo yum install nginx-agent
+    sudo yum install -y nginx-agent-2.42.0
     ```
 
 1. When prompted to accept the GPG key, verify that the fingerprint matches `8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46`, `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, `9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3`, and if so, accept it.
@@ -396,10 +399,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     }
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo pkg install nginx-agent
+    sudo pkg install nginx-agent-2.42.0
     ```
 
 1. Verify the installation:
diff --git a/content/agent/installation-upgrade/installation-plus.md b/content/agent/installation-upgrade/installation-plus.md
index add1272dc..744fbde26 100644
--- a/content/agent/installation-upgrade/installation-plus.md
+++ b/content/agent/installation-upgrade/installation-plus.md
@@ -73,10 +73,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     enabled=1
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo yum install nginx-agent
+    sudo yum install -y nginx-agent-2.42.0
     ```
 
     When prompted to accept the GPG key, verify that the fingerprint matches `8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46`, `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, `9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3`, and if so, accept it.
@@ -131,11 +131,13 @@ Before you install NGINX Agent for the first time on your system, you need to se
       | sudo tee /etc/apt/sources.list.d/nginx-agent.list
     ```
 
-1. To install `nginx-agent`, run the following commands:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
+     Update your package index and install a specific version of the nginx-agent. Replace <VERSION_CODENAME> with your current Ubuntu codename (e.g., jammy, noble).
+   
     ```shell
     sudo apt update
-    sudo apt install nginx-agent
+    sudo apt install -y nginx-agent=2.42.0~<VERSION_CODENAME>
     ```
 
 1. Verify the installation:
@@ -183,12 +185,14 @@ Before you install NGINX Agent for the first time on your system, you need to se
     Acquire::https::pkgs.nginx.com::SslKey      "/etc/ssl/nginx/nginx-repo.key";
     ```
 
-1. To install `nginx-agent`, run the following commands:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
+    Update your package index and install a specific version of the nginx-agent. Replace <VERSION_CODENAME> with your current Debian codename (e.g., bullseye).
+    
     ```shell
     sudo apt update
-    sudo apt install nginx-agent
-    ```
+    sudo apt install -y nginx-agent=2.42.0~<VERSION_CODENAME>
+
 
 1. Verify the installation:
 
@@ -265,10 +269,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     sudo rpmkeys --import /tmp/nginx_signing.key
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo zypper install nginx-agent
+    sudo zypper install -y nginx-agent=2.42.0
     ```
 
 1. Verify the installation:
@@ -394,10 +398,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     enabled=1
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo dnf install nginx-agent
+    sudo dnf install -y nginx-agent-2.42.0
     ```
 
 1. When prompted to accept the GPG key, verify that the fingerprint matches `8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46`, `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, `9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3`, and if so, accept it.
@@ -442,10 +446,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     enabled=1
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo yum install nginx-agent
+    sudo yum install -y nginx-agent-2.42.0
     ```
 
 1. When prompted to accept the GPG key, verify that the fingerprint matches `8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46`, `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, `9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3`, and if so, accept it.
@@ -496,10 +500,10 @@ Before you install NGINX Agent for the first time on your system, you need to se
     SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
     ```
 
-1. To install `nginx-agent`, run the following command:
+1. To install `nginx-agent` with a specific version (example: 2.42.0):
 
     ```shell
-    sudo pkg install nginx-agent
+    sudo pkg install nginx-agent-2.42.0
     ```
 
 1. Verify the installation:
diff --git a/content/agent/installation-upgrade/installation-unprivileged.md b/content/agent/installation-upgrade/installation-unprivileged.md
index 4bf90c9f1..8c36246be 100644
--- a/content/agent/installation-upgrade/installation-unprivileged.md
+++ b/content/agent/installation-upgrade/installation-unprivileged.md
@@ -30,9 +30,9 @@ The installation process involves installing NGINX Plus without root privileges
 
 You can install NGINX Plus without root privileges following the steps on the [NGINX Plus installation page]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus/#unpriv_install" >}}). The steps include a script that will allow you to install NGINX Plus in a non-root environment.
 
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Agent has its own user group (`nginx-agent`) which is created when NGINX Agent is installed. The user NGINX is running under is added to this user group during the installation of NGINX Agent. If you change the NGINX user after installing NGINX Agent, you will need to [manually add the new NGINX user]({{< ref "/agent/configuration/configure-nginx-agent-group.md" >}}) to the `nginx-agent` group.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Install NGINX Agent
 
@@ -42,7 +42,6 @@ After installing NGINX Plus, you can install NGINX agent following the steps on
 
 Run the command corresponding to your operating system to start NGINX Agent:
 
-{{<bootstrap-table "table table-striped table-bordered">}}
 
 | Operating System                                      | Command(s)                                      |
 |------------------------------------------------------|------------------------------------------------|
@@ -50,8 +49,6 @@ Run the command corresponding to your operating system to start NGINX Agent:
 | Alpine Linux                                        | ```sudo rc-service nginx-agent start```<br>or<br>```sudo /etc/init.d/nginx-agent start``` |
 | FreeBSD                                             | ```sudo service nginx-agent start``` |
 
-{{</bootstrap-table>}}
-
 You can confirm that NGINX Agent is running under the same user as NGINX Plus by running the following command:
 
 ```bash
diff --git a/content/agent/installation-upgrade/upgrade.md b/content/agent/installation-upgrade/upgrade.md
index f942db01f..49f6a4779 100644
--- a/content/agent/installation-upgrade/upgrade.md
+++ b/content/agent/installation-upgrade/upgrade.md
@@ -24,7 +24,7 @@ To upgrade NGINX Agent, follow these steps:
 
 1. Install the updated version of NGINX Agent:
 
-    - CentOS, RHEL, RPM-Based
+    - RHEL, RPM-Based
 
         ```shell
         sudo yum -y makecache
@@ -60,10 +60,10 @@ To upgrade NGINX Agent to a specific **v2.x version**, follow these steps:
         sudo apt-get install -y nginx-agent=<specific-version> -o Dpkg::Options::="--force-confold"
         ```
 
-        Example (to upgrade to version 2.41.1~noble):
+        Example (to upgrade to version 2.42.0~noble):
 
         ```shell
-        sudo apt-get install -y nginx-agent=2.41.1~noble -o Dpkg::Options::="--force-confold"
+        sudo apt-get install -y nginx-agent=2.42.0~noble -o Dpkg::Options::="--force-confold"
         ```
 
     - CentOS, RHEL, RPM-Based
@@ -72,10 +72,10 @@ To upgrade NGINX Agent to a specific **v2.x version**, follow these steps:
         sudo yum install -y nginx-agent-<specific-version>
         ```
 
-        Example (to upgrade to version `2.41.1`):
+        Example (to upgrade to version `2.42.0`):
 
         ```shell
-        sudo yum install -y nginx-agent-2.41.1
+        sudo yum install -y nginx-agent-2.42.0
         ```
 
 1. Verify the installed version:
diff --git a/content/agent/technical-specifications.md b/content/agent/technical-specifications.md
index b4273c922..af3435f0a 100644
--- a/content/agent/technical-specifications.md
+++ b/content/agent/technical-specifications.md
@@ -11,33 +11,28 @@ This document describes the requirements for NGINX Agent version 2.
 This document provides technical specifications for NGINX Agent. It includes information on supported distributions, deployment environments, NGINX versions, sizing recommendations, and logging.
 
 ## NGINX Agent 3.0 Compatibility
-{{< bootstrap-table "table table-striped table-bordered" >}}
+
 | NGINX Product                | Agent Version  |
 |------------------------------|----------------|
-| **NGINX One Console**        | 2.x            |
+| **NGINX One Console**        | 3.x            |
 | **NGINX Gateway Fabric**     | 3.x            |
 | **NGINX Plus**               | 2.x, 3.x       |
-| **NGINX Ingress Controller** | 2.x            |
+| **NGINX Ingress Controller** | 2.x, 3.x       |
 | **NGINX Instance Manager**   | 2.x            |
-{{< /bootstrap-table >}}
 
 ## Supported Distributions
 
 NGINX Agent can run in most environments. We support the following distributions:
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2 | CentOS | Debian |
-|-|-----------|--------------|--------------|----------------|--------|--------|
-|**Version**|8 <br><hr>9 |  3.16<br><hr>3.17<br><hr> 3.18<br><hr> 3.19|  2023|  LTS|  7.4+|  11<br><hr> 12|
+| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2| Debian |
+|-|-----------|--------------|--------------|----------------|--------|
+|**Version**|8 <br><hr>9 <br><hr>10|  3.19<br><hr>3.20<br><hr> 3.21<br><hr> 3.22|  2023|  LTS|  11<br><hr> 12|
 |**Architecture**| x86_84<br><hr>aarch64| x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 |
-{{< /bootstrap-table >}}
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
 | |FreeBSD | Oracle Linux | Red Hat <br>Enterprise Linux <br>(RHEL) | Rocky Linux | SUSE Linux <br>Enterprise Server <br>(SLES) | Ubuntu |
 |-|--------|--------------|---------------------------------|-------------|-------------------------------------|--------|
-|**Version**|13<br><hr>14|7.4+<br><hr>8.1+<br><hr>9|7.4+<br><hr>8.1+<br><hr>9.0+|8<br><hr>9|12 SP5<br><hr>15 SP2|20.04 LTS<br><hr>22.04 LTS|
+|**Version**|13<br><hr>14|8.1+<br><hr>9<br><hr>10|8.1+<br><hr>9.0+<br><hr>10|8<br><hr>9<br><hr>10|15 SP2|22.04 LTS<br><hr>24.04 LTS<br><hr>25.04 LTS|
 |**Architecture**|amd64|x86_64|x86_64<br><hr>aarch64|x86_64<br><hr>aarch64|x86_64|x86_64<br><hr>aarch64|
-{{< /bootstrap-table >}}
 
 
 ## Supported deployment environments
@@ -57,11 +52,10 @@ NGINX Agent works with all supported versions of NGINX Open Source and NGINX Plu
 ## Sizing recommendations
 
 Minimum system sizing recommendations for NGINX Agent:
-{{< bootstrap-table "table table-striped table-bordered" >}}
+
 | CPU        | Memory   | Network   | Storage |
 |------------|----------|-----------|---------|
 | 1 CPU core | 1 GB RAM | 1 GbE NIC | 20 GB   |
-{{< /bootstrap-table >}}
 
 ## Logging
 
diff --git a/content/amplify/faq/metrics-and-metadata.md b/content/amplify/faq/metrics-and-metadata.md
index f91ae8dd8..6e1b43a79 100644
--- a/content/amplify/faq/metrics-and-metadata.md
+++ b/content/amplify/faq/metrics-and-metadata.md
@@ -10,4 +10,4 @@ nd-docs: DOCS-957
 
 [NGINX Amplify Agent Metrics and Metadata]({{< ref "/amplify/nginx-amplify-agent/metadata-metrics-collection" >}})
 
-{{< note >}}For a complete list of metrics, refer to the [Metrics and Metadata documentation]({{< ref "/amplify/metrics-metadata" >}}).{{< /note >}}
\ No newline at end of file
+{{< call-out "note" >}}For a complete list of metrics, refer to the [Metrics and Metadata documentation]({{< ref "/amplify/metrics-metadata" >}}).{{< /call-out >}}
\ No newline at end of file
diff --git a/content/amplify/faq/user-interface.md b/content/amplify/faq/user-interface.md
index 5bad6022b..547fadcbb 100644
--- a/content/amplify/faq/user-interface.md
+++ b/content/amplify/faq/user-interface.md
@@ -29,4 +29,4 @@ To completely delete a previously monitored object follow these steps:
 
 To delete a system using the web interface — find it in the [Inventory]({{< ref "/amplify/user-interface/inventory" >}}), and select the [i] icon. You can delete objects from the popup window that appears next.
 
-{{< important >}}Deleting objects in the User Interface will not stop NGINX Amplify Agent. To completely remove a system from monitoring, please stop or uninstall NGINX Amplify Agent, clean it up in the web interface, and clean up any alerts.{{< /important >}}
+{{< call-out "important" >}}Deleting objects in the User Interface will not stop NGINX Amplify Agent. To completely remove a system from monitoring, please stop or uninstall NGINX Amplify Agent, clean it up in the web interface, and clean up any alerts.{{< /call-out >}}
diff --git a/content/amplify/known-issues.md b/content/amplify/known-issues.md
index 38b7db320..2d2bf2a79 100644
--- a/content/amplify/known-issues.md
+++ b/content/amplify/known-issues.md
@@ -6,17 +6,13 @@ toc: true
 nd-docs: DOCS-1692
 ---
 
-{{<rn-styles>}}
-
 ---
 
 ### {{% icon-bug %}} Unable to add some NGINX HTTP requests metrics to custom graph {#631}
 
-{{<bootstrap-table "table table-striped table-bordered">}}
 | Issue ID | Status |
 |----------|--------|
 | 631      | Open   |
-{{</bootstrap-table>}}
 
 #### Description
 
diff --git a/content/amplify/metrics-metadata/nginx-metrics.md b/content/amplify/metrics-metadata/nginx-metrics.md
index fd0e5e61c..8e4fb2278 100644
--- a/content/amplify/metrics-metadata/nginx-metrics.md
+++ b/content/amplify/metrics-metadata/nginx-metrics.md
@@ -241,7 +241,7 @@ To use the extended log format with your access log configuration:
   access_log  /var/log/nginx/access.log  main_ext;
   ```
 
-{{< note >}} Please keep in mind that by default, NGINX Amplify Agent will process all access logs that are found in your log directory. If you define a new log file with the extended log format that will contain the entries being already logged to another access log, your metrics might be counted twice. Please refer to the NGINX Amplify Agent configuration section above to learn how to exclude specific log files from processing.{{< /note >}}
+{{< call-out "note" >}} Please keep in mind that by default, NGINX Amplify Agent will process all access logs that are found in your log directory. If you define a new log file with the extended log format that will contain the entries being already logged to another access log, your metrics might be counted twice. Please refer to the NGINX Amplify Agent configuration section above to learn how to exclude specific log files from processing.{{< /call-out >}}
 
 The [error.log](http://nginx.org/en/docs/ngx_core_module.html#error_log) log level should be set to `warn`.
 
@@ -459,7 +459,7 @@ nginx.http.request.current = requests.current
 
 The NGINX Plus metrics below are collected *per zone*. When configuring a graph using these metrics, please make sure to pick the correct server, upstream, or cache zone. A more granular peer-specific breakdown of the metrics below is currently not supported in NGINX Amplify.
 
-{{< note >}}NGINX Amplify Agent does not support reporting the following metrics *per zone* but it can be used to display a cumulative sum of values from each zone.{{< /note >}}
+{{< call-out "note" >}}NGINX Amplify Agent does not support reporting the following metrics *per zone* but it can be used to display a cumulative sum of values from each zone.{{< /call-out >}}
 
 A cumulative metric set is also maintained internally by summing up the per-zone metrics. If you don't configure a specific zone when building graphs, this will result in an "all zones" visualization. E.g., for something like **plus.http.status.2xx** omitting zone will display the instance-wide sum of the successful requests across all zones.
 
diff --git a/content/amplify/metrics-metadata/os-metrics.md b/content/amplify/metrics-metadata/os-metrics.md
index 7de32fcb0..8ef0dbdce 100644
--- a/content/amplify/metrics-metadata/os-metrics.md
+++ b/content/amplify/metrics-metadata/os-metrics.md
@@ -168,7 +168,7 @@ nd-docs: DOCS-974
 
 ## Agent Metrics
 
-{{< note >}} Agent metrics are available only if you are using F5 NGINX Amplify Agent.{{< /note >}}
+{{< call-out "note" >}} Agent metrics are available only if you are using F5 NGINX Amplify Agent.{{< /call-out >}}
 
 - ####  **amplify.agent.status**
 
diff --git a/content/amplify/metrics-metadata/other-metrics.md b/content/amplify/metrics-metadata/other-metrics.md
index 2241f57e4..b35617d83 100644
--- a/content/amplify/metrics-metadata/other-metrics.md
+++ b/content/amplify/metrics-metadata/other-metrics.md
@@ -6,7 +6,7 @@ toc: true
 nd-docs: DOCS-975
 ---
 
-{{< note >}}Monitoring PHP-FPM and MySQL metrics is only supported by F5 NGINX Amplify Agent.{{< /note >}}
+{{< call-out "note" >}}Monitoring PHP-FPM and MySQL metrics is only supported by F5 NGINX Amplify Agent.{{< /call-out >}}
 
 ## PHP-FPM metrics
 
@@ -24,7 +24,7 @@ To start monitoring PHP-FPM, follow the steps below:
    service php7.0-fpm restart
    ```
 
-2. {{< important >}} Check that NGINX, NGINX Amplify Agent, and the PHP-FPM workers are all run under the same user ID (e.g. `www-data`). You may have to change the used ID for the nginx workers, fix the nginx directories permissions, and then restart NGINX Amplify Agent too. If there are multiple PHP-FPM pools configured with different user IDs, make sure NGINX Amplify Agent's user ID is included in the group IDs of the PHP-FPM workers. This is required in order for NGINX Amplify Agent to access the PHP-FPM pool socket when querying for metrics.{{< /important >}}
+2. {{< call-out "important" >}} Check that NGINX, NGINX Amplify Agent, and the PHP-FPM workers are all run under the same user ID (e.g. `www-data`). You may have to change the used ID for the nginx workers, fix the nginx directories permissions, and then restart NGINX Amplify Agent too. If there are multiple PHP-FPM pools configured with different user IDs, make sure NGINX Amplify Agent's user ID is included in the group IDs of the PHP-FPM workers. This is required in order for NGINX Amplify Agent to access the PHP-FPM pool socket when querying for metrics.{{< /call-out >}}
 
 3. Confirm that the listen socket for the PHP-FPM pool you want to monitor and for which you enabled `pm.status_path`, is correctly configured with `listen.owner` and `listen.group`. Look for the following directives inside the pool configuration file.
 
@@ -219,7 +219,7 @@ To start monitoring MySQL, follow the instructions below.
     353 rows in set (0.01 sec)
     ```
 
-   {{< note >}} NGINX Amplify Agent doesn't use *mysql(1)* for metric collection, however it implements a similar query mechanism via a Python module.{{< /note >}}
+   {{< call-out "note" >}} NGINX Amplify Agent doesn't use *mysql(1)* for metric collection, however it implements a similar query mechanism via a Python module.{{< /call-out >}}
 
 3. [Update]({{< ref "/amplify/nginx-amplify-agent/install/updating-amplify-agent.md" >}}) NGINX Amplify Agent to the most recent version.
 
diff --git a/content/amplify/nginx-amplify-agent/amplify-agent-overview.md b/content/amplify/nginx-amplify-agent/amplify-agent-overview.md
index 51cc08ccb..2e91e5443 100644
--- a/content/amplify/nginx-amplify-agent/amplify-agent-overview.md
+++ b/content/amplify/nginx-amplify-agent/amplify-agent-overview.md
@@ -21,6 +21,6 @@ NGINX Amplify can currently monitor and collect performance metrics for:
 
 The NGINX Amplify Agent identifies an NGINX instance as any running NGINX master process with either a unique binary path or a unique configuration.
 
-{{< note >}}There's no need to manually add or configure anything in the web interface after installing NGINX Amplify Agent. When NGINX Amplify Agent is started, the metrics and the metadata are automatically reported to the Amplify backend and visualized in the web interface.{{< /note >}}
+{{< call-out "note" >}}There's no need to manually add or configure anything in the web interface after installing NGINX Amplify Agent. When NGINX Amplify Agent is started, the metrics and the metadata are automatically reported to the Amplify backend and visualized in the web interface.{{< /call-out >}}
 
 When an NGINX instance is no longer in use it must be manually deleted in the web interface. The "Remove object" button can be found in the metadata viewer popup — see the [User Interface]({{< ref "/amplify/user-interface/">}}) documentation.
\ No newline at end of file
diff --git a/content/amplify/nginx-amplify-agent/configuration-analysis.md b/content/amplify/nginx-amplify-agent/configuration-analysis.md
index 0c227c3a9..e73c2ae4c 100644
--- a/content/amplify/nginx-amplify-agent/configuration-analysis.md
+++ b/content/amplify/nginx-amplify-agent/configuration-analysis.md
@@ -10,5 +10,5 @@ F5 NGINX Amplify Agent can automatically find all relevant NGINX configuration f
 
 After NGINX Amplify Agent finds a particular NGINX configuration, it then automatically starts to keep track of its changes. When a change is detected with NGINX — for example, a master process restarts, or the NGINX config is edited, an update is sent to the Amplify backend.
 
-{{< note >}} NGINX Amplify Agent never sends the raw unprocessed config files to the backend system. In addition, the following directives in the NGINX configuration are never analyzed — and their parameters aren't exported to the SaaS backend:
-[ssl_certificate_key](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_certificate_key), [ssl_client_certificate](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_client_certificate), [ssl_password_file](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_password_file), [ssl_stapling_file](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling_file), [ssl_trusted_certificate](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate), [auth_basic_user_file](http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic_user_file), [secure_link_secret](http://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_secret).{{< /note >}}
+{{< call-out "note" >}} NGINX Amplify Agent never sends the raw unprocessed config files to the backend system. In addition, the following directives in the NGINX configuration are never analyzed — and their parameters aren't exported to the SaaS backend:
+[ssl_certificate_key](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_certificate_key), [ssl_client_certificate](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_client_certificate), [ssl_password_file](http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_password_file), [ssl_stapling_file](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling_file), [ssl_trusted_certificate](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate), [auth_basic_user_file](http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic_user_file), [secure_link_secret](http://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_secret).{{< /call-out >}}
diff --git a/content/amplify/nginx-amplify-agent/configuring-metric-collection.md b/content/amplify/nginx-amplify-agent/configuring-metric-collection.md
index 311967d69..9c3bed5c9 100644
--- a/content/amplify/nginx-amplify-agent/configuring-metric-collection.md
+++ b/content/amplify/nginx-amplify-agent/configuring-metric-collection.md
@@ -49,7 +49,7 @@ nginx: configuration file /etc/nginx/nginx.conf test is successful
 
 Test your nginx configuration after you've added the `stub_status` section above. Make sure there's no ambiguity with either [listen](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen) or [server_name](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) configuration. NGINX Amplify Agent should be able to identify the [stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) URL and will default to use 127.0.0.1 if the configuration is incomplete.
 
-{{< note >}} If you use the `conf.d*`directory to keep common parts of your NGINX configuration that are then automatically included in the [server](http://nginx.org/en/docs/http/ngx_http_core_module.html#server) sections across your NGINX config, do not use the snippet above. Instead, you should configure [stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) manually within an appropriate location or server block. {{< /note >}}
+{{< call-out "note" >}} If you use the `conf.d*`directory to keep common parts of your NGINX configuration that are then automatically included in the [server](http://nginx.org/en/docs/http/ngx_http_core_module.html#server) sections across your NGINX config, do not use the snippet above. Instead, you should configure [stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) manually within an appropriate location or server block. {{< /call-out >}}
 
 The above is an example `nginx_status` URI for [stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html). NGINX Amplify Agent will determine the correct URI automatically upon parsing your NGINX configuration. Please make sure that the directory and the actual configuration file with `stub_status` are readable by NGINX Amplify Agent; otherwise, NGINX Amplify Agent won't be able to determine the `stub_status` URL correctly. If NGINX Amplify Agent fails to find `stub_status`, please refer to the workaround described [here]({{< ref "/amplify/nginx-amplify-agent/install/configuring-amplify-agent#configuring-the-url-for-stub_status-or-status-api" >}}).
 
@@ -95,7 +95,7 @@ You don't have to specifically point NGINX Amplify Agent to either the NGINX con
 
 NGINX Amplify Agent will also try to detect the [log format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for a particular log to parse it properly and try to extract even more useful metrics, for example, [$upstream_response_time](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time).
 
-{{< note >}}Several metrics outlined in [Metrics and Metadata]({{< ref "metrics-metadata" >}}) will only be available if the corresponding variables are included in a custom [access.log](http://nginx.org/en/docs/http/ngx_http_log_module.html) format used for logging requests. You can find a complete list of NGINX log variables [here](http://nginx.org/en/docs/varindex.html).{{< /note >}}
+{{< call-out "note" >}}Several metrics outlined in [Metrics and Metadata]({{< ref "metrics-metadata" >}}) will only be available if the corresponding variables are included in a custom [access.log](http://nginx.org/en/docs/http/ngx_http_log_module.html) format used for logging requests. You can find a complete list of NGINX log variables [here](http://nginx.org/en/docs/varindex.html).{{< /call-out >}}
 
 ## Using Syslog for Metric Collection
 
@@ -118,4 +118,4 @@ If you configured NGINX Amplify Agent for syslog metric collection (see the [con
 
       (see more [here](http://nginx.org/en/docs/control.html))
 
-{{< note >}}To send the NGINX logs to both the existing logging facility and NGINX Amplify Agent, include a separate [access.log](http://nginx.org/en/docs/http/ngx_http_log_module.html) directive for each destination.{{< /note >}}
+{{< call-out "note" >}}To send the NGINX logs to both the existing logging facility and NGINX Amplify Agent, include a separate [access.log](http://nginx.org/en/docs/http/ngx_http_log_module.html) directive for each destination.{{< /call-out >}}
diff --git a/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md b/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md
index 85508a998..f513971f3 100644
--- a/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md
+++ b/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md
@@ -16,4 +16,4 @@ A separate instance of NGINX, as seen by NGINX Amplify Agent, would be the follo
   * A unique master process and its workers, started with an **absolute path** to a distinct NGINX binary
   * A master process running with a default config path; or with a custom path set in the command-line parameters
 
-{{< note >}}NGINX Amplify Agent will try to detect and monitor all unique NGINX instances currently running on a host. Separate sets of metrics and metadata are collected for each unique NGINX instance. {{< /note >}}
+{{< call-out "note" >}}NGINX Amplify Agent will try to detect and monitor all unique NGINX instances currently running on a host. Separate sets of metrics and metadata are collected for each unique NGINX instance. {{< /call-out >}}
diff --git a/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md
index 572725403..07619c363 100644
--- a/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md
+++ b/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md
@@ -56,7 +56,7 @@ NGINX Amplify Agent won't start unless a valid hostname is defined. The followin
   * localhost6.localdomain6
   * ip6-localhost
 
-{{< note >}} You can also use the above method to replace the system's hostname with an arbitrary alias. Remember that if you redefine the hostname for a live object, the existing object will be marked as failed in the web interface. Redefining the hostname in NGINX Amplify Agent's configuration creates a new UUID and a new system for monitoring. {{< /note >}}
+{{< call-out "note" >}} You can also use the above method to replace the system's hostname with an arbitrary alias. Remember that if you redefine the hostname for a live object, the existing object will be marked as failed in the web interface. Redefining the hostname in NGINX Amplify Agent's configuration creates a new UUID and a new system for monitoring. {{< /call-out >}}
 
 Alternatively, you can define an "alias" for the host in the UI (see the [Graphs]({{< ref "/amplify/user-interface/graphs" >}}) section).
 
@@ -80,7 +80,7 @@ To override the URI detection of the status API, use the `plus_status` option.
 plus_status = /status
 ```
 
-{{< note >}}  If only the URI part is specified with the options above, NGINX Amplify Agent will use `http://127.0.0.1` to construct the full URL to access either the *stub_status* or the NGINX Plus status API metrics. {{< /note >}}
+{{< call-out "note" >}}  If only the URI part is specified with the options above, NGINX Amplify Agent will use `http://127.0.0.1` to construct the full URL to access either the *stub_status* or the NGINX Plus status API metrics. {{< /call-out >}}
 
 ## Configuring the Path to the NGINX Configuration File
 
@@ -93,7 +93,7 @@ If NGINX Amplify Agent cannot find the NGINX configuration, use the following op
 configfile = /etc/nginx/nginx.conf
 ```
 
-{{< note >}} It is better to avoid using this option and only add it as a workaround. We'd appreciate it if you took some time to fill out a support ticket in case you had to manually add the path to the NGINX config file. {{< /note >}}
+{{< call-out "note" >}} It is better to avoid using this option and only add it as a workaround. We'd appreciate it if you took some time to fill out a support ticket in case you had to manually add the path to the NGINX config file. {{< /call-out >}}
 
 ## Configuring Host Tags
 
diff --git a/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md
index 1dcbb9241..15bd68957 100644
--- a/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md
+++ b/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md
@@ -8,7 +8,7 @@ nd-docs: DOCS-968
 
 To use F5 NGINX Amplify to monitor your infrastructure, you need to install NGINX Amplify Agent on each system you wish to monitor.
 
-{{< note >}} NGINX Amplify Agent will drop *root* privileges on startup. It will then use the user ID of the user `nginx` to set its effective user ID. The package install procedure will add the `nginx` user automatically unless it's already found in the system. If the [user](https://nginx.org/en/docs/ngx_core_module.html#user) directive appears in the NGINX configuration, NGINX Amplify Agent will pick up the user specified in the NGINX config for its effective user ID (e.g. `www-data`). {{< /note >}}
+{{< call-out "note" >}} NGINX Amplify Agent will drop *root* privileges on startup. It will then use the user ID of the user `nginx` to set its effective user ID. The package install procedure will add the `nginx` user automatically unless it's already found in the system. If the [user](https://nginx.org/en/docs/ngx_core_module.html#user) directive appears in the NGINX configuration, NGINX Amplify Agent will pick up the user specified in the NGINX config for its effective user ID (e.g. `www-data`). {{< /call-out >}}
 
 ## Using the Install Script
 
diff --git a/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md
index e7c0f2c57..7f898c1a3 100644
--- a/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md
+++ b/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md
@@ -6,9 +6,9 @@ toc: true
 nd-docs: DOCS-970
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 It is *highly* recommended that you periodically check for updates and install the latest stable version of F5 NGINX Amplify Agent.
-{{< /important >}}
+{{< /call-out >}}
 
  1. Updating NGINX Amplify Agent On Ubuntu/Debian
 
diff --git a/content/amplify/user-interface/alerts.md b/content/amplify/user-interface/alerts.md
index 490cc6eb7..91758e6a7 100644
--- a/content/amplify/user-interface/alerts.md
+++ b/content/amplify/user-interface/alerts.md
@@ -23,6 +23,6 @@ There's one special rule which is the about **amplify.agent.status** metric. Thi
 
 You shouldn't see consecutive notifications about the same alert repeatedly. Instead, there will be digest information sent out *every 60 minutes*, describing which alerts were generated and which ones were cleared.
 
-{{< note >}} Gauges are *averaged* over the interval configured in the rule. Counters are *summed up*. Currently, this is not user configurable, and these are the only reduce functions available for configuring metric thresholds. {{< /note >}}
+{{< call-out "note" >}} Gauges are *averaged* over the interval configured in the rule. Counters are *summed up*. Currently, this is not user configurable, and these are the only reduce functions available for configuring metric thresholds. {{< /call-out >}}
 
-{{< note >}} Emails are sent using [AWS SES](https://aws.amazon.com/ses/). Make sure your mail relay accepts their traffic. Also, make sure to verify the specified email and check the verification status in the Account menu. {{< /note >}}
+{{< call-out "note" >}} Emails are sent using [AWS SES](https://aws.amazon.com/ses/). Make sure your mail relay accepts their traffic. Also, make sure to verify the specified email and check the verification status in the Account menu. {{< /call-out >}}
diff --git a/content/amplify/user-interface/analyzer.md b/content/amplify/user-interface/analyzer.md
index 40ce6d0b5..d01d4d6f5 100644
--- a/content/amplify/user-interface/analyzer.md
+++ b/content/amplify/user-interface/analyzer.md
@@ -46,6 +46,6 @@ Static analysis will only include information about specific issues with the NGI
 
 In the future, the **Analyzer** page will also include *dynamic analysis*, effectively linking the observed NGINX behavior to its configuration — for example, when it makes sense to increase or decrease certain parameters like [proxy_buffers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers), etc.
 
-{{< note >}} Config analysis is *on* by default. If you don't want your NGINX configuration to be checked, unset the corresponding setting in either Global, or Local (per-system) settings. See [**Settings**]({{< ref "/amplify/user-interface/account-settings" >}}). {{< /note >}}
+{{< call-out "note" >}} Config analysis is *on* by default. If you don't want your NGINX configuration to be checked, unset the corresponding setting in either Global, or Local (per-system) settings. See [**Settings**]({{< ref "/amplify/user-interface/account-settings" >}}). {{< /call-out >}}
 
 {{< img src="amplify/amplify-analyzer-settings.png" alt="Analyzer Settings" >}}
\ No newline at end of file
diff --git a/content/amplify/user-interface/dashboards.md b/content/amplify/user-interface/dashboards.md
index 24dd0814d..5ee9ad389 100644
--- a/content/amplify/user-interface/dashboards.md
+++ b/content/amplify/user-interface/dashboards.md
@@ -38,7 +38,7 @@ To define a graph, perform these steps:
   5. Last but not least, the “filter” functionality is also available for NGINX metrics collected from the log files. If you select "Add metric filter", you can add multiple criteria to define specific "metric dimensions". In the example above, we are matching the NGINX upstream response time against the **/api/feed/reports** URI. You can also build other filters, for example, displaying metric **nginx.http.status.2xx** for the responses with the status code 201.
   6. Select "Save" to add the graph to the dashboard. You can also edit the graph, move it around, resize it, stack the graphs on top of each other, etc.
 
-{{< note >}} When using filters, all the "metric dimensions" aren't stored in the F5 NGINX Amplify backend by default. A particular filter starts to slice the metric according to the specification only after the graph is created. Hence, it can be a while before the "filtered" metric is displayed on the graph — the end result depends on how quickly the log files are being populated with the new entries, but typically you should see the first data points in under 5 minutes. {{< /note >}}
+{{< call-out "note" >}} When using filters, all the "metric dimensions" aren't stored in the F5 NGINX Amplify backend by default. A particular filter starts to slice the metric according to the specification only after the graph is created. Hence, it can be a while before the "filtered" metric is displayed on the graph — the end result depends on how quickly the log files are being populated with the new entries, but typically you should see the first data points in under 5 minutes. {{< /call-out >}}
 
 Because NGINX Amplify is **not** a SaaS log analyzer, the additional slicing for "metric dimensions" is implemented inside NGINX Amplify Agent. NGINX Amplify Agent can parse the NGINX access logs on-the-fly and extract all the necessary metrics **without** sending the raw log entries elsewhere. Moreover, NGINX Amplify Agent understands custom log formats automatically, and will start looking for various newly defined "metric dimensions" following a particular [log_format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) specification.
 
diff --git a/content/amplify/user-interface/inventory.md b/content/amplify/user-interface/inventory.md
index dc7e4d198..f77c83c71 100644
--- a/content/amplify/user-interface/inventory.md
+++ b/content/amplify/user-interface/inventory.md
@@ -16,4 +16,4 @@ In the rightmost column of the **Inventory**, you will find the settings and the
 
 You can apply sorting, search, and filters to the **Inventory** to quickly find the system in question. You can search and filter by hostname, IP address, architecture, etc. You can use regular expressions with the search function.
 
-{{< note >}} When removing an object from monitoring, keep in mind that you also need to stop or uninstall NGINX Amplify Agent on the systems being removed; otherwise, the objects will reappear in the User Interface. Be sure to delete any system-specific alert rules too.{{< /note >}}
\ No newline at end of file
+{{< call-out "note" >}} When removing an object from monitoring, keep in mind that you also need to stop or uninstall NGINX Amplify Agent on the systems being removed; otherwise, the objects will reappear in the User Interface. Be sure to delete any system-specific alert rules too.{{< /call-out >}}
\ No newline at end of file
diff --git a/content/amplify/user-interface/overview.md b/content/amplify/user-interface/overview.md
index 02437219d..3ac91eef5 100644
--- a/content/amplify/user-interface/overview.md
+++ b/content/amplify/user-interface/overview.md
@@ -18,7 +18,7 @@ The cumulative [metrics]({{< ref "/amplify/metrics-metadata" >}}) displayed on t
   * Traffic — sum of **system.net.bytes_sent** rate
   * CPU Usage — average of **system.cpu.user**
 
-{{< note >}} By default the metrics above are calculated for all monitored hosts. You can configure specific tags in the **Overview** settings popup to display the metrics for a set of hosts (e.g. only the "production environment"). {{< /note >}}
+{{< call-out "note" >}} By default the metrics above are calculated for all monitored hosts. You can configure specific tags in the **Overview** settings popup to display the metrics for a set of hosts (e.g. only the "production environment"). {{< /call-out >}}
 
 You may see zero numbers if some metrics are not being gathered, for example, if the request time (P95) is 0.000s, please check that you have correctly configured NGINX log for [additional metric]() collection.
 
diff --git a/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md b/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md
index a1d53cf56..f1e211f4b 100644
--- a/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md
+++ b/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md
@@ -23,9 +23,9 @@ NGINX Controller automatically takes a snapshot of the embedded config database
 
 These automated config backups do not include backups of metrics data, which must be backed up separately; refer to [Backup & Restore the Metrics Database]({{< ref "/controller/admin-guides/backup-restore/backup-restore-metrics-db.md" >}}) for those instructions.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 As a best practice, we recommend that you make scheduled backups of the entire config DB volume and keep the backups off-site for safekeeping.
-{{< /tip >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -35,7 +35,7 @@ As a best practice, we recommend that you make scheduled backups of the entire c
 
 This section explains how to restore the embedded config database from the latest backup file or a specific, timestamped file.
 
-{{< important >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /important >}}
+{{< call-out "important" >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /call-out >}}
 
 - To restore the embedded NGINX Controller config database **from the latest automated backup**, run the following command:
 
diff --git a/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md b/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md
index bc2adbeeb..8ff44f638 100644
--- a/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md
+++ b/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md
@@ -33,9 +33,9 @@ To backup and restore the external config database, you'll need the following:
     export PGPASSWORD=<postgres password>
     ```
 
-    {{< note >}}
+    {{< call-out "note" >}}
 If you've configured PostgreSQL to use SSL, ensure that you've placed your certs in `~/.postgresql`. For more information, see [Client Certificates](https://www.postgresql.org/docs/9.5/libpq-ssl.html#LIBPQ-SSL-CLIENTCERT) in the PostgreSQL documentation.
-    {{< /note >}}
+    {{< /call-out >}}
 
 &nbsp;
 
@@ -75,7 +75,7 @@ Take the following steps to back up the external NGINX Controller config databas
 
 ## Restore External Config Database
 
-{{< important >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /important >}}
+{{< call-out "important" >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /call-out >}}
 
 To restore the external NGINX Controller config database:
 
diff --git a/content/controller/admin-guides/config-agent/about-controller-agent.md b/content/controller/admin-guides/config-agent/about-controller-agent.md
index 2ab44950d..e5efa82c0 100644
--- a/content/controller/admin-guides/config-agent/about-controller-agent.md
+++ b/content/controller/admin-guides/config-agent/about-controller-agent.md
@@ -29,7 +29,7 @@ The NGINX Controller Agent attempts to detect and monitor all unique NGINX proce
 - A unique control process and its workers, started with an **absolute path** to a distinct NGINX binary.
 - A control process running with a default config path, or with a custom path set in the command-line parameters.
 
-{{< caution >}}You should not make manual changes to the `nginx.conf` file on NGINX Plus instances that are managed by NGINX Controller. Manually updating the `nginx.conf` file on managed instances may adversely affect system performance. In most cases, NGINX Controller will revert or overwrite manual updates made to `nginx.conf`.{{< /caution >}}
+{{< call-out "caution"  >}}You should not make manual changes to the `nginx.conf` file on NGINX Plus instances that are managed by NGINX Controller. Manually updating the `nginx.conf` file on managed instances may adversely affect system performance. In most cases, NGINX Controller will revert or overwrite manual updates made to `nginx.conf`.{{< /call-out >}}
 
 <br/>
 
@@ -37,7 +37,7 @@ The NGINX Controller Agent attempts to detect and monitor all unique NGINX proce
 
 NGINX Controller, the NGINX Controller Agent, and the NGINX Controller Application Security Add-on support the following distributions and architectures.
 
-{{< see-also >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /call-out>}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
@@ -65,9 +65,9 @@ NGINX Controller, the NGINX Controller Agent, and the NGINX Controller Applicati
 
 NGINX Controller v3.1 and later use an Analytics, Visibility, and Reporting daemon (AVRD) to aggregate and report app-centric metrics, which you can use to track and check the health of your apps. To learn more about these metrics, see the [NGINX Metrics Catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) topic.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 See the [NGINX Controller Technical Specifications]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}}) for the complete list of system requirements for NGINX Controller and the NGINX Controller Agent.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Supported Python Versions
 
diff --git a/content/controller/admin-guides/config-agent/configure-metrics-collection.md b/content/controller/admin-guides/config-agent/configure-metrics-collection.md
index 6fadc382c..c88443035 100644
--- a/content/controller/admin-guides/config-agent/configure-metrics-collection.md
+++ b/content/controller/admin-guides/config-agent/configure-metrics-collection.md
@@ -40,9 +40,9 @@ NGINX Controller uses the `/api` location on the NGINX Plus instance to collect
 
 When you push a configuration to an NGINX Plus instance, NGINX Controller automatically enables the `/api` location for that instance.
 
-{{< note >}}
+{{< call-out "note" >}}
 The `/api` location settings that NGINX Controller creates will override any settings that you have previously defined.
-{{< /note >}}
+{{< /call-out >}}
 
 If you use NGINX Controller solely to monitor your NGINX Plus instances, you may need to enable the `/api` location on your instances manually.
 Refer to the [Configuring the API](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#configuring-the-api) section of the NGINX Plus Admin Guide for instructions.
@@ -63,12 +63,12 @@ The Agent will try to detect the [log format](https://nginx.org/en/docs/http/ngx
 
 Some metrics included in the [NGINX Metrics reference]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) are not available unless the corresponding variables are included in a custom [access.log](https://nginx.org/en/docs/http/ngx_http_log_module.html) format in the NGINX config.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 - Read [Configuring Logging](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log) in the NGINX Admin Guide.
 - View the complete list of [NGINX log variables](https://nginx.org/en/docs/varindex.html).
 
-{{< /see-also >}}.
+{{< /call-out>}}.
 
 Take the steps in this section to enable the NGINX Controller Agent to collect metrics from custom `access.log` variables.
 
@@ -93,9 +93,9 @@ Take the steps in this section to enable the NGINX Controller Agent to collect m
    access_log /var/log/nginx/access.log main_ext;
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
 By default, the Controller Agent processes all access logs that it finds in your log directory. If you define a new log file with the extended log format that contains entries that are already being logged to another access log, your metrics might be counted twice. Refer to the [Agent configuration]({{< ref "/controller/admin-guides/config-agent/configure-the-agent.md" >}}) guide to learn how to exclude specific log files from processing.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Set the [error.log](https://nginx.org/en/docs/ngx_core_module.html#error_log) log level to `warn`.
 
@@ -135,9 +135,9 @@ Take the steps below to enable metrics collection from Syslog:
 
    For more information, see [Controlling NGINX](https://nginx.org/en/docs/control.html).
 
-{{< note >}}
+{{< call-out "note" >}}
 To send the NGINX logs to both the existing logging facility and the NGINX Controller Agent, include a separate [access.log](https://nginx.org/en/docs/http/ngx_http_log_module.html) directive for each destination.
-{{< /note >}}
+{{< /call-out >}}
 
 
 ## What's Next
diff --git a/content/controller/admin-guides/config-agent/configure-the-agent.md b/content/controller/admin-guides/config-agent/configure-the-agent.md
index 468755759..9963d0e80 100644
--- a/content/controller/admin-guides/config-agent/configure-the-agent.md
+++ b/content/controller/admin-guides/config-agent/configure-the-agent.md
@@ -32,9 +32,9 @@ NGINX Controller uses the `/api` location on the NGINX Plus instance to collect
 
 When you push a configuration to an NGINX Plus instance, NGINX Controller automatically enables the `/api` location for that instance.
 
-{{< note >}}
+{{< call-out "note" >}}
 The `/api` location settings that NGINX Controller creates will override any settings that you have previously defined.
-{{< /note >}}
+{{< /call-out >}}
 
 If you use NGINX Controller solely to monitor your NGINX Plus instances, you may need to enable the `/api` location on your instances manually.
 Refer to the [Configuring the API](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#configuring-the-api) section of the NGINX Plus Admin Guide for instructions.
@@ -71,13 +71,13 @@ The hostname should be real. The NGINX Controller Agent won't start unless a val
 - localhost6.localdomain6
 - ip6-localhost
 
-{{< note >}}
+{{< call-out "note" >}}
 
 You can use the above method to replace the system's hostname with an arbitrary alias. Keep in mind that if you redefine the hostname for a live object, the existing object will be marked as failed in the NGINX Controller user interface. Redefining the hostname in the NGINX Controller Agent's configuration creates a new UUID and a new system for monitoring.
 
 Alternatively, you can define an alias for the host in the NGINX Controller user interface. Go to the **Graphs** page, select the system that you want to update, and click the gear icon.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Preserving the UUID across OS upgrades
 
@@ -97,7 +97,7 @@ After restarting the Controller Agent -- `service controller-agent restart` -- t
 
 The NGINX Controller Agent detects the NGINX configuration file automatically. You shouldn't need to point the NGINX Controller Agent to the `nginx.conf` file explicitly.
 
-{{< caution >}}You should not make manual changes to the `nginx.conf` file on NGINX Plus instances that are managed by NGINX Controller. Manually updating the `nginx.conf` file on managed instances may adversely affect system performance. In most cases, NGINX Controller will revert or overwrite manual updates made to `nginx.conf`.{{< /caution >}}
+{{< call-out "caution"  >}}You should not make manual changes to the `nginx.conf` file on NGINX Plus instances that are managed by NGINX Controller. Manually updating the `nginx.conf` file on managed instances may adversely affect system performance. In most cases, NGINX Controller will revert or overwrite manual updates made to `nginx.conf`.{{< /call-out >}}
 
 If, for some reason, the NGINX Controller Agent cannot find the NGINX configuration, you can use the following option in `/etc/controller-agent/agent.conf` to point to the configuration file:
 
@@ -106,7 +106,7 @@ If, for some reason, the NGINX Controller Agent cannot find the NGINX configurat
 configfile = /etc/nginx/nginx.conf
 ```
 
-{{< note >}} We recommend using this option only as a workaround if needed. If you do need to add the path to the NGINX config file, we ask that you [contact NGINX Support]({{< ref "/controller/support/contact-support.md" >}}) so they can help troubleshoot the issue.{{< /note >}}
+{{< call-out "note" >}} We recommend using this option only as a workaround if needed. If you do need to add the path to the NGINX config file, we ask that you [contact NGINX Support]({{< ref "/controller/support/contact-support.md" >}}) so they can help troubleshoot the issue.{{< /call-out >}}
 
 ## Set Host Tags
 
@@ -117,15 +117,15 @@ You can define arbitrary tags on a "per-host" basis. Tags can be configured in t
 tags = foo bar foo:bar
 ```
 
-{{< note >}} Any changes to instance Tags made in the Controller user interface will overwrite the values stored in `agent.conf`.{{< /note >}}
+{{< call-out "note" >}} Any changes to instance Tags made in the Controller user interface will overwrite the values stored in `agent.conf`.{{< /call-out >}}
 
 You can use tags to build custom graphs, configure alerts, and filter the systems on the **Graphs** page in the Controller user interface.
 
 ## Logging to Syslog
 
-{{< see-also >}}
+{{< call-out "note" >}}
 [NGINX Admin Guide - Logging to Syslog](https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#logging-to-syslog)
-{{< /see-also >}}
+{{< /call-out>}}
 
 The NGINX Controller Agent can collect NGINX log files using `syslog`. This could be useful when you don't keep the NGINX logs on disk, or when monitoring a container environment such as Docker with NGINX Controller.
 
@@ -147,9 +147,9 @@ To configure the NGINX Controller Agent to send logs to `syslog`:
     # service controller-agent restart
     ```
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Make sure you [add the `syslog` settings to your NGINX configuration file]({{< ref "/controller/admin-guides/config-agent/configure-metrics-collection.md#collect-metrics-from-syslog" >}}) as well.
-    {{< /important >}}
+    {{< /call-out >}}
 
 ## Exclude Certain NGINX Log Files
 
@@ -182,9 +182,9 @@ Upon installation, the NGINX Controller Agent's log rotation schedule is added t
 
 The normal level of logging for the NGINX Controller Agent is `INFO`. If you ever need to debug the NGINX Controller Agent, change the level to `DEBUG` as described below.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 The size of the NGINX Controller Agent's log file can proliferate in `DEBUG` mode. You should use `DEBUG` mode only for troubleshooting purposes.
-{{< /caution >}}
+{{< /call-out >}}
 
 ### Change the Agent Log Level
 
diff --git a/content/controller/admin-guides/install/get-n-plus-cert-and-key.md b/content/controller/admin-guides/install/get-n-plus-cert-and-key.md
index 55a141570..9b980d52f 100644
--- a/content/controller/admin-guides/install/get-n-plus-cert-and-key.md
+++ b/content/controller/admin-guides/install/get-n-plus-cert-and-key.md
@@ -19,9 +19,9 @@ This topic explains how to use the [F5 NGINX Controller REST API](https://docs.n
 
 The NGINX Controller API uses session cookies to authenticate requests. The session cookie is returned in response to a `GET /api/v1/platform/login` request. See the Login endpoint in the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) documentation for information about session cookie timeouts and invalidation.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can send a GET request to the login endpoint to find the status of the session token.
-{{< /tip >}}
+{{< /call-out >}}
 
 For example:
 
@@ -60,9 +60,9 @@ For example:
   curl -b cookie.txt -c cookie.txt -X GET --url 'https://192.0.2.0/api/v1/platform/licenses/nginx-plus-licenses/controller-provided' --output nginx-plus-certs.gz
   ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If you are using a self-signed certificate you will need to add `-k` (allow insecure connections) to your curl command to be able to download your NGINX Plus certificate and key bundle.
-{{< /note >}}
+{{< /call-out >}}
 
 
 Once you have downloaded your certificate and key bundle you will need to expand the `.gz` file to get your certificate and key pair.
diff --git a/content/controller/admin-guides/install/install-agent-non-root.md b/content/controller/admin-guides/install/install-agent-non-root.md
index 7d4dd31bf..8c58211cd 100644
--- a/content/controller/admin-guides/install/install-agent-non-root.md
+++ b/content/controller/admin-guides/install/install-agent-non-root.md
@@ -36,9 +36,9 @@ Take the following steps to add an instance to NGINX Controller:
 1. Add a name for the instance. If you don't provide a name, the hostname of the instance is used by default.
 1. To add the instance to an existing Location, select a Location from the list. Or to create a Location, select **Create New**.
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Once set, the Location for an instance cannot be changed. If you need to change or remove the Location for an instance, you must [remove the instance from NGINX Controller]({{< ref "/controller/infrastructure/instances/manage-instances.md#delete-an-instance" >}}), and then add it back.
-    {{< /important >}}
+    {{< /call-out >}}
 
 1. (Optional) By default, registration of NGINX Plus instances is performed over a secure connection. To use self-signed certificates with the Controller Agent, select **Allow insecure server connections to NGINX Controller using TLS**. For security purposes, we recommend that you secure the Controller Agent with signed certificates when possible.
 1. Use SSH to connect and log in to the NGINX instance that you want to connect to NGINX Controller.
@@ -51,7 +51,7 @@ Once set, the Location for an instance cannot be changed. If you need to change
     curl -sS -L https://<controller FQDN>/install/controller-agent > install.sh && API_KEY='<API KEY>' CONTROLLER_USER='<non-root user>' CONTROLLER_GROUP='<optional group>' -i <instance name> -l <instance location>
     ```
 
-    {{< note >}}
+    {{< call-out "note" >}}
 
 Make sure you enter the commands to download and run the `install.sh` script on the NGINX Plus system, and not on the NGINX Controller.
 
@@ -61,7 +61,7 @@ If `CONTROLLER_USER` is not set, during the installation you will see the messag
 
 Running agent as non-root changes the nap-syslog port to `5114` in both containerized and non-containerized instances.
 
-    {{< /note >}}
+    {{< /call-out >}}
 
 &nbsp;
 
diff --git a/content/controller/admin-guides/install/install-nginx-controller-agent.md b/content/controller/admin-guides/install/install-nginx-controller-agent.md
index 2ee592106..65aa4ab54 100644
--- a/content/controller/admin-guides/install/install-nginx-controller-agent.md
+++ b/content/controller/admin-guides/install/install-nginx-controller-agent.md
@@ -22,7 +22,7 @@ You can use the NGINX Controller Agent to monitor your systems with the NGINX Co
 
 ## Install the NGINX Controller Agent
 
-{{< see-also >}} If you want to run the NGINX Controller Agent as a non-root user, follow the alternative instructions in the [Install NGINX Controller Agent for Non-root User]({{< ref "/controller/admin-guides/install/install-agent-non-root.md" >}}) guide instead of the steps provided in this section. {{< /see-also >}}
+{{< call-out "note" >}} If you want to run the NGINX Controller Agent as a non-root user, follow the alternative instructions in the [Install NGINX Controller Agent for Non-root User]({{< ref "/controller/admin-guides/install/install-agent-non-root.md" >}}) guide instead of the steps provided in this section. {{< /call-out>}}
 
 Take the following steps to add an instance to NGINX Controller:
 
@@ -35,25 +35,25 @@ Take the following steps to add an instance to NGINX Controller:
 7. To add the instance to an existing [Instance Group]({{< ref "/controller/infrastructure/instances/manage-instances.md#instance-groups" >}}), select an Instance Group from the list. Or to create an Instance Group, select **Create New**.
 8. To add the instance to an existing Location, select a Location from the list. Or to create a Location, select **Create New**.
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Once set, the Location for an instance cannot be changed. If you need to change or remove the Location for an instance, you must [remove the instance from NGINX Controller]({{< ref "/controller/infrastructure/instances/manage-instances.md#delete-an-instance" >}}), and then add it back.
-    {{< /important >}}
+    {{< /call-out >}}
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Instances and the instance groups they belong to should specify the same location; however, this requirement is not currently enforced. If different locations are specified, the instance group's location takes precedence. This is important to remember when [assigning locations to workload groups]({{< ref "/controller/app-delivery/manage-apps.md#workload-groups">}}).
-    {{< /important >}}
+    {{< /call-out >}}
 
 9. (Optional) By default, registration of NGINX Plus instances is performed over a secure connection. To use self-signed certificates with the Controller Agent, select **Allow insecure server connections to NGINX Controller using TLS**. For security purposes, we recommend that you secure the Controller Agent with signed certificates when possible.
 10. Use SSH to connect and log in to the NGINX instance that you want to connect to NGINX Controller.
 11. Run the `curl` or `wget` command that's shown in the **Installation Instructions** section on the NGINX instance to download and install the Controller Agent package. When specified, the `-i` and `-l` options for the `install.sh` script refer to the instance name and Location, respectively.
 
-    {{< note >}}
+    {{< call-out "note" >}}
 
 Make sure you enter the commands to download and run the `install.sh` script on the NGINX Plus system, and not on the NGINX Controller.
 
 NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller v3.7 and later.
 
-    {{< /note >}}
+    {{< /call-out >}}
 
 After a few minutes, the NGINX instance will appear on the **Instances** overview page.
 
@@ -70,11 +70,11 @@ To update the NGINX Controller Agent, take the following steps:
 1. On the **Instances** overview page, select **Create**.
 1. Follow the instructions in the **Install Instructions** pane to connect to the NGINX instance and install the updated Controller Agent package.
 
-      {{< note >}}
+      {{< call-out "note" >}}
 
 NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller 3.7 and later.
 
-      {{< /note >}}
+      {{< /call-out >}}
 
 
 ## Uninstall the Analytics, Visibility, and Reporting Daemon (AVRD)
@@ -100,7 +100,7 @@ To uninstall AVRD and the supporting modules, run the following command on each
 
 Take the following steps to uninstall the Controller Agent and delete an instance.
 
-{{< important >}}Be sure to uninstall the Controller Agent first, before you delete an instance. If you don't uninstall the Controller Agent first, the instance may reappear in NGINX Controller after it has been deleted.{{< /important >}}
+{{< call-out "important" >}}Be sure to uninstall the Controller Agent first, before you delete an instance. If you don't uninstall the Controller Agent first, the instance may reappear in NGINX Controller after it has been deleted.{{< /call-out >}}
 
 1. On your NGINX Plus instance, stop the Controller Agent service:
 
@@ -160,7 +160,7 @@ Take the following steps to uninstall the Controller Agent and delete an instanc
 
 1. Delete alerts:
 
-    {{< note >}}When you delete an instance, any related alerts for that instance are not deleted automatically. You can delete the alerts manually, however.{{< /note >}}
+    {{< call-out "note" >}}When you delete an instance, any related alerts for that instance are not deleted automatically. You can delete the alerts manually, however.{{< /call-out >}}
 
    1. Open the NGINX Controller user interface and log in.
    2. On the Analytics menu, select **Alerts > Alert Rules**.
diff --git a/content/controller/admin-guides/install/install-nginx-controller.md b/content/controller/admin-guides/install/install-nginx-controller.md
index 0607d2240..63ad87cb7 100644
--- a/content/controller/admin-guides/install/install-nginx-controller.md
+++ b/content/controller/admin-guides/install/install-nginx-controller.md
@@ -37,9 +37,9 @@ NGINX Controller uses a number of open source software packages in the product.
 
 Before installing NGINX Controller, review the following prerequisites.
 
-{{< important >}}
+{{< call-out "important" >}}
 NGINX Controller should be deployed on a secure, internal network only. We strongly recommend against exposing the NGINX Controller API to the internet.
-{{< /important >}}
+{{< /call-out >}}
 
 Things you'll need before installing NGINX Controller:
 
@@ -93,14 +93,14 @@ To install all of the NGINX Controller prerequisites for your system at the same
     ./helper.sh prereqs
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 After you've installed NGINX Controller, you can install any of the prerequisites by running the following command:
 
   ```bash
 /opt/nginx-controller/helper.sh prereqs [base|docker|nfs]
 ```
 
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -150,10 +150,10 @@ If you are using Ubuntu-20.04 and want to install Docker on your own, choose the
 - [Docker Community Edition (CE)](https://docs.docker.com/engine/install/ubuntu/) 19.03
 - [Containerd.io](https://containerd.io/) 1.2.13
 
-{{< see-also >}}
-For instructions on installing Docker in offline scenarios on CentOS/RHEL 7, refer to the AskF5 [K84431427](https://support.f5.com/csp/article/K84431427) knowledge base article.{{< /see-also >}}
+{{< call-out "note" >}}
+For instructions on installing Docker in offline scenarios on CentOS/RHEL 7, refer to the AskF5 [K84431427](https://support.f5.com/csp/article/K84431427) knowledge base article.{{< /call-out>}}
 
-{{< important >}} You need to enable Docker log rotation to ensure that the logs don't consume all the free disk space on the server. For instructions on how to enable Docker log rotation, see the Docker guides [Configure logging drivers](https://docs.docker.com/config/containers/logging/configure/) and [JSON File logging driver](https://docs.docker.com/config/containers/logging/json-file/).{{< /important >}}&nbsp;
+{{< call-out "important" >}} You need to enable Docker log rotation to ensure that the logs don't consume all the free disk space on the server. For instructions on how to enable Docker log rotation, see the Docker guides [Configure logging drivers](https://docs.docker.com/config/containers/logging/configure/) and [JSON File logging driver](https://docs.docker.com/config/containers/logging/json-file/).{{< /call-out >}}&nbsp;
 
 #### Red Hat Enterprise Linux
 
@@ -234,9 +234,9 @@ Refer to the AskF5 KB article [K49481224](https://support.f5.com/csp/article/K49
 
 Install NGINX Controller on a dedicated node that **does not** already have Kubernetes configured. NGINX Controller does not support pre-configured Kubernetes implementations at this time. The installer for NGINX Controller will install and configure Kubernetes for you.
 
-{{< important >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /important >}}
+{{< call-out "important" >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /call-out >}}
 
-{{< caution >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /caution >}}
+{{< call-out "caution"  >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /call-out >}}
 
 To install NGINX Controller, take the following steps:
 
@@ -254,17 +254,17 @@ To install NGINX Controller, take the following steps:
     ./install.sh
     ```
 
-    {{< important >}}Installing NGINX Controller as `root` is **not supported** on multi-node clusters. Instead, create a user with `sudo` permission for installing and performing all operations with NGINX Controller. Further, NGINX Controller scripts should also run with this dedicated user; scripts shouldn't be run as `sudo`, `sudo su`, or as the `root` user directly.{{< /important >}}
+    {{< call-out "important" >}}Installing NGINX Controller as `root` is **not supported** on multi-node clusters. Instead, create a user with `sudo` permission for installing and performing all operations with NGINX Controller. Further, NGINX Controller scripts should also run with this dedicated user; scripts shouldn't be run as `sudo`, `sudo su`, or as the `root` user directly.{{< /call-out >}}
 
-    {{< note >}}If an HTTPS proxy is configured for the whole system, you should disable the proxy for the IP address and hostname of the host that you're running the NGINX Controller install script on.
-    For example, run the command `export NO_PROXY=<current_ip>,<current_hostname>`. {{< /note >}}
+    {{< call-out "note" >}}If an HTTPS proxy is configured for the whole system, you should disable the proxy for the IP address and hostname of the host that you're running the NGINX Controller install script on.
+    For example, run the command `export NO_PROXY=<current_ip>,<current_hostname>`. {{< /call-out >}}
 
     The installation script walks through a series of steps and asks for the following input:
 
     - **Config database configuration**. Specify whether to use an embedded, self-hosted PostgreSQL database for the config database, or if you want to provide your own external PostgreSQL database. If you choose to provide your own database, make sure you've reviewed the [PostgreSQL prerequisites](#postgresql-optional).
     - **Config database volume type**: Specify the type of volume to use to store the config database: local, NFS, or AWS. We recommend choosing `local` only for demo and trial purposes.
 
-      {{< see-also >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /see-also >}}
+      {{< call-out "note" >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /call-out>}}
 
     - **Analytics database volume type**: Specify the type of volume to use to store the analytics database: local, NFS, or AWS. We recommend choosing `local` for demo and trial purposes.
     - **EULA**: Read the end-user license agreement. Type either `y` to accept or `n` to exit.
@@ -280,10 +280,10 @@ To install NGINX Controller, take the following steps:
       - **Email address**: The contact email address for the initial admin user.
       - **Password**: The initial admin's password. Passwords must be 6-64 characters long and must include letters and digits.
     - **FQDN**: Fully qualified domain name (FQDN) -- a resolvable domain name for the NGINX Controller server. The FQDN is used by Controller Agents when connecting to NGINX Controller.
-    {{< note >}}We recommend setting the FQDN to a internal address when possible, to avoid exposing the traffic between the Agent and NGINX Controller. This also reduces the external traffic in cloud environments. {{< /note >}}
+    {{< call-out "note" >}}We recommend setting the FQDN to a internal address when possible, to avoid exposing the traffic between the Agent and NGINX Controller. This also reduces the external traffic in cloud environments. {{< /call-out >}}
     - **SSL/TLS certificates**: Type `y` to generate and use self-signed certs for running NGINX Controller over HTTPS, or type `n` to provide your own certs.
 
-        {{< important >}}If you provide your own SSL/TLS certificates, you'll need a complete certificate chain file, with the intermediate CA cert appended to the server cert; the server certificate must appear **before** the chained certificates in the combined file. If the certificate contains a wildcard Common Name (CN=*.example.com) it must also contain a Subject Alternate Name (SAN=nginx-controller.example.com). {{< /important >}}
+        {{< call-out "important" >}}If you provide your own SSL/TLS certificates, you'll need a complete certificate chain file, with the intermediate CA cert appended to the server cert; the server certificate must appear **before** the chained certificates in the combined file. If the certificate contains a wildcard Common Name (CN=*.example.com) it must also contain a Subject Alternate Name (SAN=nginx-controller.example.com). {{< /call-out >}}
 
 1. Log in to the NGINX Controller browser interface by navigating to the DNS, FQDN, or IP address of the NGINX Controller host, for example, `https://<Controller-FQDN>/login`. Use the admin email address and password that you provided during the installation process.
 
@@ -306,9 +306,9 @@ To add a license to NGINX Controller, take the following steps:
 
 1. Select **Save license**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PUT request to the `/platform/license` endpoint. Provide your CAT or NGINX Controller license as a base64-encoded string in the JSON request body.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 &nbsp;
@@ -358,9 +358,9 @@ To update the NGINX Controller software, take the steps below. When complete, yo
 
 When updating NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 We strongly recommend that you make a backup of the following information before proceeding, to avoid potential data and/or configuration loss:
 
 - [Back up the NGINX Controller databases]({{< ref "/controller/admin-guides/backup-restore" >}}).
@@ -376,7 +376,7 @@ We strongly recommend that you make a backup of the following information before
     cp /etc/controller-agent/agent.conf <temporary location>
     ```
 
-{{< /caution >}}
+{{< /call-out >}}
 
 1. Download the installer package from the [MyF5 Customer Portal](https://my.f5.com/manage/s/downloads).
 
@@ -401,13 +401,13 @@ We strongly recommend that you make a backup of the following information before
     ./update.sh
     ```
 
-    {{< note >}}If you're upgrading from an older version of NGINX Controller and you installed Controller as root user, use `--allow-with-root` flag when running an update script. {{< /note >}}
+    {{< call-out "note" >}}If you're upgrading from an older version of NGINX Controller and you installed Controller as root user, use `--allow-with-root` flag when running an update script. {{< /call-out >}}
 
 1. If you are logged in to NGINX Controller using a web browser, sign out and log in again.
 
     - To sign out, select your username in the upper right-hand corner, and then select "Sign Out". For optimal performance, also flush your browser cache.
 
-{{< important >}} After you upgrade NGINX Controller, you also need to [update the NGINX Controller Agent]({{< ref "/controller/admin-guides/install/install-nginx-controller-agent" >}}) to the latest version. {{< /important >}}
+{{< call-out "important" >}} After you upgrade NGINX Controller, you also need to [update the NGINX Controller Agent]({{< ref "/controller/admin-guides/install/install-nginx-controller-agent" >}}) to the latest version. {{< /call-out >}}
 
 &nbsp;
 
@@ -426,7 +426,7 @@ To uninstall NGINX Controller, run the uninstall script:
 ---
 
 ## Install NGINX Controller Agent
-{{< see-also >}} If you want to run the NGINX Controller Agent as a non-root user, follow the alternative instructions in the [Install NGINX Controller Agent for Non-root User]({{< ref "/controller/admin-guides/install/install-agent-non-root.md" >}}) guide instead of the steps provided in this section. {{< /see-also >}}
+{{< call-out "note" >}} If you want to run the NGINX Controller Agent as a non-root user, follow the alternative instructions in the [Install NGINX Controller Agent for Non-root User]({{< ref "/controller/admin-guides/install/install-agent-non-root.md" >}}) guide instead of the steps provided in this section. {{< /call-out>}}
 
 Install the Controller Agent on each NGINX Plus instance that you want to manage and monitor.
 
@@ -441,25 +441,25 @@ Take the following steps to add an instance to NGINX Controller:
 7. To add the instance to an existing [Instance Group]({{< ref "/controller/infrastructure/instances/manage-instances.md#instance-groups" >}}), select an Instance Group from the list. Or to create an Instance Group, select **Create New**.
 8. To add the instance to an existing Location, select a Location from the list. Or to create a Location, select **Create New**.
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Once set, the Location for an instance cannot be changed. If you need to change or remove the Location for an instance, you must [remove the instance from NGINX Controller]({{< ref "/controller/infrastructure/instances/manage-instances.md#delete-an-instance" >}}), and then add it back.
-    {{< /important >}}
+    {{< /call-out >}}
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Instances and the instance groups they belong to should specify the same location; however, this requirement is not currently enforced. If different locations are specified, the instance group's location takes precedence. This is important to remember when [assigning locations to workload groups]({{< ref "/controller/app-delivery/manage-apps.md#workload-groups">}}).
-    {{< /important >}}
+    {{< /call-out >}}
 
 9. (Optional) By default, registration of NGINX Plus instances is performed over a secure connection. To use self-signed certificates with the Controller Agent, select **Allow insecure server connections to NGINX Controller using TLS**. For security purposes, we recommend that you secure the Controller Agent with signed certificates when possible.
 10. Use SSH to connect and log in to the NGINX instance that you want to connect to NGINX Controller.
 11. Run the `curl` or `wget` command that's shown in the **Installation Instructions** section on the NGINX instance to download and install the Controller Agent package. When specified, the `-i` and `-l` options for the `install.sh` script refer to the instance name and Location, respectively.
 
-    {{< note >}}
+    {{< call-out "note" >}}
 
 Make sure you enter the commands to download and run the `install.sh` script on the NGINX Plus system, and not on the NGINX Controller.
 
 NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller v3.7 and later.
 
-    {{< /note >}}
+    {{< /call-out >}}
 
 After a few minutes, the NGINX instance will appear on the **Instances** overview page.
 
@@ -476,9 +476,9 @@ If NGINX Controller isn't working how you expect, see the knowledge base article
 
 You can create a support package for NGINX Controller that you can use to diagnose issues.
 
-{{< note >}}
+{{< call-out "note" >}}
 You will need to provide a support package if you open a ticket with NGINX Support via the [MyF5 Customer Portal](https://account.f5.com/myf5).
-{{< /note >}}&nbsp;
+{{< /call-out >}}&nbsp;
 
 ```bash
 /opt/nginx-controller/helper.sh supportpkg [-o|--output <file name>] [-s|--skip-db-dump] [-t|--timeseries-dump <hours>]
diff --git a/content/controller/admin-guides/install/nginx-controller-tech-specs.md b/content/controller/admin-guides/install/nginx-controller-tech-specs.md
index 39b8a7da6..de963dce1 100644
--- a/content/controller/admin-guides/install/nginx-controller-tech-specs.md
+++ b/content/controller/admin-guides/install/nginx-controller-tech-specs.md
@@ -16,7 +16,7 @@ This guide lists the technical recommendations for F5 NGINX Controller v3 and NG
 
 NGINX Controller, the NGINX Controller Agent, and the NGINX Controller Application Security Add-on support the following distributions and architectures.
 
-{{< see-also >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /call-out>}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
@@ -118,9 +118,9 @@ NGINX Controller supports the following [NGINX Plus](https://www.f5.com/products
 
 The App Security add-on for the NGINX Controller Application Delivery module is compatible with the versions of NGINX Plus and NGINX App Protect shown in the table below. New releases of NGINX Controller ADC support the last four versions of NGINX Plus at release time.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [Using NGINX App Protect with NGINX Controller]({{< ref "controller/admin-guides/install/install-for-controller.md" >}}) for installation instructions and additional information.
-{{< /see-also >}}
+{{< /call-out>}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
@@ -160,11 +160,11 @@ NGINX Controller works best with the newest and the last prior version of these
 - [Safari](https://support.apple.com/downloads/safari)
 - [Internet Explorer](https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads) and [Microsoft Edge](https://www.microsoft.com/en-us/edge)
 
-{{< important >}}
+{{< call-out "important" >}}
 You may need to turn off any ad blockers while using the NGINX Controller user interface.
 
 In some cases, the NGINX Controller user interface may not display analytics or security events if an ad blocker is enabled. Refer to the AskF5 KB article [K48603454](https://support.f5.com/csp/article/K48903454) to learn more about this issue and how to resolve it.
-{{< /important >}}
+{{< /call-out >}}
 
 
 &nbsp;
@@ -204,9 +204,9 @@ When using local storage for the analytics and/or config database, we recommend
 - 100 IOPS
 - 155–255 GB free disk space. 255 GB of free space is recommended if NGINX Controller App Security is enabled. See the [Storage Requirements]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#storage-requirements" >}}) section for a categorized list of the storage requirements.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 To conserve IO and/or disk space, you can use a separate disk for the local storage directory `/opt/nginx-controller/clickhouse_data`.
-{{< /tip >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -224,9 +224,9 @@ To use NFS for external storage for the analytics and/or config database, consid
 
 ### AWS EBS
 
-{{< important >}}
+{{< call-out "important" >}}
 If you plan to run NGINX Controller on AWS EC2 instances, we recommend using NFS shares for the external volumes. Using EBS shares for multi-node clusters is not recommended because of the [EBS Availability Zone limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations); for example, the requirement to have EC2 instances and EBS volumes in the same Availability Zone.
-{{< /important >}}
+{{< /call-out >}}
 
 If you are installing NGINX Controller on [AWS EC2 instances](https://aws.amazon.com/ec2/getting-started/) and plan to use EBS volumes for the analytics and/or config database, consider the following:
 
@@ -361,9 +361,9 @@ NGINX Controller supports the following versions of PostgreSQL:
 
 For a system monitoring **100 NGINX Plus instances**, we recommend at least **32 GB of database storage**. Database storage requirements can vary, depending on the number of NGINX Plus instances, components, published API specs, and the churn rate for configuration changes. For monitor-only implementations, the database storage needs are small; for API Management (APIM) and/or App Delivery Controller (ADC) implementations in production, the storage needs are greater.
 
-{{< important >}}
+{{< call-out "important" >}}
 If you use PostgreSQL 12, we recommend disabling [Just-in-Time (JIT)](https://www.postgresql.org/docs/12/jit.html) compilation to improve NGINX Controller's performance. To disable JIT, edit the `postgresql.conf` file and set `jit=off`.
-{{< /important >}}
+{{< /call-out >}}
 
 
 &nbsp;
diff --git a/content/controller/admin-guides/install/resilient-cluster-aws.md b/content/controller/admin-guides/install/resilient-cluster-aws.md
index 240c0edc5..839cc8f2e 100644
--- a/content/controller/admin-guides/install/resilient-cluster-aws.md
+++ b/content/controller/admin-guides/install/resilient-cluster-aws.md
@@ -19,8 +19,8 @@ To be resilient, a cluster requires three working nodes. That's two nodes for a
 
 If a node fails in a resilient cluster, NGINX Controller automatically redirects traffic to the other working nodes. A multi-node cluster is operational with only two nodes; however, a two-node cluster isn't resilient to further failures. If one of the nodes in a multi-node cluster becomes degraded or fails, you must take action **as soon as possible** to recover or replace the failed node or risk losing resiliency.
 
-{{< important >}}The failover time can take **up to 5 minutes** when a node fails. During this time, NGINX Controller may be unavailable while services are migrated and restarted. Resiliency will be restored once there are **three working nodes** in the cluster.
-{{< /important >}}
+{{< call-out "important" >}}The failover time can take **up to 5 minutes** when a node fails. During this time, NGINX Controller may be unavailable while services are migrated and restarted. Resiliency will be restored once there are **three working nodes** in the cluster.
+{{< /call-out >}}
 
 The following table shows how many nodes are needed for a cluster to have a quorum and what the failure tolerance is:
 
@@ -72,7 +72,7 @@ Before installing or configuring NGINX Controller as a multi-node cluster, revie
 
 ### Prerequisites
 
-{{< important >}}If you plan to run NGINX Controller on AWS EC2 instances, we recommend you use NFS shares for the external volumes. Using EBS shares for multi-node clusters is not recommended because of the [EBS Availability Zone limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations).{{< /important >}}
+{{< call-out "important" >}}If you plan to run NGINX Controller on AWS EC2 instances, we recommend you use NFS shares for the external volumes. Using EBS shares for multi-node clusters is not recommended because of the [EBS Availability Zone limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations).{{< /call-out >}}
 
 Things you'll need before installing NGINX Controller as a resilient cluster:
 
@@ -92,7 +92,7 @@ Things you'll need before installing NGINX Controller as a resilient cluster:
 
 ## Configure IAM Roles
 
-{{< important >}}If you plan to run NGINX Controller on AWS EC2 instances, we recommend using NFS shares for the external volumes. Using EBS shares for multi-node clusters is not recommended because of the [EBS Availability Zone limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations); for example, the requirement to have EC2 instances and EBS volumes in the same Availability Zone.{{< /important >}}
+{{< call-out "important" >}}If you plan to run NGINX Controller on AWS EC2 instances, we recommend using NFS shares for the external volumes. Using EBS shares for multi-node clusters is not recommended because of the [EBS Availability Zone limitations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html#considerations); for example, the requirement to have EC2 instances and EBS volumes in the same Availability Zone.{{< /call-out >}}
 
 If you are installing NGINX Controller on [AWS EC2 instances](https://aws.amazon.com/ec2/getting-started/) and plan to use EBS volumes for the analytics and/or config database, you will need to add an IAM role like the one shown below. This will also allow the automatic creation of Elastic Load Balancers (ELBs). Additionally, for successful automatic creation of ELBs, all the EC2 instances that are or will be part of the cluster must be tagged with the following key-value pair:
   `kubernetes.io/cluster/NGINX-CONTROLLER : owned`
@@ -192,9 +192,9 @@ If you are installing NGINX Controller on [AWS EC2 instances](https://aws.amazon
 
 Nodes are additional control-plane hosts that you can add to your cluster to improve uptime resilience. For a resilient cluster, you should have at least three nodes, of which **two nodes must always be operational**.
 
-{{< important >}}
+{{< call-out "important" >}}
 When adding a third node to the cluster for the first time, NGINX Controller may become momentarily unavailable while the cluster is being created. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 Take the following steps to add a node to the cluster:
 
@@ -226,9 +226,9 @@ Take the following steps to add a node to the cluster:
 1. After the installation finishes, the node status in the web interface changes to `Configured`.
 1. Repeat these steps for each node that you want to add to the cluster.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add nodes to your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a POST request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -250,13 +250,13 @@ There might be situations when you need to delete a node, either temporarily for
 
 If you need to remove a node temporarily, follow the steps in the [Add Nodes to the Cluster](#add-nodes-to-the-cluster) topic when you are ready to re-add it. Make sure to uninstall NGINX Controller from the node before re-installing NGINX Controller with the new join-key.
 
-{{< important >}}
+{{< call-out "important" >}}
 Deleting nodes can cause NGINX Controller to become momentarily unavailable while the cluster is being updated. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions. When deleting nodes, make sure that **at least two nodes are always operational**. If the cluster has fewer than two working nodes, NGINX Controller may become unresponsive, and you may not be able to add new nodes.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the Nodes endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 To delete a node from the cluster using the web interface:
 
@@ -274,9 +274,9 @@ To delete a node from the cluster using the web interface:
       /opt/nginx-controller/uninstall.sh
       ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -301,11 +301,11 @@ To replace a failed node:
 
 When updating NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 Active users will be logged out from NGINX Controller during an update. We recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 To update your cluster to a newer version of NGINX Controller, take the following steps:
 
diff --git a/content/controller/admin-guides/install/resilient-cluster-private-cloud.md b/content/controller/admin-guides/install/resilient-cluster-private-cloud.md
index cb2339eb0..5672df653 100644
--- a/content/controller/admin-guides/install/resilient-cluster-private-cloud.md
+++ b/content/controller/admin-guides/install/resilient-cluster-private-cloud.md
@@ -24,8 +24,8 @@ To be resilient, a cluster requires three working nodes. That's two nodes for a
 
 If a node fails in a resilient cluster, NGINX Controller automatically redirects traffic to the other working nodes. A multi-node cluster is operational with only two nodes; however, a two-node cluster isn't resilient to further failures. If one of the nodes in a multi-node cluster becomes degraded or fails, you must take action **as soon as possible** to recover or replace the failed node or risk losing resiliency.
 
-{{< important >}}The failover time can take **up to 5 minutes** when a node fails. During this time, NGINX Controller may be unavailable while services are migrated and restarted. Resiliency will be restored once there are **three working nodes** in the cluster.
-{{< /important >}}
+{{< call-out "important" >}}The failover time can take **up to 5 minutes** when a node fails. During this time, NGINX Controller may be unavailable while services are migrated and restarted. Resiliency will be restored once there are **three working nodes** in the cluster.
+{{< /call-out >}}
 
 The following table shows how many nodes are needed for a cluster to have a quorum and what the failure tolerance is:
 
@@ -106,9 +106,9 @@ Things you'll need before installing NGINX Controller as a resilient cluster:
 
 Nodes are additional control-plane hosts that you can add to your cluster to improve uptime resilience. For a resilient cluster, you should have at least three nodes, of which **two nodes must always be operational**.
 
-{{< important >}}
+{{< call-out "important" >}}
 When adding a third node to the cluster for the first time, NGINX Controller may become momentarily unavailable while the cluster is being created. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 Take the following steps to add a node to the cluster:
 
@@ -140,9 +140,9 @@ Take the following steps to add a node to the cluster:
 1. After the installation finishes, the node status in the web interface changes to `Configured`.
 1. Repeat these steps for each node that you want to add to the cluster.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add nodes to your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a POST request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -154,11 +154,11 @@ To add nodes to your cluster using the [NGINX Controller REST API]({{< ref "/con
 
 A floating IP -- also called a virtual IP -- is a static, routable IPv4 address that improves service resiliency by allowing NGINX Controller to continue to receive traffic if a node becomes unavailable. The floating IP is assigned to one of the cluster nodes, and if the node fails, the floating IP is automatically transferred to another node. The floating IP should not be in any DHCP pool.
 
-{{< important>}}
+{{< call-out "important" >}}
 The floating IP needs to be added as an A record for the domain that's used as the Fully Qualified Domain Name (FQDN) for NGINX Controller.
 
 NGINX Controller **does not support IPv6** addresses for the floating IP.
-{{< /important >}}
+{{< /call-out >}}
 
 Take the following steps to add a floating IP for your private cloud cluster:
 
@@ -171,9 +171,9 @@ Take the following steps to add a floating IP for your private cloud cluster:
 1. Select **Save**.
 1. Complete the steps to [update the FQDN](#update-the-fqdn) to use the floating IP.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To set a floating IP using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 &nbsp;
 
 ---
@@ -207,9 +207,9 @@ To change the FQDN for NGINX Controller using the web interface, take the follow
 1. Select **Save**. The cluster services will restart. During this time, the web interface will be briefly unavailable.
 1. Follow the steps to [update the FQDN for Controller Agents](#update-the-fqdn-for-controller-agents).
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To change the FQDN for NGINX Controller using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 &nbsp;
 
 ### Update the FQDN for Controller Agents
@@ -252,9 +252,9 @@ Take the following steps to update the API Gateway SSL certificate:
 
 1. Select **Save**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To update the API Gateway SSL certificate and key using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -264,9 +264,9 @@ To update the API Gateway SSL certificate and key using the [NGINX Controller RE
 
 Take the following steps to view the status for a node:
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To view a node's status using the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}), send a GET request to the Nodes endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 1. Open the NGINX Controller web interface and log in.
 1. Select the NGINX Controller menu icon, then select **Platform**.
@@ -283,13 +283,13 @@ There might be situations when you need to delete a node, either temporarily for
 
 If you need to remove a node temporarily, follow the steps in the [Add Nodes to the Cluster](#add-nodes-to-the-cluster) topic when you are ready to re-add it. Make sure to uninstall NGINX Controller from the node before re-installing NGINX Controller with the new join-key.
 
-{{< important >}}
+{{< call-out "important" >}}
 Deleting nodes can cause NGINX Controller to become momentarily unavailable while the cluster is being updated. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions. When deleting nodes, make sure that **at least two nodes are always operational**. If the cluster has fewer than two working nodes, NGINX Controller may become unresponsive, and you may not be able to add new nodes.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the Nodes endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 To delete a node from the cluster using the web interface:
 
@@ -307,9 +307,9 @@ To delete a node from the cluster using the web interface:
       /opt/nginx-controller/uninstall.sh
       ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -334,11 +334,11 @@ To replace a failed node:
 
 When updating NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 Active users will be logged out from NGINX Controller during an update. We recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 To update your cluster to a newer version of NGINX Controller, take the following steps:
 
diff --git a/content/controller/admin-guides/install/try-nginx-controller-app-sec.md b/content/controller/admin-guides/install/try-nginx-controller-app-sec.md
index ecba8d0f9..7d5bfee52 100644
--- a/content/controller/admin-guides/install/try-nginx-controller-app-sec.md
+++ b/content/controller/admin-guides/install/try-nginx-controller-app-sec.md
@@ -15,9 +15,9 @@ This quick-start tutorial shows you how to get started using F5 NGINX Controller
 
 Take the steps in this guide to deploy NGINX Controller with App Security and deploy NGINX App Protect with NGINX Plus as a data plane instance for use with NGINX Controller.
 
-{{< caution >}}In this tutorial, NGINX Controller will install an embedded, self-hosted PostgreSQL database suitable for demo and trial purposes only. **These instructions are not meant for use in production environments**.{{< /caution >}}
+{{< call-out "caution"  >}}In this tutorial, NGINX Controller will install an embedded, self-hosted PostgreSQL database suitable for demo and trial purposes only. **These instructions are not meant for use in production environments**.{{< /call-out >}}
 
-{{< note >}}If you already have an active NGINX Controller trial and want to add App Security to it, you can start with the [Install NGINX App Protect with NGINX Plus](#install-nginx-app-protect-with-nginx-plus) section. {{< /note >}}
+{{< call-out "note" >}}If you already have an active NGINX Controller trial and want to add App Security to it, you can start with the [Install NGINX App Protect with NGINX Plus](#install-nginx-app-protect-with-nginx-plus) section. {{< /call-out >}}
 
 &nbsp;
 
@@ -48,9 +48,9 @@ The following minimum hardware specifications are required for each node running
 
 The App Security add-on for the NGINX Controller Application Delivery module is compatible with the versions of NGINX Plus and NGINX App Protect shown in the table below. New releases of NGINX Controller ADC support the last four versions of NGINX Plus at release time.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [Using NGINX App Protect with NGINX Controller]({{< ref "controller/admin-guides/install/install-for-controller.md" >}}) for installation instructions and additional information.
-{{< /see-also >}}
+{{< /call-out>}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
@@ -85,7 +85,7 @@ Refer to [Using NGINX App Protect with NGINX Controller]({{< ref "controller/adm
 
 ## Sign Up for a Trial License
 
-{{< note >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /note >}}
+{{< call-out "note" >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /call-out >}}
 
 First, you need to sign up for a trial license for NGINX Controller. The trial includes access to NGINX Plus, the NGINX Controller Application Delivery module, and the Application Security add-on.
 
@@ -103,7 +103,7 @@ First, you need to sign up for a trial license for NGINX Controller. The trial i
 
 ## Install NGINX Controller Prerequisites
 
-{{< note >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /note >}}
+{{< call-out "note" >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /call-out >}}
 
 {{< include "controller/helper-script-prereqs.md" >}}
 
@@ -113,13 +113,13 @@ First, you need to sign up for a trial license for NGINX Controller. The trial i
 
 ## Install NGINX Controller
 
-{{< note >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /note >}}
+{{< call-out "note" >}}If you already have an active NGINX Controller trial instance that you want to add App Security to, you can skip this section.{{< /call-out >}}
 
 Install NGINX Controller on a dedicated node that **does not** already have Kubernetes configured. NGINX Controller does not support pre-configured Kubernetes implementations at this time. The installer for NGINX Controller will install and configure Kubernetes for you.
 
-{{< important >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /important >}}
+{{< call-out "important" >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /call-out >}}
 
-{{< caution >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /caution >}}
+{{< call-out "caution"  >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /call-out >}}
 
 To install NGINX Controller, take the following steps:
 
@@ -143,7 +143,7 @@ To install NGINX Controller, take the following steps:
 
     - **Config database volume type**: Specify the type of volume to use to store the config database: local, NFS, or AWS. We recommend choosing `local` for demo and trial purposes.
 
-      {{< see-also >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /see-also >}}
+      {{< call-out "note" >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /call-out>}}
 
     - **Analytics database volume type**: Specify the type of volume to use to store the analytics database: local, NFS, or AWS. We recommend choosing `local` for demo and trial purposes.
     - **EULA**: Read the end-user license agreement. Type either `y` to accept or `n` to exit.
@@ -162,9 +162,9 @@ To install NGINX Controller, take the following steps:
       Additionally, the FQDN is used by Controller Agents when connecting to NGINX Controller.
     - **SSL/TLS certificates**: Type `y` to generate and use self-signed certs for running NGINX Controller over HTTPS, or type `n` to provide your own certs.
 
-        {{< important >}}
+        {{< call-out "important" >}}
 If you provide your own SSL/TLS certificates, you'll need a complete certificate chain file, with the intermediate CA cert appended to the server cert; the server certificate must appear **before** the chained certificates in the combined file.
-        {{< /important >}}
+        {{< /call-out >}}
 
 1. Log in to NGINX Controller at `https://<Controller-FQDN>/login`. Use the admin email address and password that you provided during the installation process.
 
@@ -186,9 +186,9 @@ To add a license to NGINX Controller, take the following steps:
 
 1. Select **Save license**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PUT request to the `/platform/license` endpoint. Provide your CAT or NGINX Controller license as a base64-encoded string in the JSON request body.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 &nbsp;
@@ -199,11 +199,11 @@ To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/
 
 [NGINX App Protect](https://www.nginx.com/products/nginx-app-protect/) is the security data plane for NGINX Controller App Security. Your NGINX App Protect installation will include NGINX Plus.
 
-{{< important >}}
+{{< call-out "important" >}}
 If you are adding App Security to an existing NGINX Controller trial, we recommend that you take the steps in this section to deploy a new NGINX App Protect instance, rather than adding the App Protect module to an existing NGINX Plus instance.
 
 NGINX Controller App Security is supported for use with a limited subset of the OS distributions that are supported by the NGINX Controller Agent and NGINX Plus. If you are planning to add NGINX App Protect to an existing NGINX Plus instance, be sure to check the [Supported Distributions](#supported-distributions) section above to verify that your NGINX Plus instance supports NGINX App Protect.
-{{< /important >}}
+{{< /call-out >}}
 
 ### Prerequisites
 
@@ -216,9 +216,9 @@ Take the steps below to download the cert and key files by using the NGINX Contr
 
 The NGINX Controller API uses session cookies to authenticate requests. The session cookie is returned in response to a `GET /api/v1/platform/login` request. See the Login endpoint in the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) documentation for information about session cookie timeouts and invalidation.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can send a GET request to the login endpoint to find the status of the session token.
-{{< /tip >}}
+{{< /call-out >}}
 
 For example:
 
@@ -253,9 +253,9 @@ For example:
   curl -b cookie.txt -c cookie.txt -X GET --url 'https://192.0.2.0/api/v1/platform/licenses/nginx-plus-licenses/controller-provided' --output nginx-plus-certs.gz
   ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If you are using a self-signed certificate you will need to add `-k` (allow insecure connections) to your curl command to be able to download your NGINX Plus certificate and key bundle.
-{{< /note >}}
+{{< /call-out >}}
 
 
 Once you have downloaded your certificate and key bundle you will need to expand the `.gz` file to get your certificate and key pair.
@@ -272,10 +272,10 @@ gunzip nginx-plus-certs.gz
 
 Install NGINX App Protect on a host accessible by your NGINX Controller instance by following the appropriate steps for your operating system in the [Using NGINX App Protect with NGINX Controller]({{< ref "controller/admin-guides/install/install-for-controller.md" >}}) guide.
 
-{{< note >}}
+{{< call-out "note" >}}
 If you install NGINX App Protect by using any of the OS-specific install guides, **do not make changes to the `nginx.conf` file**.
 The NGINX Controller Agent manages `nginx.conf` settings and will make the appropriate adjustments for you.
-{{< /note >}}
+{{< /call-out >}}
 
 </div>
 
diff --git a/content/controller/admin-guides/install/try-nginx-controller.md b/content/controller/admin-guides/install/try-nginx-controller.md
index dd2883d56..e77bf343f 100644
--- a/content/controller/admin-guides/install/try-nginx-controller.md
+++ b/content/controller/admin-guides/install/try-nginx-controller.md
@@ -13,9 +13,9 @@ type:
 
 This quick-start tutorial shows you how to get started using F5 NGINX Controller with NGINX Plus.
 
-{{< caution >}}In this tutorial, NGINX Controller will install an embedded, self-hosted PostgreSQL database suitable for demo and trial purposes only. **These instructions are not meant for use in production environments**.{{< /caution >}}
+{{< call-out "caution"  >}}In this tutorial, NGINX Controller will install an embedded, self-hosted PostgreSQL database suitable for demo and trial purposes only. **These instructions are not meant for use in production environments**.{{< /call-out >}}
 
-{{< see-also >}}If you want to try out NGINX Controller with the Application Security add-on, refer to [Trial NGINX Controller with App Security]({{< ref "/controller/admin-guides/install/try-nginx-controller-app-sec.md" >}}).{{< /see-also >}}
+{{< call-out "note" >}}If you want to try out NGINX Controller with the Application Security add-on, refer to [Trial NGINX Controller with App Security]({{< ref "/controller/admin-guides/install/try-nginx-controller-app-sec.md" >}}).{{< /call-out>}}
 
 &nbsp;
 
@@ -29,7 +29,7 @@ Make sure to review the [NGINX Controller Technical Specifications Guide]({{< re
 
 NGINX Controller, the NGINX Controller Agent, and the NGINX Controller Application Security Add-on support the following distributions and architectures.
 
-{{< see-also >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the [NGINX Plus Technical Specifications](https://docs.nginx.com/nginx/technical-specs/) guide for the distributions that NGINX Plus supports.{{< /call-out>}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
@@ -116,9 +116,9 @@ First, you need to sign up for a trial license for NGINX Controller. The trial i
 
 Install NGINX Controller on a dedicated node that **does not** already have Kubernetes configured. NGINX Controller does not support pre-configured Kubernetes implementations at this time. The installer for NGINX Controller will install and configure Kubernetes for you.
 
-{{< important >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /important >}}
+{{< call-out "important" >}}Before installing NGINX Controller, you must **disable swap on the host**; this is required by Kubernetes in order for the kubelet to work properly. Refer to your Linux distribution documentation for specific instructions for disabling swap for your system. For more information about this requirement, see the AskF5 knowledge base article [K82655201](https://support.f5.com/csp/article/K82655201) and the [kubeadm installation guide](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin) in the Kubernetes documentation.{{< /call-out >}}
 
-{{< caution >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /caution >}}
+{{< call-out "caution"  >}}**For RHEL 8 deployments**, complete the additional prerequisite steps in the [Installing NGINX on RHEL 8]({{< ref "/controller/admin-guides/install/install-nginx-controller-rhel-8.md" >}}) guide before installing NGINX Controller. RHEL 8 support is a **beta** feature.{{< /call-out >}}
 
 To install NGINX Controller, take the following steps:
 
@@ -142,7 +142,7 @@ To install NGINX Controller, take the following steps:
 
     - **Config database volume type**: Specify the type of volume to use to store the config database: local, NFS, or AWS. We recommend choosing `local` for demo and trial purposes.
 
-      {{< see-also >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /see-also >}}
+      {{< call-out "note" >}}Refer to the [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#local-or-external-storage" >}}) for more information about the volume options and requirements.{{< /call-out>}}
 
     - **Analytics database volume type**: Specify the type of volume to use to store the analytics database: local, NFS, or AWS. We recommend choosing `local` for demo and trial purposes.
     - **EULA**: Read the end-user license agreement. Type either `y` to accept or `n` to exit.
@@ -161,9 +161,9 @@ To install NGINX Controller, take the following steps:
       Additionally, the FQDN is used by Controller Agents when connecting to NGINX Controller.
     - **SSL/TLS certificates**: Type `y` to generate and use self-signed certs for running NGINX Controller over HTTPS, or type `n` to provide your own certs.
 
-        {{< important >}}
+        {{< call-out "important" >}}
 If you provide your own SSL/TLS certificates, you'll need a complete certificate chain file, with the intermediate CA cert appended to the server cert; the server certificate must appear **before** the chained certificates in the combined file.
-        {{< /important >}}
+        {{< /call-out >}}
 
 1. Log in to NGINX Controller at `https://<Controller-FQDN>/login`. Use the admin email address and password that you provided during the installation process.
 
@@ -185,9 +185,9 @@ To add a license to NGINX Controller, take the following steps:
 
 1. Select **Save license**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PUT request to the `/platform/license` endpoint. Provide your CAT or NGINX Controller license as a base64-encoded string in the JSON request body.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 &nbsp;
@@ -205,9 +205,9 @@ To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/
 
 The NGINX Controller API uses session cookies to authenticate requests. The session cookie is returned in response to a `GET /api/v1/platform/login` request. See the Login endpoint in the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) documentation for information about session cookie timeouts and invalidation.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can send a GET request to the login endpoint to find the status of the session token.
-{{< /tip >}}
+{{< /call-out >}}
 
 For example:
 
@@ -242,9 +242,9 @@ For example:
   curl -b cookie.txt -c cookie.txt -X GET --url 'https://192.0.2.0/api/v1/platform/licenses/nginx-plus-licenses/controller-provided' --output nginx-plus-certs.gz
   ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If you are using a self-signed certificate you will need to add `-k` (allow insecure connections) to your curl command to be able to download your NGINX Plus certificate and key bundle.
-{{< /note >}}
+{{< /call-out >}}
 
 
 Once you have downloaded your certificate and key bundle you will need to expand the `.gz` file to get your certificate and key pair.
@@ -259,9 +259,9 @@ gunzip nginx-plus-certs.gz
 
 Take the following steps to install NGINX Plus:
 
-{{< important >}}
+{{< call-out "important" >}}
 You need the NGINX Plus certificate and public key files (`nginx-repo.crt` and `nginx-repo.key`) that were provided when you signed up for the trial license.
-{{< /important >}}
+{{< /call-out >}}
 
 1. First, make sure to review the [NGINX Plus Technical Specifications Guide](https://docs.nginx.com/nginx/technical-specs/) for the requirements for your distribution and desired configuration.
 2. To install NGINX Plus, follow the instructions in the [NGINX Plus Installation Guide](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/). Refer to the relevant section for your distribution.
diff --git a/content/controller/admin-guides/install/using-helper-script.md b/content/controller/admin-guides/install/using-helper-script.md
index 382332f63..830602bb7 100644
--- a/content/controller/admin-guides/install/using-helper-script.md
+++ b/content/controller/admin-guides/install/using-helper-script.md
@@ -104,7 +104,7 @@ After installing NGINX Controller, you should back up the cluster config and enc
 
 This section explains how to restore the embedded config database from the latest backup file or a specific, timestamped file.
 
-{{< important >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /important >}}
+{{< call-out "important" >}}If you restore the config database on top of a new installation of NGINX Controller, make sure to follow the steps to [restore your NGINX config and encryption keys]({{< ref "/controller/admin-guides/backup-restore/backup-restore-cluster-config.md" >}}) afterward. {{< /call-out >}}
 
 - To restore the embedded NGINX Controller config database **from the latest automated backup**, run the following command:
 
@@ -134,7 +134,7 @@ To install NGINX Plus as a data plane for NGINX Controller, you need to have the
 
 {{< deprecated >}}Using the helper.sh script to download your NGINX Plus certificate and key bundle is deprecated in in NGINX Controller v3.9.{{< /deprecated >}}
 
-{{< see-also >}}If you're running NGINX Controller v3.10+, you can use the REST API to [Download the NGINX Plus Cert and Key Bundle]({{< ref "/controller/admin-guides/install/get-n-plus-cert-and-key.md" >}}). {{< /see-also >}}&nbsp;
+{{< call-out "note" >}}If you're running NGINX Controller v3.10+, you can use the REST API to [Download the NGINX Plus Cert and Key Bundle]({{< ref "/controller/admin-guides/install/get-n-plus-cert-and-key.md" >}}). {{< /call-out>}}&nbsp;
 
 If you're running NGINX Controller 3.9 or earlier, use the `helper.sh` script to extract the NGINX repository key and certificate files:
 
@@ -142,11 +142,11 @@ If you're running NGINX Controller 3.9 or earlier, use the `helper.sh` script to
 /opt/nginx-controller/helper.sh repository-cred [-c|--cert <file name>] [-k|--key <file name>]
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Make sure that you've [uploaded your license in NGINX Controller]({{< ref "licensing-controller.md" >}}) first before running the `helper.sh repository-cred` command to extract the repository files.
 
-{{< /important >}}
+{{< /call-out >}}
 
 <style>
 table, th, td {
@@ -361,7 +361,7 @@ The NGINX Controller logo in the user interface is replaceable with a custom log
 - The logo file is in SVG format.
 - The logo is square in shape.
 
-{{< note >}} The above steps modify the logo in the top left corner and in the menu, not the favicon. {{< /note >}}
+{{< call-out "note" >}} The above steps modify the logo in the top left corner and in the menu, not the favicon. {{< /call-out >}}
 
 Follow the steps below to replace the logo:
 
@@ -384,9 +384,9 @@ Follow the steps below to replace the logo:
 
 You can create a support package for NGINX Controller that you can use to diagnose issues.
 
-{{< note >}}
+{{< call-out "note" >}}
 You will need to provide a support package if you open a ticket with NGINX Support via the [MyF5 Customer Portal](https://account.f5.com/myf5).
-{{< /note >}}&nbsp;
+{{< /call-out >}}&nbsp;
 
 ```bash
 /opt/nginx-controller/helper.sh supportpkg [-o|--output <file name>] [-s|--skip-db-dump] [-t|--timeseries-dump <hours>]
diff --git a/content/controller/analytics/alerts/about-alerts.md b/content/controller/analytics/alerts/about-alerts.md
index af1813eba..60a735d32 100644
--- a/content/controller/analytics/alerts/about-alerts.md
+++ b/content/controller/analytics/alerts/about-alerts.md
@@ -12,9 +12,9 @@ type:
 
 The F5 NGINX Controller Analytics module lets you configure alerts and notifications, so you can stay informed about your system and app performance. In this topic, you'll learn about [alerts](#alerts), [alert rules](#alert-rules), and [alert notifications](#alert-notifications).
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [Manage Alerts]({{< ref "/controller/analytics/alerts/manage-alerts.md" >}}) to learn how to set up alerts.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Alerts
 
@@ -63,12 +63,12 @@ th {
 |---|---|
 | `name` | A unique identifier for the alert rule.|
 | `display name` | A human-friendly name that helps you identify what the alert rule does. |
-| `metric` | The [metric]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) that you want to monitor. <br/>{{< note >}}An alert rule can monitor one metric.{{< /note >}}|
+| `metric` | The [metric]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) that you want to monitor. <br/>{{< call-out "note" >}}An alert rule can monitor one metric.{{< /call-out >}}|
 | `operator` | The operator that will be applied to the value of the metric to check if an alert should be triggered. There are two available operators: `le` - less or equal and `ge` - greater or equal.|
-| `threshold` | Defines the value that, when exceeded, will trigger an alert. <br/>{{< tip >}}You can find the allowed threshold value(s) for each metric in the **unit** field of the metric's entry in the [Metrics Catalogs Reference]({{< ref "/controller/analytics/catalogs/metrics.md" >}}). Select the "Index" button to access the list of all available metrics and jump directly to that item in the catalog.{{< /tip >}} |
+| `threshold` | Defines the value that, when exceeded, will trigger an alert. <br/>{{< call-out "tip" >}}You can find the allowed threshold value(s) for each metric in the **unit** field of the metric's entry in the [Metrics Catalogs Reference]({{< ref "/controller/analytics/catalogs/metrics.md" >}}). Select the "Index" button to access the list of all available metrics and jump directly to that item in the catalog.{{< /call-out >}} |
 | `period` | Defines the time window in which you want to calculate the aggregated metric value.<br />- The maximum possible time window is `24h`.<br/>- The minimum possible time window is `2m`.|
 | `filter` | Lets you refine the alert rule for a more specific set of metric values, based on dimensions.<br/>If no filter is provided, all collected data will be used when calculating the alert rule status.|
-| `group by` | Groups results according to the specified dimension(s). A separate alert will be triggered for each result group. You can provide multiple dimension names as a comma-separated list. <br/>{{<note>}}Using a dimension with a high cardinality of values might result in a high volume of alerts.{{</note>}}|
+| `group by` | Groups results according to the specified dimension(s). A separate alert will be triggered for each result group. You can provide multiple dimension names as a comma-separated list. <br/>{{< call-out "note" >}}Using a dimension with a high cardinality of values might result in a high volume of alerts.{{< /call-out >}}|
 | `notification type` | Defines how you want to receive alert notifications. |
 | `email addresses` | A comma-separated list of email addresses that should receive alert notifications.|
 | `mute` | Boolean; turns alert notifications on and off. Set to 'on' to mute notifications. |
@@ -121,13 +121,13 @@ An *Alert notification* is a message either displayed in the NGINX Controller us
 If you want to stop receiving notifications for an alert rule, but you don't want to delete it, you can [mute the alert rule]({{< ref "/controller/analytics/alerts/manage-alerts.md#mute-or-unmute-an-alert-rule" >}}).
 Likewise, if you want to stop receiving emails for an alert rule, but you do want to continue receiving the user interface notifications, [edit the alert rule]({{< ref "/controller/analytics/alerts/manage-alerts.md#edit-an-alert-rule" >}}) and remove your email address.
 
-{{< note >}}If you mute an alert rule while the alert rule status is "ongoing", you will not receive any further alert notifications, including when the alert rule status changes.{{< /note >}}
+{{< call-out "note" >}}If you mute an alert rule while the alert rule status is "ongoing", you will not receive any further alert notifications, including when the alert rule status changes.{{< /call-out >}}
 
 ### Email notifications
 
-{{< important >}}
+{{< call-out "important" >}}
 You must [verify your email address]({{< ref "/controller/analytics/alerts/manage-registered-emails.md" >}}) in order to receive alert notification emails.
-{{< /important >}}
+{{< /call-out >}}
 
 When an alert rule's conditions are met, NGINX Controller sends an alert email with the subject "[controller-alert] Alert started: <alert_rule_name>" to all of the email addresses that are specified in the alert rule.
 
@@ -191,9 +191,9 @@ Next, the alert rule status is updated. Each alert rule will be updated with a n
 
 Finally, the alert notifications for newly-created or expired alerts will be sent for any rules that are not muted.
 
-{{< important >}}
+{{< call-out "important" >}}
 If the [Metrics API]({{< ref "/controller/analytics/metrics/metrics-api.md" >}}) query does not return any data  -- for example, if there was no traffic through the instance and therefore no metric value -- NGINX Controller assumes a value of `0`. In such cases, the threshold will be compared to `0`.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Alert special cases
 
diff --git a/content/controller/analytics/alerts/manage-alerts.md b/content/controller/analytics/alerts/manage-alerts.md
index 839506968..56482ef12 100644
--- a/content/controller/analytics/alerts/manage-alerts.md
+++ b/content/controller/analytics/alerts/manage-alerts.md
@@ -39,7 +39,7 @@ To add an alert rule:
        1. Select the submit (plus sign) icon.
        1. Select **Done** to close the Manage Email Addresses panel.
 
-       {{<note>}}You will need to verify the email address before it can begin receiving alerts.{{</note>}}
+       {{< call-out "note" >}}You will need to verify the email address before it can begin receiving alerts.{{< /call-out >}}
 
 1. (Optional) Select **Mute Alert Rule** if you want to create the alert rule but not receive any associated notifications.
 1. Select **Create**.
@@ -63,11 +63,11 @@ To edit an alert:
 1. Select the edit (pencil) icon for the alert rule.
 1. Make the desired changes to the alert rule, then select **Save**.
 
-{{< important >}}
+{{< call-out "important" >}}
 When you edit an alert rule, any ongoing alerts which previously met that rule will expire immediately.
 
 If the threshold is still exceeded in the new alert rule configuration, new alerts will be triggered.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Mute or Unmute an Alert Rule
 
diff --git a/content/controller/analytics/alerts/manage-registered-emails.md b/content/controller/analytics/alerts/manage-registered-emails.md
index 6a0bb6bbf..e864f4e77 100644
--- a/content/controller/analytics/alerts/manage-registered-emails.md
+++ b/content/controller/analytics/alerts/manage-registered-emails.md
@@ -13,9 +13,9 @@ type:
 
 In order to receive email notifications for [Alerts]({{< ref "/controller/analytics/alerts/about-alerts.md" >}}), you need to provide a valid email address and complete the verification process.
 
-{{< important >}}
+{{< call-out "important" >}}
 You will not receive any alert notifications via email until you verify your email address. Any alert notification emails that were triggered by alert rules prior to the email address being verified will not be re-sent.
-{{< /important >}}
+{{< /call-out >}}
 
 ## List Registered Email Addresses
 
@@ -26,7 +26,7 @@ To find the list of registered email addresses:
 1. On the **Alert Rules Overview** page, select **Manage Email Addresses**.
 1. All registered email addresses are displayed in the Manage Email Addresses panel. To close the panel, select **Done**.
 
-{{<important>}}The **Manage Email Addresses** button is not displayed if you don't have any Alerts configured. If this is the case, you can add a new email address when you [create an alert rule]({{< ref "/controller/analytics/alerts/manage-alerts.md#add-an-alert-rule" >}}).{{</important>}}
+{{< call-out "important" >}}The **Manage Email Addresses** button is not displayed if you don't have any Alerts configured. If this is the case, you can add a new email address when you [create an alert rule]({{< ref "/controller/analytics/alerts/manage-alerts.md#add-an-alert-rule" >}}).{{< /call-out >}}
 
 ## Add a New Email Address
 
diff --git a/content/controller/analytics/alerts/service-now-notifications.md b/content/controller/analytics/alerts/service-now-notifications.md
index fe4ca3c43..b3c96f2cc 100644
--- a/content/controller/analytics/alerts/service-now-notifications.md
+++ b/content/controller/analytics/alerts/service-now-notifications.md
@@ -21,7 +21,7 @@ The ServiceNow integration sends all notifications from NGINX Controller to the
 
     Fill out the form and specify a long refresh token lifespan. Consider aligning the token lifespan with the expiry date of your NGINX Controller license.
 
-    {{< important >}} The ServiceNow integration will fail once the refresh token expires.{{< /important >}}
+    {{< call-out "important" >}} The ServiceNow integration will fail once the refresh token expires.{{< /call-out >}}
 
 3. Select the **Configure ServiceNow** button. In the prompt, provide the requested information for the ServiceNow client and select **Save**.
 
diff --git a/content/controller/analytics/dashboards/application-health-score.md b/content/controller/analytics/dashboards/application-health-score.md
index 1a4940ffd..9e27b8b3e 100644
--- a/content/controller/analytics/dashboards/application-health-score.md
+++ b/content/controller/analytics/dashboards/application-health-score.md
@@ -62,9 +62,9 @@ app_health_score = m1 * m2 * m3
 
 Take the steps below to customize the Application Health Score (AHS) that displays on the Overview page.
 
-{{< note >}}
+{{< call-out "note" >}}
 By default, the AHS and other metrics on the **Overview** page are calculated for all of the Instances monitored by the Controller Agent.
-{{< /note >}}
+{{< /call-out >}}
 
 1. Open the NGINX Controller user interface and log in.
 2. On the **Overview** page, select the Settings (gear) icon in the Application Health Score panel.
diff --git a/content/controller/analytics/dashboards/custom-dashboards.md b/content/controller/analytics/dashboards/custom-dashboards.md
index a7593369d..a4cc10730 100644
--- a/content/controller/analytics/dashboards/custom-dashboards.md
+++ b/content/controller/analytics/dashboards/custom-dashboards.md
@@ -12,12 +12,12 @@ type:
 
 You can use the F5 NGINX Controller user interface to create your own Dashboards populated with customizable graphs of NGINX and system-level metrics.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - You can add up to 30 Elements to Dashboard.
 - Dashboards are accessible by all Users.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Before You Begin
 
@@ -35,12 +35,12 @@ In NGINX Controller, you can create dashboards to display custom graphs. Some us
 
 When building a custom graph, metrics can be summed or averaged across NGINX servers. By using metric filters, it is possible to create additional "metric dimensions", for example, reporting the number of POST requests for a specific URI.
 
-   {{< note >}}
+   {{< call-out "note" >}}
 
 The functionality of user-defined dashboards recently changed in NGINX Controller. Some of the functionalities that were present in the
 previous version might not be currently present or work differently. Your old dashboards were not migrated to the new version.
 
-   {{< /note >}}
+   {{< /call-out >}}
 
 ## Create a Custom Dashboard
 
@@ -66,14 +66,14 @@ To add an Element to a Dashboard:
 
 6. Select a metric from the drop-down menu.
 7. Select the aggregation method for the selected metric.
-   {{< see-also >}}
+   {{< call-out "note" >}}
 For more information about metrics and supported aggregation methods, see the [Metrics Catalog Reference]({{< ref "/controller/analytics/catalogs/metrics.md" >}}).
-   {{< /see-also >}}
+   {{< /call-out>}}
 8. (Optional) Add a filter to refine the data. For example, you can limit the data to a specific App or Environment.
 9. (Optional) Select **Add metrics** to add more metrics.
-   {{< note >}}
+   {{< call-out "note" >}}
 Additional metrics can only be added to a **Line chart** Element.
-   {{< /note >}}
+   {{< /call-out >}}
 10. (Optional) Select the **Override Default Time Settings** option to select a time range for the Element.
 
     - The default time range is the last seven days.
@@ -119,12 +119,12 @@ You can find predefined dashboards on the Dashboards page. Predefined dashboards
 
 Predefined dashboards cannot be deleted or modified.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - Predefined dashboards were introduced in NGINX Controller 3.21.
 - If you already have custom dashboards, the predefined ones should appear at the end of the list when default sorting is applied.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## What's Next
 
diff --git a/content/controller/analytics/dashboards/overview-dashboard.md b/content/controller/analytics/dashboards/overview-dashboard.md
index e3c9c2073..2693c0f2b 100644
--- a/content/controller/analytics/dashboards/overview-dashboard.md
+++ b/content/controller/analytics/dashboards/overview-dashboard.md
@@ -44,13 +44,13 @@ The cumulative [metrics]({{< ref "/controller/analytics/metrics/overview-metrics
 - Avg Upstream Response Latency: AVG of the `upstream.response.latency.max` metric
 - Avg Client Network Latency: AVG of the `client.network.latency.max` metric.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 By default, the metrics are calculated for **all** of your Controller Agent-monitored Instances.
 
 To display metrics for a specific set of hosts (for example, only for "production"), select the gear icon on the Application Health Score panel, then add a tag or tags by which you want to filter the results.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## What's Next
 
diff --git a/content/controller/analytics/data-explorer/how-to-use.md b/content/controller/analytics/data-explorer/how-to-use.md
index 2efebdc8a..bc9471d26 100644
--- a/content/controller/analytics/data-explorer/how-to-use.md
+++ b/content/controller/analytics/data-explorer/how-to-use.md
@@ -31,9 +31,9 @@ To get started with the Data Explorer, you need to select the context for the da
 1. Select the NGINX Controller menu icon, then select **Analytics > Explorer**.
 1. On the Data Explorer detail page, select a context area -- **Instances**, **Environments**, **Gateways**, or **Apps** -- for which you want to view data.
 
-{{< note >}}
+{{< call-out "note" >}}
 When you access the Data Explorer from other areas of the browser interface, the context is already defined. So, for example, if you select Data Explorer from within the Instances module (**Infrastructure > Instances > Data Explorer**), the data for your instances is displayed. When you switch between contexts, the metrics options, such as `system.cpu.idle` or `system.load.5`, are updated.
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -41,11 +41,11 @@ When you access the Data Explorer from other areas of the browser interface, the
 
 When you [select the context](#select-the-context) for the Data Explorer, a list of related resources is shown. If there aren't any related resources for the selected context, you'll see the message "No Data" on the Data Explorer detail page.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 If you don't see a resource in the list, but you expect it to be there, check the [selected metric](#metrics) and the [selected time range](#time-range). When a resource doesn't have the data for the [selected time range](#time-range) it won't be added to the resources list.
 
-{{< /note >}}
+{{< /call-out >}}
 
 To view data for a resource, select the resource's name from the resource list.
 
@@ -75,7 +75,7 @@ In the following example image, the data for the `bytes_rcvd` metric is grouped
 
 When a **Group By** selection is applied, the chart displays a top-10 data series. For example, let's say you want to check disk usage, so you select the metric `system.disk.total` and `file_path` as the dimension to group by. The chart would then display the top-10 mount points with the highest values. If you have more than 10 mount points, you'll see the top-10 mount points plus an 11th data series that's an aggregation of the rest of the data using the same selection criteria. In other words, you'll see a chart of the 10 most used mount points plus a chart of all the other mount points aggregated into one data series. When a **Group By** dimension is selected, and there are more than 10 dimensions, the 11th data series is named "Other."
 
-{{< note >}} When MIN is selected as the aggregation method, the top-10 series are sorted ascending, lowest-to-highest. For all of the other aggregation methods, the top-10 values are sorted descending, highest-to-lowest. {{< /note >}}
+{{< call-out "note" >}} When MIN is selected as the aggregation method, the top-10 series are sorted ascending, lowest-to-highest. For all of the other aggregation methods, the top-10 values are sorted descending, highest-to-lowest. {{< /call-out >}}
 
 &nbsp;
 
@@ -93,12 +93,12 @@ Next to the [time range](#time-range) selector, you'll find the `Compare To` lis
 
 {{< img src="/ctlr/img/data-explorer_comparison.png">}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - When comparison is turned on for a data series, the data have the suffix "Compare" in their names.
 - If there is no data available for a comparison period, the comparison data series is not shown.
 - When a Group By dimension is applied, data comparisons are made only with the top-10 data series and not with the "Other" series, if there is one. See the [Group By](#group-by) section for a discussion of the top-10 and "Other" series.
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -108,9 +108,9 @@ On the Data Explorer details page, you can select the **Show Query** button (eye
 
 The query updates whenever the selection options change. The query doesn't include requests for comparison data.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For instructions on how to understand the Metrics API response, refer to the topic [Using the Metrics API]({{< ref "/controller/analytics/metrics/metrics-api#understanding-the-metrics-api-response" >}}).
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -135,12 +135,12 @@ You can see only top-10 values for each dimension, and based on the [selected ag
 - When MIN is selected as the aggregation method, the top-10 series are sorted ascending, lowest-to-highest.
 - For all of the other aggregation methods, the top-10 values are sorted descending, highest-to-lowest.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - When the selected metric changes, the list of dimensions may change as well, and some of the dimensions you recently explored may disappear from the panel.
 - This panel was added in NGINX Controller v3.18.
 
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
diff --git a/content/controller/analytics/forwarders/forward-analytics-to-datadog.md b/content/controller/analytics/forwarders/forward-analytics-to-datadog.md
index 852b44b7b..660e8eeb6 100644
--- a/content/controller/analytics/forwarders/forward-analytics-to-datadog.md
+++ b/content/controller/analytics/forwarders/forward-analytics-to-datadog.md
@@ -43,21 +43,21 @@ Take the following steps to create a Forwarder for Datadog:
 
 13. (Optional) Add additional **Streams** as required using the **Add Stream** button.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Each metric will be prefixed with a common namespace -- such as "nginx-controller" -- before it is sent to Datadog. This prefix is used by Datadog only and is not applied to any of the internal NGINX Controller metrics. Refer to the [metrics catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) for the full list of valid metric names.
 
 For events, the "nginx-controller" namespace is added to the ["ddsource" key](https://docs.datadoghq.com/api/v1/logs/#send-logs).
 
-{{< /important >}}
+{{< /call-out >}}
 
 NGINX Controller events are sent to Datadog as logs and NGINX Controller dimensions are sent as tags. The Forwarder converts the dimension data to comply with the Datadog [tags format](https://docs.datadoghq.com/getting_started/tagging/#defining-tags) prior to forwarding it. In some cases, the original dimension value may be transformed to fit the tag requirements. This includes replacing comma characters (`,`) with semicolons (`;`) to ensure that Datadog will properly handle the incoming payload.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 See the [NGINX Controller Metrics]({{< ref "/controller/analytics/metrics/_index.md" >}}) docs for more information.
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Verification
 
diff --git a/content/controller/analytics/forwarders/forward-analytics-to-otlp.md b/content/controller/analytics/forwarders/forward-analytics-to-otlp.md
index 838073a53..e8dcdd18e 100644
--- a/content/controller/analytics/forwarders/forward-analytics-to-otlp.md
+++ b/content/controller/analytics/forwarders/forward-analytics-to-otlp.md
@@ -42,19 +42,19 @@ Take the following steps to create a forwarder for OpenTelemetry Collector:
 
 13. (Optional) Select **Add Stream** to add additional streams, as needed.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Each metric is prefixed with a common namespace -- for example,  "nginx-controller" -- before it's sent to OpenTelemetry Collector. This prefix is used only by OpenTelemetry Collector and is not applied to any internal NGINX Controller metrics. Refer to the [metrics catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) for the full list of valid metric names.
 
 We have tested compatability with OTLP collector v0.33.0.  We will most likely support versions higher than this, assuming backwards compatability from OTLP.
 
-{{< /important >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 See the [NGINX Controller Metrics]({{< ref "/controller/analytics/metrics/_index.md" >}}) docs for more information.
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## What's Next
 
diff --git a/content/controller/analytics/forwarders/forward-analytics-to-splunk.md b/content/controller/analytics/forwarders/forward-analytics-to-splunk.md
index 5c48c0e73..fc62eccf5 100644
--- a/content/controller/analytics/forwarders/forward-analytics-to-splunk.md
+++ b/content/controller/analytics/forwarders/forward-analytics-to-splunk.md
@@ -43,19 +43,19 @@ Take the following steps to create a Forwarder for Splunk:
 
 1. (Optional) Add additional **Streams** as required using the **Add Stream** button.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Each metric will be prefixed with a common namespace -- such as `nginx-controller` -- before it is sent to Splunk. This prefix is used by Splunk only and is not applied to any of the internal NGINX Controller metrics. Refer to the [metrics catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) for the full list of valid metric names.
 
 In case of events, the "nginx-controller" namespace will be placed in the ["source" key](https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/FormateventsforHTTPEventCollector#Event_metadata) and sent with each event.
 
-{{< /important >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 See the [NGINX Controller Metrics]({{< ref "/controller/analytics/metrics/_index.md" >}}) docs for more information.
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## What's Next
 
diff --git a/content/controller/analytics/metrics/metrics-api.md b/content/controller/analytics/metrics/metrics-api.md
index 867c62308..900da4362 100644
--- a/content/controller/analytics/metrics/metrics-api.md
+++ b/content/controller/analytics/metrics/metrics-api.md
@@ -32,9 +32,9 @@ You can use the NGINX Controller [Metrics API]({{< ref "/controller/api/_index.m
 - `orderSeriesBy`
 - `dimensions`
 
-{{< note >}}
+{{< call-out "note" >}}
 Because NGINX Controller is constantly evolving, these example metrics and dimensions may differ from what you see with your NGINX Controller instance. Some metrics may require pre-configured applications to be visible in the API.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Understanding the Metrics API Response
 
@@ -163,9 +163,9 @@ Using only `names` and time window parameters will give you the raw data points
 
 To get a more organized response, you can provide an aggregate function for each queried metric: `AVG`, `SUM`, `COUNT`, `MAX`, `MIN`, or `RATE`.
 
-{{< note >}}
+{{< call-out "note" >}}
 In the following definitions, `time period` refers to the `resolution` (if provided) or the difference between the `endTime` and `startTime` (when `resolution` is not provided).
-{{< /note >}}
+{{< /call-out >}}
 
 - `AVG` - calculates the average value of the metric data samples over the period
 - `SUM` - calculates the total value of the metric data samples over the period
@@ -173,13 +173,13 @@ In the following definitions, `time period` refers to the `resolution` (if provi
 - `MIN`/`MAX` - returns the minimal/maximal data sample of the metric from the given period
 - `RATE` - returns an average value of the metric calculated per second (always *per second*, regardless of the provided `resolution`), based on the data available in the given period
 
-{{< note >}}
+{{< call-out "note" >}}
 You must define a `startTime` when using aggregate functions.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 The list of supported aggregate functions for any particular metric is available in the [Metrics Catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}})).
-{{< /see-also >}}
+{{< /call-out>}}
 
 For example, the following query returns a single value (per dimension set), which is the sum of the metric values for the last three hours. To get proper values, ensure that the `endTime` is greater than the `startTime`.
 
@@ -195,9 +195,9 @@ For example:
 curl -X GET --cookie "session=<session cookie>" --url "{controller-IP}/api/v1/analytics/metrics?names=SUM(http.request.count),http.request.bytes_rcvd&startTime=now-3h"
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 Using AVG aggregation with traffic metrics with the `.total` suffix may cause confusion because traffic metrics are already aggregated. To learn more, refer to the [Overview: Traffic Metrics]({{< ref "/controller/analytics/metrics/overview-traffic-metrics.md" >}})) topics.
-{{< /important >}}
+{{< /call-out >}}
 
 #### Resolution
 
@@ -239,13 +239,13 @@ For example, the following query includes a simple filter on the app name. The q
 curl -X GET --cookie "session=<session cookie>" --url "{controller-IP}/api/v1/analytics/metrics?names=http.request.count&filter=app='app1'&startTime=now-3h"
 ```
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 - Predicates can be combined into logical expressions using `OR`, `AND`, and `(` `)`.
 - For matching values, wildcard (`*`) use is supported.
 - We recommend wrapping predicates in single quotes to ensure that the full query string is processed correctly.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 The following example request uses `filter` with logical expressions:
 
@@ -259,12 +259,12 @@ Using filters and aggregation functions may not be enough to allow you to get co
 
 The `groupBy` parameter helps to gather results according to the specified dimension(s). You can provide multiple dimension names as a comma-separated list.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - When using `groupBy`, you must use an aggregate function and a time window (`startTime` must be defined; `endTime` is optional).
 - If a request contains aggregated and non-aggregated metrics, the `groupBy` parameter will apply only to the aggregated metrics.
 
-{{< /note >}}
+{{< /call-out >}}
 
 For example, the following query returns data for any application with a name that starts with `ap` in the `prod` environment for the last three hours.
 
@@ -328,9 +328,9 @@ There are cases when you might want to view only a specific data series (for exa
 
 When you specify a `seriesLimit`, the response always includes one other series with an `all` metric. This series aggregates the metric values of all the series that are not included in the result. If the total number of series returned is greater than the limit specified in the query parameter, an additional series named `other` is returned. This series aggregates the metrics values of the series outside of the specified limit.
 
-{{< note >}}
+{{< call-out "note" >}}
 When using `seriesLimit`, you can only specify one metric name in the `names` parameter and one `groupBy` parameter.
-{{< /note >}}
+{{< /call-out >}}
 
 **Example 1**
 The following example request uses `seriesLimit` to restrict the data returned to five series:
@@ -464,9 +464,9 @@ The response looks similar to the following example:
 }
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 You cannot use `dimensions` with the `seriesLimit` parameter.
-{{< /important >}}
+{{< /call-out >}}
 
 ## What's Next
 
diff --git a/content/controller/analytics/metrics/overview-metrics-metadata.md b/content/controller/analytics/metrics/overview-metrics-metadata.md
index 72e0382a6..5f22c4722 100644
--- a/content/controller/analytics/metrics/overview-metrics-metadata.md
+++ b/content/controller/analytics/metrics/overview-metrics-metadata.md
@@ -16,17 +16,17 @@ The data that F5 NGINX Controller collects can be divided into two categories:
 - **System metrics**: Data collected from the NGINX Plus API, the NGINX log files, and NGINX process state.
 - **Traffic metrics**: Data related to processed traffic, with the ability to distinguish the Application, API endpoint, or Environment that traffic is directed through.
 
-{{< note >}}
+{{< call-out "note" >}}
 The key difference between system and traffic metrics is that traffic metrics are pre-aggregated for each time period.
-{{< /note >}}
+{{< /call-out >}}
 
 Metrics are published at a regular interval of 60 or 30 seconds for system and traffic metrics, respectively.
 
 This topic gives an overview of the traffic metrics. Also known as "app-centric" metrics, traffic metrics contain information that lets you easily identify the App to which the data applies.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [View traffic metrics]({{< ref "/controller/analytics/metrics/view-traffic-metrics.md" >}}) for instructions on how to view traffic metrics using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}).
-{{< /see-also >}}
+{{< /call-out>}}
 ## Metadata and Metrics That Are Reported
 
 The NGINX Controller Agent collects the following types of data:
diff --git a/content/controller/analytics/metrics/overview-traffic-metrics.md b/content/controller/analytics/metrics/overview-traffic-metrics.md
index 7df193b20..4a6aad116 100644
--- a/content/controller/analytics/metrics/overview-traffic-metrics.md
+++ b/content/controller/analytics/metrics/overview-traffic-metrics.md
@@ -16,17 +16,17 @@ The data that F5 NGINX Controller collects can be divided into two categories:
 - **System metrics**: Data collected from the NGINX Plus API, the NGINX log files, and NGINX process state.
 - **Traffic metrics**: Data related to processed traffic, with the ability to distinguish the Application, API endpoint, or Environment that traffic is directed through.
 
-{{< note >}}
+{{< call-out "note" >}}
 The key difference between system and traffic metrics is that traffic metrics are pre-aggregated for each time period.
-{{< /note >}}
+{{< /call-out >}}
 
 Metrics are published at a regular interval of 60 or 30 seconds for system and traffic metrics, respectively.
 
 This topic gives an overview of the traffic metrics. Also known as "app-centric" metrics, traffic metrics contain information that lets you easily identify the App to which the data applies.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [View traffic metrics]({{< ref "/controller/analytics/metrics/view-traffic-metrics.md" >}}) for instructions on how to view traffic metrics using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}).
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Available traffic metrics
 
@@ -42,9 +42,9 @@ Refer to [View traffic metrics]({{< ref "/controller/analytics/metrics/view-traf
 - `http.request.bytes_sent`
 - `http.request.count`
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to the [NGINX Controller Metrics Catalog]({{< ref "/controller/analytics/catalogs/metrics.md" >}}) for details about these and the other metrics that NGINX Controller reports.
-{{< /see-also>}}
+{{< /call-out>}}
 
 ## Calculating traffic metrics
 
diff --git a/content/controller/analytics/metrics/view-traffic-metrics.md b/content/controller/analytics/metrics/view-traffic-metrics.md
index 055658de3..d7f0acbe2 100644
--- a/content/controller/analytics/metrics/view-traffic-metrics.md
+++ b/content/controller/analytics/metrics/view-traffic-metrics.md
@@ -14,9 +14,9 @@ type:
 This topic explains how to use the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}})
  to view traffic metrics.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to [Overview: Traffic Metrics]({{< ref "/controller/analytics/metrics/overview-traffic-metrics.md" >}}) to learn how NGINX Controller collects, aggregates, and reports traffic metrics.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Before You Begin
 
@@ -30,9 +30,9 @@ The following resources should have the status `Configured`:
 
 Initially, the graphs will display `No data yet`, and querying the Metrics API for traffic metrics will result in an empty response. As soon as the Component starts to receive traffic, the traffic-related data will be displayed in the graphs and the [Dashboards]({{< ref "/controller/analytics/dashboards/overview-dashboard.md" >}}) in the NGINX Controller user interface and will be returned in API responses.
 
-{{< note >}}
+{{< call-out "note" >}}
 If traffic stops flowing to a resource (for example, an Application or Component), then no traffic metrics will be available for the resource.
-{{< /note >}}
+{{< /call-out >}}
 
 ## View Traffic Metrics Using the REST API
 
@@ -54,9 +54,9 @@ If traffic stops flowing to a resource (for example, an Application or Component
     curl -X GET --cookie "session=<session cookie>" --url "{Controller-FQDN}/api/v1/analytics/catalogs/dimensions"
     ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to the [Catalogs Reference]({{< ref "/controller/analytics/catalogs/_index.md" >}}) for information about all of the dimensions and metrics collected by NGINX Controller.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Example REST API Queries for Traffic Metrics
 
@@ -82,9 +82,9 @@ curl -X GET --cookie "session=<session cookie>" --url "{Controller-FQDN}/api/v1/
 
 ### Example 3
 
-{{< important >}}
+{{< call-out "important" >}}
 Because traffic metrics are pre-aggregated, using AVG aggregation with these metrics isn't recommended.
-{{< /important >}}
+{{< /call-out >}}
 
 Imagine you have one application configured with one URI (recorded in the `http.uri` dimension of each traffic-related metric). In the last 30 seconds, a user queried that URI 5 times. The `client.request.latency` values for each request were: 1 ms, 2 ms, 3 ms, 4 ms, 5 ms.
 
diff --git a/content/controller/analytics/view-app-security-analytics.md b/content/controller/analytics/view-app-security-analytics.md
index 2d9407d5b..ee33ecfaa 100644
--- a/content/controller/analytics/view-app-security-analytics.md
+++ b/content/controller/analytics/view-app-security-analytics.md
@@ -178,9 +178,9 @@ You can use the following example Events requests to collect App Security Analyt
                 component='app-component')
     ```
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
 To get all Events, remove the Environment, App, and Component filters from the request call.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 - To find requests flagged by App Security’s violation rating algorithm as a possible or likely threat:
 
@@ -197,9 +197,9 @@ To get all Events, remove the Environment, App, and Component filters from the r
             component='app-component')
     ```
 
-    {{< important >}}
+    {{< call-out "important" >}}
 This is important if you are using App Security WAF monitoring only mode. You can use it to understand the type of threats WAF believes should be blocked.
-    {{< /important >}}
+    {{< /call-out >}}
 
 - To get Events that have triggered a specific signature-based violation by signature id:
 
diff --git a/content/controller/api-management/manage-apis.md b/content/controller/api-management/manage-apis.md
index 1ee149fb0..5c7a389aa 100644
--- a/content/controller/api-management/manage-apis.md
+++ b/content/controller/api-management/manage-apis.md
@@ -18,12 +18,12 @@ The F5 NGINX Controller API Management module provides full life cycle managemen
 - A **Published API**, which represents an API Version that has been deployed to an NGINX Plus instance serving as an API Gateway.
 - (Optional) API documentation available via the Developer Portal.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - You must have an API Management module license installed to complete the steps in this guide.
 - The API Management module is available to users with the predefined [Admin or User Roles]({{< ref "/controller/platform/access-management/manage-roles.md#predefined-roles-and-role-groups" >}}).
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Create an API Definition
 
@@ -65,11 +65,11 @@ An API Version describes a particular API. It can be thought of as an API specif
 
 9. (Optional) Provide a description.
 
-   {{< note >}}
+   {{< call-out "note" >}}
 
    If your API specification includes a description, that text populates this field automatically when you [add your OpenAPI spec](#import-an-openapi-specification).
 
-   {{< /note >}}
+   {{< /call-out >}}
 
 10. (Optional) Add tags.
 
@@ -77,11 +77,11 @@ An API Version describes a particular API. It can be thought of as an API specif
 
 The APIM module supports import of a valid OpenAPI v3 specification formatted as valid JSON or YAML.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 If your API spec includes documentation elements, the "Enable documentation" option is selected automatically. You do not need to take any additional steps to document your API.
 
-{{< /note >}}
+{{< /call-out >}}
 
 **To import your spec by uploading a file:**
 
@@ -128,19 +128,19 @@ Take the steps below to manually add your API resources.
 
 Follow the steps below to document your API.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 API documentation must follow the OpenAPI 2.0/3.0 Specification.
 
 If you uploaded an API spec that contains documentation, you don't need take any further steps to document your API.
 
-{{< /note >}}
+{{< /call-out >}}
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 Skip to step 6 if you're continuing from the [Define API Resources Manually](#define-api-resources-manually) section.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 1. Open the NGINX Controller user interface and log in.
 
@@ -192,11 +192,11 @@ Skip to step 6 if you're continuing from the [Define API Resources Manually](#d
 
 ### Import a Web Services Description Language (WSDL) file
 
-   {{< caution >}}
+   {{< call-out "caution"  >}}
 
 Currently, only HTTP is supported for SOAP-REST proxy traffic.  Traffic will be unauthenticated and unencrypted, and as a result will be vulnerable to several security risks. It should be treated as a beta/preview feature.
 
-   {{< /caution >}}
+   {{< /call-out >}}
 
 The APIM module supports importing a WSDL file that describes a SOAP service.
 
@@ -230,11 +230,11 @@ Take the following steps to **Edit** add your API Version:
 
 4. (optional) Modify the **Path** for the API resource as desired.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
 
    Path should start with `/`, for example, `/userlookup/{userid}/attributes/{surname}`.
 
-   {{< /tip >}}
+   {{< /call-out >}}
 
 5. Select **Next** to continue to the **Schema** page
 
@@ -258,9 +258,9 @@ You need at least one of each of the resources listed below to complete this sec
 
  (required to add Authentication to the Published API Component).
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can connect one or more [Developer Portals]({{< ref "/controller/api-management/manage-dev-portals.md" >}}) to your Published API to host your API documentation. This can be done either when creating or editing your Published API, or independently via the API Quick Actions menu.
-{{< /tip >}}
+{{< /call-out >}}
 
 ### Add a Published API
 
@@ -284,11 +284,11 @@ On the **Create Published API** *Configuration* page:
 
 3. Specify whether the **Strip Base Path** parameter is required.
 
-   {{< note >}}
+   {{< call-out "note" >}}
 
    The `Strip Base Path` option modifies the path that is passed from the Gateway to the upstream host. When the option is selected, the base path will be removed from the original request when the request is passed to the upstream host. If the option is not selected, the original request -- including the base path -- is passed from the Gateway to the upstream host.
 
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Provide a Name and/or Display Name for the Published API.
 
@@ -351,16 +351,16 @@ On the **Create Published API** *Routing* page:
     7. (Optional) Select the Desired Proxy Settings (applicable only to Web Components).
 
     8. Select **Next**.
-   {{< see-also >}}
+   {{< call-out "note" >}}
 
    - Refer to the [Manage Locations]({{< ref "/controller/infrastructure/locations/manage-locations.md" >}}) topic for more information.
 
    - Refer to the [NGINX Plus Admin Guide](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/) for more information about the available options.
 
-   {{< /see-also >}}
-   {{< tip >}}
+   {{< /call-out>}}
+   {{< call-out "tip" >}}
    Hover your pointer over the info icon for each setting to learn about the expected values and requirements.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 
 4. On the **Create App Component** *Rate Limiting* page:
@@ -387,11 +387,11 @@ On the **Create Published API** *Routing* page:
 
     4. Select **Next**.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 The **Advanced Security** features require an *NGINX Controller API Management Advanced Security* license.
 
-{{< /important >}}
+{{< /call-out >}}
 
 6. On the **Create App Components** *Advanced Security* page:
 
@@ -403,7 +403,7 @@ The **Advanced Security** features require an *NGINX Controller API Management A
 
     4. Select **Next**
 
-    {{< see-also >}} Refer to the [Default WAF Policy]({{< ref "/controller/app-delivery/security/concepts/app-sec-default-policy-original.md" >}}) topics to learn more about the default protection provided by NGINX App Protect. {{< /see-also >}}
+    {{< call-out "note" >}} Refer to the [Default WAF Policy]({{< ref "/controller/app-delivery/security/concepts/app-sec-default-policy-original.md" >}}) topics to learn more about the default protection provided by NGINX App Protect. {{< /call-out>}}
 
 
 7. On the **Create App Component** *Ingress* page:
@@ -411,11 +411,11 @@ The **Advanced Security** features require an *NGINX Controller API Management A
     1. (Optional) Set the desired **Client Max Body Size**.
     2. Select **Next**.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
 
    Refer to the [NGINX module docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) for more information about this option.
 
-   {{< /see-also >}}
+   {{< /call-out>}}
 
 
 8. On the **Create App Component** *Monitoring* page:
@@ -442,11 +442,11 @@ The **Advanced Security** features require an *NGINX Controller API Management A
 
     11. Select **Next**.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
 
    Refer to the [NGINX module docs](http://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) for more information about these options.
 
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 9. On the **Create App Component** *Logs* page:
 
@@ -460,11 +460,11 @@ The **Advanced Security** features require an *NGINX Controller API Management A
 
     3. Select **Next**.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
 
    Refer to the [NGINX docs](http://nginx.org/en/docs/http/ngx_http_log_module.html) for more information about these options.
 
-   {{< /see-also >}}
+   {{< /call-out>}}
 
 9. On the **Create App Component** *Programmability* page:
 
@@ -480,11 +480,11 @@ The **Advanced Security** features require an *NGINX Controller API Management A
 
     5. Select **Next**.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
 
    Refer to the [NGINX module docs](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html) for more information about these options.
 
-   {{< /see-also >}}
+   {{< /call-out>}}
 
     6. Select **Next** to review the API spec that will be sent to create the App Component.
 
diff --git a/content/controller/api-management/manage-dev-portals.md b/content/controller/api-management/manage-dev-portals.md
index 6bf5fdc68..3f3f1aa5d 100644
--- a/content/controller/api-management/manage-dev-portals.md
+++ b/content/controller/api-management/manage-dev-portals.md
@@ -25,7 +25,7 @@ You must complete the steps below before you can create a Developer Portal.
 1. [Create an Environment]({{< ref "/controller/services/manage-environments.md" >}}).
 1. [Create a Gateway]({{< ref "/controller/services/manage-gateways.md" >}}) for the Dev Portal.
 
-    {{< tip >}}
+    {{< call-out "tip" >}}
 You can create multiple Dev Portal Gateways on the same Instance. If you do so, be sure to use a unique hostname and port for each. For example:
 
 - Gateway 1's ingress URI is `https://dev-developer.acme.com`.
@@ -33,17 +33,17 @@ You can create multiple Dev Portal Gateways on the same Instance. If you do so,
 - Gateway 3's ingress URI is `https://developer.acme.com`. This resource would have a public IP address and be accessible via the internet.
 
 If you create multiple Dev Portal Gateways on the same Instance using the same hostname and port, the Dev Portal configuration will fail.
-    {{< /tip >}}
+    {{< /call-out >}}
 
 1. [Create an API Definition]({{< ref "/controller/api-management/manage-apis.md#create-an-api-definition" >}}).
 
-    {{< tip >}}
+    {{< call-out "tip" >}}
 If you choose to [define your API manually]({{< ref "/controller/api-management/manage-apis.md#define-resources-manually" >}}), be sure to [document your API]({{< ref "/controller/api-management/manage-apis.md#document-your-api" >}}).
-    {{< /tip >}}
+    {{< /call-out >}}
 
 1. [Create a Published API]({{< ref "/controller/api-management/manage-apis.md#publish-an-api" >}}).
 
-    {{< important >}}
+    {{< call-out "important" >}}
 You must create an App Component when creating a Published API. You'll [assign routes]({{< ref "/controller/api-management/manage-apis.md#define-the-routing-rules" >}}) from the API Definition to this Component.
 
 Both the Published API and the associated App Component must be successfully created before you can create a Dev Portal.
@@ -52,7 +52,7 @@ See [Manage Your APIs]({{< ref "/controller/api-management/manage-apis.md" >}})
 
 You also have the option to associate Dev Portal(s) in the *Deployment* page when you [Add a Published API]({{< ref "/controller/api-management/manage-apis.md#add-a-published-api" >}}). If you already have a Published API and you want to create a new Dev Portal to host it, complete the tasks described in this guide.
 
-    {{< /important >}}
+    {{< /call-out >}}
 
 ## Create a Developer Portal
 
@@ -63,9 +63,9 @@ To create a Dev Portal, take the steps below:
 3. On the **Services** menu, select APIs.
 4. On the APIs page, select **Create Dev Portal** from the Quick Actions menu.
 
-    {{< tip >}}
+    {{< call-out "tip" >}}
 If you want to connect one or more Dev Portals to an existing Published API, you should select the **Edit Published API** option. The API Documentation will be published to the selected Dev Portal(s). Refer to the [Define the Published API Deployment]({{< ref "/controller/api-management/manage-apis.md#define-the-published-api-deployment" >}}) section for more information and instructions.
-    {{< /tip >}}
+    {{< /call-out >}}
 
 ### Configure the Developer Portal
 
diff --git a/content/controller/api/overview.md b/content/controller/api/overview.md
index 1610f6021..d37acb406 100644
--- a/content/controller/api/overview.md
+++ b/content/controller/api/overview.md
@@ -37,7 +37,7 @@ The diagrams below demonstrate how the different objects at the Service level re
 1. All Service objects are part of an Environment.
 1. Gateways and Certs can be defined at the Environment level --or-- at the Component Level. The diagram below shows an example of how traffic flows through a Gateway to an App.
 1. Components are child objects that represent the back-end server(s) that host your App or API.
-    {{<note>}}A Component can represent an application **or** an API. The same Component cannot be used for both App Delivery and API Management.{{</note>}}
+    {{< call-out "note" >}}A Component can represent an application **or** an API. The same Component cannot be used for both App Delivery and API Management.{{< /call-out >}}
 1. Certs can be added to a Gateway or to an individual Component.
 
 {{< img src="/ctlr/img/services-object-model-example.png" alt="Diagram showing the relationship of objects in an Environment within the Services area." >}}
@@ -55,19 +55,19 @@ The diagram below shows a sample deployment workflow. In this workflow, the user
 
 {{< img src="/ctlr/img/devops-workflow-simple.png" alt="Example deployment workflow" >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 - [Managing Roles & Users]({{< ref "/controller/platform/access-management/manage-users.md" >}})
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Authentication
 
 The NGINX Controller API uses session cookies to authenticate requests. The session cookie is returned in response to a `GET /api/v1/platform/login` request. See the Login endpoint in the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) documentation for information about session cookie timeouts and invalidation.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can send a GET request to the login endpoint to find the status of the session token.
-{{< /tip >}}
+{{< /call-out >}}
 
 For example:
 
diff --git a/content/controller/api/reference/ctlr-adc-api.md b/content/controller/api/reference/ctlr-adc-api.md
index e1226fa0f..04ead674a 100644
--- a/content/controller/api/reference/ctlr-adc-api.md
+++ b/content/controller/api/reference/ctlr-adc-api.md
@@ -12,6 +12,5 @@ tags:
 title: ADC API
 toc: false
 weight: 300
+nd-api-reference: "./nginx-controller/api/reference/ctlr-adc-openapi.json"
 ---
-
-{{< openapi spec="./nginx-controller/api/reference/ctlr-adc-openapi.json" >}}
diff --git a/content/controller/api/reference/ctlr-analytics-api.md b/content/controller/api/reference/ctlr-analytics-api.md
index b1d69e9bb..70e1214f6 100644
--- a/content/controller/api/reference/ctlr-analytics-api.md
+++ b/content/controller/api/reference/ctlr-analytics-api.md
@@ -11,6 +11,5 @@ tags:
 title: Analytics API
 toc: false
 weight: 200
+nd-api-reference: "./nginx-controller/api/reference/ctlr-analytics-openapi.json"
 ---
-
-{{< openapi spec="./nginx-controller/api/reference/ctlr-analytics-openapi.json" >}}
diff --git a/content/controller/api/reference/ctlr-apim-api.md b/content/controller/api/reference/ctlr-apim-api.md
index 0b673cb8d..5add27db2 100644
--- a/content/controller/api/reference/ctlr-apim-api.md
+++ b/content/controller/api/reference/ctlr-apim-api.md
@@ -11,6 +11,5 @@ tags:
 title: APIM API
 toc: false
 weight: 400
+nd-api-reference: "./nginx-controller/api/reference/ctlr-apim-openapi.json"
 ---
-
-{{< openapi spec="./nginx-controller/api/reference/ctlr-apim-openapi.json" >}}
diff --git a/content/controller/api/reference/ctlr-platform-api.md b/content/controller/api/reference/ctlr-platform-api.md
index d64ad61f5..562a3db72 100644
--- a/content/controller/api/reference/ctlr-platform-api.md
+++ b/content/controller/api/reference/ctlr-platform-api.md
@@ -8,6 +8,5 @@ tags:
   - api
 title: Platform API
 toc: false
+nd-api-reference: "./nginx-controller/api/reference/ctlr-platform-openapi.json"
 ---
-
-{{< openapi spec="./nginx-controller/api/reference/ctlr-platform-openapi.json" >}}
diff --git a/content/controller/app-delivery/about-app-delivery.md b/content/controller/app-delivery/about-app-delivery.md
index 81e50b6fb..544e54607 100644
--- a/content/controller/app-delivery/about-app-delivery.md
+++ b/content/controller/app-delivery/about-app-delivery.md
@@ -37,7 +37,7 @@ Together, the Component's relative paths and the Gateway's FQDN results form the
 
 Likewise, you can configure a Component with its own FQDN and paths, but inherit the TLS certificates from the Gateway. Or, you can configure a Component that doesn't inherit any resources or configurations from the Gateway and uses its own set of definitions.
 
-{{< note >}}The ability to add resources, like Certificates, is determined by your account permissions. If you don't have the ability to add new Certs, contact your administrator. {{< /note >}}
+{{< call-out "note" >}}The ability to add resources, like Certificates, is determined by your account permissions. If you don't have the ability to add new Certs, contact your administrator. {{< /call-out >}}
 
 {{< versions "3.0" "latest" "ctrlvers" >}}
 {{< versions "3.20" "latest" "adcvers" >}}
diff --git a/content/controller/app-delivery/about-caching.md b/content/controller/app-delivery/about-caching.md
index 3a58056ad..6e5f9c005 100644
--- a/content/controller/app-delivery/about-caching.md
+++ b/content/controller/app-delivery/about-caching.md
@@ -19,11 +19,11 @@ NGINX Controller Caching supports [basic caching](https://www.nginx.com/blog/ngi
 
 When you add a disk store to a component, you define the location of the cache on the hard disk. The path you specify for the disk store is the base path under which you want to store the cache files for the component.
 
-{{< important >}}
+{{< call-out "important" >}}
 The directory that you want to use as the cache must already exist and the NGINX process must have read and write permissions to it. Otherwise, NGINX Controller can't create the cached folders and files.
 
 If NGINX Controller can't create the desired cache directory and/or write files to it, the user interface will display an error for the component.
-{{< /important >}}
+{{< /call-out >}}
 
 When you use the UI or the REST API to create a single disk store, NGINX Controller adds the following directives to the auto-generated `nginx.conf` file:
 
@@ -38,9 +38,9 @@ NGINX Controller Caching also supports splitting the cache across multiple direc
 
 The percentage option lets you set the percentage of the cache to store in each location. Pattern matching lets you define where to store cache contents -- like certain file types -- and which cache location should send a response based on the request.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Read the [NGINX Caching Guide](https://www.nginx.com/blog/nginx-caching-guide/#Splitting-the-Cache-Across-Multiple-Hard-Drives) to learn more about splitting the cache across multiple hard drives.
-{{< /see-also >}}
+{{< /call-out>}}
 
 When you define a split cache, NGINX Controller adds a `split_clients` configuration block with percentage split or a `map` configuration block with string split to the `http` context of the generated `nginx.conf` file.
 
@@ -68,14 +68,14 @@ To add any of the [`ngx_http_proxy_module`](http://nginx.org/en/docs/http/ngx_ht
 
 In order to enable the collection of app centric caching metrics, NGINX Controller has added a minimal set of APIs to enable and control caching. For more advanced caching features, you can make use of `configSnippets` to configure the directives above.
 
-{{< note >}}
+{{< call-out "note" >}}
 When you enable the temporary path for disk store with `tempPath:ENABLED`, you need to set the temporary path `proxy_temp_path` using the snippets API.
-{{< /note >}}
+{{< /call-out >}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Controller does not collect or report metrics for directives configured using Snippets.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Usage Examples
 
diff --git a/content/controller/app-delivery/about-snippets.md b/content/controller/app-delivery/about-snippets.md
index 21eb1e83b..cbeed3b4f 100644
--- a/content/controller/app-delivery/about-snippets.md
+++ b/content/controller/app-delivery/about-snippets.md
@@ -11,17 +11,17 @@ type:
 
 The F5 NGINX Controller Application Delivery (AD) module lets you configure NGINX directives that aren't represented in the NGINX Controller API via "config snippets", or "Snippets". You can do so by using either the user interface (UI) or the [Application Delivery REST API](https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/).
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the snippet.
 
 We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-{{< /caution >}}
+{{< /call-out >}}
 
 ## Types of Snippets
 
 There are five types of Snippets, which you can configure for gateways or components. This lets you add custom directives into the corresponding NGINX configuration blocks generated by the gateways and components for the associated URIs.
 
-{{< note >}}The `uriSnippets` can't be used for TCP/UDP components.{{< /note >}}
+{{< call-out "note" >}}The `uriSnippets` can't be used for TCP/UDP components.{{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
@@ -52,10 +52,10 @@ host='$host' curl -s -k -H "Content-Type: application/json" -X PUT -d "<data>" h
 
 ## Usage Examples
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 The examples provided here are intended for demonstration purposes only.
 We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-{{< /caution >}}
+{{< /call-out >}}
 
 ### Add HTTP Strict Transport Security Headers
 
@@ -374,11 +374,11 @@ For example:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The `error_log` and `accesslog` directives can appear at various block levels (`main`, `http`, `stream`, `server`, `location`, etc.).
 NGINX Controller adds these directives to control logging to the local file. When using Snippets to add additional logging capabilities, the inner blocks override the outer block definitions.
 For example, if you enable remote logging for errors at the `main` level, and you add an `error_log` directive to a `server` or `location` block that uses local logging, the local logging configuration  overrides the remote logging configured at the `main` level.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Manage IPv6 Addresses
 
@@ -437,7 +437,7 @@ For HTTP, use the Gateway URI Snippets block to add an IPv6 [`listen`](https://n
 }
 ```
 
-{{< note >}}You cannot add IPv6 `listen` directives to a server block when the FQDN is defined in the Component URI (for example, `http://{FQDN}/{PATH}`). {{< /note >}}
+{{< call-out "note" >}}You cannot add IPv6 `listen` directives to a server block when the FQDN is defined in the Component URI (for example, `http://{FQDN}/{PATH}`). {{< /call-out >}}
 
 #### TCP/UDP Component with IPv6
 
@@ -549,11 +549,11 @@ Add `listen` directives with parameters in URI Snippets. To learn more about wha
 - [`stream` listen options](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen)
 - [`http` listen options](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen)
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The `reuseport` parameter creates an individual listening socket for each worker process. See [`reuseport` option](https://nginx.org/en/docs/http/ngx_http_core_module.html#reuseport).
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Extend App Security with Snippets
 
diff --git a/content/controller/app-delivery/deploy-simple-app.md b/content/controller/app-delivery/deploy-simple-app.md
index 37e36fe58..78a9dc3eb 100644
--- a/content/controller/app-delivery/deploy-simple-app.md
+++ b/content/controller/app-delivery/deploy-simple-app.md
@@ -25,7 +25,7 @@ If you want to secure your application traffic, you'll need to add Certificates.
 
 If you just want to deploy a simple HTTP application, skip ahead to [Gateways](#create-a-gateway).
 
-{{< tip >}} Make sure that you add the new Cert to the Environment that you created in the previous step.{{< /tip >}}
+{{< call-out "tip" >}} Make sure that you add the new Cert to the Environment that you created in the previous step.{{< /call-out >}}
 
 - [About Certificates]({{< ref "/controller/services/manage-certs.md#about-certificates" >}})
 - [Create a certificate]({{< ref "/controller/services/manage-certs.md#create-a-cert" >}})
diff --git a/content/controller/app-delivery/manage-apps.md b/content/controller/app-delivery/manage-apps.md
index 1462c8f25..8dbb4ecb6 100644
--- a/content/controller/app-delivery/manage-apps.md
+++ b/content/controller/app-delivery/manage-apps.md
@@ -12,14 +12,14 @@ type:
 
 Follow the steps in this topic to learn how to create and manage Apps and App Components.
 
-{{< tip >}}You can also use the F5 NGINX Controller API to create Apps and Components. See the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) for details.{{< /tip >}}
+{{< call-out "tip" >}}You can also use the F5 NGINX Controller API to create Apps and Components. See the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}) for details.{{< /call-out >}}
 &nbsp;
 
 ## Before You Begin
 
 You will need to select an [Environment]({{< ref "/controller/services/manage-environments.md#create-an-environment" >}}) and [Gateway]({{< ref "/controller/services/manage-gateways.md#create-a-gateway" >}}) -- or create new Environment and Gateway resources -- when adding a new App.
 
-{{< note >}}If you do not have permission to create these resources and none are available to select, contact your system administrator.{{< /note >}}
+{{< call-out "note" >}}If you do not have permission to create these resources and none are available to select, contact your system administrator.{{< /call-out >}}
 &nbsp;
 
 ## Create an App
@@ -124,9 +124,9 @@ On the **Create App Component** *URIs* page:
     - (Optional) Select a **Match Method** (applicable only to Web Components).
     - (Optional) Select **Customize for this URI** to add custom **TLS Settings**.
 
-        {{< note >}}
+        {{< call-out "note" >}}
 TLS Settings can be inherited from the Gateway, or customized at the Component level. Enable this option if you want the Component to use a different cert than that used by the Gateway.
-        {{< /note >}}
+        {{< /call-out >}}
 
 1. (Optional) Define the **Shared TLS Settings**.
 
@@ -144,31 +144,31 @@ On the **Create App Component** *Workload Groups* page:
 
    The location determines which instances or instance groups the workload group is applied to. If any workload group specifies a location, they all must specify a location. Note: If the associated gateway uses instance groups, the location should refer to the instance group location, not the location(s) of the individual instances that make up that group.
 
-   {{< see-also >}}Refer to the [Manage Locations]({{< ref "/controller/infrastructure/locations/manage-locations.md" >}}) topic for more information.{{< /see-also >}}
+   {{< call-out "note" >}}Refer to the [Manage Locations]({{< ref "/controller/infrastructure/locations/manage-locations.md" >}}) topic for more information.{{< /call-out>}}
 1. Define the backend workload URIs.
 1. (Optional) Define the DNS Server.
 1. (Optional) Select the Load Balancing Method. The default value is "Round Robin".
 
-   {{< see-also >}}Refer to the [NGINX Plus Admin Guide](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/) for more information about the available options.{{< /see-also >}}
+   {{< call-out "note" >}}Refer to the [NGINX Plus Admin Guide](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/) for more information about the available options.{{< /call-out>}}
 
 1. (Optional) Select the Session Persistence Type (applicable only to Web Components).
 1. (Optional) Select the Desired Proxy Settings (applicable only to Web Components).
 
-   {{< tip >}}Hover your pointer over the info icon for each setting to learn about the expected values and requirements.{{< /tip >}}
+   {{< call-out "tip" >}}Hover your pointer over the info icon for each setting to learn about the expected values and requirements.{{< /call-out >}}
 1. Select **Next**.
 
 ### Ingress
 
 On the **Create App Component** *Ingress* page:
 
-{{< note >}} The following settings are applicable only to Web components. {{< /note >}}
+{{< call-out "note" >}} The following settings are applicable only to Web components. {{< /call-out >}}
 
 1. (Optional) Select the supported HTTP methods.
 1. (Optional) Set the desired **Client Max Body Size**.
 
-    {{< see-also >}}
+    {{< call-out "note" >}}
 Refer to the [`ngx_http_core_module` docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) for more information about these options.
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 1. Select **Next**.
 
@@ -176,7 +176,7 @@ Refer to the [`ngx_http_core_module` docs](http://nginx.org/en/docs/http/ngx_htt
 
 On the **Create App Component** *Backend* page:
 
-{{< note >}} The following settings are applicable only to Web components. {{< /note >}}
+{{< call-out "note" >}} The following settings are applicable only to Web components. {{< /call-out >}}
 
 1. (Optional) Enable [NTLM authentication](https://en.wikipedia.org/wiki/Integrated_Windows_Authentication) to allow proxying requests with NT LAN Manager (NTLM) Authentication.
 1. (Optional) Specify the persistent state.
@@ -205,9 +205,9 @@ On the **Create App Component** *Monitoring* page:
 1. (Optional) Select whether a response should pass in order for the health check to pass (applicable only to Web components). By default, the response should have status code `2xx` or `3xx`.
 1. Select **Next**.
 
-    {{< see-also>}}
+    {{< call-out "note" >}}
 Refer to the [`ngx_http_upstream_hc_module` docs](http://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) for more information about these options.
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 ### Errors and Logs
 
@@ -221,15 +221,15 @@ On the **Create App Component** *Logs* page:
 1. (Optional) Specify the log format to use.
 1. Select **Next**.
 
-    {{< see-also >}}
+    {{< call-out "note" >}}
 Refer to the [`ngx_http_log_module` docs](http://nginx.org/en/docs/http/ngx_http_log_module.html) for more information about these options.
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 ### Programmability
 
 On the **Create App Component** *Programmability* page:
 
-{{< note >}} The following settings are applicable only to Web components. {{< /note >}}
+{{< call-out "note" >}} The following settings are applicable only to Web components. {{< /call-out >}}
 
 1. (Optional) Select **Add URI Redirects** and define the desired redirect condition(s).
 1. (Optional) Select **Add URI Rewrite** and define the desired rewrite pattern(s).
@@ -237,15 +237,15 @@ On the **Create App Component** *Programmability* page:
 1. (Optional) Select **Add Response Header Modification** and define how to modify the response header.
 1. Select **Next**.
 
-    {{< see-also >}}
+    {{< call-out "note" >}}
 Refer to the [`ngx_http_rewrite_module` docs](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html) for more information about these options.
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 ### Caching
 
-{{< note >}}
+{{< call-out "note" >}}
 Introduced in NGINX Controller App Delivery module v3.22.
-{{< /note >}}
+{{< /call-out >}}
 
 On the **Create App Component** *Caching* page:
 
@@ -255,7 +255,7 @@ On the **Create App Component** *Caching* page:
    - **PERCENTAGE** -- Select if you want to split the cache across two or more disk stores and assign a percentage of the store to each location.  The *key* field is not required for this option if users set only one disk.
    - **STRING** -- Select if you want to split the cache across two or more disk stores using pattern matching. The *key* field is required for this option.
 
-     {{< note >}}The *key* string must contain at least one valid [NGINX variable](https://nginx.org/en/docs/varindex.html). Example: `${request_uri}`{{< /note >}}
+     {{< call-out "note" >}}The *key* string must contain at least one valid [NGINX variable](https://nginx.org/en/docs/varindex.html). Example: `${request_uri}`{{< /call-out >}}
 
 1. Define the desired settings for the Disk Store:
 
@@ -271,7 +271,7 @@ On the **Create App Component** *Caching* page:
    - **Loader Policy** (Optional)
    - **Purger Policy** (Optional)
 
-   {{< see-also >}}Refer to the [`proxy_cache_path` docs](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) for more information about these options.{{< /see-also >}}
+   {{< call-out "note" >}}Refer to the [`proxy_cache_path` docs](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) for more information about these options.{{< /call-out>}}
 
 1. Select *Add Disk Store* to add another disk store (Optional).
    This will split the cache across multiple storage locations according to the *Split Config* criteria you selected.
@@ -284,9 +284,9 @@ On the **Create App Component** *Caching* page:
 
 ### Snippets
 
-{{< note >}}
+{{< call-out "note" >}}
 Introduced in NGINX Controller App Delivery module v3.22.
-{{< /note >}}
+{{< /call-out >}}
 
 Refer to the [About Snippets]({{< ref "/controller/app-delivery/about-snippets.md" >}}) topic to learn more about Snippets and how they impact the NGINX Controller-generated `nginx.conf` file.
 
@@ -306,7 +306,7 @@ On the **Create App Component** *Snippets* page:
    proxy_set_header Host $proxy_host;
    ```
 
-   {{< caution >}}When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the snippet. We strongly recommend verifying Snippets in a lab environment before making any changes in production.{{< /caution >}}
+   {{< call-out "caution"  >}}When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the snippet. We strongly recommend verifying Snippets in a lab environment before making any changes in production.{{< /call-out >}}
 
 1. Select **Next** to preview the REST API call for your component, or **Submit** to save and submit your changes.
 
@@ -314,7 +314,7 @@ On the **Create App Component** *Snippets* page:
 
 On the **Create App Component** *Rate Limiting* page:
 
-{{< note >}} The following Rate Limiting settings are applicable only to Web components. {{< /note >}}
+{{< call-out "note" >}} The following Rate Limiting settings are applicable only to Web components. {{< /call-out >}}
 
 1. Enable Rate Limiting and select a **Key**.
 1. Select options for Rate and Units.
@@ -336,16 +336,16 @@ On the **Create App Component** *Authentication* page:
 
 On the **Create App Component** *Security* page:
 
-{{< note >}} The following Security settings are applicable only to Web components. {{< /note >}}
+{{< call-out "note" >}} The following Security settings are applicable only to Web components. {{< /call-out >}}
 
 1. (Optional) Select **Enable Web Application Firewall (WAF)** to watch for or block suspicious requests or attacks.
 1. (Optional) Select **Monitor Only** to allow traffic to pass without being rejected. Security events are still generated and metrics are still collected. Refer to [About App Security Analytics]({{< ref "/controller/analytics/view-app-security-analytics.md#overview" >}}) for more information.
 1. (Optional) the signature(s) that you want the WAF to ignore. You can specify multiple signatures as a comma-separated list.
 1. Select **Next**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to the [Secure Your Apps]({{< ref "/controller/app-delivery/security/_index.md" >}}) topics to learn more about WAF and the default protections provided by NGINX App Protect.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Edit or Delete Apps and Components
 
diff --git a/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md b/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md
index f701a423d..342bc0cb4 100644
--- a/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md
+++ b/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md
@@ -34,7 +34,7 @@ The default policy for NGINX Controller App Security WAF includes these security
 | Malformed cookie | Validates that the cookie format is RFC compliant. |
 | Illegal status code | Responses in the 400–500 range -- except for `400`, `401`, `404`, `407`, `417`, `503` -- are rejected. |
 | Request size exceeds the buffer | Requests that exceed the buffer size |
-| Maximum length for URL, header, query string, cookie, and POST data | URL length: 2048<br>Header length: 4096<br>Query string length: 2048<br>Cookie length: 4096<br>Post data length: 4096<br><br>{{< note >}} The whole request length is not checked. The entire request cannot exceed the maximum buffer size of 10 MB.{{< /note >}} |
+| Maximum length for URL, header, query string, cookie, and POST data | URL length: 2048<br>Header length: 4096<br>Query string length: 2048<br>Cookie length: 4096<br>Post data length: 4096<br><br>{{< call-out "note" >}} The whole request length is not checked. The entire request cannot exceed the maximum buffer size of 10 MB.{{< /call-out >}} |
 | Disallowed file type extension | These file types are disallowed: <ul><li>bak, bat, bck, bkp, cfg, conf, config, ini, log, old, sav, save, temp, tmp</li><li>bin, cgi, cmd, com, dll, exe, msi, sys, shtm, shtml, stm</li><li>cer, crt, der, key, p12, p7b, p7c, pem, pfx</li><li>dat, eml, hta, htr, htw, ida, idc, idq, nws, pol, printer, reg, wmz</li></ul> |
 | Allowed methods | Only these HTTP methods are allowed:<ul><li>GET</li><li>HEAD</li><li>POST</li><li>PUT</li><li>PATCH</li><li>DELETE</li><li>OPTIONS</li></ul> |
 | Character/Metacharacter validation in URL and header | Metacharacters are checked in the URL and header. |
@@ -83,11 +83,11 @@ The Violation Rating is a dimension in Security Violation Events. NGINX App Prot
 - Threat campaigns
 - Malformed request: unparsable header, malformed cookie, and malformed body (JSON or XML).
 
-{{< note >}}
+{{< call-out "note" >}}
 
 With the default policy, all requests rejected by NGINX App Protect generate a Security Event in NGINX Controller. Requests with Violation Rating of `3 (Needs examination)` also generate a Security Event in NGINX Controller. All other requests do not generate a Security Event in NGINX Controller.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Additional Information
 
diff --git a/content/controller/app-delivery/security/concepts/app-sec-metrics.md b/content/controller/app-delivery/security/concepts/app-sec-metrics.md
index fe7798b33..a07aa2fd8 100644
--- a/content/controller/app-delivery/security/concepts/app-sec-metrics.md
+++ b/content/controller/app-delivery/security/concepts/app-sec-metrics.md
@@ -34,7 +34,7 @@ The following table shows the attributes and dimensions you can view and filter
 | http.request_endpoint | | Request URI |
 | http.request_method | | Method used for the request|
 | request_outcome |`REJECTED`, `PASSED`| The outcome of the request after Controller App Security processed the request.|
-| request_outcome_reason | `SECURITY_WAF_OK`, `SECURITY_WAF_VIOLATION`, `SECURITY_WAF_FLAGGED`, `SECURITY_WAF_BYPASS`, `SECURITY_NGINX_VIOLATION`, `SECURITY_WAF_FLAGGED` | request_outcome_reason provides the reason why App Security rejected or flagged a request to be reviewed. Outcome reasons for `SECURITY_WAF_BYPASSED` and `SECURITY_NGINX_VIOLATION` have not been implemented.<br />{{< note >}} App Security Events are not created for requests that don't trigger any violations. This means you should not see Events with `outcome_reason = SECURITY_WAF_OK`.{{< /note >}}|
+| request_outcome_reason | `SECURITY_WAF_OK`, `SECURITY_WAF_VIOLATION`, `SECURITY_WAF_FLAGGED`, `SECURITY_WAF_BYPASS`, `SECURITY_NGINX_VIOLATION`, `SECURITY_WAF_FLAGGED` | request_outcome_reason provides the reason why App Security rejected or flagged a request to be reviewed. Outcome reasons for `SECURITY_WAF_BYPASSED` and `SECURITY_NGINX_VIOLATION` have not been implemented.<br />{{< call-out "note" >}} App Security Events are not created for requests that don't trigger any violations. This means you should not see Events with `outcome_reason = SECURITY_WAF_OK`.{{< /call-out >}}|
 | http.response_code | | Response code returned to App Security. A `0` code is returned if App Security did not block the request.|
 | http.hostname | | Hostname of request|
 | http.remote_addr | | Client IP of the request|
diff --git a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
index f14497b08..fc1ec87ae 100644
--- a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
+++ b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
@@ -18,7 +18,7 @@ A BYO NGINX App Protect policy lets you maintain consistent Security Policies ac
 To export a policy from F5 Advanced WAF or ASM, take the following steps:
 
 1. Convert your F5 XML security policy to an NGINX App Protect WAF declarative JSON policy using the [NGINX App Protect Policy Converter tool](https://docs.nginx.com/nginx-app-protect/configuration/#policy-converter).
-   {{<note>}}We recommend using the Converter tool that corresponds with the most recent NGINX App Protect version.{{</note>}}
+   {{< call-out "note" >}}We recommend using the Converter tool that corresponds with the most recent NGINX App Protect version.{{< /call-out >}}
 
 2. Use the NGINX App Protect declarative JSON policy as the WAF policy in NGINX Controller for your app component(s).
 
diff --git a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
index 9933ec89a..60a6d68eb 100644
--- a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
+++ b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
@@ -16,26 +16,26 @@ F5 NGINX Controller [Snippets]({{< ref "/controller/app-delivery/about-snippets.
 
 Snippets also let you customize App Security for your Components by adding NGINX App Protect directives that aren't present in the NGINX Controller API. You can use Snippets when [tuning your NGINX App Protect WAF performance]({{< ref "/controller/app-delivery/security/tutorials/tune-waf-for-app" >}}) as well.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the Snippet.
 
 We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-{{< /caution >}}
+{{< /call-out >}}
 
 ## App Security Usage Examples
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 The examples provided here are intended for demonstration purposes only.
 We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-{{< /caution >}}
+{{< /call-out >}}
 
 ### Define a Backup Location for Security Event Logs
 
 When you [enable WAF on a Component]({{< ref "/controller/app-delivery/security/tutorials/add-app-security-with-waf" >}}), all Security Events are sent to NGINX Controller logs via syslog. The following example uses the `app_protect_security_log` directive in a URI Snippet to define a local backup location for Security Event logs. You can also send Security Events to another syslog server or to `stderr` by inserting an additional URI Snippet with the `app_protect_security_log` directive.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 Using local files as a backup for Security Events may use up disk space and affect your system performance. In production environments, setting up a remote file or a remote syslog server for backup purposes are good alternatives to using a local backup.
-{{< /caution >}}
+{{< /call-out >}}
 
 ```json
 {
@@ -94,9 +94,9 @@ Using local files as a backup for Security Events may use up disk space and affe
 
 When using [Bring Your Own WAF Policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy" >}}) in NGINX Controller, you can define a URI Snippet for a Gateway API to define the location for your User-Defined Signature Definition file. The User-Defined Signature can then be referenced in the custom NGINX App Protect WAF policy that you use for your Components.
 
-{{< note >}}
+{{< call-out "note" >}}
 The file that contains the signature definition must already exist on your NGINX App Protect WAF instances. For more information regarding User-Defined Signatures, refer to the [NGINX App Protect WAF Configuration Guide](https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#user-defined-signatures).
-{{< /note >}}
+{{< /call-out >}}
 
 The following example adds a URI snippet to the Gateway API definition that provides the location of the User-Defined Signature Definition file.
 
@@ -188,10 +188,10 @@ Refer to the [NGINX App Protect Configuration Guide](https://docs.nginx.com/ngin
 
 ## Tuning WAF Performance Usage Examples
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 The examples provided here are intended for demonstration purposes only.
 We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-{{< /caution >}}
+{{< /call-out >}}
 
 ## Set the Memory and CPU Threshold Values
 
diff --git a/content/controller/app-delivery/security/concepts/what-is-waf.md b/content/controller/app-delivery/security/concepts/what-is-waf.md
index 3aede1a1a..7859c350c 100644
--- a/content/controller/app-delivery/security/concepts/what-is-waf.md
+++ b/content/controller/app-delivery/security/concepts/what-is-waf.md
@@ -15,7 +15,7 @@ The App Security Add-on for F5 NGINX Controller ADC lets you protect your applic
 
 A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but in the reverse—called a reverse proxy—acting as an intermediary that protects the web app server from a potentially malicious client.
 
-{{< see-also >}} To learn more about what a WAF is and how it works, check out the F5 DevCentral video: [What is a Web Application Firewall?](https://www.youtube.com/watch?v=p8CQcF_9280){{< /see-also >}}
+{{< call-out "note" >}} To learn more about what a WAF is and how it works, check out the F5 DevCentral video: [What is a Web Application Firewall?](https://www.youtube.com/watch?v=p8CQcF_9280){{< /call-out>}}
 
 &nbsp;
 
@@ -28,7 +28,7 @@ When you enable WAF on an app component using NGINX Controller, a security polic
 
 NGINX App Protect WAF inspects incoming traffic as specified in the Security Policy to identify potential threats. When malicious traffic is suspected or blocked, the NGINX Controller Analytics module logs security events and metrics. These are then included in the NGINX Controller Threat Visibility and Analytics reporting.
 
-{{< see-also >}}To learn more, read the [Threat Visibility and Analytics](https://www.nginx.com/blog/threat-visibility-analytics-nginx-controller-app-security/) blog post on [nginx.com](https://nginx.com).{{< /see-also >}}
+{{< call-out "note" >}}To learn more, read the [Threat Visibility and Analytics](https://www.nginx.com/blog/threat-visibility-analytics-nginx-controller-app-security/) blog post on [nginx.com](https://nginx.com).{{< /call-out>}}
 
 {{< img src="/ctlr/img/cas-overview.png" title="" alt="Controller App Security Overview Image" width="75%">}}
 
@@ -51,7 +51,7 @@ For more about creating, updating, or deleting Security Policies, see the [Strat
 
 You can use a custom Security Strategy to protect your Apps, or you can use NGINX Controller's default Security Strategy, which contains a pre-defined WAF policy.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The `/services/strategies/balanced_default` endpoint was replaced by `/security/strategies/balanced_default` in NGINX Controller ADC v3.18.
 
@@ -59,5 +59,5 @@ The `/services/strategies/balanced_default` endpoint was replaced by `/security/
 
 Refer to the AskF5 knowledge base article [K02089505](https://support.f5.com/csp/article/K02089505) for more information.
 
-{{< /note >}}
+{{< /call-out >}}
 
diff --git a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
index 29fbc7280..10b02146f 100644
--- a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
+++ b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
@@ -17,7 +17,7 @@ You can use the App Security add-on for F5 NGINX Controller ADC to enable Web Ap
 ## Before You Begin
 
 Before proceeding with this guide, complete the following tasks.
-{{<note>}}These steps may need to be completed by a user with admin permissions.{{</note>}}
+{{< call-out "note" >}}These steps may need to be completed by a user with admin permissions.{{< /call-out >}}
 
 1. [Add an NGINX App Protect instance]({{< ref "/controller/infrastructure/instances/add-nap-instance.md" >}}) to NGINX Controller.
 
@@ -40,7 +40,7 @@ To enable WAF functionality for Application Security using the default security
         }
 ```
 
-{{<note>}}You need READ access to the `/security/strategies/` API path to enable WAF on a component. By default, only users with an admin role have full access to all API endpoint resources.{{</note>}}
+{{< call-out "note" >}}You need READ access to the `/security/strategies/` API path to enable WAF on a component. By default, only users with an admin role have full access to all API endpoint resources.{{< /call-out >}}
 
 This JSON object should be added to the Component endpoint similar to the following example:
 
@@ -202,7 +202,7 @@ The JSON object should be similar to the example below:
 
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The following WAF security parameters are not supported in App Components that reference a custom Security Strategy:
 
@@ -211,7 +211,7 @@ The following WAF security parameters are not supported in App Components that r
 
 These preceding parameters are supported by NGINX Controller's default policy for WAF.
 
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -242,17 +242,17 @@ To view all events:
 3. On the **Analytics** menu, select **Events**.
 4. Select **All Events** to view security violations and the status. Flagged and rejected status means that App Protect and WAF are running.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The WAF does not begin to emit security events immediately upon activation. We recommend that you wait a minute or two after enabling WAF for your Component to query the REST API for security events.
 
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 If NGINX Controller isn't logging any Security Violation Events for your app component, check [Security Events Not Available]({{< ref "/controller/support/troubleshooting-controller.md#Security-Events-Not-Available" >}}) for troubleshooting instructions.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Disable WAF for Component
 
diff --git a/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md b/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md
index 0a28a751e..a3018a9e1 100644
--- a/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md
+++ b/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md
@@ -51,10 +51,10 @@ To configure the Monitor-Only Mode, take the steps below.
 8. On the Edit App Component page, select **Security** menu.
 9. Toggle to Enable/Disable the **Monitor Only** button.
 
-{{< note >}}
+{{< call-out "note" >}}
 When **Monitor Only** mode is enabled, it will not block traffic. Event violations will be sent according to the policies associated with the referenced strategy.
 
 When **Monitor Only** mode is disabled, traffic is blocked based on the [Violation Rating]({{< ref "/controller/app-delivery/security/concepts/app-sec-default-policy-original.md#use-of-violation-ratings-in-default-policy" >}}) score for the default policy.
-{{< /note >}}
+{{< /call-out >}}
 
 {{< versions "3.12" "latest" "ctrlvers" >}}
diff --git a/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md b/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md
index 6249fe5b9..04950833f 100644
--- a/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md
+++ b/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md
@@ -65,13 +65,13 @@ For a role, you can grant `FULL`, `WRITE`, `READ`, or `NONE` permissions to a se
 {{</bootstrap-table>}}
 
 
-{{<note>}}When permissions are set to `NONE`:
+{{< call-out "note" >}}When permissions are set to `NONE`:
 
 - You **cannot** view the settings of the security strategy.
 - You **cannot** reference the security strategy for an app component.
 - You **cannot** create or edit the security strategy.
 - You **cannot** delete the security strategy.
-{{</ note>}}
+{{< /call-out >}}
 
 ### Security Policies
 
@@ -88,8 +88,8 @@ For a role, you can grant `FULL`, `WRITE`, `READ` or `NONE` permissions to a sec
 
 {{</bootstrap-table>}}
 
-{{< note >}}You don't need to add permissions to a security policy to reference it in a security strategy.
-{{< / note >}}
+{{< call-out "note" >}}You don't need to add permissions to a security policy to reference it in a security strategy.
+{{< /call-out >}}
 
 ## Restricting Access to the Default Strategy
 
diff --git a/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md b/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md
index 2bdafffd0..ee1c98412 100644
--- a/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md
+++ b/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md
@@ -178,9 +178,9 @@ You can use the following example Events requests to collect App Security Analyt
                 component='app-component')
     ```
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
 To get all Events, remove the Environment, App, and Component filters from the request call.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 - To find requests flagged by App Security’s violation rating algorithm as a possible or likely threat:
 
@@ -197,9 +197,9 @@ To get all Events, remove the Environment, App, and Component filters from the r
             component='app-component')
     ```
 
-    {{< important >}}
+    {{< call-out "important" >}}
 This is important if you are using App Security WAF monitoring only mode. You can use it to understand the type of threats WAF believes should be blocked.
-    {{< /important >}}
+    {{< /call-out >}}
 
 - To get Events that have triggered a specific signature-based violation by signature id:
 
diff --git a/content/controller/infrastructure/instances/add-aws-instance.md b/content/controller/infrastructure/instances/add-aws-instance.md
index fc8dacba6..a55f304d3 100644
--- a/content/controller/infrastructure/instances/add-aws-instance.md
+++ b/content/controller/infrastructure/instances/add-aws-instance.md
@@ -16,11 +16,11 @@ You can use F5 NGINX Controller to deploy and manage NGINX instances on Amazon W
 
 This tutorial explains how to deploy NGINX Plus on AWS by defining an AWS Integration, a Location, and an Instance Template in NGINX Controller.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 You are responsible for applying software and security updates on your data plane Instances. NGINX Controller does not manage these updates for you.
 
-{{< /important >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -123,9 +123,9 @@ To create an Instance Template for AWS NGINX instances, take the following steps
 1. Specify whether a public IP address should be assigned to the instance.
 1. Select **Submit**.
 
-{{< note >}}
+{{< call-out "note" >}}
 Enabling WAF via the App Security add-on is not supported when deploying Instances with an Instance Template.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Steps
 
@@ -148,11 +148,11 @@ To create an Instance Template for AWS NGINX instances, take the following steps
 1. Specify whether a public IP address should be assigned to the instance.
 1. Select **Submit**.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Enabling WAF via the App Security add-on is not supported when deploying Instances with an Instance Template.
 
-{{< /note >}}
+{{< /call-out >}}
 
 &nbsp;
 
diff --git a/content/controller/infrastructure/instances/add-azure-instance.md b/content/controller/infrastructure/instances/add-azure-instance.md
index c5b222733..13fc90ba5 100644
--- a/content/controller/infrastructure/instances/add-azure-instance.md
+++ b/content/controller/infrastructure/instances/add-azure-instance.md
@@ -16,11 +16,11 @@ You can use F5 NGINX Controller to deploy and manage NGINX instances on [Microso
 
 This tutorial explains how to deploy NGINX Plus on Azure by defining an Azure Integration, a Location, and an Instance Template in NGINX Controller.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 You are responsible for applying software and security updates on your NGINX instances. NGINX Controller does not manage these updates for you.
 
-{{< /important >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -157,8 +157,8 @@ For the Instance Template, you can provide the details for an NGINX image on the
 
 - To create an Instance Template for an Azure Marketplace image using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a POST request similar to the following example to the Instance Templates API endpoint. You can find descriptions of the instance parameters in the API Reference documentation.
 
-  {{< tip >}}To look up the image details — `publisher`, `offer`, `sku`, and `version` — that you'll need to define the Instance Template, you can attempt to deploy an NGINX instance from the [Azure Marketplace](https://azure.microsoft.com/en-us/marketplace/) and look at the template that Azure creates to get the image details.
-  {{</ tip >}}
+  {{< call-out "tip" >}}To look up the image details — `publisher`, `offer`, `sku`, and `version` — that you'll need to define the Instance Template, you can attempt to deploy an NGINX instance from the [Azure Marketplace](https://azure.microsoft.com/en-us/marketplace/) and look at the template that Azure creates to get the image details.
+  {{< /call-out >}}
 
   &nbsp;
 
diff --git a/content/controller/infrastructure/instances/add-nap-instance.md b/content/controller/infrastructure/instances/add-nap-instance.md
index 9d6c5f63f..33a1cce6a 100644
--- a/content/controller/infrastructure/instances/add-nap-instance.md
+++ b/content/controller/infrastructure/instances/add-nap-instance.md
@@ -19,10 +19,10 @@ Follow the directions in this topic to deploy F5 NGINX App Protect and add the i
 
 Install NGINX App Protect on a host accessible by your NGINX Controller instance by following the appropriate steps for your operating system in the [Using NGINX App Protect with NGINX Controller]({{< ref "controller/admin-guides/install/install-for-controller.md" >}}) guide.
 
-{{< note >}}
+{{< call-out "note" >}}
 If you install NGINX App Protect by using any of the OS-specific install guides, **do not make changes to the `nginx.conf` file**.
 The NGINX Controller Agent manages `nginx.conf` settings and will make the appropriate adjustments for you.
-{{< /note >}}
+{{< /call-out >}}
 
 </div>
 
diff --git a/content/controller/infrastructure/instances/add-vsphere-instance.md b/content/controller/infrastructure/instances/add-vsphere-instance.md
index 30ec206ed..9fd0fea4d 100644
--- a/content/controller/infrastructure/instances/add-vsphere-instance.md
+++ b/content/controller/infrastructure/instances/add-vsphere-instance.md
@@ -16,11 +16,11 @@ You can use F5 NGINX Controller to deploy and manage NGINX instances on [VMware
 
 This tutorial explains how to deploy NGINX Plus on vSphere by defining a vSphere Integration, a Location, and an Instance Template in NGINX Controller.
 
-{{< important >}}
+{{< call-out "important" >}}
 
 You are responsible for applying software and security updates on your NGINX instances. NGINX Controller does not manage these updates for you.
 
-{{< /important >}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -56,11 +56,11 @@ Install NGINX Plus [as described.](https://docs.nginx.com/nginx/admin-guide/inst
 A template created from a VM that has the prerequisites mentioned above can be used in the vSphere integration.
 
 
-{{< important >}}
+{{< call-out "important" >}}
 
 You are responsible for securing the connection between the vSphere cloud and any VMs that are created. NGINX Controller can't secure those connections.
 
-{{< /important >}}
+{{< /call-out >}}
 
 &nbsp;
 
diff --git a/content/controller/infrastructure/instances/analyzer.md b/content/controller/infrastructure/instances/analyzer.md
index b98aecdc4..d3ceb8ce1 100644
--- a/content/controller/infrastructure/instances/analyzer.md
+++ b/content/controller/infrastructure/instances/analyzer.md
@@ -24,14 +24,14 @@ To access the **Analyzer** page, take the following steps:
 
 When viewing the **Analyzer Overview** page, select a system from the **Systems** pane to see the associated report.
 
-{{< note >}} The Analyzer can only show reports for NGINX instances found by the NGINX Controller Agent. If an instance is missing, check that it is [configured correctly for discovery by the Agent]({{< ref "/controller/support/troubleshooting-controller.md" >}}).{{< /note >}}
+{{< call-out "note" >}} The Analyzer can only show reports for NGINX instances found by the NGINX Controller Agent. If an instance is missing, check that it is [configured correctly for discovery by the Agent]({{< ref "/controller/support/troubleshooting-controller.md" >}}).{{< /call-out >}}
 
 The following information is provided when a report is run against an NGINX config structure:
 
 - Build
   - Path to NGINX config files(s)
   - Whether the parser failed or not, and the results of `nginx -t`
-      {{< note >}} Periodic NGINX configuration syntax checking with `nginx -t` is disabled by default. To enable this setting, select the **Enable periodic "nginx -t"** box on the [Default Agent Settings]({{< ref "/controller/admin-guides/config-agent/configure-the-agent.md#default-agent-settings" >}}) page.{{< /note >}}
+      {{< call-out "note" >}} Periodic NGINX configuration syntax checking with `nginx -t` is disabled by default. To enable this setting, select the **Enable periodic "nginx -t"** box on the [Default Agent Settings]({{< ref "/controller/admin-guides/config-agent/configure-the-agent.md#default-agent-settings" >}}) page.{{< /call-out >}}
   - Last-modified info
   - 3rd party modules found
   - Breakdown of the key configuration elements (servers, locations, upstreams)
diff --git a/content/controller/infrastructure/instances/ha-data-plane.md b/content/controller/infrastructure/instances/ha-data-plane.md
index 2d7c1e757..912ed24aa 100644
--- a/content/controller/infrastructure/instances/ha-data-plane.md
+++ b/content/controller/infrastructure/instances/ha-data-plane.md
@@ -26,7 +26,7 @@ Support for High Availability (HA) mode is limited to **two NGINX Plus instances
 
 1. NGINX distributes keepalived and some utilities in the `nginx-ha-keepalived` package. Follow the instructions in [Configuring High Availability](https://docs.nginx.com/nginx/admin-guide/high-availability/ha-keepalived/) in the NGINX Plus admin guide to install this version of NGINX `keepalived`.
 
-   {{< caution >}}Other versions or packages of `keepalived` have not been tested and functionality is not guaranteed.{{< /caution >}}
+   {{< call-out "caution"  >}}Other versions or packages of `keepalived` have not been tested and functionality is not guaranteed.{{< /call-out >}}
 
 1. To ensure that `keepalived` starts automatically when the instance restarts, you must enable the service:
 
@@ -54,13 +54,13 @@ After you've installed `keepalived`, there are a few manual steps to take to rea
 
 1. Open the the `keepalived.conf` for editing and add the markers `#NGINX_CONTROLLER_HA_BEGIN` and `#NGINX_CONTROLLER_HA_END` to the `virtual_ipaddress` configuration section, then reload the configuration. This is required to avoid conflicts with the configurations that NGINX Controller Agent applies to keepalived.
 
-    {{< note >}}
+    {{< call-out "note" >}}
 Any IP addresses that are manually added between these markers will be removed during a Gateway configuration operation.
-    {{< /note >}}
+    {{< /call-out >}}
 
-    {{< note >}}
+    {{< call-out "note" >}}
 Managing the `keepalived.conf` file through third-party configuration management software is not supported.
-    {{< /note >}}
+    {{< /call-out >}}
 
     The following is a sample Ubuntu configuration:
 
@@ -156,26 +156,26 @@ On the **Gateways > Create Gateway > Placements** page:
 
 1. In the **Instance Refs/Instance Groups Refs** box, select the NGINX instance(s) or instance group(s) on which you want to deploy the gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    If you're enabling **High Availability Mode**, select the [high-availability instances that you prepared]({{< ref "/controller/infrastructure/instances/ha-data-plane.md#prepare-the-high-availability-instances" >}}). NGINX Controller supports up to two high-availability instances.
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. In the **Listen IPs** box, add the IP address(es) on which the server listens for and accepts requests. If you're creating a placement for a BIG-IP Integration, add the virtual IP (VIP) address for the BIG-IP cluster.
 
    You can add multiple placements with different Listen IPs. When multiple placements are defined within a gateway, each placement represents a resilient path for any app component that references that gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    - To use non-local **Listen IPs**, you must enable `net.ipv4.ip_nonlocal_bind` on the instance.
    - When **High Availability Mode** is enabled, Virtual Router Redundancy Protocol ([VRRP](https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol#:~:text=The%20Virtual%20Router%20Redundancy%20Protocol,selections%20on%20an%20IP%20subnetwork.)) is configured for the Listen IP address(es).
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. To enable high-availability mode for your data paths, select **Use High Availability Mode**.
 
 ## Performing Maintenance on High-Availability Pairs
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 Configuration pushes made during the maintenance window will fail.
-{{< /caution >}}
+{{< /call-out >}}
 
 To perform maintenance updates on the high-availability pair, take the following steps:
 
diff --git a/content/controller/infrastructure/instances/manage-containerized-instances.md b/content/controller/infrastructure/instances/manage-containerized-instances.md
index 68a4796be..0d733b09b 100644
--- a/content/controller/infrastructure/instances/manage-containerized-instances.md
+++ b/content/controller/infrastructure/instances/manage-containerized-instances.md
@@ -11,8 +11,8 @@ type:
 
 ## Overview
 
-{{< important >}} Instance groups are supported in the F5 NGINX Controller API Management module beginning with version 3.18-APIM. Instance groups are supported in the NGINX Controller Application Delivery module versions 3.20, 3.21, and 3.22.
-{{< /important >}}
+{{< call-out "important" >}} Instance groups are supported in the F5 NGINX Controller API Management module beginning with version 3.18-APIM. Instance groups are supported in the NGINX Controller Application Delivery module versions 3.20, 3.21, and 3.22.
+{{< /call-out >}}
 
 Instance groups allow an API Gateway to be native in Kubernetes.
 
diff --git a/content/controller/infrastructure/instances/manage-instance-templates.md b/content/controller/infrastructure/instances/manage-instance-templates.md
index 5af936c72..c91c9a6b0 100644
--- a/content/controller/infrastructure/instances/manage-instance-templates.md
+++ b/content/controller/infrastructure/instances/manage-instance-templates.md
@@ -31,11 +31,11 @@ Take the following steps to create an Instance Template:
 1. Specify whether a public IP address should be assigned to the instance.
 1. Select **Submit**.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Enabling WAF via the App Security add-on is not supported when deploying Instances with an Instance Template.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## View or Delete an Instance Template
 
diff --git a/content/controller/infrastructure/instances/manage-instances.md b/content/controller/infrastructure/instances/manage-instances.md
index 9042b12c5..30174624c 100644
--- a/content/controller/infrastructure/instances/manage-instances.md
+++ b/content/controller/infrastructure/instances/manage-instances.md
@@ -30,13 +30,13 @@ When the [Controller Agent is installed]({{< ref "/controller/admin-guides/insta
 
 An [Instance Template]({{< ref "/controller/infrastructure/instances/manage-instance-templates.md" >}}) defines the parameters to use when creating a data plane instance. Instance Templates are ideal for cloud orchestration and make managing your cloud resources easy and quick.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For steps on how to deploy NGINX instances on Amazon Web Services or Microsoft Azure, see the following tutorials:
 
 - [Add an AWS NGINX Instance]({{< ref "/controller/infrastructure/instances/add-aws-instance.md" >}})
 - [Add an Azure NGINX Instance]({{< ref "/controller/infrastructure/instances/add-azure-instance.md" >}})
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 Take the following steps to create an instance using an Instance Template:
 
@@ -65,7 +65,7 @@ Take the following steps to view an instance's details or to edit an instance:
 
 Take the following steps to uninstall the Controller Agent and delete an instance.
 
-{{< important >}}Be sure to uninstall the Controller Agent first, before you delete an instance. If you don't uninstall the Controller Agent first, the instance may reappear in NGINX Controller after it has been deleted.{{< /important >}}
+{{< call-out "important" >}}Be sure to uninstall the Controller Agent first, before you delete an instance. If you don't uninstall the Controller Agent first, the instance may reappear in NGINX Controller after it has been deleted.{{< /call-out >}}
 
 1. On your NGINX Plus instance, stop the Controller Agent service:
 
@@ -125,7 +125,7 @@ Take the following steps to uninstall the Controller Agent and delete an instanc
 
 1. Delete alerts:
 
-    {{< note >}}When you delete an instance, any related alerts for that instance are not deleted automatically. You can delete the alerts manually, however.{{< /note >}}
+    {{< call-out "note" >}}When you delete an instance, any related alerts for that instance are not deleted automatically. You can delete the alerts manually, however.{{< /call-out >}}
 
    1. Open the NGINX Controller user interface and log in.
    2. On the Analytics menu, select **Alerts > Alert Rules**.
@@ -138,18 +138,18 @@ Take the following steps to uninstall the Controller Agent and delete an instanc
 
 An instance group is a logically grouped set of instances that can be used as a placement for a gateway, rather than a single instance. This concept supports the ability to scale horizontally without having to update the gateway placement. As instances are added to a group, they receive an NGINX configuration identical to those instances in the group. Instances in an instance group can be stand-alone or clustered NGINX Plus instances.  Instances can also leave the group, with the remaining instances continuing to function as intended.
 
-{{< important >}}
+{{< call-out "important" >}}
 **Workload affinity with instance groups**: Similar to instances, instance groups are associated with a location. If a location is not explicitly specified, the unspecified location is assumed. Instances in an instance group should be configured to use the same location; however, this requirement is not currently enforced.
 
 For the workload affinity feature, the location of the instance group must be specified using the optional `locationRef` field in the component's workload group API request. The locations of the instances in the instance group are ignored. The workload affinity feature uses this information and the workload groups to load balance traffic to the correct endpoints.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 Instance groups are supported on the following versions of NGINX Controller:
 
 - NGINX Controller API Management module v3.18 and later
 - NGINX Controller Application Delivery module v3.21 and later
-{{< /important >}}
+{{< /call-out >}}
 
 ### Create an Instance Group
 
@@ -196,11 +196,11 @@ To update the NGINX Controller Agent, take the following steps:
 1. On the **Instances** overview page, select **Create**.
 1. Follow the instructions in the **Install Instructions** pane to connect to the NGINX instance and install the updated Controller Agent package.
 
-      {{< note >}}
+      {{< call-out "note" >}}
 
 NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller 3.7 and later.
 
-      {{< /note >}}
+      {{< /call-out >}}
 
 
 ## Troubleshooting
diff --git a/content/controller/infrastructure/locations/manage-locations.md b/content/controller/infrastructure/locations/manage-locations.md
index d9dbd175c..5dd920e69 100644
--- a/content/controller/infrastructure/locations/manage-locations.md
+++ b/content/controller/infrastructure/locations/manage-locations.md
@@ -12,9 +12,9 @@ type:
 
 You can logically group your NGINX instances and instance groups by their physical locations using the **Locations** settings page in the F5 NGINX Controller web interface.
 
-{{< note >}}
+{{< call-out "note" >}}
 By default, NGINX Instances are added to the `unspecified` Location. The unspecified Location is a system-owned resource that can’t be updated or deleted.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Create a Location
 
diff --git a/content/controller/platform/access-management/manage-active-directory-auth-provider.md b/content/controller/platform/access-management/manage-active-directory-auth-provider.md
index 8eeedb348..fa10653e2 100644
--- a/content/controller/platform/access-management/manage-active-directory-auth-provider.md
+++ b/content/controller/platform/access-management/manage-active-directory-auth-provider.md
@@ -32,7 +32,7 @@ To configure an auth provider in Microsoft Entra using OIDC over HTTPS, complete
 
 1. Record your tenant ID, as well as the Client ID and Client Secret(s) for your App. Keep them handy, you will need this information to set up the Microsoft Entra Auth Provider in NGINX Controller.
 
-    {{< important >}}Microsoft Azure will only display the Client Secret once, during the App Registration process. Be sure to keep this information somewhere safe so you can refer to it later.{{< /important >}}
+    {{< call-out "important" >}}Microsoft Azure will only display the Client Secret once, during the App Registration process. Be sure to keep this information somewhere safe so you can refer to it later.{{< /call-out >}}
 
 1. Add the following application permissions to the App Registration's "Microsoft Graph" API:
 
@@ -41,7 +41,7 @@ To configure an auth provider in Microsoft Entra using OIDC over HTTPS, complete
     - User.Read
     - User.ReadAll
 
-    {{< tip >}}These permissions require approval from the Azure admin. {{< /tip >}}
+    {{< call-out "tip" >}}These permissions require approval from the Azure admin. {{< /call-out >}}
 
 1. Make sure that you can contact Microsoft Entra from the host on which you are running NGINX Controller.
 
@@ -80,13 +80,13 @@ Take the steps below to create a new Authentication Provider by using the NGINX
 
 ## Set up an Microsoft Entra Auth Provider {#set-up-entra}
 
-{{< fa "arrow-circle-right" >}} **Introduced in NGINX Controller ADC v3.22**
+{{< icon "arrow-circle-right" >}} **Introduced in NGINX Controller ADC v3.22**
 
 In the previous section, you selected **Microsoft Entra** from the **Authentication Provider Type** list. Next, you'll set up the Auth Provider so it can connect to Microsoft Entra.
 
 1. Add a name for the Auth Provider.
 
-    {{< important >}}This name is a permanent setting that cannot be changed.{{< /important >}}
+    {{< call-out "important" >}}This name is a permanent setting that cannot be changed.{{< /call-out >}}
 
     This is the name that your users will be able to select as the authentication provider when logging in to NGINX Controller. Be sure the name you provide is accurate and easy to identify.
 
@@ -134,10 +134,10 @@ On the NGINX Controller Auth Provider *Group Setup* page, provide the following
     - The minimum allowed value is 300 seconds (5 minutes).
     - The default value is 3600 seconds (1 hour).
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Consider how you want to set this field carefully.
 While deletions in Microsoft Entra are reflected in NGINX Controller immediately, changes such as group permission updates or user reassignments are not. This means that, when using the default poll interval, it could take up to an hour for changes in Microsoft Entra to be reflected in NGINX Controller.
-    {{< /important >}}
+    {{< /call-out >}}
 
 1. (Optional) Cache timeout: This is the time, in seconds, to wait before considering the AD Groups list to be outdated, or, "stale".
 
@@ -166,9 +166,9 @@ While deletions in Microsoft Entra are reflected in NGINX Controller immediately
 
 In order to use role-based access control (RBAC) with Microsoft Entra (AD), you need to map groups from the Microsoft Entra tenant to NGINX Controller RBAC roles.
 
-{{< important >}}
+{{< call-out "important" >}}
 You should complete this step immediately after creating the Microsoft Entra authentication provider, before any other changes can be made.
-{{< /important >}}
+{{< /call-out >}}
 
 1. If you haven't already done so, [create the Role(s) and Role group]({{< ref "manage-roles" >}}) that you want to map the Microsoft Entra permissions to.
 1. On the **Platform** menu in the NGINX Controller user interface, select **Auth Providers**, then select the Auth Provider that contains the Microsoft Entra configuration.
@@ -176,7 +176,7 @@ You should complete this step immediately after creating the Microsoft Entra aut
 
     - Provide the name of the Microsoft Entra Group that you want to use.
 
-      {{< tip >}}The Group filter determines which Groups are available for this setting. Be sure the Group that you want to add is included by your group filter. {{< /tip >}}
+      {{< call-out "tip" >}}The Group filter determines which Groups are available for this setting. Be sure the Group that you want to add is included by your group filter. {{< /call-out >}}
 
     - (Optional) Provide the **Case Sensitive** setting:
 
@@ -194,7 +194,7 @@ In the previous section, you selected **Active Directory** from the **Authentica
 
 1. Add a name for the Auth Provider.
 
-    {{< important >}}This name is a permanent setting that cannot be changed.{{< /important >}}
+    {{< call-out "important" >}}This name is a permanent setting that cannot be changed.{{< /call-out >}}
 
     This is the name that your users will be able to select as the authentication provider when logging in to NGINX Controller. Be sure the name you provide is accurate and easy to identify.
 
@@ -245,9 +245,9 @@ On the Auth Provider *Connection* page, provide the following settings:
 
     - `PLAIN_TEXT` (Not secured) - Unencrypted connection. Does not require SSL certificates.
 
-      {{< warning >}}
+      {{< call-out "warning" >}}
 Use this mode only if you accept the risks associated with using unencrypted LDAP. Data travels "as is," without encryption, and can be spied upon by passive attackers. Not recommended for production environments.
-      {{< /warning >}}
+      {{< /call-out >}}
 
     - `REQUIRE` (Default) - Require an SSL connection. NGINX Controller trusts the certificate that the Active Directory server provides, and no certificate authority (CA) is required. **Unencrypted connections will fail**.
 
@@ -268,9 +268,9 @@ On the Auth Provider *User Binding* page, provide the following settings that wi
 1. Bind username: This is a username that will be used to access the AD.
     For example, `domain\example.user` or `example.user@mydomain`.
 
-    {{< tip >}}
+    {{< call-out "tip" >}}
 You can use either format. This setting isn't governed by the username format that you defined on the Auth Provider *Connection* page.
-    {{< /tip >}}
+    {{< /call-out >}}
 1. Bind user password: The password for the user account that will be used to connect to the AD.
 1. Select **Next**.
 
@@ -284,10 +284,10 @@ On the NGINX Controller Auth Provider *Group Setup* page, provide the following
     - The minimum allowed value is 300 seconds (5 minutes).
     - The default value is 3600 seconds (1 hour).
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Consider how you want to set this field carefully.
 While deletions in the AD are reflected in NGINX Controller immediately, changes such as group permissions updates or user reassignments are not. This means that, when using the default poll interval, it could take up to an hour for changes to the AD to be reflected in NGINX Controller.
-    {{< /important >}}
+    {{< /call-out >}}
 
 1. (Optional) Cache timeout: This is the time, in seconds, to wait before considering the AD Groups list to be outdated, or, "stale".
 
@@ -413,9 +413,9 @@ If NGINX Controller doesn't find Active Directory users or groups as expected, y
              "(&(objectClass=group)(CN=devops))"
   ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For an overview of the `ldapsearch` command and command options, see the [ldapsearch man page](https://linux.die.net/man/1/ldapsearch).
-{{< /see-also >}}
+{{< /call-out>}}
 
 ### How to Immediately Refresh the Active Directory Information
 
@@ -423,9 +423,9 @@ When setting up your Active Directory provider, you specified a poll interval. T
 
 Suppose there's an emergency or pressing circumstance for which you need to update the Active Directory information sooner than the polling interval. Maybe there was a company reorganization, and all the mappings were changed. Or maybe there was an error in the Active Directory configuration, and a group was given the wrong permissions. In either case, you can [delete the Active Directory provider](#view-edit-or-delete-an-active-directory-authentication-provider) in NGINX Controller and then add it back. The changes made on the Active Directory server will be reflected on NGINX Controller once the Active Directory provider is re-added.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Deleting an authentication provider is disruptive. Once the authentication provider is removed, authenticated users will lose access to NGINX Controller until the authentication provider is added again.
-{{< /warning >}}
+{{< /call-out >}}
 
 
 {{< versions "3.6" "latest" "ctrlvers" >}}
diff --git a/content/controller/platform/access-management/manage-roles.md b/content/controller/platform/access-management/manage-roles.md
index 166fb8e77..82e24b02e 100644
--- a/content/controller/platform/access-management/manage-roles.md
+++ b/content/controller/platform/access-management/manage-roles.md
@@ -39,9 +39,9 @@ th {
 | `user`  | `user_group`  | Write       | The predefined `user` Role and `user_group` Role Group have write access to Environments and can publish API Definitions. |
 | `guest` | `guest_group` | Read-Only   | The predefined `guest` Role and `guest_group` Role Group have read-only access to Environments and cannot publish API Definitions. |
 
-{{< important >}}
+{{< call-out "important" >}}
 Beginning in NGINX Controller 3.12, users no longer need to have one of the predefined roles. Users are granted a basic set of `READ` permissions for Analytics, Users, Roles, and Licenses. Users without a built-in role no longer have the implicit `READ` permissions for all Environments, Identity Providers, API Definitions, Locations, Providers, and Integrations. You can use the `/platform/roles` endpoint in the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}) to extend or narrow a role's set of permissions.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Permissions
 
@@ -56,9 +56,9 @@ The four permission levels are:
 
 By default, all users have `READ` permissions for Analytics, Users, Roles, and Licenses.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 You can use the `/platform/roles` endpoint in the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}) to extend this default set of permissions.
-{{< /tip >}}
+{{< /call-out >}}
 
 ### Example: Inheriting Permissions
 
@@ -125,20 +125,20 @@ When users are assigned to multiple overlapping Roles, permissions are determine
 
 So, for example, if you're adding a user to a Role that grants `WRITE` access to the `Production` Environment, and you add the same user to another Role that grants `READ` access to `Production`, the user will have `READ` access, that is, the least permissive restriction.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 When assigning Roles or Role Groups for users, you should assign the least permissive Role needed for users to complete their tasks.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Create a Role
 
-{{< note >}}
+{{< call-out "note" >}}
 Roles must belong to [Environments]({{< ref "/controller/services/manage-environments.md#about-environments" >}}). If you don't already have an Environment, or you don't want to place your new Role(s) in your existing Environment, you should [create a new Environment]({{< ref "/controller/services/manage-environments.md#create-an-environment" >}}) before you continue.
 
 The `/platform/roles` endpoint in the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}) allows more freedom when creating roles. You can use the Roles API to grant permissions outside of environments, for example to `/reports/`.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Take the following steps to create a Role:
 
@@ -154,11 +154,11 @@ Take the following steps to create a Role:
 
 Take the following steps to view, edit, or delete a Role:
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The predefined Roles `admin`, `user`, and `guest` cannot be edited or deleted.
 
-{{< /note >}}
+{{< /call-out >}}
 
 1. Open the NGINX Controller user interface and log in.
 2. Select the NGINX Controller menu icon, then select **Platform**.
@@ -189,11 +189,11 @@ Take the following steps to create a Role Group:
 
 Take the following steps to view, edit, or delete a Role Group:
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The predefined Role Groups `admin_group`, `user_group`, and `guest_group` cannot be edited or deleted.
 
-{{< /note >}}
+{{< /call-out >}}
 
 1. Open the NGINX Controller user interface and log in.
 2. Select the NGINX Controller menu icon, then select **Platform**.
diff --git a/content/controller/platform/access-management/manage-users.md b/content/controller/platform/access-management/manage-users.md
index 4ff0d6fd0..c48999036 100644
--- a/content/controller/platform/access-management/manage-users.md
+++ b/content/controller/platform/access-management/manage-users.md
@@ -31,7 +31,7 @@ Take the following steps to create a User:
 9. (Optional) Add one or more tags.
 10. (Optional) Add one or more [Roles]({{< ref "/controller/platform/access-management/manage-roles.md" >}}). The Role specifies the user's permission level.
 
-{{< note >}}
+{{< call-out "note" >}}
 User account passwords for NGINX Controller must meet the following requirements:
 
 - Must be between 8–64 characters. Special characters are allowed.
@@ -42,7 +42,7 @@ User account passwords for NGINX Controller must meet the following requirements
 Dictionary words, mangled dictionary words like `p4ssword`, or systematic passwords like `1234567a` are not allowed.
 
 If your organization requires a different password policy, we recommend that you [configure external authentication using Active Directory]({{< ref "/controller/platform/access-management/manage-active-directory-auth-provider.md" >}}) for all users except the primary NGINX Controller admin user.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Edit or Delete a User
 
diff --git a/content/controller/platform/integrations/big-ip-self-service.md b/content/controller/platform/integrations/big-ip-self-service.md
index 66acd46c5..6c632dd9a 100644
--- a/content/controller/platform/integrations/big-ip-self-service.md
+++ b/content/controller/platform/integrations/big-ip-self-service.md
@@ -54,18 +54,18 @@ Continue to the next section to create a BIG-IP instance group.
 
 An instance group is a logically grouped set of instances that can be used as a placement for a gateway, rather than a single instance. This concept supports the ability to scale horizontally without having to update the gateway placement. As instances are added to a group, they receive an NGINX configuration identical to those instances in the group. Instances in an instance group can be stand-alone or clustered NGINX Plus instances.  Instances can also leave the group, with the remaining instances continuing to function as intended.
 
-{{< important >}}
+{{< call-out "important" >}}
 **Workload affinity with instance groups**: Similar to instances, instance groups are associated with a location. If a location is not explicitly specified, the unspecified location is assumed. Instances in an instance group should be configured to use the same location; however, this requirement is not currently enforced.
 
 For the workload affinity feature, the location of the instance group must be specified using the optional `locationRef` field in the component's workload group API request. The locations of the instances in the instance group are ignored. The workload affinity feature uses this information and the workload groups to load balance traffic to the correct endpoints.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 Instance groups are supported on the following versions of NGINX Controller:
 
 - NGINX Controller API Management module v3.18 and later
 - NGINX Controller Application Delivery module v3.21 and later
-{{< /important >}}
+{{< /call-out >}}
 
 To add an NGINX instance group to a BIG-IP cluster, take the following steps:
 
@@ -84,9 +84,9 @@ To add an NGINX instance group to a BIG-IP cluster, take the following steps:
 1. In the **Server Pool IP** box, specify the IP address or CIDR of the NGINX instances to add to the BIG-IP server pool; for example, `198.51.100.0/24`. If using a CIDR, the NGINX instance IP addresses that match the mask will be the member addresses in the BIG-IP server pool. Otherwise, absolute IP addresses are used as pool member addresses.
 1. Select **Submit** to create the instance group.
 
-{{< important >}}
+{{< call-out "important" >}}
 If you edit an instance group after you've used the group for a gateway placement, you'll need to update the placement as well.
-{{< /important >}}
+{{< /call-out >}}
 
 Continue to the next section to add your BIG-IP instance group to a gateway.
 
@@ -131,18 +131,18 @@ On the **Gateways > Create Gateway > Placements** page:
 
 1. In the **Instance Refs/Instance Groups Refs** box, select the NGINX instance(s) or instance group(s) on which you want to deploy the gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    If you're enabling **High Availability Mode**, select the [high-availability instances that you prepared]({{< ref "/controller/infrastructure/instances/ha-data-plane.md#prepare-the-high-availability-instances" >}}). NGINX Controller supports up to two high-availability instances.
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. In the **Listen IPs** box, add the IP address(es) on which the server listens for and accepts requests. If you're creating a placement for a BIG-IP Integration, add the virtual IP (VIP) address for the BIG-IP cluster.
 
    You can add multiple placements with different Listen IPs. When multiple placements are defined within a gateway, each placement represents a resilient path for any app component that references that gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    - To use non-local **Listen IPs**, you must enable `net.ipv4.ip_nonlocal_bind` on the instance.
    - When **High Availability Mode** is enabled, Virtual Router Redundancy Protocol ([VRRP](https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol#:~:text=The%20Virtual%20Router%20Redundancy%20Protocol,selections%20on%20an%20IP%20subnetwork.)) is configured for the Listen IP address(es).
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. To enable high-availability mode for your data paths, select **Use High Availability Mode**.
 
@@ -181,10 +181,10 @@ On the **Gateways** > **Create Gateway** > **Additional** page:
 
 1. (Optional) Add [**Config Snippets**]({{< ref "/controller/app-delivery/about-snippets.md" >}}) to customize your NGINX configuration.
 
-   {{< caution >}}
+   {{< call-out "caution"  >}}
    When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the snippet.
 
    We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-   {{< /caution >}}
+   {{< /call-out >}}
 
 {{< versions "3.21" "latest" "adcvers" >}}
diff --git a/content/controller/platform/integrations/datadog-integration.md b/content/controller/platform/integrations/datadog-integration.md
index 47ceb8bc8..688fbfc05 100644
--- a/content/controller/platform/integrations/datadog-integration.md
+++ b/content/controller/platform/integrations/datadog-integration.md
@@ -15,7 +15,7 @@ F5 NGINX Controller sends data to the Datadog API; NGINX Controller does not use
 4. If you already have a key available, you can use it. If you don't, or if you want to create [a different key](https://docs.datadoghq.com/account_management/api-app-keys/#using-multiple-api-keys), you can do so by [typing a key name and clicking **Create API key**](https://docs.datadoghq.com/account_management/api-app-keys/#add-a-key).
 5. Copy and save the API key you want to use. **You'll configure NGINX Controller with this value later**.
 
-{{< note >}} Datadog restricts the creation of API keys to Admin users. You may need to contact your administrator to get a new key.  {{< /note >}}
+{{< call-out "note" >}} Datadog restricts the creation of API keys to Admin users. You may need to contact your administrator to get a new key.  {{< /call-out >}}
 
 ## Add a Datadog Integration
 
diff --git a/content/controller/platform/licensing-controller.md b/content/controller/platform/licensing-controller.md
index a1b5c8602..096c183f8 100644
--- a/content/controller/platform/licensing-controller.md
+++ b/content/controller/platform/licensing-controller.md
@@ -47,7 +47,7 @@ To add or update a license for NGINX Controller, take the following steps:
 
 1. Select **Save license**.
 
-{{< see-also >}}To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PUT request to the `/platform/license` endpoint. Provide your CAT or NGINX Controller license as a base64-encoded string in the JSON request body.{{< /see-also >}}
+{{< call-out "note" >}}To add a license using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PUT request to the `/platform/license` endpoint. Provide your CAT or NGINX Controller license as a base64-encoded string in the JSON request body.{{< /call-out>}}
 
 
 &nbsp;
@@ -61,7 +61,7 @@ To view the details for your NGINX Controller license, take the following steps:
 1. On the NGINX Controller menu, select **Platform** > **License** > **Controller License**.
 2. On the **Licenses** page, you can view the details for the applied licenses, including license limitations, status, and the expiration date.
 
-{{< see-also >}}To view the details for your license(s) using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a GET request to the `/platform/license` endpoint.{{< /see-also >}}
+{{< call-out "note" >}}To view the details for your license(s) using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a GET request to the `/platform/license` endpoint.{{< /call-out>}}
 &nbsp;
 
 ---
diff --git a/content/controller/platform/maintenance/changing-ip-address.md b/content/controller/platform/maintenance/changing-ip-address.md
index 8d4cf28a2..b0ca9b0a8 100644
--- a/content/controller/platform/maintenance/changing-ip-address.md
+++ b/content/controller/platform/maintenance/changing-ip-address.md
@@ -13,12 +13,12 @@ type:
 
 This topic explains how to safely update the management IP of F5 NGINX Controller.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For instructions on how to deploy NGINX Controller as a multi-node resilient cluster, refer to the following deployment guide:
 
 - [Deploy NGINX Controller as a Resilient Cluster on a Private Cloud]({{< ref "/controller/admin-guides/install/resilient-cluster-private-cloud.md" >}})
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Changing the IP of a multi-node cluster
 
@@ -32,9 +32,9 @@ To change the IP of a multi-node cluster, follow the steps below for each node i
 
 ### 1. <a name="remove-node"></a>Remove node from the cluster
 
-   {{< important >}}
+   {{< call-out "important" >}}
 Deleting nodes makes NGINX Controller momentarily unavailable while the cluster is being updated. Therefore, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions. When deleting nodes, make sure that **at least two nodes are always operational**. If the cluster has fewer than two working nodes, NGINX Controller may become unresponsive, and you may not be able to add new nodes.
-   {{< /important >}}
+   {{< /call-out >}}
 
    To delete a node from the cluster using the web interface:
 
@@ -44,9 +44,9 @@ Deleting nodes makes NGINX Controller momentarily unavailable while the cluster
    4. On the **Cluster** overview page, choose the node you want to delete, then select **Delete** (trash icon).
    5. Select **Delete** to confirm.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
  To delete nodes from your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the `/platform/nodes` endpoint.
-   {{< /see-also >}}
+   {{< /call-out>}}
 
 
 ### 2. <a name="change-ip"></a>Change the IP address (public & private)
@@ -87,17 +87,17 @@ Refer to your Linux distribution documentation for specific instructions.
 
    1. After the installation is complete, the node status in the web interface changes to `Configured`.
 
-   {{< see-also >}}
+   {{< call-out "note" >}}
 To add nodes to your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a POST request to the `/platform/nodes` endpoint.
-   {{< /see-also >}}
+   {{< /call-out>}}
 
 ### 5. <a name="fqdn"></a>Change the FQDN
 
 [Change the FQDN]({{< ref "/controller/platform/manage-cluster.md#update-the-fqdn">}}) if it has been affected by the IP change.
 
-{{< important >}}
+{{< call-out "important" >}}
 Repeat the steps for each node in the cluster.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Changing the IP of a single node
 
diff --git a/content/controller/platform/manage-cluster.md b/content/controller/platform/manage-cluster.md
index b5e2bf6ef..03848e858 100644
--- a/content/controller/platform/manage-cluster.md
+++ b/content/controller/platform/manage-cluster.md
@@ -14,12 +14,12 @@ type:
 
 This topic explains how to update your cluster settings and how to manage nodes for a multi-node cluster.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For instructions on how to deploy NGINX Controller as a multi-node resilient cluster, refer to the following deployment guide:
 
 - [Deploy F5 NGINX Controller as a Resilient Cluster on a Private Cloud]({{< ref "/controller/admin-guides/install/resilient-cluster-private-cloud.md" >}})
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Set the Floating IP
 
@@ -27,11 +27,11 @@ For instructions on how to deploy NGINX Controller as a multi-node resilient clu
 
 A floating IP -- also called a virtual IP -- is a static, routable IPv4 address that improves service resiliency by allowing NGINX Controller to continue to receive traffic if a node becomes unavailable. The floating IP is assigned to one of the cluster nodes, and if the node fails, the floating IP is automatically transferred to another node. The floating IP should not be in any DHCP pool.
 
-{{< important>}}
+{{< call-out "important" >}}
 The floating IP needs to be added as an A record for the domain that's used as the Fully Qualified Domain Name (FQDN) for NGINX Controller.
 
 NGINX Controller **does not support IPv6** addresses for the floating IP.
-{{< /important >}}
+{{< /call-out >}}
 
 Take the following steps to add a floating IP for your private cloud cluster:
 
@@ -44,9 +44,9 @@ Take the following steps to add a floating IP for your private cloud cluster:
 1. Select **Save**.
 1. Complete the steps to [update the FQDN](#update-the-fqdn) to use the floating IP.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To set a floating IP using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 ## Update the FQDN
@@ -76,9 +76,9 @@ To change the FQDN for NGINX Controller using the web interface, take the follow
 1. Select **Save**. The cluster services will restart. During this time, the web interface will be briefly unavailable.
 1. Follow the steps to [update the FQDN for Controller Agents](#update-the-fqdn-for-controller-agents).
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To change the FQDN for NGINX Controller using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ### Update the FQDN for Controller Agents
 
@@ -115,18 +115,18 @@ Take the following steps to update the API Gateway SSL certificate:
 
 1. Select **Save**.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To update the API Gateway SSL certificate and key using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a PATCH request to the `/platform/global` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 ## Add Nodes to a Cluster
 
 Nodes are additional control-plane hosts that you can add to your cluster to improve uptime resilience. For a resilient cluster, you should have at least three nodes, of which **two nodes must always be operational**.
 
-{{< important >}}
+{{< call-out "important" >}}
 When adding a third node to the cluster for the first time, NGINX Controller may become momentarily unavailable while the cluster is being created. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 Take the following steps to add a node to the cluster:
 
@@ -158,17 +158,17 @@ Take the following steps to add a node to the cluster:
 1. After the installation finishes, the node status in the web interface changes to `Configured`.
 1. Repeat these steps for each node that you want to add to the cluster.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To add nodes to your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a POST request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## View Node Status
 
 Take the following steps to view the status for a node:
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To view a node's status using the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}), send a GET request to the Nodes endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 1. Open the NGINX Controller web interface and log in.
 1. Select the NGINX Controller menu icon, then select **Platform**.
@@ -181,13 +181,13 @@ There might be situations when you need to delete a node, either temporarily for
 
 If you need to remove a node temporarily, follow the steps in the [Add Nodes to the Cluster](#add-nodes-to-the-cluster) topic when you are ready to re-add it. Make sure to uninstall NGINX Controller from the node before re-installing NGINX Controller with the new join-key.
 
-{{< important >}}
+{{< call-out "important" >}}
 Deleting nodes can cause NGINX Controller to become momentarily unavailable while the cluster is being updated. For this reason, we recommend updating NGINX Controller during a planned maintenance window to minimize disruptions. When deleting nodes, make sure that **at least two nodes are always operational**. If the cluster has fewer than two working nodes, NGINX Controller may become unresponsive, and you may not be able to add new nodes.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller API Reference]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the Nodes endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 To delete a node from the cluster using the web interface:
 
@@ -205,9 +205,9 @@ To delete a node from the cluster using the web interface:
       /opt/nginx-controller/uninstall.sh
       ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 To delete nodes from your cluster using the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}), send a DELETE request to the `/platform/nodes` endpoint.
-{{< /see-also >}}
+{{< /call-out>}}
 
 
 ## Replace a Failed Node
@@ -226,11 +226,11 @@ To replace a failed node:
 
 When updating NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}}Do not update the nodes in a multi-node cluster in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 Active users will be logged out from NGINX Controller during an update. We recommend updating NGINX Controller during a planned maintenance window to minimize disruptions.
-{{< /important >}}
+{{< /call-out >}}
 
 To update your cluster to a newer version of NGINX Controller, take the following steps:
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.20.1.md b/content/controller/releases/adc/adc-release-notes-3.20.1.md
index d9ee49128..bc78088f6 100644
--- a/content/controller/releases/adc/adc-release-notes-3.20.1.md
+++ b/content/controller/releases/adc/adc-release-notes-3.20.1.md
@@ -23,11 +23,11 @@ Take note of the following considerations when upgrading to this version of the
 
 - After upgrading NGINX Controller, make sure to upgrade the NGINX Controller Agent too.
 
-  {{< caution >}}If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /caution >}}
+  {{< call-out "caution"  >}}If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /call-out >}}
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.20.md b/content/controller/releases/adc/adc-release-notes-3.20.md
index 9c446f0af..90cee4aff 100644
--- a/content/controller/releases/adc/adc-release-notes-3.20.md
+++ b/content/controller/releases/adc/adc-release-notes-3.20.md
@@ -23,11 +23,11 @@ Take note of the following considerations when upgrading to this version of the
 
 - After upgrading NGINX Controller, make sure to upgrade the NGINX Controller Agent too.
 
-  {{< caution >}}If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /caution >}}
+  {{< call-out "caution"  >}}If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /call-out >}}
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
@@ -37,9 +37,9 @@ Take note of the following considerations when upgrading to this version of the
 
 - **Adds high-performance communication path between NGINX Controller and the Controller Agent**
 
-  {{< caution >}}NGINX Controller ADC 3.20 adds a high-performance communication path between NGINX Controller and the Controller Agents running on NGINX Plus.
+  {{< call-out "caution"  >}}NGINX Controller ADC 3.20 adds a high-performance communication path between NGINX Controller and the Controller Agents running on NGINX Plus.
 
-  When upgrading to NGINX Controller ADC 3.20+ from 3.18 or earlier, the data paths will go offline. **To restore communication, you must upgrade the Controller Agents to the latest available version. This will force a restart of NGINX resulting in the termination of all active connections.** Once the Controller Agents have been upgraded, the data paths will reconnect.{{< /caution >}}
+  When upgrading to NGINX Controller ADC 3.20+ from 3.18 or earlier, the data paths will go offline. **To restore communication, you must upgrade the Controller Agents to the latest available version. This will force a restart of NGINX resulting in the termination of all active connections.** Once the Controller Agents have been upgraded, the data paths will reconnect.{{< /call-out >}}
 
   &nbsp;
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.21.md b/content/controller/releases/adc/adc-release-notes-3.21.md
index 6356e2b1b..8c65166cb 100644
--- a/content/controller/releases/adc/adc-release-notes-3.21.md
+++ b/content/controller/releases/adc/adc-release-notes-3.21.md
@@ -23,11 +23,11 @@ Take note of the following considerations when upgrading to this version of the
 
 - After upgrading NGINX Controller, make sure to upgrade the NGINX Controller Agent too.
 
-  {{< caution >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /caution >}}
+  {{< call-out "caution"  >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /call-out >}}
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.1.md b/content/controller/releases/adc/adc-release-notes-3.22.1.md
index 1edfce2a2..b21eaffb8 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.1.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.1.md
@@ -25,11 +25,11 @@ Take note of the following considerations when upgrading to this version of the
 
 - After upgrading NGINX Controller, make sure to upgrade the NGINX Controller Agent too.
 
-  {{< caution >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /caution >}}
+  {{< call-out "caution"  >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /call-out >}}
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.2.md b/content/controller/releases/adc/adc-release-notes-3.22.2.md
index be60921c1..16557b226 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.2.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.2.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## Resolved Issues
 
@@ -46,7 +46,7 @@ This release also fixes the following new-found issue:
 
 
 
-  {{< warning >}} Before upgrading to 3.22.2, make sure the expectation for the matchMethod for component FQDN URIs matches the rule mentioned above. If not, the URI needs to be rewritten by putting the hostname portion of the URI in the gateway and using a relative URI in the component. {{< /warning >}}
+  {{< call-out "warning" >}} Before upgrading to 3.22.2, make sure the expectation for the matchMethod for component FQDN URIs matches the rule mentioned above. If not, the URI needs to be rewritten by putting the hostname portion of the URI in the gateway and using a relative URI in the component. {{< /call-out >}}
 
 ## Known Issues
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.3.md b/content/controller/releases/adc/adc-release-notes-3.22.3.md
index f2cd355dd..69bc95620 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.3.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.3.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## Changes in Default Behavior
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.4.md b/content/controller/releases/adc/adc-release-notes-3.22.4.md
index b3e57e438..7b3248085 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.4.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.4.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ### Supported NGINX Plus Versions
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.5.md b/content/controller/releases/adc/adc-release-notes-3.22.5.md
index 62d7320f4..aab5abdb6 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.5.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.5.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ### Supported NGINX Plus Versions
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.6.md b/content/controller/releases/adc/adc-release-notes-3.22.6.md
index ccc955ea1..5274d4364 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.6.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.6.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ### Supported NGINX Plus Versions
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.7.md b/content/controller/releases/adc/adc-release-notes-3.22.7.md
index 4c6c304d9..729daf641 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.7.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.7.md
@@ -25,7 +25,7 @@ We recommend you [upgrade the NGINX Controller Agent]({{< ref "/controller/admin
 
 If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-{{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+{{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 <br>
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.8.md b/content/controller/releases/adc/adc-release-notes-3.22.8.md
index 2b5615851..c83e94093 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.8.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.8.md
@@ -25,7 +25,7 @@ February 22, 2023
 
   If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 <br>
 
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.9.md b/content/controller/releases/adc/adc-release-notes-3.22.9.md
index dc2273c0a..933f655fd 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.9.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.9.md
@@ -24,7 +24,7 @@ September 06, 2023
 
   If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ---
 
@@ -41,7 +41,7 @@ This release has the following changes in default behavior:
 
 - {{% icon-feature %}} **Kubernetes certificates valid for 2 years**<a name="3-22-9-changes-in-behavior-Kubernetes-certificates-valid-for-2-years"></a>
 
-  {{< important >}}
+  {{< call-out "important" >}}
   The Kubernetes certificates will now default to a 2-year validity, instead of the 1-year validity they had until now.
 
   This default can be overridden during product updates by setting the `CTR_CERT_RENEWAL_PERIOD` environment variable. For example:
@@ -50,7 +50,7 @@ This release has the following changes in default behavior:
   ./update.sh -e CTR_CERT_RENEWAL_PERIOD=3650
   ```
 
-  {{< /important >}}
+  {{< /call-out >}}
 
 
 ### Known Issues{#3-22-9-known-issues}
diff --git a/content/controller/releases/adc/adc-release-notes-3.22.md b/content/controller/releases/adc/adc-release-notes-3.22.md
index c6766cdb9..de39e3cbf 100644
--- a/content/controller/releases/adc/adc-release-notes-3.22.md
+++ b/content/controller/releases/adc/adc-release-notes-3.22.md
@@ -23,11 +23,11 @@ Take note of the following considerations when upgrading to this version of the
 
 - After upgrading NGINX Controller, make sure to upgrade the NGINX Controller Agent too.
 
-  {{< caution >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /caution >}}
+  {{< call-out "caution"  >}} If you're upgrading from NGINX Controller 3.18 or earlier to the NGINX Controller App Delivery Module 3.20 or later, the Controller Agent will go offline during the upgrade process.{{< /call-out >}}
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}} Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.18.1.md b/content/controller/releases/apim/apim-release-notes-3.18.1.md
index 95a88a006..8757b50b0 100644
--- a/content/controller/releases/apim/apim-release-notes-3.18.1.md
+++ b/content/controller/releases/apim/apim-release-notes-3.18.1.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## Known Issues
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.18.md b/content/controller/releases/apim/apim-release-notes-3.18.md
index c76b7d9ab..86e3162d7 100644
--- a/content/controller/releases/apim/apim-release-notes-3.18.md
+++ b/content/controller/releases/apim/apim-release-notes-3.18.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.1.md b/content/controller/releases/apim/apim-release-notes-3.19.1.md
index a1861b9f2..46cf82f84 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.1.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.1.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.2.md b/content/controller/releases/apim/apim-release-notes-3.19.2.md
index 02d25e6f8..559bc05fd 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.2.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.2.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.3.md b/content/controller/releases/apim/apim-release-notes-3.19.3.md
index 58766df89..46bbd0689 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.3.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.3.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## Resolved Issues
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.4.md b/content/controller/releases/apim/apim-release-notes-3.19.4.md
index 6ac037e35..dc3dc00c2 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.4.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.4.md
@@ -23,7 +23,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## Resolved Issues
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.5.md b/content/controller/releases/apim/apim-release-notes-3.19.5.md
index f426e942b..bfbb82242 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.5.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.5.md
@@ -23,9 +23,9 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}
+  {{< call-out "warning" >}}
   Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.
-  {{< /warning >}}
+  {{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.6.md b/content/controller/releases/apim/apim-release-notes-3.19.6.md
index cc69889cd..94dd2c624 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.6.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.6.md
@@ -24,9 +24,9 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}
+  {{< call-out "warning" >}}
   Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.
-  {{< /warning >}}
+  {{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/apim/apim-release-notes-3.19.md b/content/controller/releases/apim/apim-release-notes-3.19.md
index fb1077f9b..9bf277a28 100644
--- a/content/controller/releases/apim/apim-release-notes-3.19.md
+++ b/content/controller/releases/apim/apim-release-notes-3.19.md
@@ -25,7 +25,7 @@ Take note of the following considerations when upgrading to this version of the
 
 - If you're upgrading NGINX Controller on a multi-node cluster, run the `update.sh` script on each node individually -- the order in which you update the nodes doesn't matter.
 
-  {{< warning >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /warning >}}
+  {{< call-out "warning" >}}Never update the control nodes in parallel. Doing so may result in race conditions for certain jobs, such as database migrations, and may cause the cluster to become unavailable.{{< /call-out >}}
 
 ## What's New
 
diff --git a/content/controller/releases/release-notes.md b/content/controller/releases/release-notes.md
index 139e644d2..8240d7de9 100644
--- a/content/controller/releases/release-notes.md
+++ b/content/controller/releases/release-notes.md
@@ -17,12 +17,12 @@ We encourage you to install the latest version of NGINX Controller to take advan
 
 Technical support is provided for earlier versions of NGINX Controller that were released within two years of the current release.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For related installation documentation, refer to the following publications:
 
 - [NGINX Controller Installation Guide]({{< ref "/controller/admin-guides/backup-restore/_index.md" >}})
 - [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}})
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
@@ -1057,13 +1057,13 @@ NGINX Controller requires an [8-core CPU @ 2.4 GHz or higher]({{< ref "/controll
 
 If you've installed NGINX Controller on a system that does not have an 8-core CPU @ 2.4 GHz or higher, the upgrade to 3.12 may fail.
 
-{{< caution >}}Installing or upgrading NGINX Controller on systems that do not meet the minimum hardware requirements may cause NGINX Controller to become unresponsive.
+{{< call-out "caution"  >}}Installing or upgrading NGINX Controller on systems that do not meet the minimum hardware requirements may cause NGINX Controller to become unresponsive.
 
 Refer to the [NGINX Controller Tech Specs]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs" >}}) guide for hardware requirements and system recommendations.
 
 Following the workaround below will restore functionality. However, **running on a system that does not meet the documented minimum requirements is not supported or recommended**.
 
-It is strongly recommended that you upgrade your system to meet the minimum requirements (8-core CPU). Doing so will ensure a successful upgrade to version 3.12. {{< /caution >}}
+It is strongly recommended that you upgrade your system to meet the minimum requirements (8-core CPU). Doing so will ensure a successful upgrade to version 3.12. {{< /call-out >}}
 
 **Workaround:**
 
@@ -1095,7 +1095,7 @@ To restore a failed upgrade, take the steps below:
 
 - Wait 2-3 minutes for all services to start. Then, log in to the NGINX Controller user interface to verify that system functionality is restored.
 
-{{< note >}}If you're not able to confirm that functionality has been restored by following the above steps once, try repeating them. In some test cases, repeating the steps was necessary to complete the upgrade.{{< /note >}}
+{{< call-out "note" >}}If you're not able to confirm that functionality has been restored by following the above steps once, try repeating them. In some test cases, repeating the steps was necessary to complete the upgrade.{{< /call-out >}}
 
 &nbsp;
 
@@ -1200,11 +1200,11 @@ The following issues are known to be present in this release. Look for updates t
 
   If you've installed NGINX Controller on a system that does not have an 8-core CPU @ 2.4 GHz or higher, **you should not upgrade to v3.12**.
 
-  {{< caution >}}
+  {{< call-out "caution"  >}}
 Installing or upgrading NGINX Controller on systems that do not meet the minimum hardware requirements may cause NGINX Controller to become unresponsive.
 
 Refer to the [NGINX Controller Tech Specs]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}}) guide for hardware requirements and system recommendations.
-  {{< /caution >}}
+  {{< /call-out >}}
 
   **Workaround:**
 
@@ -1849,7 +1849,7 @@ This release includes the following fixes. Search by the issue ID -- the number
 
   - Option 2: If you have already upgraded from a pre-3.4 release to a post-3.4 release without upgrading *to* 3.4 in the interim, you can only work around this issue by elevating the permissions of your guest users to regular users.
 
-    {{< warning >}}This change involves a **significant elevation of privilege** and should be undertaken only with careful consideration. The regular user role has all the same admin role permissions except for the ability to promote new admins. If this change is acceptable for your installation -- for any guest role users and any per-environment users with the guest role -- these users should be edited by the default admin account to remove the guest role and replace it with the user role.{{< /warning >}}
+    {{< call-out "warning" >}}This change involves a **significant elevation of privilege** and should be undertaken only with careful consideration. The regular user role has all the same admin role permissions except for the ability to promote new admins. If this change is acceptable for your installation -- for any guest role users and any per-environment users with the guest role -- these users should be edited by the default admin account to remove the guest role and replace it with the user role.{{< /call-out >}}
 
 #### Documentation
 
@@ -2064,7 +2064,7 @@ NGINX Controller 3.6.0 includes the following updates:
 - Bug fixes and improvements.
 - Adds external authentication using Active Directory (beta).
 
-  {{< note >}} Active Directory users are given user-level access to NGINX Controller in this beta implementation.{{< /note >}}
+  {{< call-out "note" >}} Active Directory users are given user-level access to NGINX Controller in this beta implementation.{{< /call-out >}}
 
 - Adds ability to create orchestrated Instances on AWS using Instance Templates.
 - Adds metrics forwarding for Splunk (beta).
@@ -2340,7 +2340,7 @@ Vulnerability issues are disclosed only when a fix is available. For information
 
   Install the NGINX Controller Agent and AVRD on a 64-bit distribution.
 
-  {{< important >}} NGINX Controller support for 32-bit distributions will be deprecated in a future release.{{< /important >}}
+  {{< call-out "important" >}} NGINX Controller support for 32-bit distributions will be deprecated in a future release.{{< /call-out >}}
 
 <span id="350-supported"></a>
 
@@ -2840,7 +2840,7 @@ NGINX Controller 3.1.0 includes the following updates:
 
   The `strategyRef` and `waf` objects for the Components resource are experimental placeholder objects.  Including the `strategyRef` and/or `waf` blocks in the component specification should not enable additional security-related application traffic services, even if there are no errors. If you see the error “Security module not found on the NGINX instance,” you should remove these blocks.
 
-  {{< note >}} The NGINX Controller REST API may contain API endpoints that are not fully supported. These endpoints are marked with the `x-f5-experimental` vendor extension.{{< /note >}}
+  {{< call-out "note" >}} The NGINX Controller REST API may contain API endpoints that are not fully supported. These endpoints are marked with the `x-f5-experimental` vendor extension.{{< /call-out >}}
 
 - This release adds new app-centric metrics and a new summary page in the UI for viewing these metrics. You can use these app metrics to monitor and evaluate the condition of your apps.
 
diff --git a/content/controller/services/available-policies.md b/content/controller/services/available-policies.md
index 17b49ec6f..fe9f55f87 100644
--- a/content/controller/services/available-policies.md
+++ b/content/controller/services/available-policies.md
@@ -43,7 +43,7 @@ You can specify the way API clients present a JWT:
 - Bearer token
 - Cookie
 
-{{<note>}} The Bearer token option configures NGINX Plus to verify the JWT in the Authorization Bearer header, which is present in HTTP requests. The Bearer token is the default NGINX Plus use case for JWT. {{</note>}}
+{{< call-out "note" >}} The Bearer token option configures NGINX Plus to verify the JWT in the Authorization Bearer header, which is present in HTTP requests. The Bearer token is the default NGINX Plus use case for JWT. {{< /call-out >}}
 
 A JWK set consists of three parts:
 
@@ -66,11 +66,11 @@ The detailed list of algorithms is available in the [NGINX JWT module documentat
 
 API keys are convenient for testing and small-scale deployments, while JWTs are more appropriate for production use against an external Identity Provider.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 To create an Identity Provider by using a JWK set, see [Add an Identity Provider]({{< ref "/controller/services/manage-identity-providers.md#add-an-identity-provider" >}}).
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 ### Conditional Access
 
@@ -99,11 +99,11 @@ When you select Comparison Type 'Is one of', the Value field supports multiple v
 
 A Rate Limiting Policy limits the number of requests the API will accept within a set time frame. Setting a rate-limiting policy protects your upstream application servers from receiving too many user requests at the same time. It also helps protect your services (APIs or Apps) against DDoS attacks or slow down brute-force password-guessing attacks.​
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 Want to find out more? See [Rate Limiting with NGINX and NGINX Plus](https://www.nginx.com/blog/rate-limiting-nginx/)
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 You can set the following rate limiting options within the component::
 
diff --git a/content/controller/services/manage-certs.md b/content/controller/services/manage-certs.md
index d87d72aab..cbd0b7081 100644
--- a/content/controller/services/manage-certs.md
+++ b/content/controller/services/manage-certs.md
@@ -12,9 +12,9 @@ type:
 
 Follow the steps in this topic to create and use Certs with an [Environment]({{< ref "/controller/services/manage-environments.md" >}}).
 
-{{< tip >}}
+{{< call-out "tip" >}}
 If you prefer, you can use the F5 NGINX Controller API to create and manage certificates. Refer to the [NGINX Controller API reference guide]({{< ref "/controller/api/_index.md" >}}) (**Services > Certs API**) for details.
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Before You Begin
 
diff --git a/content/controller/services/manage-environments.md b/content/controller/services/manage-environments.md
index 5ffa5a3f6..98ccb7d63 100644
--- a/content/controller/services/manage-environments.md
+++ b/content/controller/services/manage-environments.md
@@ -12,9 +12,9 @@ type:
 
 This page contains instructions for creating and managing Environments in the F5 NGINX Controller user interface.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 If you prefer, you can use the NGINX Controller API to create and manage Environments. See the [NGINX Controller API reference guide]({{< ref "/controller/api/_index.md" >}}) (**Services > Environments**) for details.
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Objective
 
diff --git a/content/controller/services/manage-gateways.md b/content/controller/services/manage-gateways.md
index e99d66ae9..bdff8f8f1 100644
--- a/content/controller/services/manage-gateways.md
+++ b/content/controller/services/manage-gateways.md
@@ -136,18 +136,18 @@ On the **Gateways > Create Gateway > Placements** page:
 
 1. In the **Instance Refs/Instance Groups Refs** box, select the NGINX instance(s) or instance group(s) on which you want to deploy the gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    If you're enabling **High Availability Mode**, select the [high-availability instances that you prepared]({{< ref "/controller/infrastructure/instances/ha-data-plane.md#prepare-the-high-availability-instances" >}}). NGINX Controller supports up to two high-availability instances.
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. In the **Listen IPs** box, add the IP address(es) on which the server listens for and accepts requests. If you're creating a placement for a BIG-IP Integration, add the virtual IP (VIP) address for the BIG-IP cluster.
 
    You can add multiple placements with different Listen IPs. When multiple placements are defined within a gateway, each placement represents a resilient path for any app component that references that gateway.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    - To use non-local **Listen IPs**, you must enable `net.ipv4.ip_nonlocal_bind` on the instance.
    - When **High Availability Mode** is enabled, Virtual Router Redundancy Protocol ([VRRP](https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol#:~:text=The%20Virtual%20Router%20Redundancy%20Protocol,selections%20on%20an%20IP%20subnetwork.)) is configured for the Listen IP address(es).
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. To enable high-availability mode for your data paths, select **Use High Availability Mode**.
 
@@ -184,11 +184,11 @@ On the **Gateways** > **Create Gateway** > **Additional** page:
 
 1. (Optional) Add [**Config Snippets**]({{< ref "/controller/app-delivery/about-snippets.md" >}}) to customize your NGINX configuration.
 
-   {{< caution >}}
+   {{< call-out "caution"  >}}
    When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the snippet.
 
    We strongly recommend verifying Snippets in a lab environment before making any changes in production.
-   {{< /caution >}}
+   {{< /call-out >}}
 
 
 ## View, Edit, and Delete Gateways
@@ -203,7 +203,7 @@ To view, edit, and delete Gateways:
 6. To edit a Gateway, choose the Gateway from the list, then select **Edit** (pencil icon).
 7. To delete a Gateway, choose the Gateway from the list, then select **Delete** (trash icon).
 
-   {{< note >}}If your Gateway has external references, such as Components that reference the Gateway, you'll need to delete or reconfigure the external references before removing the Gateway. Refer to [Manage Apps & Components]({{< ref "/controller/app-delivery/manage-apps.md#edit-or-delete-apps-and-components" >}}) to learn how to edit and delete Components.{{< /note >}}
+   {{< call-out "note" >}}If your Gateway has external references, such as Components that reference the Gateway, you'll need to delete or reconfigure the external references before removing the Gateway. Refer to [Manage Apps & Components]({{< ref "/controller/app-delivery/manage-apps.md#edit-or-delete-apps-and-components" >}}) to learn how to edit and delete Components.{{< /call-out >}}
 
 ## Troubleshooting
 
diff --git a/content/controller/services/manage-identity-providers.md b/content/controller/services/manage-identity-providers.md
index e234ca0e5..bb93b8a5f 100644
--- a/content/controller/services/manage-identity-providers.md
+++ b/content/controller/services/manage-identity-providers.md
@@ -12,17 +12,17 @@ type:
 
 The **Identity Providers** page lets you create and manage Identity Providers to control access to your services (APIs for API Management module deployments, and Apps for App Delivery module deployments).
 
-{{< tip >}}
+{{< call-out "tip" >}}
 If you prefer, you can use the F5 NGINX Controller API to create and manage Identity Providers. See the [NGINX Controller API reference guide]({{< ref "/controller/api/_index.md" >}}) (**Security > Identity Providers**) for details.
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Before You Begin
 
-{{< important >}}
+{{< call-out "important" >}}
 
 You must set up NGINX Plus to use the `njs` module to use API key authentication.
 
-{{< /important >}}
+{{< /call-out >}}
 
 ### Set up NGINX Plus Instances to Secure API Keys
 
@@ -60,12 +60,12 @@ Take the following steps to create an Identity Provider:
 
       - Select **Create a Client** and provide a name for the Client. You can use the system-generated key or provide one of your own.
 
-        {{< note >}}
+        {{< call-out "note" >}}
 Keys must be between 8 and 256 characters and alphanumeric.
 
 - Hyphens '-' and underscores '_' are allowed.
 - Other special characters are not allowed.
-        {{< /note >}}
+        {{< /call-out >}}
 
     b. **JWT**:
 
diff --git a/content/controller/services/overview.md b/content/controller/services/overview.md
index caf809da7..1f630af3f 100644
--- a/content/controller/services/overview.md
+++ b/content/controller/services/overview.md
@@ -23,7 +23,7 @@ The diagrams below demonstrate how the different objects at the Service level re
 1. All Service objects are part of an Environment.
 1. Gateways and Certs can be defined at the Environment level --or-- at the Component Level. The diagram below shows an example of how traffic flows through a Gateway to an App.
 1. Components are child objects that represent the back-end server(s) that host your App or API.
-    {{<note>}}A Component can represent an application **or** an API. The same Component cannot be used for both App Delivery and API Management.{{</note>}}
+    {{< call-out "note" >}}A Component can represent an application **or** an API. The same Component cannot be used for both App Delivery and API Management.{{< /call-out >}}
 1. Certs can be added to a Gateway or to an individual Component.
 
 {{< img src="/ctlr/img/services-object-model-example.png" width="600" alt="Diagram showing the relationship of objects in an Environment within the Services area." >}}
@@ -42,7 +42,7 @@ The following are the basic building blocks of any NGINX Controller Service:
 
 Once these shared resources are in place, the teams in your organization can create the resources they need to manage Apps or publish APIs.
 
-{{< tip >}}Refer to the [App Delivery]({{< ref "/controller/app-delivery/" >}}) section for more information about how to use each module.{{< /tip >}}
+{{< call-out "tip" >}}Refer to the [App Delivery]({{< ref "/controller/app-delivery/" >}}) section for more information about how to use each module.{{< /call-out >}}
 
 Finally, to support automation efforts, all of the above and more can be done by using the NGINX Controller REST API. Refer to the [API Reference guide]({{< ref "/controller/api/_index.md" >}}) for more information and examples.
 
diff --git a/content/controller/support/troubleshooting-controller.md b/content/controller/support/troubleshooting-controller.md
index 3f0c11e05..45a7d92f6 100644
--- a/content/controller/support/troubleshooting-controller.md
+++ b/content/controller/support/troubleshooting-controller.md
@@ -23,7 +23,7 @@ To look up your version of NGINX Controller:
 1. Select the NGINX Controller menu icon, then select **Platform**.
 1. On the Platform menu, select **Cluster** > **Overview**.
 
-{{< see-also >}}Refer to the [NGINX Controller release notes]({{< ref "/controller/releases/" >}}) to see what's new in the latest release of NGINX Controller.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the [NGINX Controller release notes]({{< ref "/controller/releases/" >}}) to see what's new in the latest release of NGINX Controller.{{< /call-out>}}
 
 &nbsp;
 
@@ -33,9 +33,9 @@ To look up your version of NGINX Controller:
 
 You can create a support package for NGINX Controller that you can use to diagnose issues.
 
-{{< note >}}
+{{< call-out "note" >}}
 You will need to provide a support package if you open a ticket with NGINX Support via the [MyF5 Customer Portal](https://account.f5.com/myf5).
-{{< /note >}}&nbsp;
+{{< /call-out >}}&nbsp;
 
 ```bash
 /opt/nginx-controller/helper.sh supportpkg [-o|--output <file name>] [-s|--skip-db-dump] [-t|--timeseries-dump <hours>]
@@ -182,9 +182,9 @@ If you don't see the new Instance in the user interface or the Controller Agent
     systemctl status controller-agent
     ```
 
-    {{< see-also >}}
+    {{< call-out "note" >}}
 For troubleshooting purposes, you can turn on Controller Agent debug logging by editing the `agent.conf` file. For more information, refer to [K64001240: Enabling NGINX Controller Agent debug logging](https://support.f5.com/csp/article/K64001240).
-    {{< /see-also >}}
+    {{< /call-out>}}
 
 1. The system DNS resolver is correctly configured, and the NGINX Controller server's fully qualified domain name (FQDN) can be resolved.
 1. The controller-agent service can be running as `root` or a different user, chosen during the installation if the Controller Agent was [installed to run as a non-root user]({{< ref "/controller/admin-guides/install/install-agent-non-root.md" >}}). To view the user ID for the controller-agent service, run the following command:
@@ -208,7 +208,7 @@ For troubleshooting purposes, you can turn on Controller Agent debug logging by
 1. `selinux`, `apparmor`, or other third-party OS security tools are not interfering with the metrics collection. For example, for `selinux`, inspect  `/etc/selinux/config` and try `setenforce 0` temporarily to see if it improves the situation for certain metrics.
 1. The virtual private server (VPS) provider has not used hardened Linux kernels that may restrict non-root users from accessing `/proc` and `/sys`. Metrics describing the system and NGINX disk I/O are usually affected. There is no easy workaround for this except to allow the Controller Agent to run as `root`. Fixing permissions for `/proc` and `/sys/block` may also help.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 
 For more information on installing and configuring the Controller Agent, see the following topics:
 
@@ -217,7 +217,7 @@ For more information on installing and configuring the Controller Agent, see the
 - [Configuring the NGINX Controller Agent]({{< ref "/controller/admin-guides/config-agent/configure-the-agent.md" >}})
 - [Configuring metrics collection for NGINX Controller]({{< ref "/controller/admin-guides/config-agent/configure-metrics-collection.md" >}})
 
-{{< /see-also >}}
+{{< /call-out>}}
 
 &nbsp;
 
diff --git a/content/controller/support/troubleshooting-forwarders.md b/content/controller/support/troubleshooting-forwarders.md
index 235579408..b507018aa 100644
--- a/content/controller/support/troubleshooting-forwarders.md
+++ b/content/controller/support/troubleshooting-forwarders.md
@@ -22,7 +22,7 @@ To look up your version of NGINX Controller:
 1. Select the NGINX Controller menu icon, then select **Platform**.
 1. On the Platform menu, select **Cluster** > **Overview**.
 
-{{< see-also >}}Refer to the [NGINX Controller release notes]({{< ref "/controller/releases/" >}}) to see what's new in the latest release of NGINX Controller.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the [NGINX Controller release notes]({{< ref "/controller/releases/" >}}) to see what's new in the latest release of NGINX Controller.{{< /call-out>}}
 
 &nbsp;
 
@@ -145,7 +145,7 @@ To resolve errors with an Integration:
 1. Remove the Forwarder.
 1. Re-add the Forwarder.
 
-{{< tip >}}Before you remove the Forwarder, perform an HTTP GET request to capture the Forwarder's settings. Then, you can delete the Forwarder. Use the JSON payload returned in the GET request to re-create the Forwarder by sending an HTTP PUT request to the `/analytics/forwarders` endpoint in the [NGINX Controller REST API]]({{< ref "/controller/api/_index.md" >}}).{{< /tip >}}
+{{< call-out "tip" >}}Before you remove the Forwarder, perform an HTTP GET request to capture the Forwarder's settings. Then, you can delete the Forwarder. Use the JSON payload returned in the GET request to re-create the Forwarder by sending an HTTP PUT request to the `/analytics/forwarders` endpoint in the [NGINX Controller REST API]]({{< ref "/controller/api/_index.md" >}}).{{< /call-out >}}
 
 ### Error code 440001 -- Integration cannot be found
 
@@ -176,7 +176,7 @@ In NGINX Controller version 3.13, the output format `SPLUNK_HEC` was changed `SP
 
 To resolve this error, update the Forwarder to use `SPLUNK` instead of `SPLUNK_HEC`, as described in [Forward Analytics Data to Splunk]({{< ref "/controller/analytics/forwarders/forward-analytics-to-splunk.md" >}}).
 
-{{< tip >}}To update the Forwarder settings, you can send an HTTP PUT request that contains the updated `outputFormat` config to the `/analytics/forwarders` endpoint in the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}).{{< /tip >}}
+{{< call-out "tip" >}}To update the Forwarder settings, you can send an HTTP PUT request that contains the updated `outputFormat` config to the `/analytics/forwarders` endpoint in the [NGINX Controller REST API]({{< ref "/controller/api/_index.md" >}}).{{< /call-out >}}
 
 {{< versions "3.6" "latest" "ctrlvers" >}}
 {{< versions "3.18" "latest" "apimvers" >}}
diff --git a/content/includes/acm/openapi-support.md b/content/includes/acm/openapi-support.md
index 1d4393653..bbc8b80ea 100644
--- a/content/includes/acm/openapi-support.md
+++ b/content/includes/acm/openapi-support.md
@@ -2,5 +2,5 @@
 nd-docs: DOCS-1188
 ---
 
-{{< note >}}API Connectivity Manager supports the [OpenAPI Specification version 3.0 and 3.1](https://swagger.io/specification/). If your spec uses the 2.0 standard, you must convert it before uploading it.{{< /note >}}
+{{< call-out "note" >}}API Connectivity Manager supports the [OpenAPI Specification version 3.0 and 3.1](https://swagger.io/specification/). If your spec uses the 2.0 standard, you must convert it before uploading it.{{< /call-out >}}
 
diff --git a/content/includes/agent/architecture.md b/content/includes/agent/architecture.md
index d09a138be..2dcb6c722 100644
--- a/content/includes/agent/architecture.md
+++ b/content/includes/agent/architecture.md
@@ -8,7 +8,7 @@ files:
 The figure shows:
 
 - An NGINX instance running on bare metal, virtual machine or container
-- NGINX One Cloud Console includes:
+- NGINX One Console includes:
 
   - Command Server to manage NGINX configurations, push new/updated configuration files remotely, and perform integrity tests.
   - OpenTelemetry (OTel) Receiver that receives observability data from connected Agent instances.
@@ -16,7 +16,7 @@ The figure shows:
 - An NGINX Agent process running on the NGINX instance. NGINX Agent is responsible for:
 
   - Watching, applying, validating, automatically roll back to last good configuration if issues are detected.
-  - Embedding an OpenTelemetry Collector, collecting metrics from NGINX processes, host system performance data, then securely passing metric data to NGINX One Cloud Console.
+  - Embedding an OpenTelemetry Collector, collecting metrics from NGINX processes, host system performance data, then securely passing metric data to NGINX One Console.
 
 - Collection and monitoring of host metrics (CPU usage, Memory utilization, Disk I/O) by the Agent OTel collector.
-- Collected data is made available on NGINX One Cloud Console for monitoring, alerting, troubleshooting, and capacity planning purposes.
+- Collected data is made available on NGINX One Console for monitoring, alerting, troubleshooting, and capacity planning purposes.
diff --git a/content/includes/agent/installation/install-agent-api.md b/content/includes/agent/installation/install-agent-api.md
index 5474f995b..4e2909146 100644
--- a/content/includes/agent/installation/install-agent-api.md
+++ b/content/includes/agent/installation/install-agent-api.md
@@ -4,7 +4,7 @@ files:
   - content/nim/nginx-app-protect/setup-waf-config-management.md
 ---
 
-{{<note>}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{</note>}}
+{{< call-out "note" >}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{< /call-out >}}
 
 If your NGINX Instance Manager host doesn't use valid TLS certificates, you can use the insecure flags to bypass verification. Here are some example commands:
 
diff --git a/content/includes/agent/installation/oss/oss-debian.md b/content/includes/agent/installation/oss/oss-debian.md
index 1d8913352..5adc04833 100644
--- a/content/includes/agent/installation/oss/oss-debian.md
+++ b/content/includes/agent/installation/oss/oss-debian.md
@@ -35,7 +35,7 @@ files:
    uid                      nginx signing key <signing-key@nginx.com>
    ```
 
-   {{< important >}}If the fingerprint is different, remove the file.{{< /important >}}
+   {{< call-out "important" >}}If the fingerprint is different, remove the file.{{< /call-out >}}
 
 1. Add the `nginx-agent` repository:
 
diff --git a/content/includes/agent/installation/oss/oss-ubuntu.md b/content/includes/agent/installation/oss/oss-ubuntu.md
index b1f5127c9..ffb2a4bd3 100644
--- a/content/includes/agent/installation/oss/oss-ubuntu.md
+++ b/content/includes/agent/installation/oss/oss-ubuntu.md
@@ -32,7 +32,7 @@ files:
    uid                      nginx signing key <signing-key@nginx.com>
    ```
 
-   {{< important >}}If the fingerprint is different, remove the file.{{< /important >}}
+   {{< call-out "important" >}}If the fingerprint is different, remove the file.{{< /call-out >}}
 
 1. Add the nginx agent repository:
 
diff --git a/content/includes/agent/installation/uninstall/uninstall-debian.md b/content/includes/agent/installation/uninstall/uninstall-debian.md
index 5a25674d5..7a1582cb4 100644
--- a/content/includes/agent/installation/uninstall/uninstall-debian.md
+++ b/content/includes/agent/installation/uninstall/uninstall-debian.md
@@ -19,4 +19,4 @@ Complete the following steps on each host where you've installed NGINX Agent:
    sudo apt-get remove nginx-agent
    ```
 
-   {{< note >}} The `apt-get remove <package>` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge <package>`. {{< /note >}}
\ No newline at end of file
+   {{< call-out "note" >}} The `apt-get remove <package>` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge <package>`. {{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md
index 5a25674d5..7a1582cb4 100644
--- a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md
+++ b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md
@@ -19,4 +19,4 @@ Complete the following steps on each host where you've installed NGINX Agent:
    sudo apt-get remove nginx-agent
    ```
 
-   {{< note >}} The `apt-get remove <package>` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge <package>`. {{< /note >}}
\ No newline at end of file
+   {{< call-out "note" >}} The `apt-get remove <package>` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge <package>`. {{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/agent/installation/update-container.md b/content/includes/agent/installation/update-container.md
index a974cfbce..f5d3fe10a 100644
--- a/content/includes/agent/installation/update-container.md
+++ b/content/includes/agent/installation/update-container.md
@@ -14,11 +14,11 @@ wget https://raw.githubusercontent.com/nginx/agent/refs/heads/v3/scripts/package
 ./upgrade-agent-config.sh --v2-config-file=./nginx-agent-v2.conf --v3-config-file=nginx-agent-v3.conf
 ```
 
-If your NGINX Agent container was previously a member of a config sync group, then your NGINX Agent config must be manually updated to add the config sync group label.
+If your NGINX Agent container was previously a member of a Config Sync Group, then your NGINX Agent config must be manually updated to add the Config Sync Group label.
 See [Add Config Sync Group]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}) for more information.
 
 ### Rolling back from NGINX Agent v3 to v2
 
 If you need to roll back your environment to NGINX Agent v2, the upgrade process creates a backup of the NGINX Agent v2 config in the file `/etc/nginx-agent/nginx-agent-v2-backup.conf`.
 
-Replace the contents of `/etc/nginx-agent/nginx-agent.conf` with the contents of `/etc/nginx-agent/nginx-agent-v2-backup.conf` and then reinstall an older version of NGINX Agent.
\ No newline at end of file
+Replace the contents of `/etc/nginx-agent/nginx-agent.conf` with the contents of `/etc/nginx-agent/nginx-agent-v2-backup.conf` and then reinstall an older version of NGINX Agent.
diff --git a/content/includes/agent/installation/update.md b/content/includes/agent/installation/update.md
index 6b6834ae7..04d22b110 100644
--- a/content/includes/agent/installation/update.md
+++ b/content/includes/agent/installation/update.md
@@ -6,16 +6,16 @@ files:
 ---
 
 
-{{< note >}} If you are using a version **older than NGINX Agent v2.31.0**, you must stop NGINX Agent before updating:
+{{< call-out "note" >}} If you are using a version **older than NGINX Agent v2.31.0**, you must stop NGINX Agent before updating:
 
    - `sudo systemctl stop nginx-agent`
 
-And start it again after the update:
+And start it again after the update or upgrade:
 
    - `sudo systemctl start nginx-agent`
-{{< /note >}}
+{{< /call-out >}}
 
-Follow the steps below to update NGINX Agent to the latest version.
+Follow the steps below to update or upgrade NGINX Agent to the latest version.
 The same steps apply if you are **upgrading from NGINX Agent v2 to NGINX Agent v3**.
 
 1. Open an SSH connection to the server where you've installed NGINX Agent.
diff --git a/content/includes/agent/tech-specs.md b/content/includes/agent/tech-specs.md
index 129745c66..3175de683 100644
--- a/content/includes/agent/tech-specs.md
+++ b/content/includes/agent/tech-specs.md
@@ -6,16 +6,43 @@ files:
 ---
 
 NGINX Agent is designed to operate efficiently on any system that meets the standard
-hardware requirements for running NGINX Plus itself. This ensures compatibility, stability,
+hardware requirements for running NGINX itself. This ensures compatibility, stability,
 and performance aligned with the NGINX core platform:
 
 ### Supported distributions
 
-{{< include "nginx-plus/supported-distributions.md" >}}
+{{<bootstrap-table "table table-striped table-bordered">}}
+| Distribution                        | Supported on Agent                                                                                         |
+|-------------------------------------|------------------------------------------------------------------------------------------------------------|
+| AlmaLinux                           | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64) <br> 10 (x86_64, aarch64) **(new)**                           |
+| Alpine Linux                        | 3.19 (x86_64, aarch64) <br> 3.20 (x86_64, aarch64) <br> 3.21 (x86_64, aarch64) <br> 3.22 (x86_64, aarch64) |
+| Amazon Linux                        | 2023 (x86_64, aarch64)                                                                                     |                       
+| Amazon Linux 2                      | LTS (x86_64, aarch64)                                                                                      |                       
+| CentOS                              | **Not supported**                                                                                          |                     
+| Debian                              | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)                                                             |
+| FreeBSD                             | **Not supported**                                                                                          |
+| Oracle Linux                        | 8.1+ (x86_64, aarch64) <br> 9 (x86_64) <br> 10 (x86_64) **(new)**                                          |
+| Red Hat Enterprise Linux (RHEL)     | 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64) <br> 10.0+ (x86_64, aarch64) **(new)**                  |
+| Rocky Linux                         | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    <br> 10 (x86_64, aarch64) **(new)**                        |
+| SUSE Linux Enterprise Server (SLES) | 15 SP2+ (x86_64)                                                                                           |
+| Ubuntu                              | 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64) <br> 25.04 LTS (x86_64, aarch64) **(new)**    |
+{{</bootstrap-table>}}
 
 To see the detailed technical specifications for NGINX Plus, refer to the official
 [NGINX Plus documentation]({{< ref "/nginx/technical-specs.md" >}}).
 
+### Supported telemetry
+
+NGINX Agent runs with an embedded OpenTelemetry Collector that provides the following telemetry:
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+| Product               | Metrics | Logs | Traces |
+|-----------------------|---------|------|--------|
+| **NGINX Open Source** | Yes     | No   | No     |
+| **NGINX Plus**        | Yes     | No   | No     |
+| **NGINX App Protect** | No      | Yes  | No     |
+| **NGINX Agent**       | No      | No   | No     |
+{{</bootstrap-table>}}
 
 ### Recommended hardware
 
diff --git a/content/includes/config-snippets/enable-nplus-api-dashboard.md b/content/includes/config-snippets/enable-nplus-api-dashboard.md
index 0aaf4b750..cd086ae0c 100644
--- a/content/includes/config-snippets/enable-nplus-api-dashboard.md
+++ b/content/includes/config-snippets/enable-nplus-api-dashboard.md
@@ -34,4 +34,4 @@ server {
         root /usr/share/nginx/html;
     }
 }
-```
\ No newline at end of file
+```
diff --git a/content/includes/controller/adc-rn-preamble.md b/content/includes/controller/adc-rn-preamble.md
index b76c38ce5..41c3e545b 100644
--- a/content/includes/controller/adc-rn-preamble.md
+++ b/content/includes/controller/adc-rn-preamble.md
@@ -2,12 +2,12 @@ We encourage you to install the latest version of the NGINX Controller Applicati
 
 Technical support is provided for earlier versions that were released within two years of the current release.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For related installation documentation, refer to the following publications:
 
 - [NGINX Controller Installation Guide]({{< ref "/controller/admin-guides/backup-restore/_index.md" >}})
 - [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}})
-{{< /see-also >}}
+{{< /call-out>}}
 
 <!-- Do not remove. Keep this code at the bottom of the include -->
 <!-- DOCS-354 -->
\ No newline at end of file
diff --git a/content/includes/controller/add-existing-instance.md b/content/includes/controller/add-existing-instance.md
index 2c592ef64..72a71cf98 100644
--- a/content/includes/controller/add-existing-instance.md
+++ b/content/includes/controller/add-existing-instance.md
@@ -9,25 +9,25 @@ Take the following steps to add an instance to NGINX Controller:
 7. To add the instance to an existing [Instance Group]({{< ref "/controller/infrastructure/instances/manage-instances.md#instance-groups" >}}), select an Instance Group from the list. Or to create an Instance Group, select **Create New**.
 8. To add the instance to an existing Location, select a Location from the list. Or to create a Location, select **Create New**.
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Once set, the Location for an instance cannot be changed. If you need to change or remove the Location for an instance, you must [remove the instance from NGINX Controller]({{< ref "/controller/infrastructure/instances/manage-instances.md#delete-an-instance" >}}), and then add it back.
-    {{< /important >}}
+    {{< /call-out >}}
 
-    {{< important >}}
+    {{< call-out "important" >}}
 Instances and the instance groups they belong to should specify the same location; however, this requirement is not currently enforced. If different locations are specified, the instance group's location takes precedence. This is important to remember when [assigning locations to workload groups]({{< ref "/controller/app-delivery/manage-apps.md#workload-groups">}}).
-    {{< /important >}}
+    {{< /call-out >}}
 
 9. (Optional) By default, registration of NGINX Plus instances is performed over a secure connection. To use self-signed certificates with the Controller Agent, select **Allow insecure server connections to NGINX Controller using TLS**. For security purposes, we recommend that you secure the Controller Agent with signed certificates when possible.
 10. Use SSH to connect and log in to the NGINX instance that you want to connect to NGINX Controller.
 11. Run the `curl` or `wget` command that's shown in the **Installation Instructions** section on the NGINX instance to download and install the Controller Agent package. When specified, the `-i` and `-l` options for the `install.sh` script refer to the instance name and Location, respectively.
 
-    {{< note >}}
+    {{< call-out "note" >}}
 
 Make sure you enter the commands to download and run the `install.sh` script on the NGINX Plus system, and not on the NGINX Controller.
 
 NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller v3.7 and later.
 
-    {{< /note >}}
+    {{< /call-out >}}
 
 After a few minutes, the NGINX instance will appear on the **Instances** overview page.
 
diff --git a/content/includes/controller/apim-rn-preamble.md b/content/includes/controller/apim-rn-preamble.md
index 85429019e..694a96a61 100644
--- a/content/includes/controller/apim-rn-preamble.md
+++ b/content/includes/controller/apim-rn-preamble.md
@@ -6,14 +6,14 @@ We encourage you to install the latest version of the NGINX Controller APIM modu
 
 Technical support is provided for earlier versions that were released within two years of the current release.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For related installation documentation, refer to the following publications:
 
 - [NGINX Controller Installation Guide]({{< ref "/controller/admin-guides/backup-restore/_index.md" >}})
 - [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}})
-{{< /see-also >}}
+{{< /call-out>}}
 
-{{< important >}}
+{{< call-out "important" >}}
 **Upgrading from NGINX Controller 3.x to NGINX Controller API Management Module 3.18 or later**
 
 NGINX Controller 3.x includes the NGINX Controller Application Delivery Module (ADC) and NGINX Controller API Management Module (APIM).
@@ -23,4 +23,4 @@ Starting with APIM 3.18, the ADC and APIM Modules are released independently on
 If you've installed NGINX Controller 3.18 or earlier before July 2021, we recommend you use the ADC Module going forward.
 
 However, if you want to upgrade to APIM 3.18 or later, we recommend you upgrade to NGINX Controller 3.17 first.
-{{< /important >}}
+{{< /call-out >}}
diff --git a/content/includes/controller/helper-script-prereqs.md b/content/includes/controller/helper-script-prereqs.md
index 0d71632d8..ed869622d 100644
--- a/content/includes/controller/helper-script-prereqs.md
+++ b/content/includes/controller/helper-script-prereqs.md
@@ -36,13 +36,13 @@ To install all of the NGINX Controller prerequisites for your system at the same
     ./helper.sh prereqs
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 After you've installed NGINX Controller, you can install any of the prerequisites by running the following command:
 
   ```bash
 /opt/nginx-controller/helper.sh prereqs [base|docker|nfs]
 ```
 
-{{< /note >}}
+{{< /call-out >}}
 <!-- Do not remove. Keep this code at the bottom of the include -->
 <!-- DOCS-278 -->
diff --git a/content/includes/installation/add-nms-repo.md b/content/includes/installation/add-nms-repo.md
index 05639f135..037ec3e09 100644
--- a/content/includes/installation/add-nms-repo.md
+++ b/content/includes/installation/add-nms-repo.md
@@ -25,6 +25,11 @@ Add the NGINX Instance Manager repository:
     sudo yum module disable nginx:1.14
     sudo yum module enable nginx:1.20
     ```
+  - **RHEL 9**: If you're installing NGINX Open Source package from the yum repository on RHEL 9, run the following commands to use the new version of NGINX Open Source (1.20 at the time of this update):
+
+    ```bash
+    sudo yum install nginx-1.20.*
+    ```
 
 - **Amazon Linux 2**
 
diff --git a/content/includes/installation/add-ports-agent-selinux.md b/content/includes/installation/add-ports-agent-selinux.md
index 27c8e3429..22af50cc4 100644
--- a/content/includes/installation/add-ports-agent-selinux.md
+++ b/content/includes/installation/add-ports-agent-selinux.md
@@ -1,7 +1,7 @@
 ---
 docs:
 files:
-  - content/nginx-one/agent/configure-instance-reporting/configure-selinux.md
+  - content/nginx-one/agent/configure-instances/configure-selinux.md
   - content/nim/system-configuration/configure-selinux.md
   - content/nms/nginx-agent/install-nginx-agent.md
 ---
@@ -14,4 +14,4 @@ To allow external ports outside the HTTPD context, run:
 sudo setsebool -P httpd_can_network_connect 1
 ```
 
-{{<see-also>}}For more information, see [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/).{{</see-also>}}
\ No newline at end of file
+{{< call-out "note" >}}For more information, see [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/).{{< /call-out>}}
\ No newline at end of file
diff --git a/content/includes/installation/enable-agent-selinux.md b/content/includes/installation/enable-agent-selinux.md
index 482ee61c1..4d9ec4bf6 100644
--- a/content/includes/installation/enable-agent-selinux.md
+++ b/content/includes/installation/enable-agent-selinux.md
@@ -1,7 +1,7 @@
 ---
 docs:
 files:
-   - content/nginx-one/agent/configure-instance-reporting/configure-selinux.md
+   - content/nginx-one/agent/configure-instances/configure-selinux.md
    - content/nim/system-configuration/configure-selinux.md
    - content/nms/nginx-agent/install-nginx-agent.md
 ---
diff --git a/content/includes/installation/nms-prerequisites.md b/content/includes/installation/nms-prerequisites.md
index db01872ea..6833b66dd 100644
--- a/content/includes/installation/nms-prerequisites.md
+++ b/content/includes/installation/nms-prerequisites.md
@@ -2,8 +2,8 @@
 nd-docs: DOCS-1242
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 Before you can install this module, you need to have NGINX and ClickHouse installed on your system. Additionally, you will need to add the NGINX Instance Manager repository. The [Prerequisites]({{< ref "/nim/deploy/vm-bare-metal/install.md" >}}) topic has detailed instructions on how to fulfill these requirements.
 
-{{< /important>}}
+{{< /call-out >}}
 
diff --git a/content/includes/installation/nms-user.md b/content/includes/installation/nms-user.md
index 503193c30..8ce7dfa81 100644
--- a/content/includes/installation/nms-user.md
+++ b/content/includes/installation/nms-user.md
@@ -2,4 +2,4 @@
 docs:
 ---
 
-{{<note>}}NGINX Instance Manager components started this way run by default as the non-root `nms` user inside the `nms` group, both of which are created during installation.{{</note>}}
+{{< call-out "note" >}}NGINX Instance Manager components started this way run by default as the non-root `nms` user inside the `nms` group, both of which are created during installation.{{< /call-out >}}
diff --git a/content/includes/licensing-and-reporting/apply-jwt.md b/content/includes/licensing-and-reporting/apply-jwt.md
index febdf7a19..d04116675 100644
--- a/content/includes/licensing-and-reporting/apply-jwt.md
+++ b/content/includes/licensing-and-reporting/apply-jwt.md
@@ -1,12 +1,15 @@
 ---
-docs:
 file:
   - content/solutions/about-subscription-licenses.md
   - content/nap-waf/v5/admin-guide/install.md
 ---
 
-1. Copy the license file to `/etc/nginx/license.jwt` on Linux or `/usr/local/etc/nginx/license.jwt` on FreeBSD for each NGINX Plus instance.
-2. Reload NGINX:
+1. Copy the license file to:
+
+   - `/etc/nginx/license.jwt` on Linux
+   - `/usr/local/etc/nginx/license.jwt` on FreeBSD
+
+1. Reload NGINX:
 
    ```shell
    systemctl reload nginx
diff --git a/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md b/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md
new file mode 100644
index 000000000..913c1862d
--- /dev/null
+++ b/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md
@@ -0,0 +1,16 @@
+---
+file:
+  - content/solutions/about-subscription-licenses.md
+---
+
+1. In the NGINX One Console, go to **Manage > Config Sync Groups**, then select your group.
+   
+   If you haven't created a Config Sync Group yet, see [Manage Config Sync Groups]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}) for setup instructions.
+2. Select the **Configuration** tab, then choose **Edit Configuration**.
+3. Select **Add File**, then choose **New Configuration File**.
+4. In the **File name** field, enter:
+   - On Linux: `/etc/nginx/license.jwt`  
+   - On FreeBSD: `/usr/local/etc/nginx/license.jwt`  
+   The name must be exact.
+5. Paste the contents of your JWT license file into the editor.
+6. Select **Next** to preview the diff, then **Save and Publish** to apply the update.
\ No newline at end of file
diff --git a/content/includes/licensing-and-reporting/download-certificates-from-myf5.md b/content/includes/licensing-and-reporting/download-certificates-from-myf5.md
new file mode 100644
index 000000000..36597020c
--- /dev/null
+++ b/content/includes/licensing-and-reporting/download-certificates-from-myf5.md
@@ -0,0 +1,9 @@
+---
+files:
+- content/includes/use-cases/credential-download-instructions.md
+---
+
+1. Log in to [MyF5](https://my.f5.com/manage/s/).
+1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
+1. Find your NGINX subscription, and select the **Subscription ID** for details.
+1. Download the **SSL Certificate** and **Private Key** files from the subscription page.
\ No newline at end of file
diff --git a/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md
index 647d52583..f208507ea 100644
--- a/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md
+++ b/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md
@@ -10,4 +10,4 @@ Download the SSL certificate, private key, and the JWT license file associated w
 - Download the **nginx-repo.crt** and **nginx-repo.key** from the subscription page.
 - Download the **JSON Web Token** (JWT) from the subscription page.
 
-{{< note >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /note >}}
\ No newline at end of file
+{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/licensing-and-reporting/download-jwt-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-from-myf5.md
index af947d320..1ede09099 100644
--- a/content/includes/licensing-and-reporting/download-jwt-from-myf5.md
+++ b/content/includes/licensing-and-reporting/download-jwt-from-myf5.md
@@ -1,8 +1,19 @@
 ---
 docs:
+files:
+- content/includes/nim/docker/docker-registry-login.md
+- content/includes/use-cases/credential-download-instructions.md
+- content/nap-waf/v5/admin-guide/install.md
+- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
+- content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md
+- content/nim/admin-guide/add-license.md
+- content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md
+- content/nim/disconnected/add-license-disconnected-deployment.md
+- content/solutions/about-subscription-licenses.md
+- content/solutions/r33-pre-release-guidance-for-automatic-upgrades.md
 ---
 
 1. Log in to [MyF5](https://my.f5.com/manage/s/).
-2. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
-3. Find your NGINX products or services subscription, and select the **Subscription ID** for details.
-4. Download the **JSON Web Token** from the subscription page.
+1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
+1. Find your NGINX subscription, and select the **Subscription ID** for details.
+1. Download the **JSON Web Token** file from the subscription page.
diff --git a/content/includes/licensing-and-reporting/log-location-and-monitoring.md b/content/includes/licensing-and-reporting/log-location-and-monitoring.md
index 6934d8a60..673b74671 100644
--- a/content/includes/licensing-and-reporting/log-location-and-monitoring.md
+++ b/content/includes/licensing-and-reporting/log-location-and-monitoring.md
@@ -30,4 +30,4 @@ Examples of subscription-related log entries include:
   [emerg] license expired
   ```
 
-  {{<important>}}When a license expires, NGINX Plus stops processing traffic.{{</important>}}
\ No newline at end of file
+  {{< call-out "important" >}}When a license expires, NGINX Plus stops processing traffic.{{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/nap-waf/build-from-official-nginx-image.md b/content/includes/nap-waf/build-from-official-nginx-image.md
index e6b0e4c8d..085908c9e 100644
--- a/content/includes/nap-waf/build-from-official-nginx-image.md
+++ b/content/includes/nap-waf/build-from-official-nginx-image.md
@@ -2,9 +2,9 @@
 nd-docs: "DOCS-1509"
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
  While this example utilizes the official NGINX Open Source image as a base, the crucial requirement is that NGINX must be installed as a package from the official NGINX repository, rather than being compiled from source.
-{{< /note >}}
+{{< /call-out >}}
 
 ```dockerfile
 # syntax=docker/dockerfile:1
diff --git a/content/includes/nap-waf/build-nginx-image-cmd.md b/content/includes/nap-waf/build-nginx-image-cmd.md
index 4e7e2387f..ddc2a7100 100644
--- a/content/includes/nap-waf/build-nginx-image-cmd.md
+++ b/content/includes/nap-waf/build-nginx-image-cmd.md
@@ -2,9 +2,9 @@
 nd-docs: "DOCS-1512"
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 Never upload your NGINX App Protect WAF v5 images to a public container registry such as Docker Hub. Doing so violates your license agreement.
-{{< /note >}}
+{{< /call-out >}}
 
 To build the image, execute the following command in the directory containing the `nginx-repo.crt`, `nginx-repo.key`, and `Dockerfile`. Here, `nginx-app-protect-5` is an example image tag.
 
diff --git a/content/includes/nap-waf/concept/global-directives.md b/content/includes/nap-waf/concept/global-directives.md
index d3b998312..ad92b63d1 100644
--- a/content/includes/nap-waf/concept/global-directives.md
+++ b/content/includes/nap-waf/concept/global-directives.md
@@ -6,7 +6,7 @@ Global configuration consists of a series of `nginx.conf` directives at the `htt
 
 When applied to a cluster, all cluster members will get the same globals as expected.
 
-{{< note >}} Whether an incoming request is inspected by NGINX App Protect WAF may be determined by the URL in the request. This happens if you configure `app_protect_enable` and `app_protect_policy_file` directives in the `location` scope. In the case where the URL itself has violations such as *bad unescape* or *illegal metacharacter* then the request might be assigned to a location in which NGINX App Protect WAF is disabled or has a relaxed policy that does not detect these violations. Such malicious requests will be allowed without inspection. In order to avoid this, it is recommended to have a basic policy enabled at the `http` scope or at least at the `server` scope to process malicious requests in a more complete manner.{{< /note >}}
+{{< call-out "note" >}} Whether an incoming request is inspected by NGINX App Protect WAF may be determined by the URL in the request. This happens if you configure `app_protect_enable` and `app_protect_policy_file` directives in the `location` scope. In the case where the URL itself has violations such as *bad unescape* or *illegal metacharacter* then the request might be assigned to a location in which NGINX App Protect WAF is disabled or has a relaxed policy that does not detect these violations. Such malicious requests will be allowed without inspection. In order to avoid this, it is recommended to have a basic policy enabled at the `http` scope or at least at the `server` scope to process malicious requests in a more complete manner.{{< /call-out >}}
 
 {{< bootstrap-table "table table-striped table-bordered table-sm table-responsive" >}}
 |Directive Name | Syntax | Description | Default |
diff --git a/content/includes/nap-waf/concept/strict-policy.md b/content/includes/nap-waf/concept/strict-policy.md
index a6e718b6b..06a7c44f1 100644
--- a/content/includes/nap-waf/concept/strict-policy.md
+++ b/content/includes/nap-waf/concept/strict-policy.md
@@ -12,7 +12,7 @@ In addition the Strict Policy also **blocks** the following:
 - Requests with the `VIOL_EVASION` violation (evasion techniques).
 - Requests with violations that restrict options in the request and response: HTTP method, response status code and disallowed file types.
 
-{{< note >}} Other violations, specifically attack signatures and metacharacters, which are more prone to false positives, still have only Alarm turned on, without blocking, contributing to the Violation Rating as in the Default policy.{{< /note >}}
+{{< call-out "note" >}} Other violations, specifically attack signatures and metacharacters, which are more prone to false positives, still have only Alarm turned on, without blocking, contributing to the Violation Rating as in the Default policy.{{< /call-out >}}
 
 In addition, the Strict policy also enables the following features in **alarm only** mode:
 - **Data Guard**: masking Credit Card Number (CCN), US Social Security Number (SSN) and custom patterns found in HTTP responses.
diff --git a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
index 7c7e7a847..45ebb85ef 100644
--- a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
+++ b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
@@ -62,9 +62,9 @@ In this IPv4 example, we use the default configuration while enabling the deny l
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The above configuration assumes the IP address represents the original requestor. However, it is also common that the client address may instead represent a downstream proxy device as opposed to the original requestor's IP address. In this case, you may need to configure NGINX App Protect WAF to prefer the use of an `X-Forwarded-For` (or similar) header injected to the request by a downstream proxy in order to more accurately identify the *actual* originator of the request. [See the XFF Headers and Trust](#xff-headers-and-trust) for information regarding the additional settings required for this configuration.
-{{< /note >}}
+{{< /call-out >}}
 
 
 Here's an example of IPv6 notation with a single address and an IP subnet with a 120-bit prefix:
diff --git a/content/includes/nap-waf/config/common/handling-xml-and-json-content.md b/content/includes/nap-waf/config/common/handling-xml-and-json-content.md
index a8a54c409..60b132bf9 100644
--- a/content/includes/nap-waf/config/common/handling-xml-and-json-content.md
+++ b/content/includes/nap-waf/config/common/handling-xml-and-json-content.md
@@ -109,9 +109,9 @@ Here is a policy that enforces this:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Defining a JSON or XML profile in a policy has no effect until you assign it to a URL or Parameter you defined in that policy. Profiles can be shared by more than one URL and/or Parameter.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Applying a JSON Schema
 
diff --git a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
index f1f28bb0c..2630c54ec 100644
--- a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
+++ b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
@@ -1,5 +1,8 @@
 ---
 nd-docs: "DOCS-1605"
+files:
+  - content/nap-waf/v5/configuration-guide/configuration.md
+  - content/nginx-one/glossary.md
 ---
 
 This guide assumes that you have some familiarity with various Layer 7 (L7) Hypertext Transfer Protocol (HTTP) concepts, such as Uniform Resource Identifier (URI)/Uniform Resource Locator (URL), method, header, cookie, status code, request, response, and parameters.
@@ -26,4 +29,4 @@ This guide assumes that you have some familiarity with various Layer 7 (L7) Hype
 |Tuning | Making manual changes to an existing security policy to reduce false positives and increase the policy’s security level. |
 |URI/URL | The Uniform Resource Identifier (URI) specifies the name of a web object in a request. A Uniform Resource Locator (URL) specifies the location of an object on the Internet. For example, in the web address, `http://www.siterequest.com/index.html`, index.html is the URI, and the URL is `http://www.siterequest.com/index.html`. In NGINX App Protect WAF, the terms URI and URL are used interchangeably. |
 |Violation | Violations occur when some aspect of a request or response does not comply with the security policy. You can configure the blocking settings for any violation in a security policy. When a violation occurs, the system can Alarm or Block a request (blocking is only available when the enforcement mode is set to Blocking). |
-{{</bootstrap-table>}}
\ No newline at end of file
+{{</bootstrap-table>}}
diff --git a/content/includes/nap-waf/config/common/override-rules-overview.md b/content/includes/nap-waf/config/common/override-rules-overview.md
index 59d547719..643094dbe 100644
--- a/content/includes/nap-waf/config/common/override-rules-overview.md
+++ b/content/includes/nap-waf/config/common/override-rules-overview.md
@@ -97,7 +97,7 @@ The above "override_rules_example" policy contains five override rules:
 These five rules demonstrate how the override rules feature allows for customization and the ability to modify specific aspects of the original policy based on predefined conditions.
 
 
-{{< note >}}
+{{< call-out "note" >}}
 - By default, the actionType field is configured to "extend-policy".
 - External references are supported for any policy reference.
-{{< /note >}}
\ No newline at end of file
+{{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md b/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md
index 59d7b39cb..f6e36e2b4 100644
--- a/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md
+++ b/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md
@@ -100,9 +100,9 @@ Transparent Mode example:
 
  Adding and enabling additional security features to the policy can be done by specifying the violation name and the `alarm` block state to "true". To set different states to sub-violations within the violation, enable the violation first, then specifying and enable the sub-violations. Also, a violation may have its own section that provides additional configuration granularity for a specific violation/sub-violation.
 
-{{< note >}}
+{{< call-out "note" >}}
 The attack signature violation `VIOL_ATTACK_SIGNATURE` cannot be configured by the user. Rather, the violation is determined by the combination of the [signature sets](#signature-sets) on the policy.
-{{< /note >}}
+{{< /call-out >}}
 
  The examples below show how to enable a violation and sub-violation in a declarative format.
 
diff --git a/content/includes/nap-waf/config/common/types-of-openapi-references.md b/content/includes/nap-waf/config/common/types-of-openapi-references.md
index 8316e15fc..ce9eafc8f 100644
--- a/content/includes/nap-waf/config/common/types-of-openapi-references.md
+++ b/content/includes/nap-waf/config/common/types-of-openapi-references.md
@@ -4,7 +4,7 @@ nd-docs: "DOCS-1636"
 
 There are different ways of referencing OpenAPI Specification files. The configuration is similar to [External References](#external-references).
 
-{{< note >}} Any update of an OpenAPI Specification file referenced in the policy will not trigger a policy compilation. This action needs to be done actively by reloading the NGINX configuration. {{< /note >}}
+{{< call-out "note" >}} Any update of an OpenAPI Specification file referenced in the policy will not trigger a policy compilation. This action needs to be done actively by reloading the NGINX configuration. {{< /call-out >}}
 
 #### URL Reference
 
@@ -12,7 +12,7 @@ URL reference is the method of referencing an external source by providing its f
 
 Make sure to configure certificates prior to using the HTTPS protocol - see the [HTTPS References](#https-reference) under the External References section for more details.
 
-{{< note >}} You need to make sure that the server where the resource files are located is always available when you are compiling your policy. {{< /note >}}
+{{< call-out "note" >}} You need to make sure that the server where the resource files are located is always available when you are compiling your policy. {{< /call-out >}}
 
 ##### Example Configuration
 
diff --git a/content/includes/nap-waf/config/common/types-of-references.md b/content/includes/nap-waf/config/common/types-of-references.md
index dfc5403c3..eb98312ed 100644
--- a/content/includes/nap-waf/config/common/types-of-references.md
+++ b/content/includes/nap-waf/config/common/types-of-references.md
@@ -8,8 +8,8 @@ There are different implementations based on the type of references that are bei
 
 URL reference is the method of referencing an external source by providing its full URL. This is a very useful method when trying to combine or consolidate parts of the policy that are present on different server machines.
 
-{{< note >}} You need to make sure that the server where the resource files are located is always available when you are compiling your policy.
-{{< /note >}}
+{{< call-out "note" >}} You need to make sure that the server where the resource files are located is always available when you are compiling your policy.
+{{< /call-out >}}
 
 ##### Example Configuration
 
diff --git a/content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md b/content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-8.md
similarity index 100%
rename from content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md
rename to content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-8.md
diff --git a/content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-9.md b/content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-9.md
new file mode 100644
index 000000000..1bd319400
--- /dev/null
+++ b/content/includes/nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-9.md
@@ -0,0 +1,17 @@
+Create NGINX App Protect WAF v5 repository file, named `/etc/yum.repos.d/app-protect-x-plus.repo` with the following contents:
+
+```none
+[app-protect-x-plus]
+name=nginx-app-protect repo
+baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
+sslclientcert=/etc/ssl/nginx/nginx-repo.crt
+sslclientkey=/etc/ssl/nginx/nginx-repo.key
+gpgcheck=0
+enabled=1
+```
+
+Install the NGINX App Protect WAF v5 package:
+
+```shell
+sudo dnf install app-protect-module-plus
+```
diff --git a/content/includes/nap-waf/how-to/enable-graphql.md b/content/includes/nap-waf/how-to/enable-graphql.md
index 1b98bef2e..0d6991394 100644
--- a/content/includes/nap-waf/how-to/enable-graphql.md
+++ b/content/includes/nap-waf/how-to/enable-graphql.md
@@ -1,6 +1,6 @@
 This section describes how to configure GraphQL with minimal configuration. Refer to the following sections for GraphQL elements definitions and details about advanced configuration options.
 
-{{< note >}} GraphQL is supported on NGINX App Protect WAF version starting 4.2. Make sure you're running NGINX App Protect WAF version 4.2 or later to get GraphQL to work properly.{{< /note >}}
+{{< call-out "note" >}} GraphQL is supported on NGINX App Protect WAF version starting 4.2. Make sure you're running NGINX App Protect WAF version 4.2 or later to get GraphQL to work properly.{{< /call-out >}}
 
 GraphQL policy consists of three basic elements: GraphQL Profile, GraphQL Violations and GraphQL URL.
 
diff --git a/content/includes/nap-waf/nap-k8s-mtls-deployment.md b/content/includes/nap-waf/nap-k8s-mtls-deployment.md
index 7a57b016d..11bb1f378 100644
--- a/content/includes/nap-waf/nap-k8s-mtls-deployment.md
+++ b/content/includes/nap-waf/nap-k8s-mtls-deployment.md
@@ -1,7 +1,7 @@
 To secure traffic between NGINX and App Protect Enforcer using mTLS, follow the steps below:
 
-{{< note >}} Refer to the [Configuration Guide]({{< relref "/nap-waf/v5/configuration-guide/configuration.md#secure-traffic-between-nginx-and-app-protect-enforcer-using-mtls" >}}) to generate certificates and modify the `nginx.conf` for mTLS.
-{{< /note >}}
+{{< call-out "note" >}} Refer to the [Configuration Guide]({{< relref "/nap-waf/v5/configuration-guide/configuration.md#secure-traffic-between-nginx-and-app-protect-enforcer-using-mtls" >}}) to generate certificates and modify the `nginx.conf` for mTLS.
+{{< /call-out >}}
 
 First, create a Kubernetes Secret that contains the certificate and key files:
 	
diff --git a/content/includes/nap-waf/policy.html b/content/includes/nap-waf/policy.html
index 0d84e0c67..a3c8e9a88 100644
--- a/content/includes/nap-waf/policy.html
+++ b/content/includes/nap-waf/policy.html
@@ -3705,7 +3705,14 @@ <h2 id="policy/override-rules">override-rules</h2>
 <li><strong>headers['&lt;name&gt;']</strong>: (map-type) The value of the specified header name. Example: "headers['Accept'].startsWith('application')"</li>
 </ul>
 </blockquote>
-<p><strong>Note</strong>: The "headers['&lt;name&gt;']" attribute does not support 'Cookie' as a header name. Attribute "clientIp" supports using "ipAddressLists" in condition: "clientIp.matches(ipAddressLists['<name>'])</p></td>
+<dl>
+<dt><strong>Note</strong>:</dt>
+<dd><ul>
+<li>The "headers['&lt;name&gt;']" attribute does not support 'Cookie' as a header name.</li>
+<li>Attribute "clientIp" supports using "ipAddressLists" in condition: "clientIp.matches(ipAddressLists['&lt;name&gt;'])"</li>
+</ul>
+</dd>
+</dl></td>
 <td></td>
 </tr>
 <tr class="odd">
diff --git a/content/includes/nap-waf/setup-docker-registry.md b/content/includes/nap-waf/setup-docker-registry.md
index 9ace0cb63..f6fb5231b 100644
--- a/content/includes/nap-waf/setup-docker-registry.md
+++ b/content/includes/nap-waf/setup-docker-registry.md
@@ -10,6 +10,6 @@ sudo cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx
 sudo cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Please note that the file extension for the certificate file has changed from `.crt` to `.cert`
-{{< /note >}}
\ No newline at end of file
+{{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/nap-waf/upgrade-recompile-warning.md b/content/includes/nap-waf/upgrade-recompile-warning.md
index 970b58e72..818d49e37 100644
--- a/content/includes/nap-waf/upgrade-recompile-warning.md
+++ b/content/includes/nap-waf/upgrade-recompile-warning.md
@@ -2,10 +2,10 @@
 nd-docs: DOCS-000
 ---
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 When upgrading, you must recompile all policy and log bundles using the latest WAF compiler.
 
 Older bundles will be detected and disallowed.
 
-{{< /warning >}}
\ No newline at end of file
+{{< /call-out >}}
\ No newline at end of file
diff --git a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md b/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md
index 5979df586..718949866 100644
--- a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md
+++ b/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md
@@ -6,4 +6,4 @@ To avoid client service interruptions when upgrading NGINX Gateway Fabric, you c
 
 For an in-depth explanation of how Kubernetes handles pod termination, see the [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) topic on their official website.
 
-{{<note>}}Keep in mind that NGINX won't shut down while WebSocket or other long-lived connections are open. NGINX will only stop when these connections are closed by the client or the backend. If these connections stay open during an upgrade, Kubernetes might need to shut down NGINX forcefully. This sudden shutdown could interrupt service for clients.{{</note>}}
+{{< call-out "note" >}}Keep in mind that NGINX won't shut down while WebSocket or other long-lived connections are open. NGINX will only stop when these connections are closed by the client or the backend. If these connections stay open during an upgrade, Kubernetes might need to shut down NGINX forcefully. This sudden shutdown could interrupt service for clients.{{< /call-out >}}
diff --git a/content/includes/ngf/installation/deploy-ngf-crds.md b/content/includes/ngf/installation/deploy-ngf-crds.md
new file mode 100644
index 000000000..14161e06c
--- /dev/null
+++ b/content/includes/ngf/installation/deploy-ngf-crds.md
@@ -0,0 +1,18 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+#### Stable release
+
+```shell
+kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml
+```
+
+#### Edge version
+
+```shell
+kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/main/deploy/crds.yaml
+```
diff --git a/content/includes/ngf/installation/deploy-ngf-manifests.md b/content/includes/ngf/installation/deploy-ngf-manifests.md
new file mode 100644
index 000000000..17183bbad
--- /dev/null
+++ b/content/includes/ngf/installation/deploy-ngf-manifests.md
@@ -0,0 +1,115 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+{{< call-out "note" >}} By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files. {{< /call-out >}}
+
+{{<tabs name="install-manifests">}}
+
+{{%tab name="Default"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/default/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="AWS NLB"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/default/deploy.yaml
+```
+
+To set up an AWS Network Load Balancer service, add these annotations to your Gateway infrastructure field:
+
+```yaml
+spec:
+  infrastructure:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-type: "external"
+      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+```
+
+{{% /tab %}}
+
+{{%tab name="Azure"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS and `nodeSelector` to deploy on Linux nodes.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/azure/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+Deploys NGINX Gateway Fabric with NGINX Plus. The image is pulled from the
+NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Secret to use to pull the image.
+The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nginx-plus/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="Experimental"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS and experimental features.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/experimental/deploy.yaml
+```
+
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus Experimental"%}}
+
+Deploys NGINX Gateway Fabric with NGINX Plus and experimental features. The image is pulled from the
+NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Secret to use to pull the image.
+The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nginx-plus-experimental/deploy.yaml
+```
+
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
+
+{{% /tab %}}
+
+{{%tab name="NodePort"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS using a Service type of `NodePort`.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nodeport/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="OpenShift"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS on OpenShift.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/openshift/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+### Provision an NGINX data plane
+
+To deploy the NGINX data plane to connect to the NGINX One Console, follow this guide: [Deploy a Gateway for data plane instances]({{< ref "/ngf/install/deploy-data-plane.md" >}}).
+
diff --git a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md
index 7820399a0..1e87ac7ce 100644
--- a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md
+++ b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md
@@ -9,7 +9,7 @@ There are two options for accessing NGINX Gateway Fabric depending on the type o
 - If the LoadBalancer type is `NodePort`, Kubernetes will randomly allocate two ports on every node of the cluster.
   To access the NGINX Gateway Fabric, use an IP address of any node of the cluster along with the two allocated ports.
 
-  {{<tip>}} Read more about the type NodePort in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). {{</tip>}}
+  {{< call-out "tip" >}} Read more about the type NodePort in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). {{< /call-out >}}
 
 - If the LoadBalancer type is `LoadBalancer`:
 
@@ -32,21 +32,21 @@ There are two options for accessing NGINX Gateway Fabric depending on the type o
     kubectl get svc nginx-gateway -n nginx-gateway
     ```
 
-    {{< note >}} We recommend using the NLB DNS whenever possible, but for testing purposes, you can resolve the DNS name to get the IP address of the load balancer:
+    {{< call-out "note" >}} We recommend using the NLB DNS whenever possible, but for testing purposes, you can resolve the DNS name to get the IP address of the load balancer:
 
   ```shell
   nslookup <dns-name>
   ```
 
-    {{< /note >}}
+    {{< /call-out >}}
 
-  {{<tip>}} Learn more about type LoadBalancer in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer).
+  {{< call-out "tip" >}} Learn more about type LoadBalancer in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer).
 
   For AWS, additional options regarding an allocated load balancer are available, such as its type and SSL
   termination. Read the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more.
-  {{</tip>}}
+  {{< /call-out >}}
 
-{{<important>}}By default Helm and manifests configure NGINX Gateway Fabric on ports `80` and `443`, affecting any gateway [listeners](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on these ports. To use different ports, update the configuration. NGINX Gateway Fabric requires a configured [gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/#gateway) resource with a valid listener to listen on any ports.{{</important>}}
+{{< call-out "important" >}}By default Helm and manifests configure NGINX Gateway Fabric on ports `80` and `443`, affecting any gateway [listeners](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on these ports. To use different ports, update the configuration. NGINX Gateway Fabric requires a configured [gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/#gateway) resource with a valid listener to listen on any ports.{{< /call-out >}}
 
 NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used.
 
diff --git a/content/includes/ngf/installation/install-gateway-api-experimental-features.md b/content/includes/ngf/installation/install-gateway-api-experimental-features.md
index aec27817e..d57046ebf 100644
--- a/content/includes/ngf/installation/install-gateway-api-experimental-features.md
+++ b/content/includes/ngf/installation/install-gateway-api-experimental-features.md
@@ -4,7 +4,7 @@ nd-docs: "DOCS-000"
 
 To use Gateway API experimental resources, the Gateway API resources from the experimental channel must be installed before deploying NGINX Gateway Fabric. Additionally, NGINX Gateway Fabric must have experimental features enabled.
 
-{{< caution >}}As noted in the [Gateway API documentation](https://gateway-api.sigs.k8s.io/guides/#install-experimental-channel), future releases of the Gateway API can include breaking changes to experimental resources and fields. {{</ caution >}}
+{{< call-out "caution"  >}}As noted in the [Gateway API documentation](https://gateway-api.sigs.k8s.io/guides/#install-experimental-channel), future releases of the Gateway API can include breaking changes to experimental resources and fields. {{< /call-out >}}
 
 To install the Gateway API resources from the experimental channel, run the following:
 
@@ -12,7 +12,7 @@ To install the Gateway API resources from the experimental channel, run the foll
 kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v{{< version-ngf >}}" | kubectl apply -f -
 ```
 
-{{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{</ note >}}
+{{< call-out "note" >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{< /call-out >}}
 
 To enable experimental features on NGINX Gateway Fabric:
 
diff --git a/content/includes/ngf/installation/install-gateway-api-resources.md b/content/includes/ngf/installation/install-gateway-api-resources.md
index bab5a44bd..859c33c72 100644
--- a/content/includes/ngf/installation/install-gateway-api-resources.md
+++ b/content/includes/ngf/installation/install-gateway-api-resources.md
@@ -2,7 +2,7 @@
 nd-docs: "DOCS-1438"
 ---
 
-{{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginx/nginx-gateway-fabric/blob/v{{< version-ngf >}}/README.md#technical-specifications). {{</ note >}}
+{{< call-out "note" >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginx/nginx-gateway-fabric/blob/v{{< version-ngf >}}/README.md#technical-specifications). {{< /call-out >}}
 
 To install the Gateway API resources, run the following:
 
@@ -10,7 +10,7 @@ To install the Gateway API resources, run the following:
 kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v{{< version-ngf >}}" | kubectl apply -f -
 ```
 
-{{< note >}} If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{</ note >}}
+{{< call-out "note" >}} If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{< /call-out >}}
 
 Alternatively, you can install the Gateway API resources from the experimental channel.
 Installing Gateway API resources from the experimental channel includes everything in the standard release channel plus additional experimental resources and fields.
@@ -21,4 +21,4 @@ To install from the experimental channel, run the following:
 kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v{{< version-ngf >}}" | kubectl apply -f -
 ```
 
-{{< note >}} To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our [Gateway API Compatibility]({{< ref "/ngf/overview/gateway-api-compatibility.md" >}}) document. {{</ note >}}
+{{< call-out "note" >}} To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our [Gateway API Compatibility]({{< ref "/ngf/overview/gateway-api-compatibility.md" >}}) document. {{< /call-out >}}
diff --git a/content/includes/ngf/installation/install-manifests-prereqs.md b/content/includes/ngf/installation/install-manifests-prereqs.md
new file mode 100644
index 000000000..0385a4399
--- /dev/null
+++ b/content/includes/ngf/installation/install-manifests-prereqs.md
@@ -0,0 +1,13 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+To complete this guide, you'll need to install:
+
+- [kubectl](https://kubernetes.io/docs/tasks/tools/), a command-line interface for managing Kubernetes clusters.
+- [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}) in a production environment.
+
+{{< call-out "important" >}} If you’d like to use NGINX Plus, some additional setup is also required: {{< /call-out >}}
diff --git a/content/includes/ngf/installation/jwt-password-note.md b/content/includes/ngf/installation/jwt-password-note.md
index 6cc40d962..dba68ea16 100644
--- a/content/includes/ngf/installation/jwt-password-note.md
+++ b/content/includes/ngf/installation/jwt-password-note.md
@@ -2,10 +2,10 @@
 nd-docs: "DOCS-000"
 ---
 
-{{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
+{{< call-out "note" >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
 
 1. **JWTs:** JWTs are sensitive information. Store them securely. Delete them after use to prevent unauthorized access.
 
 1. **Shell history:** Commands that include JWTs or passwords are recorded in the history of your shell, in plain text. Clear your shell history after running such commands. For example, if you use bash, you can delete commands in your `~/.bash_history` file. Alternatively, you can run the `history -c` command to erase your shell history.
 
-Follow these practices to help ensure the security of your system and data. {{< /note >}}
+Follow these practices to help ensure the security of your system and data. {{< /call-out >}}
diff --git a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md
index 0ad007efa..70946b287 100644
--- a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md
+++ b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md
@@ -2,7 +2,7 @@
 nd-docs: "DOCS-000"
 ---
 
-{{< note >}} If you would rather pull the NGINX Plus image and push to a private registry, you can skip this specific step and instead follow [this step]({{< ref "/ngf/install/nginx-plus.md#pull-an-image-for-local-use" >}}). {{< /note >}}
+{{< call-out "note" >}} If you would rather pull the NGINX Plus image and push to a private registry, you can skip this specific step and instead follow [this step]({{< ref "/ngf/install/nginx-plus.md#pull-an-image-for-local-use" >}}). {{< /call-out >}}
 
 If the `nginx-gateway` namespace does not yet exist, create it:
 
diff --git a/content/includes/ngf/installation/nginx-plus/download-jwt.md b/content/includes/ngf/installation/nginx-plus/download-jwt.md
index 78ad1cbf8..63880f204 100644
--- a/content/includes/ngf/installation/nginx-plus/download-jwt.md
+++ b/content/includes/ngf/installation/nginx-plus/download-jwt.md
@@ -7,4 +7,4 @@ nd-docs: "DOCS-000"
 3. Find your NGINX products or services subscription, and select the **Subscription ID** for details.
 4. Download the **JSON Web Token (JWT)** from the subscription page.
 
-{{< note >}} The Connectivity Stack for Kubernetes JWT does not work with NGINX Plus reporting. A regular NGINX Plus instance JWT must be used. {{< /note >}}
+{{< call-out "note" >}} The Connectivity Stack for Kubernetes JWT does not work with NGINX Plus reporting. A regular NGINX Plus instance JWT must be used. {{< /call-out >}}
diff --git a/content/includes/ngf/installation/uninstall-gateway-api-resources.md b/content/includes/ngf/installation/uninstall-gateway-api-resources.md
index 92a857ff6..d123bf43c 100644
--- a/content/includes/ngf/installation/uninstall-gateway-api-resources.md
+++ b/content/includes/ngf/installation/uninstall-gateway-api-resources.md
@@ -2,7 +2,7 @@
 nd-docs: "DOCS-1436"
 ---
 
-{{< warning >}} This will remove all corresponding custom resources in your entire cluster, across all namespaces. Double-check to make sure you don't have any custom resources you need to keep, and confirm that there are no other Gateway API implementations active in your cluster. {{</ warning >}}
+{{< call-out "warning" >}} This will remove all corresponding custom resources in your entire cluster, across all namespaces. Double-check to make sure you don't have any custom resources you need to keep, and confirm that there are no other Gateway API implementations active in your cluster. {{< /call-out >}}
 
 To uninstall the Gateway API resources, run the following:
 
diff --git a/content/includes/nginx-one/add-file/new-ssl-bundle.md b/content/includes/nginx-one/add-file/new-ssl-bundle.md
index c078213e5..4c948fe52 100644
--- a/content/includes/nginx-one/add-file/new-ssl-bundle.md
+++ b/content/includes/nginx-one/add-file/new-ssl-bundle.md
@@ -4,8 +4,7 @@ docs:
 
 First you can select the toggle to allow NGINX One Console to manage the new certificate or bundle.
 
-In the screen that appears, you can add a certificate name. If you don't add a name, NGINX One will add a name for you, based on the expiration date for the certificate.
-
+In the screen that appears, you can add a certificate name. If you don't add a name, NGINX One Console will add a name for you, based on the expiration date for the certificate.   
 You can add certificates in the following formats:
 
 - **SSL Certificate and Key**
diff --git a/content/includes/nginx-one/alert-labels.md b/content/includes/nginx-one/alert-labels.md
new file mode 100644
index 000000000..e304b8f6c
--- /dev/null
+++ b/content/includes/nginx-one/alert-labels.md
@@ -0,0 +1,29 @@
+---
+files:
+  - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
+  - content/nginx-one/glossary.md
+---
+
+
+You can configure a variety of NGINX alerts in the F5 Distributed Cloud. If you have access to the [F5 Distributed Cloud]({{< ref "/nginx-one/getting-started.md#confirm-access-to-the-f5-distributed-cloud" >}}), log in and select the **Audit Logs & Alerts** tile. 
+
+Go to **Notifications > Alerts**. Select the gear icon and select **Alert Name > Active Alerts**. You may see one or more of the following alerts in the **Audit Logs & Alerts** Console. 
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+
+### Alert Labels
+
+| **Alertname**                  | **Description**                                                    | **Alert Level** | **Action**                                                                                                      |
+|--------------------------------|----------------------------------------------------------------------|-----------------|------------------------------------------------------------------------------------------------------------------|
+| HighCVENGINX                  | A high-severity CVE is impacting an NGINX instance                  | Critical        | Review the CVE details in the NGINX One Console. Apply updates or change configurations to resolve the vulnerability. |
+| MediumCVENGINX                | A medium-severity CVE is impacting an NGINX instance                | Major           | Review the CVE details in the NGINX One Console. Apply updates or configuration changes as needed.               |
+| LowCVENGINX                   | A low-severity CVE is impacting an NGINX instance                   | Minor           | Review the CVE details in the NGINX One Console. Consider updates or configuration changes to maintain security.  |
+| SecurityRecommendationNGINX   | A security recommendation has been found for an NGINX configuration | Critical        | Review the configuration issue in the NGINX One Console. Follow the recommendations to secure the instance or Config Sync Group.      |
+| OptimizationRecommendationNGINX| An optimization recommendation has been found for an NGINX configuration| Major          | Review the optimization details in the NGINX One Console. Update the configuration to for the instance or Config Sync Group to enhance performance.       |
+| BestPracticeRecommendationNGINX| A best practice recommendation has been found for an NGINX configuration | Minor          | Review the best practice recommendation in the NGINX One Console. Update the configuration for the instance or Config Sync Group to align with industry standards. |
+| NGINXOffline                  | An NGINX instance is now offline                                   | Major           | Verify the host is online. Check the NGINX Agent's status on the instance and ensure it is connected to the NGINX One Console. |
+| NGINXUnavailable              | An NGINX instance is now unavailable                               | Major           | Ensure the NGINX Agent and host are active. Verify the NGINX Agent can connect to the NGINX One Console and resolve any network issues. |
+| NewNGINX                      | A new NGINX instance has connected to NGINX One                   | Minor           | Review the instance details in the NGINX One Console. Confirm availability, CVEs, and recommendations to ensure the instance is operational. |
+| NGINXCertificateExpired  | A certificate on an NGINX instance or Config Sync Group has expired  | Critical | Get a new certificate from your certificate authority, then update the TLS/SSL certificate in the NGINX One Console. |
+| NGINXCertificateExpiring | A certificate on an NGINX instance or Config Sync Group will expire soon | Major    | Renew the certificate through your certificate authority, then update the TLS/SSL certificate in the NGINX One Console. |
+{{</bootstrap-table>}}
diff --git a/content/includes/nginx-one/cloud-access-nginx.md b/content/includes/nginx-one/cloud-access-nginx.md
index 7756edc80..ead892c9d 100644
--- a/content/includes/nginx-one/cloud-access-nginx.md
+++ b/content/includes/nginx-one/cloud-access-nginx.md
@@ -1,11 +1,12 @@
 ---
 files:
-  - content/nginx-one/secure-your-fleet/secure.md
   - content/nginx-one/getting-started.md
 ---
 
-Once you've logged in with your password, you should be able to see and select the NGINX One tile. 
+1. Go to `https://<TENANT_NAME>.console.ves.volterra.io/` to access F5 Distributed Cloud, and sign in.
 
-1. Select the **NGINX One** tile
-1. If needed, select **Enable Service**
-1. After the service has been enables, select **Visit Service** to load NGINX One Console
+   After you sign in, you should see the **NGINX One** tile.
+
+1. Select the **NGINX One** tile.
+1. If needed, select **Enable Service**.
+1. After the service is enabled, select **Visit Service** to open NGINX One Console.
diff --git a/content/includes/nginx-one/cloud-access.md b/content/includes/nginx-one/cloud-access.md
index c50a1289b..a92c1380c 100644
--- a/content/includes/nginx-one/cloud-access.md
+++ b/content/includes/nginx-one/cloud-access.md
@@ -1,11 +1,26 @@
 ---
 files:
-  - content/nginx-one/secure-your-fleet/secure.md
+  - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
   - content/nginx-one/getting-started.md
+  - content/nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md
 ---
 
-Confirm an F5 Distributed Cloud tenant has been provisioned for you. Log in to MyF5 and review your subscriptions. You should see within one of your subscriptions "Distributed Cloud". This could be in either an NGINX subscription or a Distributed Cloud. If the above does not appear in any of your subscriptions, reach out to either your F5 Account Team or Customer Success Manager.
+Confirm that an F5 Distributed Cloud tenant has been provisioned for you. To do so:
 
-With access, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password when the tenant was created. The account name referenced in the E-Mail in bold is the tenant name.
+1. Log in to [MyF5](https://my.f5.com/manage/s/) and review your subscriptions.
+2. Look for **Distributed Cloud** in one of your subscriptions. This could appear under an NGINX subscription or a Distributed Cloud subscription.
 
-Navigate to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ to access F5 Distributed Cloud. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with a role providing permissions for NGINX One.
+If you don’t see **Distributed Cloud** in any subscription, contact your F5 account team or Customer Success Manager.
+
+When you have a subscription, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password.
+
+That email includes an account name, which is the TENANT_NAME.
+
+To access F5 Distributed Cloud, go to to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with access to NGINX One Console.
+
+If you do not know your TENANT_NAME, you can:
+
+- Email support@cloud.f5.com to get your username and TENANT_NAME.
+- If you have a dedicated F5 tenant administrator, ask them to:
+  - Provide a username for your tenant
+  - Ask them to reset your password
diff --git a/content/includes/nginx-one/conf/nginx-agent-conf.md b/content/includes/nginx-one/conf/nginx-agent-conf.md
index 0fcbc57ea..f45844015 100644
--- a/content/includes/nginx-one/conf/nginx-agent-conf.md
+++ b/content/includes/nginx-one/conf/nginx-agent-conf.md
@@ -8,7 +8,7 @@ files:
 ```yaml
 command:
   server:
-    host: "<NGINX-One-Console-URL>" # Command server host
+    host: "agent.connect.nginx.com" # Command server host
     port: 443                       # Command server port
   auth:
     token: "<your-data-plane-key-here>" # Authentication token for the command server
@@ -16,7 +16,4 @@ command:
     skip_verify: false
 ```
 
-Replace the placeholder values:
-
-- `<NGINX-One-Console-URL>`: The URL of your NGINX One Console instance, typically https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ .
-- `<your-data-plane-key-here>`: Your Data Plane key.
+Replace `<your-data-plane-key-here>` with your Data Plane key.
diff --git a/content/includes/nginx-one/how-to/generate-data-plane-key.md b/content/includes/nginx-one/how-to/generate-data-plane-key.md
new file mode 100644
index 000000000..ff227ee69
--- /dev/null
+++ b/content/includes/nginx-one/how-to/generate-data-plane-key.md
@@ -0,0 +1,24 @@
+---
+docs:
+files:
+  - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
+  - content/nginx-one/getting-started.md
+  - content/nginx-one/ngf/add-nic.md
+  - content/nginx-one/ngf/add-ngf-helm.md
+  - content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One.
+
+To generate a data plane key, select **Manage > Instances > Add Instance**:
+
+- **For a new key:** In the **Add Instance** pane, select **Generate Data Plane Key**.
+- **To reuse an existing key:** If you already have a data plane key and want to use it again, select **Use existing key**. Then, enter the key's value in the **Data Plane Key** box.
+
+{{<call-out "caution" "Data plane key guidelines" "fas fa-key" >}}
+Data plane keys are displayed only once and cannot be retrieved later. Be sure to copy and store this key securely.
+
+Data plane keys expire after one year. You can change this expiration date later by [editing the key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#change-expiration-date" >}}). If you [revoke a data plane key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#revoke-data-plane-key" >}}) you disconnect all instances registered with that key.
+{{</call-out>}}
+
+For more options associated with data plane keys, see [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}).
diff --git a/content/includes/nginx-one/how-to/install-nginx-agent.md b/content/includes/nginx-one/how-to/install-nginx-agent.md
new file mode 100644
index 000000000..71f026612
--- /dev/null
+++ b/content/includes/nginx-one/how-to/install-nginx-agent.md
@@ -0,0 +1,44 @@
+---
+docs:
+files:
+  - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
+  - content/nginx-one/getting-started.md
+---
+
+After entering your data plane key, you'll see a `curl` command to install NGINX Agent, similar to the one below. Copy and run this command on each NGINX instance. Once installed, NGINX Agent typically registers with NGINX One within a few seconds.
+
+{{<call-out "important" "Connecting to NGINX One" >}}
+ Ensure that any firewall rules you have in place for your NGINX hosts allows network traffic to port `443` for all of the following IPs:
+
+- `3.135.72.139`
+- `3.133.232.50`
+- `52.14.85.249`
+
+NGINX Agent must be able to establish a connection to NGINX One Console's Agent endpoint (`agent.connect.nginx.com`). 
+{{</call-out>}}
+
+To install NGINX Agent on an NGINX instance:
+
+1. **Check if NGINX is running and start it if it's not:**
+
+    First, see if NGINX is running:
+
+    ```shell
+    sudo systemctl status nginx
+    ```
+
+    If the status isn't `Active`, go ahead and start NGINX:
+
+    ```shell
+    sudo systemctl start nginx
+    ```
+
+2. **Install NGINX Agent:**
+
+    Next, use the `curl` command provided to you to install NGINX Agent:
+
+    ``` shell
+    curl https://agent.connect.nginx.com/nginx-agent/install | DATA_PLANE_KEY="YOUR_DATA_PLANE_KEY" sh -s -- -y
+    ```
+
+   - Replace `YOUR_DATA_PLANE_KEY` with your actual data plane key.
diff --git a/content/includes/nginx-one/how-to/k8s-secret-dp-key.md b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
new file mode 100644
index 000000000..bb9db5f75
--- /dev/null
+++ b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
@@ -0,0 +1,20 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+To create a Kubernetes secret, you'll need:
+
+- The Data Plane Key
+- The `nginx-gateway` namespace must exist. You can create it with the following command: `kubectl create namespace nginx-gateway`
+
+   - Then create the secret with the following command. The key must be named `dataplane.key`:
+
+   ```shell
+   kubectl create secret generic dataplane-key \
+     --from-literal=dataplane.key=<Your Dataplane Key> \
+     -n nginx-gateway
+   ```
+
diff --git a/content/includes/nginx-one/how-to/ngf-troubleshooting.md b/content/includes/nginx-one/how-to/ngf-troubleshooting.md
new file mode 100644
index 000000000..52a9db7a0
--- /dev/null
+++ b/content/includes/nginx-one/how-to/ngf-troubleshooting.md
@@ -0,0 +1,26 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent -v
+```
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent
+```
diff --git a/content/includes/nginx-one/how-to/verify-connection.md b/content/includes/nginx-one/how-to/verify-connection.md
new file mode 100644
index 000000000..189176a6d
--- /dev/null
+++ b/content/includes/nginx-one/how-to/verify-connection.md
@@ -0,0 +1,14 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Cloud Console account. 
+
+- Select **NGINX One > Visit Service**. 
+- In the dashboard, select **Manage > Control Planes**.  You should see your Control Planes listed by name, product, and version. Each control plane is associated with one or more instances.
+- Select the name of the Control Plane. In the **Instances** section, select the instance of your choice. You can review instance details, including the name of the **Control Plane**.
+
diff --git a/content/includes/nginx-one/install-nginx.md b/content/includes/nginx-one/install-nginx.md
index cfc3863bf..e00419a29 100644
--- a/content/includes/nginx-one/install-nginx.md
+++ b/content/includes/nginx-one/install-nginx.md
@@ -1,6 +1,6 @@
 ---
 files:
-  - content/nginx-one/secure-your-fleet/secure.md
+  - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
   - content/nginx-one/getting-started.md
 ---
 
diff --git a/content/includes/nginx-one/workshops/xc-account.md b/content/includes/nginx-one/workshops/xc-account.md
new file mode 100644
index 000000000..f0d3ad69f
--- /dev/null
+++ b/content/includes/nginx-one/workshops/xc-account.md
@@ -0,0 +1,9 @@
+---
+files:
+   - content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md
+   - content/nginx-one/workshops/lab3/explore-nginx-one-console-features.md
+   - content/nginx-one/workshops/lab4/config-sync-groups.md
+   - content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md
+---
+
+All labs require an **F5 Distributed Cloud (XC) account** with NGINX One enabled. If you don’t have an account or need to verify access, follow the steps in [Lab 1: Before you begin]({{< ref "nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md#before-you-begin" >}}).
\ No newline at end of file
diff --git a/content/includes/nginx-plus/nginx-openid-repo-note.txt b/content/includes/nginx-plus/nginx-openid-repo-note.md
similarity index 100%
rename from content/includes/nginx-plus/nginx-openid-repo-note.txt
rename to content/includes/nginx-plus/nginx-openid-repo-note.md
diff --git a/content/includes/nginx-plus/supported-distributions.md b/content/includes/nginx-plus/supported-distributions.md
index 86439439b..2a8362697 100644
--- a/content/includes/nginx-plus/supported-distributions.md
+++ b/content/includes/nginx-plus/supported-distributions.md
@@ -3,18 +3,17 @@ docs:
 ---
 
 {{<bootstrap-table "table table-striped table-bordered">}}
-| Distribution                        | Supported on R33                                   | Supported on R32                                   |
-|-------------------------------------|-----------------------------------------------|-----------------------------------------------|
-| AlmaLinux                           | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    |
-| Alpine Linux                        | 3.17 (x86_64, aarch64) **(deprecated)** <br> 3.18 (x86_64, aarch64) <br> 3.19 (x86_64, aarch64) <br> 3.20 (x86_64, aarch64) **(new)** | 3.16 (x86_64, aarch64) **(deprecated)** <br> 3.17 (x86_64, aarch64) <br> 3.18 (x86_64, aarch64) <br> 3.19 (x86_64, aarch64) |
-| Amazon Linux                        | 2023 (x86_64, aarch64)                        | 2023 (x86_64, aarch64)                        |
-| Amazon Linux 2                      | LTS (x86_64, aarch64)                         | LTS (x86_64, aarch64)                         |
-| CentOS                              | **Not supported**                                 | 7.4+ (x86_64) **(deprecated)**                                 |
-| Debian                              | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)  | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)  |
-| FreeBSD                             | 13 (amd64) <br> 14 (amd64)                      | 13 (amd64) <br> 14 (amd64)                      |
-| Oracle Linux                        | 8.1+ (x86_64, aarch64) <br> 9 (x86_64)          | 7.4+ (x86_64) **(deprecated)** <br> 8.1+ (x86_64, aarch64) <br> 9 (x86_64) |
-| Red Hat Enterprise Linux (RHEL)     | 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64) | 7.4+ (x86_64) **(deprecated)** <br> 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64) |
-| Rocky Linux                         | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    |
-| SUSE Linux Enterprise Server (SLES) | 12 SP5 (x86_64) **(deprecated)** <br> 15 SP2+ (x86_64) | 12 SP5 (x86_64) <br> 15 SP2+ (x86_64)           |
-| Ubuntu                              | 20.04 LTS (x86_64, aarch64) <br> 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64) | 20.04 LTS (x86_64, aarch64) <br> 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64 **(new)** |
-{{</bootstrap-table>}}
\ No newline at end of file
+| Distribution                        | Supported on R35                                   | Supported on R34                                       |
+|-------------------------------------|----------------------------------------------------|--------------------------------------------------------|
+| AlmaLinux                           | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64) <br> 10 (x86_64, aarch64) **(new)** | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)            |
+| Alpine Linux                        | 3.19 (x86_64, aarch64) <br> 3.20 (x86_64, aarch64) <br> 3.21 (x86_64, aarch64) <br> 3.22 (x86_64, aarch64) **(new)** | 3.18 (x86_64, aarch64) **(deprecated)** <br> 3.19 (x86_64, aarch64) <br> 3.20 (x86_64, aarch64) <br> 3.21 (x86_64, aarch64) **(new)** |
+| Amazon Linux                        | 2023 (x86_64, aarch64)                             | 2023 (x86_64, aarch64)                                 |
+| Amazon Linux 2                      | LTS (x86_64, aarch64)                              | LTS (x86_64, aarch64)                                  |
+| Debian                              | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)     | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)         |
+| FreeBSD                             | 13.5+ (amd64) <br> 14.3+ (amd64)                         | 13 (amd64) <br> 14 (amd64)                             |
+| Oracle Linux                        | 8.1+ (x86_64, aarch64) <br> 9 (x86_64)             | 8.1+ (x86_64, aarch64) <br> 9 (x86_64)                 |
+| Red Hat Enterprise Linux (RHEL)     | 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64) <br> 10.0+ (x86_64, aarch64) **(new)** | 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64)     |
+| Rocky Linux                         | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)       | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)           |
+| SUSE Linux Enterprise Server (SLES) | 15 SP6+ (x86_64)                                   | 15 SP2+ (x86_64) |
+| Ubuntu                              | 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64) | 20.04 LTS (x86_64, aarch64) **(deprecated)** <br> 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64)  |
+{{</bootstrap-table>}}
diff --git a/content/includes/nginx-plus/usage-tracking/http-health-check.md b/content/includes/nginx-plus/usage-tracking/http-health-check.md
index 7cf3e8cd6..373d479d6 100644
--- a/content/includes/nginx-plus/usage-tracking/http-health-check.md
+++ b/content/includes/nginx-plus/usage-tracking/http-health-check.md
@@ -80,4 +80,4 @@ You can track NGINX Plus instances using an [HTTP Health Check]({{< ref "nginx/a
    - Optionally, you can limit access to the `/api/nginx-usage` location on your NGINX Instance Manager server based on client network address. For guidance on how to do this, refer to [Module ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html).
 3. Save the changes.
 
-{{<important>}}If you install NGINX Agent later, remove this configuration to prevent double-counting instances.{{</important>}}
+{{< call-out "important" >}}If you install NGINX Agent later, remove this configuration to prevent double-counting instances.{{< /call-out >}}
diff --git a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md b/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md
index 855a4b90d..c734a234c 100644
--- a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md
+++ b/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md
@@ -12,4 +12,4 @@ When you install NGINX Agent on an NGINX Plus instance, it will establish a conn
    features: registration,dataplane-status
    ```
 
-   {{<note>}}If you upgrade to the full version of Instance Manager later, remove the `features: registration,dataplane-status` line from the configuration. This change will enable NGINX Agent to collect a broader range of metrics and manage configurations remotely.{{</note>}}
+   {{< call-out "note" >}}If you upgrade to the full version of Instance Manager later, remove the `features: registration,dataplane-status` line from the configuration. This change will enable NGINX Agent to collect a broader range of metrics and manage configurations remotely.{{< /call-out >}}
diff --git a/content/includes/nginx-plus/usage-tracking/install-nim.md b/content/includes/nginx-plus/usage-tracking/install-nim.md
index cdbb7f7b4..d8416d0c2 100644
--- a/content/includes/nginx-plus/usage-tracking/install-nim.md
+++ b/content/includes/nginx-plus/usage-tracking/install-nim.md
@@ -2,7 +2,7 @@
 nd-docs: DOCS-1355
 ---
 
-{{<note>}}A separate license for NGINX Instance Manager is not required to track your NGINX product usage.{{</note>}}
+{{< call-out "note" >}}A separate license for NGINX Instance Manager is not required to track your NGINX product usage.{{< /call-out >}}
 
 To start reporting on your [NGINX Plus]({{< ref "nginx/" >}}) installations, you'll first need to install [NGINX Instance Manager]({{< ref "nim/" >}}) on a dedicated host. You can choose between two installation options: either on a virtual machine or bare metal server, or by deploying on a Kubernetes cluster. Instructions for both methods are below:
 
diff --git a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md
index 54e2cc824..15169836d 100644
--- a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md
+++ b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md
@@ -14,7 +14,7 @@ If the diagnostic setting destination details included a storage account, logs s
 | `<HH>`                      | The two-digit hour value that indicates the starting hour for the log batch, in 24 hour UTC format|
 {{</bootstrap-table>}}
 
-{{<note>}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Azure Storage container.{{</note>}}
+{{< call-out "note" >}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Azure Storage container.{{< /call-out >}}
 
 Each log event in the "PT1H.json" file is written in a new line delimited JSON text format. The properties that show up in each log line are described in the [Top Level Common Schema](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-schema#top-level-common-schema) documentation.
 
diff --git a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md
index 418c8edfc..faa636ca7 100644
--- a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md
+++ b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md
@@ -27,4 +27,4 @@ For more information on the standard attributes that appear in Logs Analytics,se
 
 For more information on using [KQL](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/) see [Queries in Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/queries?tabs=groupby).
 
-{{<note>}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Logs Analytics Workspace.{{</note>}}
+{{< call-out "note" >}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Logs Analytics Workspace.{{< /call-out >}}
diff --git a/content/includes/nginxaas-azure/logging-config-access-logs.md b/content/includes/nginxaas-azure/logging-config-access-logs.md
index 63e7c12ec..45b64c4c6 100644
--- a/content/includes/nginxaas-azure/logging-config-access-logs.md
+++ b/content/includes/nginxaas-azure/logging-config-access-logs.md
@@ -15,7 +15,7 @@ http {
 }
 ```
 
-{{<note>}} The **$time_local** variable includes the date and time for each log. It helps with ordering logs after export. {{</note>}}
+{{< call-out "note" >}} The **$time_local** variable includes the date and time for each log. It helps with ordering logs after export. {{< /call-out >}}
 
 To explicitly disable access logs, apply the following config:
 
@@ -35,5 +35,5 @@ http {
 
 To learn more about how to specify `access__log` in different configuration levels and their effect, see [access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log)
 
-{{<warning>}}Unless you use **syslog**, keep NGINX logs in the **/var/log/nginx** directory. Otherwise, you may lose data from your logs.
-{{</warning>}}
+{{< call-out "warning" >}}Unless you use **syslog**, keep NGINX logs in the **/var/log/nginx** directory. Otherwise, you may lose data from your logs.
+{{< /call-out >}}
diff --git a/content/includes/nginxaas-azure/terraform-prerequisites.md b/content/includes/nginxaas-azure/terraform-prerequisites.md
index aafb6908f..35d886ceb 100644
--- a/content/includes/nginxaas-azure/terraform-prerequisites.md
+++ b/content/includes/nginxaas-azure/terraform-prerequisites.md
@@ -6,4 +6,4 @@ nd-docs: "DOCS-000"
 - [Authenticate Terraform to Azure](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure)
 - [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install)
 
-{{< caution >}} The examples in the NGINXaaS for Azure Snippets GitHub repository use the prerequisites module [available in the same repository](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/terraform/prerequisites). {{< /caution >}}
+{{< call-out "caution"  >}} The examples in the NGINXaaS for Azure Snippets GitHub repository use the prerequisites module [available in the same repository](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/terraform/prerequisites). {{< /call-out >}}
diff --git a/content/includes/nic/compatibility-tables/nic-nap.md b/content/includes/nic/compatibility-tables/nic-nap.md
index aaf914ca1..68f6b37bc 100644
--- a/content/includes/nic/compatibility-tables/nic-nap.md
+++ b/content/includes/nic/compatibility-tables/nic-nap.md
@@ -3,7 +3,8 @@ The following table shows compatibility between NGINX Ingress Controller (NIC) a
 {{< bootstrap-table "table table-striped table-responsive" >}}
 | NIC Version         | NAP-WAF Version | Config Manager | Enforcer |
 | ------------------- | --------------- | -------------- | -------- |
-| {{< nic-version >}} | 34+5.332        | 5.6.0          | 5.6.0    |
+| {{< nic-version >}} | 35+5.498        | 5.8.0          | 5.8.0    |
+| 5.0.0               | 34+5.342        | 5.6.0          | 5.6.0    |
 | 4.0.1               | 33+5.264        | 5.5.0          | 5.5.0    |
 | 3.7.2               | 32+5.1          | 5.3.0          | 5.3.0    |
 | 3.6.2               | 32+5.48         | 5.2.0          | 5.2.0    |
diff --git a/content/includes/nic/configuration/global-configuration/command-line-arguments.md b/content/includes/nic/configuration/global-configuration/command-line-arguments.md
index 552bba1be..908e4e1fa 100644
--- a/content/includes/nic/configuration/global-configuration/command-line-arguments.md
+++ b/content/includes/nic/configuration/global-configuration/command-line-arguments.md
@@ -299,7 +299,7 @@ Format: `[1024 - 65535]` (default `8080`)
 
 ### -proxy `<string>`
 
-{{< warning >}} This argument is intended for testing purposes only. {{< /warning >}}
+{{< call-out "warning" >}} This argument is intended for testing purposes only. {{< /call-out >}}
 
 Use a proxy server to connect to Kubernetes API started with `kubectl proxy`.
 
diff --git a/content/includes/nic/configuration/global-configuration/configmap-resource.md b/content/includes/nic/configuration/global-configuration/configmap-resource.md
index b01c18e98..2e681b3a0 100644
--- a/content/includes/nic/configuration/global-configuration/configmap-resource.md
+++ b/content/includes/nic/configuration/global-configuration/configmap-resource.md
@@ -189,11 +189,11 @@ Zone synchronization with TLS for NGINX Ingress Controller is not yet available
 
 You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml).
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`.
 
 If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC.
-{{< /caution >}}
+{{< /call-out >}}
 
 
 {{<bootstrap-table "table table-striped table-bordered table-responsive">}}
diff --git a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md b/content/includes/nic/configuration/global-configuration/reporting-resources-status.md
index f2e72fb03..20abe68d6 100644
--- a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md
+++ b/content/includes/nic/configuration/global-configuration/reporting-resources-status.md
@@ -32,7 +32,7 @@ NGINX Ingress Controller must be configured to report an Ingress status:
 
 View the [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource) and [Command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) topics for more information.
 
-{{< note >}} NGINX Ingress Controller does not clear the status of Ingress resources when it is being shut down. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of Ingress resources when it is being shut down. {{< /call-out >}}
 
 ## VirtualServer and VirtualServerRoute resources
 
@@ -58,7 +58,7 @@ kubectl get virtualservers -o wide
   cafe   Valid   cafe.example.com         ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com   [80,443]   106s
 ```
 
-{{< note >}} If there are multiple addresses, only the first one is shown. {{< /note >}}
+{{< call-out "note" >}} If there are multiple addresses, only the first one is shown. {{< /call-out >}}
 
 In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
 
@@ -115,7 +115,7 @@ NGINX Ingress Controller must be configured to report a VirtualServer or Virtual
 
 View the [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource) and [Command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) topics for more information.
 
-{{< note >}} NGINX Ingress Controller does not clear the status of VirtualServer and VirtualServerRoute resources when it is being shut down. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of VirtualServer and VirtualServerRoute resources when it is being shut down. {{< /call-out >}}
 
 ## Policy resources
 
diff --git a/content/includes/nic/configuration/host-and-listener-collisions.md b/content/includes/nic/configuration/host-and-listener-collisions.md
index 3336bb21e..bfa284664 100644
--- a/content/includes/nic/configuration/host-and-listener-collisions.md
+++ b/content/includes/nic/configuration/host-and-listener-collisions.md
@@ -13,7 +13,7 @@ This document explains how F5 NGINX Ingress Controller handles host and listener
 
 If multiple resources contend for the same host or listener, NGINX Ingress Controller will pick the winner based on the `creationTimestamp` of the resources: the oldest resource will win. In case there are more than one oldest resource (their `creationTimestamp` is the same),  NGINX Ingress Controller will choose the resource with the lexicographically smallest `uid`.
 
-{{< note >}} The `creationTimestamp` and `uid` fields are part of the [ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/) resource. {{< /note >}}
+{{< call-out "note" >}} The `creationTimestamp` and `uid` fields are part of the [ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/) resource. {{< /call-out >}}
 
 ---
 
@@ -88,9 +88,9 @@ Events:
 
 Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` and NGINX Ingress Controller will reject `cafe-virtual-server`.
 
-{{< note >}} You can configure multiple hosts for Ingress resources, and its possible that an Ingress resource can be the winner for some of its hosts and a loser for the others.
+{{< call-out "note" >}} You can configure multiple hosts for Ingress resources, and its possible that an Ingress resource can be the winner for some of its hosts and a loser for the others.
 
-For example, if `cafe-ingress` had an additional rule host rule for `pub.example.com`, NGINX Ingress Controller would not reject the Ingress. Instead, it would allow `cafe-ingress` to handle `pub.example.com`. {{< /note >}}
+For example, if `cafe-ingress` had an additional rule host rule for `pub.example.com`, NGINX Ingress Controller would not reject the Ingress. Instead, it would allow `cafe-ingress` to handle `pub.example.com`. {{< /call-out >}}
 
 ---
 
diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
index 29c2598de..11ccf7099 100644
--- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
+++ b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -86,7 +86,7 @@ Events:
 
 Note how the events section includes a Warning event with the Rejected reason.
 
-{{< note >}} If you make an existing Ingress invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. {{< /note >}}
+{{< call-out "note" >}} If you make an existing Ingress invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. {{< /call-out >}}
 
 The `nginx.com/jwt-token` Ingress annotation has limited validation.
 
@@ -94,7 +94,7 @@ The `nginx.com/jwt-token` Ingress annotation has limited validation.
 
 The table below summarizes the available annotations.
 
-{{< note >}} Annotations that start with `nginx.com` are only supported with NGINX Plus. {{< /note >}}
+{{< call-out "note" >}} Annotations that start with `nginx.com` are only supported with NGINX Plus. {{< /call-out >}}
 
 ### General customization
 
@@ -203,7 +203,7 @@ The table below summarizes the available annotations.
 
 ### App Protect WAF {#app-protect}
 
-{{< note >}} The App Protect annotations only work if the App Protect WAF module is [installed]({{< relref "installation/integrations/app-protect-waf/installation.md" >}}). {{< /note >}}
+{{< call-out "note" >}} The App Protect annotations only work if the App Protect WAF module is [installed]({{< relref "installation/integrations/app-protect-waf/installation.md" >}}). {{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Annotation | ConfigMap Key | Description | Default | Example |
@@ -217,7 +217,7 @@ The table below summarizes the available annotations.
 
 ### App Protect DoS
 
-{{< note >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< relref "installation/integrations/app-protect-dos/installation.md" >}}). {{< /note >}}
+{{< call-out "note" >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< relref "installation/integrations/app-protect-dos/installation.md" >}}). {{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Annotation | ConfigMap Key | Description | Default | Example |
diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
index f31e7057b..fc4d75ace 100644
--- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
+++ b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
@@ -27,7 +27,7 @@ Snippets have the following disadvantages:
 - *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources.
 - *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources.
 
-{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}}
+{{< call-out "note" >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /call-out >}}
 
 ## Using snippets
 
@@ -68,7 +68,7 @@ spec:
 
 These snippets generate the following NGINX configuration:
 
-{{< note >}} The example is shortened for conciseness. {{< /note >}}
+{{< call-out "note" >}} The example is shortened for conciseness. {{< /call-out >}}
 
 ```nginx
 server {
diff --git a/content/includes/nic/configuration/ingress-resources/basic-configuration.md b/content/includes/nic/configuration/ingress-resources/basic-configuration.md
index 6884e42b5..3c0869a46 100644
--- a/content/includes/nic/configuration/ingress-resources/basic-configuration.md
+++ b/content/includes/nic/configuration/ingress-resources/basic-configuration.md
@@ -25,7 +25,7 @@ Here is a breakdown of what this Ingress resource definition means:
 
 To learn more about the Ingress resource, view [the official Kubernetes documentation for Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
-{{< note >}} For complete instructions on deploying Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/complete-example) in the GitHub repository. {{< /note >}}
+{{< call-out "note" >}} For complete instructions on deploying Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/complete-example) in the GitHub repository. {{< /call-out >}}
 
 ---
 
diff --git a/content/includes/nic/configuration/policy-resource.md b/content/includes/nic/configuration/policy-resource.md
index 5de80b1c1..ceb622ffe 100644
--- a/content/includes/nic/configuration/policy-resource.md
+++ b/content/includes/nic/configuration/policy-resource.md
@@ -67,11 +67,11 @@ accessControl:
   deny:
   - 10.0.0.0/8
 ```
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). NGINX Ingress Controller access control policy supports either allow or deny rules, but not both (as the module does).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -113,17 +113,17 @@ rateLimit:
   zoneSize: 10M
   key: ${binary_remote_addr}
 ```
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_limit_req_module](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 When the [Zone Sync feature]({{< ref "/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) is enabled with NGINX Plus, the rate limiting zone will be synchronized across all replicas in the cluster.  This means all replicas are aware of the requests that have been rate limited by other replicas in the cluster.
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -141,11 +141,11 @@ When the [Zone Sync feature]({{< ref "/configuration/global-configuration/config
 |``condition`` | Add a condition to a rate-limit policy. | [ratelimit.condition](#ratelimitcondition) | No |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 For each policy referenced in a VirtualServer and/or its VirtualServerRoutes, NGINX Ingress Controller will generate a single rate limiting zone defined by the [`limit_req_zone`](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) directive. If two VirtualServer resources reference the same policy, NGINX Ingress Controller will generate two different rate limiting zones, one zone per VirtualServer.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### RateLimit Merging Behavior
 
@@ -181,11 +181,11 @@ condition:
 The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md).
 
 ### RateLimit.Condition.JWT
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 RateLimit.Condition.JWT defines a condition for a rate limit by JWT claim. For example, here we define a condition for a rate limit policy that only applies to requests with a JWT claim `user_details.level` with a value `premium`:
 
@@ -217,11 +217,11 @@ The rate limit policy will only apply to requests that contain a JWT with the sp
 
 The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using NGINX [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) and [NGINX JavaScript (NJS)](https://nginx.org/en/docs/njs/).
 
-{{< /note >}}
+{{< /call-out >}}
 
 The policies' API keys are securely stored using SHA-256 hashing. When a client sends an API Key, it is hashed by NJS and then compared to the hashed API Key in the NGINX config.
 
@@ -260,7 +260,7 @@ data:
 |``clientSecret`` | The name of the Kubernetes secret that stores the API Key(s). It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/apikey``, and the API Key(s) must be stored in a key: val format where each key is a unique clientID and each value is a unique base64 encoded API Key  | ``string`` | Yes |
 {{% /table %}}
 
-{{<important>}}An APIKey Policy must include a minimum of one of the `suppliedIn.header` or `suppliedIn.query` parameters.  Both can also be supplied.{{</important>}}
+{{< call-out "important" >}}An APIKey Policy must include a minimum of one of the `suppliedIn.header` or `suppliedIn.query` parameters.  Both can also be supplied.{{< /call-out >}}
 
 #### APIKey Merging Behavior
 
@@ -306,9 +306,9 @@ basicAuth:
   secret: htpasswd-secret
   realm: "My API"
 ```
-{{< note >}}
+{{< call-out "note" >}}
 The feature is implemented using the NGINX [ngx_http_auth_basic_module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html).
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -331,11 +331,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### JWT Using Local Kubernetes Secret
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens.
 
@@ -366,11 +366,11 @@ We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/conf
 
 The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For other claims, use `${jwt_claim_name}`, where `name` is the name of the claim. Note that nested claims and claims that include a period (`.`) are not supported. Similarly, use `${jwt_header_name}` where `name` is the name of a header. In our example, we use the `alg` header.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is implemented using the NGINX Plus [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -394,11 +394,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### JWT Using JWKS From Remote Location
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens, allowing import of the keys (JWKS) for JWT policy by means of a URL (for a remote server or an identity provider) as a result they don't have to be copied and updated to the IC pod.
 
@@ -412,11 +412,11 @@ jwt:
   keyCache: 1h
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is implemented using the NGINX Plus directive [auth_jwt_key_request](http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_request) under [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -427,13 +427,13 @@ This feature is implemented using the NGINX Plus directive [auth_jwt_key_request
 |``token`` | The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the ``Authorization`` header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: ``$cookie_auth_token``. Accepted variables are ``$http_``, ``$arg_``, ``$cookie_``. | ``string`` | No |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Content caching is enabled by default for each JWT policy with a default time of 12 hours.
 
 This is done to ensure to improve resiliency by allowing the JWKS (JSON Web Key Set) to be retrieved from the cache even when it has expired.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### JWT Merging Behavior
 
@@ -495,22 +495,22 @@ action:
 
 We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
 
-{{< note >}}
+{{< call-out "note" >}}
 
  The feature is implemented using the NGINX [ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html).
 
- {{< /note >}}
+ {{< /call-out >}}
 
 #### Using a Certificate Revocation List
 
 The IngressMTLS policy supports configuring at CRL for your policy.
 This can be done in one of two ways.
 
-{{< note >}}
+{{< call-out "note" >}}
 
  Only one of these configurations options can be used at a time.
 
-{{< /note >}}
+{{< /call-out >}}
 
 1. Adding the `ca.crl` field to the `nginx.org/ca` secret type, which accepts a base64 encoded certificate revocation list (crl).
    Example YAML:
@@ -528,13 +528,13 @@ data:
 
 2. Adding the `crlFileName` field to your IngressMTLS policy spec with the name of the CRL file.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This configuration option should only be used when using a CRL that is larger than 1MiB.
 
 Otherwise we recommend using the `nginx.org/ca` secret type for managing your CRL.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Example YAML:
 
@@ -594,11 +594,11 @@ egressMTLS:
   verifyDepth: 2
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -628,11 +628,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### OIDC
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 This feature is disabled by default. To enable it, set the [enable-oidc]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-enable-oidc" >}}) command-line argument of NGINX Ingress Controller.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 The OIDC policy configures NGINX Plus as a relying party for OpenID Connect authentication.
 
@@ -653,22 +653,22 @@ spec:
 
 NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP header `username`.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as a relying party for OpenID Connect authentication.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### Prerequisites
 
 In order to use OIDC, you need to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/). If you don't set up zone synchronization, NGINX Plus will fail to reload.
 You also need to configure a resolver, which NGINX Plus will use to resolve the IDP authorization endpoint. You can find an example configuration [in our GitHub repository](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver).
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens.
 
-{{< /warning >}}
+{{< /call-out >}}
 
 #### Limitations
 
@@ -691,11 +691,11 @@ The OIDC policy defines a few internal locations that can't be customized: `/_jw
 |``accessTokenEnable`` | Option of whether Bearer token is used to authorize NGINX to access protected backend. | ``boolean`` | No |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Only one OIDC policy can be referenced in a VirtualServer and its VirtualServerRoutes. However, the same policy can still be applied to different routes in the VirtualServer and VirtualServerRoutes.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### OIDC Merging Behavior
 
@@ -734,7 +734,7 @@ For `kubectl get` and similar commands, you can also use the short name `pol` in
 
 ### WAF {#waf}
 
-{{< note >}} The feature is implemented using the NGINX Plus [NGINX App Protect WAF Module](https://docs.nginx.com/nginx-app-protect/configuration/). {{< /note >}}
+{{< call-out "note" >}} The feature is implemented using the NGINX Plus [NGINX App Protect WAF Module](https://docs.nginx.com/nginx-app-protect/configuration/). {{< /call-out >}}
 
 The WAF policy configures NGINX Plus to secure client requests using App Protect WAF policies.
 
@@ -753,7 +753,7 @@ waf:
     logDest: "syslog:server=syslog-svc-secondary.default:514"
 ```
 
-{{< note >}} The field `waf.securityLog` is deprecated and will be removed in future releases.It will be ignored if `waf.securityLogs` is populated. {{< /note >}}
+{{< call-out "note" >}} The field `waf.securityLog` is deprecated and will be removed in future releases.It will be ignored if `waf.securityLogs` is populated. {{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
diff --git a/content/includes/nic/configuration/security.md b/content/includes/nic/configuration/security.md
index 7267eaa01..4ade6e0cf 100644
--- a/content/includes/nic/configuration/security.md
+++ b/content/includes/nic/configuration/security.md
@@ -33,9 +33,9 @@ By default, the ServiceAccount has access to all Secret resources in the cluster
 
 ### Configure root filesystem as read-only
 
-{{< caution >}}
+{{< call-out "caution"  >}}
  This feature is compatible with [NGINX App Protect WAFv5](https://docs.nginx.com/nginx-app-protect-waf/v5/). It is not compatible with [NGINX App Protect WAFv4](https://docs.nginx.com/nginx-app-protect-waf/v4/) or [NGINX App Protect DoS](https://docs.nginx.com/nginx-app-protect-dos/).
-{{< /caution >}}
+{{< /call-out >}}
 
 NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all containers to read-only, this includes `nginx-ingress-controller`, though also includes `waf-enforcer` and `waf-config-mgr` when NGINX App Protect WAFv5 is in use.  This is so that the attack surface is further reduced by limiting changes to binaries and libraries.
 
@@ -90,9 +90,9 @@ Snippets allow raw NGINX configuration to be inserted into resources. They are i
 
 Snippets are disabled by default. To use snippets, set the [**enable-snippets**]({{< relref"configuration/global-configuration/command-line-arguments.md#cmdoption-enable-snippets" >}}) command-line argument.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
  Snippets are **always** enabled for ConfigMap.
-{{< /caution >}}
+{{< /call-out >}}
 
 For more information, read the following:
 
diff --git a/content/includes/nic/configuration/transportserver-resource.md b/content/includes/nic/configuration/transportserver-resource.md
index ea2f3c688..23f287c02 100644
--- a/content/includes/nic/configuration/transportserver-resource.md
+++ b/content/includes/nic/configuration/transportserver-resource.md
@@ -182,7 +182,7 @@ healthCheck:
   port: 8080
 ```
 
-{{< note >}} This feature is only supported with NGINX Plus. {{< /note >}}
+{{< call-out "note" >}} This feature is only supported with NGINX Plus. {{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
@@ -337,7 +337,7 @@ spec:
     port: 80
 ```
 
-{{< note >}} To configure snippets in the `stream` context, use `stream-snippets` ConfigMap key. {{< /note >}}
+{{< call-out "note" >}} To configure snippets in the `stream` context, use `stream-snippets` ConfigMap key. {{< /call-out >}}
 
 For additional information, view the [Advanced configuration with Snippets]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) topic.
 
diff --git a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md
index 06509075c..2807c0440 100644
--- a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md
+++ b/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md
@@ -734,7 +734,7 @@ always: true
 
 \* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only).
 
-{{< note >}} If `always` is false, the response header is added only if the response status code is any of `200`, `201`, `204`, `206`, `301`, `302`, `303`, `304`, `307` or `308`. {{< /note >}}
+{{< call-out "note" >}} If `always` is false, the response header is added only if the response status code is any of `200`, `201`, `204`, `206`, `301`, `302`, `303`, `304`, `307` or `308`. {{< /call-out >}}
 
 ### Split
 
@@ -811,7 +811,7 @@ action:
 |``splits`` | The splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No |
 {{</bootstrap-table>}}
 
-{{< note >}} A match must include exactly one of the following: `action` or `splits`. {{< /note >}}
+{{< call-out "note" >}} A match must include exactly one of the following: `action` or `splits`. {{< /call-out >}}
 
 ### Condition
 
@@ -827,7 +827,7 @@ The condition defines a condition in a match.
 |``value`` | The value to match the condition against. How to define a value is shown below the table. | ``string`` | Yes |
 {{</bootstrap-table>}}
 
-{{< note >}}  a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /note >}}
+{{< call-out "note" >}}  a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /call-out >}}
 
 Supported NGINX variables: `$args`, `$http2`, `$https`, `$remote_addr`, `$remote_port`, `$query_string`, `$request`, `$request_body`, `$request_uri`, `$request_method`, `$scheme`. Find the documentation for each variable [here](https://nginx.org/en/docs/varindex.html).
 
@@ -841,7 +841,7 @@ The value supports two kinds of matching:
   - `!~^yes` -- negation of the previous regular expression that succeeds for strings like `YES`, `Yes123`, `noyes`. (The negation mechanism is not part of the PCRE syntax).
   - `~*no$` -- a case-insensitive regular expression that matches any string that ends with `no`. For example: `no`, `123no`, `123NO`.
 
-{{< note >}} A value must not include any unescaped double quotes (`"`) and must not end with an unescaped backslash (`\`). For example, the following are invalid values: `some"value`, `somevalue\`. {{< /note >}}
+{{< call-out "note" >}} A value must not include any unescaped double quotes (`"`) and must not end with an unescaped backslash (`\`). For example, the following are invalid values: `some"value`, `somevalue\`. {{< /call-out >}}
 
 ### ErrorPage
 
@@ -868,7 +868,7 @@ errorPages:
 |``return`` | The canned response action for the given status codes. | [errorPage.Return](#errorpagereturn) | No |
 {{</bootstrap-table>}}
 
-{{< note >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /note >}}
+{{< call-out "note" >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /call-out >}}
 
 ### ErrorPage.Redirect
 
diff --git a/content/includes/nic/installation/create-custom-resources.md b/content/includes/nic/installation/create-custom-resources.md
index dbdbf6065..950f203f4 100644
--- a/content/includes/nic/installation/create-custom-resources.md
+++ b/content/includes/nic/installation/create-custom-resources.md
@@ -30,10 +30,11 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{<
 
 {{%tab name="Install CRDs after cloning the repo"%}}
 
-{{< note >}} If you are installing the CRDs this way, ensure you have first cloned the repository. {{< /note >}}
+{{< call-out "note" >}} 
 
-{{< note >}} Please make sure to read the steps outlined in [Upgrade to V4](https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/upgrade-to-v4/#update-custom-resource-apiversion) before running the CRD upgrade and perform the steps if applicable.
-{{< /note >}}
+Read the steps outlined in [Upgrade from 3.x to 4.x]({{< ref "/nic/installation/upgrade-version.md#upgrade-from-3x-to-4x" >}}) before running the CRD upgrade and perform the steps if applicable.
+
+{{< /call-out >}}
 
 
 ```shell
diff --git a/content/includes/nic/installation/download-jwt.md b/content/includes/nic/installation/download-jwt.md
index 78ad1cbf8..63880f204 100644
--- a/content/includes/nic/installation/download-jwt.md
+++ b/content/includes/nic/installation/download-jwt.md
@@ -7,4 +7,4 @@ nd-docs: "DOCS-000"
 3. Find your NGINX products or services subscription, and select the **Subscription ID** for details.
 4. Download the **JSON Web Token (JWT)** from the subscription page.
 
-{{< note >}} The Connectivity Stack for Kubernetes JWT does not work with NGINX Plus reporting. A regular NGINX Plus instance JWT must be used. {{< /note >}}
+{{< call-out "note" >}} The Connectivity Stack for Kubernetes JWT does not work with NGINX Plus reporting. A regular NGINX Plus instance JWT must be used. {{< /call-out >}}
diff --git a/content/includes/nic/installation/jwt-password-note.md b/content/includes/nic/installation/jwt-password-note.md
index 040a3e142..a38209fc9 100644
--- a/content/includes/nic/installation/jwt-password-note.md
+++ b/content/includes/nic/installation/jwt-password-note.md
@@ -2,10 +2,10 @@
 nd-docs:
 ---
 
-{{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
+{{< call-out "note" >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
 
 1. **JWTs:** JWTs are sensitive information. Store them securely. Delete them after use to prevent unauthorized access.
 
 1. **Shell history:** Commands that include JWTs or passwords are recorded in the history of your shell, in plain text. Clear your shell history after running such commands. For example, if you use bash, you can delete commands in your `~/.bash_history` file. Alternatively, you can run the `history -c` command to erase your shell history.
 
-Follow these practices to help ensure the security of your system and data. {{< /note >}}
+Follow these practices to help ensure the security of your system and data. {{< /call-out >}}
diff --git a/content/includes/nim/installation/optional-steps/install-configure-vault.md b/content/includes/nim/installation/optional-steps/install-configure-vault.md
index 6d39a002a..4789a77ec 100644
--- a/content/includes/nim/installation/optional-steps/install-configure-vault.md
+++ b/content/includes/nim/installation/optional-steps/install-configure-vault.md
@@ -11,6 +11,6 @@ NGINX Instance Manager can use [Vault](https://www.vaultproject.io/) as a datast
 
 To install and enable Vault, follow these steps:
 
-- Follow Vault's instructions to [install Vault 1.8.8 or later](https://www.vaultproject.io/docs/install) for your distribution.
+- Follow Vault's instructions to [install Vault 1.8.8 or later](https://developer.hashicorp.com/vault/install) for your operating system.
 - Ensure you're running Vault in a [production-hardened environment](https://learn.hashicorp.com/tutorials/vault/production-hardening).
 - After installing NGINX Instance Manager, follow the steps to [configure Vault for storing secrets]({{< ref "/nim/system-configuration/configure-vault.md" >}}).
diff --git a/content/includes/nim/rbac/create-user-groups.md b/content/includes/nim/rbac/create-user-groups.md
index 9c9c1db12..70da4af28 100644
--- a/content/includes/nim/rbac/create-user-groups.md
+++ b/content/includes/nim/rbac/create-user-groups.md
@@ -18,7 +18,7 @@ Here's how to create a user group and assign roles:
 
 1. Select one or more roles from the **Roles** list to assign to the group.
 
-   {{<important>}}At least one user group must have the `admin` role assigned.{{</important>}}
+   {{< call-out "important" >}}At least one user group must have the `admin` role assigned.{{< /call-out >}}
 
 1. Select **Save** to create the group.
 
diff --git a/content/includes/nim/tech-specs/nim-app-protect-support.md b/content/includes/nim/tech-specs/nim-app-protect-support.md
index 203e7c2ef..c4cb16b01 100644
--- a/content/includes/nim/tech-specs/nim-app-protect-support.md
+++ b/content/includes/nim/tech-specs/nim-app-protect-support.md
@@ -8,7 +8,7 @@ NGINX Instance Manager supports the following versions of [NGINX App Protect WAF
 
 | NGINX Instance Manager | NGINX App Protect WAF              |
 |------------------------|------------------------------------|
-| 2.17.0–2.20.0          | Release 4.8.0–4.15.0, 5.1.0–5.7.0 |
+| 2.17.0–2.20.0          | Release 4.8.0–4.16.0, 5.1.0–5.8.0 |
 | 2.15.1–2.16.0          | Release 4.8.0–4.10.0              |
 | 2.14.1–2.15.0          | Release 4.4.0–4.7.0               |
 | 2.13.0–2.14.0          | Release 4.3.0–4.5.0               |
diff --git a/content/includes/nim/tech-specs/security-data-plane-dependencies.md b/content/includes/nim/tech-specs/security-data-plane-dependencies.md
index 010ad835b..9406abda2 100644
--- a/content/includes/nim/tech-specs/security-data-plane-dependencies.md
+++ b/content/includes/nim/tech-specs/security-data-plane-dependencies.md
@@ -1,9 +1,9 @@
 The Security Monitoring module requires the following versions of [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect/) and [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) for the **data plane**:
 
-{{< note >}}
+{{< call-out "note" >}}
 In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually.
 From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed.
-{{< /note >}}
+{{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
diff --git a/content/includes/nim/tech-specs/security-management-plane-dependencies.md b/content/includes/nim/tech-specs/security-management-plane-dependencies.md
index 25eb8f0fc..b05818bde 100644
--- a/content/includes/nim/tech-specs/security-management-plane-dependencies.md
+++ b/content/includes/nim/tech-specs/security-management-plane-dependencies.md
@@ -1,9 +1,9 @@
 The Security Monitoring module requires the following versions of NGINX Instance Manager to be installed on the **management plane**.
 
-{{< note >}}
+{{< call-out "note" >}}
 In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually.
 From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed.
-{{< /note >}}
+{{< /call-out >}}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
diff --git a/content/includes/nim/tech-specs/supported-distros.md b/content/includes/nim/tech-specs/supported-distros.md
index 7ede72fc3..1abfed6ae 100644
--- a/content/includes/nim/tech-specs/supported-distros.md
+++ b/content/includes/nim/tech-specs/supported-distros.md
@@ -8,14 +8,12 @@ The following table lists the Linux distributions supported by NGINX Instance Ma
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| Distribution    | Version                                | Architecture     | NGINX Instance Manager Support                          | NGINX App Protect Support                          |
-|-----------------|----------------------------------------|------------------|---------------------------------------------------|----------------------------------------------------|
-| Amazon Linux    | 2 LTS                                  | x86_64           | Supported                                         | **Support discontinued as of 2.18.0**                                          |
-| CentOS          | 7.4 and later in the 7.x family        | x86_64           | **Support discontinued as of 2.17.0**             | Supported                                          |
-| Debian          | 11<hr>12                               | x86_64<hr>x86_64 | Supported<hr>Supported on 2.13.0+                 | Supported<hr>Supported                             |
-| Oracle Linux    | 7.4 and later in the 7.x family<hr>8.0 and later in the 8.x family | x86_64<hr>x86_64 | Supported<hr>Supported on 2.6.0+                 | Supported<hr>Supported                             |
-| RHEL            | 7.4 and later in the 7.x family<hr>8.x and later in the 8.x family<hr>9.x and later in the 9.x family | x86_64<hr>x86_64<hr>x86_64 | **Support discontinued as of 2.17.0**<hr>Supported<hr>Supported on 2.6.0+ | Supported<hr>Supported<hr>Supported |
-| Ubuntu          | 20.04<hr>22.04<hr>24.04                | x86_64<hr>x86_64<hr>x86_64 | Supported<hr>Supported on 2.3.0+<hr>Supported on 2.18.0+                 | Supported<hr>Supported<hr>Supported                             |
+| Distribution    | Version                                | Architecture     | NGINX Instance Manager Support                      | NGINX App Protect Support                          |
+|-----------------|----------------------------------------|------------------|-----------------------------------------------------|----------------------------------------------------|
+| Debian          | 11<hr>12                               | x86_64<hr>x86_64 | Supported<hr>Supported                              | Supported<hr>Supported                             |
+| Oracle Linux    | 8.0 and later in the 8.x family        | x86_64           | Supported                                           | Supported                                          |
+| RHEL            | 8.0 and later in the 8.x family<hr>9.0 and later in the 9.x family  | x86_64<hr>x86_64 | Supported<hr>Supported | Supported<hr>Supported                             |
+| Ubuntu          | 22.04<hr>24.04                         | x86_64<hr>x86_64 | Supported<hr>Supported on 2.18.0+                   | Supported<hr>Supported                             |
 
 {{</bootstrap-table>}}
 
diff --git a/content/includes/unit/howto_change_ownership.md b/content/includes/unit/howto_change_ownership.md
index 36fa9d9e3..8176fced2 100644
--- a/content/includes/unit/howto_change_ownership.md
+++ b/content/includes/unit/howto_change_ownership.md
@@ -7,12 +7,12 @@ each one):
 ```
 
 
-{{< note >}}
+{{< call-out "note" >}}
 The **unit:unit** user-group pair is available only with
 [official packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}})
 , Docker [images]({{< relref "/unit/installation.md#installation-docker" >}}),
 and some [third-party repos]({{< relref "/unit/installation.md#installation-community-repos" >}}). Otherwise, account names may differ; run the `ps aux | grep unitd` command to be sure.
-{{< /note >}}
+{{< /call-out >}}
 
 For further details, including permissions, see the
 [security checklist]({{< relref "/unit/howto/security.md#secutiry-apps" >}}).
diff --git a/content/includes/unit/howto_upload_config.md b/content/includes/unit/howto_upload_config.md
index b218b7b51..5e7f0d9ca 100644
--- a/content/includes/unit/howto_upload_config.md
+++ b/content/includes/unit/howto_upload_config.md
@@ -7,8 +7,8 @@ Assuming the JSON above was added to
    http://localhost/config/      # Path to the config section in Unit's control API
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The [control socket]({{< relref "/unit/installation.md#configuration-socket" >}}) path may vary; run
 `unitd -h` or see
 [Startup and shutdown]({{< relref "/unit/howto/source.md#source-startup" >}}) for details.
-{{< /note >}}
+{{< /call-out >}}
diff --git a/content/includes/use-cases/credential-download-instructions.md b/content/includes/use-cases/credential-download-instructions.md
new file mode 100644
index 000000000..672bdfb0f
--- /dev/null
+++ b/content/includes/use-cases/credential-download-instructions.md
@@ -0,0 +1,25 @@
+---
+files:
+- content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
+- content/nic/installation/nic-images/registry-download.md
+---
+
+In order to obtain a container image, you will need the JSON Web Token file or SSL certificate and private key files provided with your NGINX Plus subscription. 
+
+These files grant access to the package repository from which the script will download the NGINX Plus package:
+
+{{< tabs name="product_keys" >}}
+
+{{% tab name="JSON Web Token" %}}
+
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+
+{{% /tab %}}
+
+{{% tab name="SSL" %}}
+
+{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
+
+{{% /tab %}}
+
+{{< /tabs >}}
\ No newline at end of file
diff --git a/content/includes/use-cases/docker-registry-instructions.md b/content/includes/use-cases/docker-registry-instructions.md
new file mode 100644
index 000000000..5f7e6af73
--- /dev/null
+++ b/content/includes/use-cases/docker-registry-instructions.md
@@ -0,0 +1,49 @@
+---
+files:
+- content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
+- content/nic/installation/nic-images/registry-download.md
+---
+
+This step describes how to use Docker to communicate with the F5 Container Registry located at `private-registry.nginx.com`.
+
+{{< call-out "note" >}}
+
+The steps provided are for Linux. For Mac or Windows, see the [Docker for Mac](https://docs.docker.com/docker-for-mac/#add-client-certificates) or [Docker for Windows](https://docs.docker.com/docker-for-windows/#how-do-i-add-client-certificates) documentation. 
+
+For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/).
+
+{{< /call-out >}}
+
+{{< tabs name="docker_login" >}}
+
+{{% tab name="JSON Web Token"%}}
+
+Open the JSON Web Token file previously downloaded from [MyF5](https://my.f5.com) customer portal (for example, `nginx-repo-12345abc.jwt`) and copy its contents.
+
+Log in to the Docker registry using the contents of the JSON Web Token file:
+
+```shell
+docker login private-registry.nginx.com --username=<output_of_jwt_token> --password=none
+```
+
+{{% /tab %}}
+
+{{% tab name="SSL" %}}
+
+Create a directory and copy your certificate and key to this directory:
+
+```shell
+mkdir -p /etc/docker/certs.d/private-registry.nginx.com
+cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
+cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
+```
+
+Log in to the Docker registry:
+
+```shell
+docker login private-registry.nginx.com
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
\ No newline at end of file
diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md
new file mode 100644
index 000000000..d730346f0
--- /dev/null
+++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md
@@ -0,0 +1,18 @@
+---
+docs:
+files:
+- content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md
+- content/nginx-one/nginx-configs/metrics/enable-metrics.md
+---
+
+1. In the NGINX One Console, select **Manage > Config Sync Groups**, then pick your config sync group's name.  
+2. Select the **Configuration** tab, then select **Edit Configuration**.  
+3. Select **Add File**.  
+4. Select **New Configuration File**.  
+5. In the **File name** box, enter `/etc/nginx/conf.d/dashboard.conf`, then select **Add**.  
+6. Paste the following into the new file workspace:
+
+{{< include "config-snippets/enable-nplus-api-dashboard.md" >}}
+
+7. Select **Next**, review the diff, then select **Save and Publish**.
+8. Open your browser to `http://<instance-ip>:9000/dashboard.html` (replace `<instance-ip>` with the IP or hostname of one of your group members). You should see the NGINX Plus dashboard.
\ No newline at end of file
diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md
index 50fbd5be7..6a71f3c6b 100644
--- a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md
+++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md
@@ -15,4 +15,4 @@ To collect comprehensive metrics for NGINX Plus, including bytes streamed, infor
 - To restrict write methods (`POST`, `PATCH`, `DELETE`), uncomment and configure the `limit_except GET` block and set up [HTTP basic authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html).  
 {{</ call-out >}}
 
-For more details, see the [NGINX Plus API module](https://nginx.org/en/docs/http/ngx_http_api_module.html) documentation and [Configuring the NGINX Plus API]({{< ref "/nginx/admin-guide/monitoring/live-activity-monitoring.md#configuring-the-api" >}}).
\ No newline at end of file
+For more details, see the [NGINX Plus API module](https://nginx.org/en/docs/http/ngx_http_api_module.html) documentation and [Configuring the NGINX Plus API]({{< ref "/nginx/admin-guide/monitoring/live-activity-monitoring.md#configuring-the-api" >}}).
diff --git a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md
index 3018b83d8..050b104d9 100644
--- a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md
+++ b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md
@@ -15,15 +15,15 @@ Navigating the dashboard:
 </span>
 
 {{<bootstrap-table "table table-striped table-bordered">}}
-**NGINX One dashboard metrics**
+**NGINX One Console dashboard metrics**
 | Metric | Description | Details |
 |---|---|---|
-| <i class="fas fa-heartbeat"></i> **Instance availability** | Understand the operational status of your NGINX instances. | - **Online**: The NGINX instance is actively connected and functioning properly. <br> - **Offline**: NGINX Agent is connected but the NGINX instance isn't running, isn't installed, or can't communicate with NGINX Agent. <br> - **Unavailable**: The connection between NGINX Agent and NGINX One has been lost or the instance has been decommissioned. <br> - **Unknown**: The current state can't be determined at the moment. |
+| <i class="fas fa-heartbeat"></i> **Instance availability** | Understand the operational status of your NGINX instances. | - **Online**: The NGINX instance is actively connected and functioning properly. <br> - **Offline**: NGINX Agent is connected but the NGINX instance isn't running, isn't installed, or can't communicate with NGINX Agent. <br> - **Unavailable**: The connection between NGINX Agent and NGINX One Console has been lost or the instance has been decommissioned. <br> - **Unknown**: The current state can't be determined at the moment. |
 | <i class="fas fa-code-branch"></i> **NGINX versions by instance** | See which NGINX versions are in use across your instances. | |
 | <i class="fas fa-desktop"></i> **Operating systems** | Find out which operating systems your instances are running on. | |
 | <i class="fas fa-certificate"></i> **Certificates** | Monitor the status of your SSL certificates to know which are expiring soon and which are still valid. | |
 | <i class="fas fa-cogs"></i> **Config recommendations** | Get configuration recommendations to optimize your instances' settings. | |
-| <i class="fas fa-shield-alt"></i> **CVEs (Common Vulnerabilities and Exposures)** | Evaluate the severity and number of potential security threats in your instances. | - **Major**: Indicates a high-severity threat that needs immediate attention. <br> - **Medium**: Implies a moderate threat level. <br> - **Minor** and **Low**: Represent less critical issues that still require monitoring. <br> - **Other**: Encompasses any threats that don't fit the standard categories. |
+| <i class="fas fa-shield-alt"></i> **CVEs (Common Vulnerabilities and Exposures)** | Evaluate the severity and number of potential security threats in your instances. | - **High**: Indicates a high-severity threat that needs immediate attention. NGINX CVSS score = 7.0-10.0 <br> - **Medium**: Implies a moderate threat level. NGINX CVSS score = 4.0-6.9  <br> - **Low**: Represent less critical issues that still require monitoring. NGINX CVSS score = 0.1-3.9. <br> - **None**: NGINX CVSS score = 0.0|
 | <i class="fas fa-microchip"></i> **CPU utilization** | Track CPU usage trends and pinpoint instances with high CPU demand. | |
 | <i class="fas fa-memory"></i> **Memory utilization** | Watch memory usage patterns to identify instances using significant memory. | |
 | <i class="fas fa-hdd"></i> **Disk space utilization** | Monitor how much disk space your instances are using and identify those nearing capacity. | |
diff --git a/content/includes/workshops/nginx-one-env-variables.md b/content/includes/workshops/nginx-one-env-variables.md
new file mode 100644
index 000000000..1baf15c49
--- /dev/null
+++ b/content/includes/workshops/nginx-one-env-variables.md
@@ -0,0 +1,27 @@
+---
+docs:
+files:
+- content/nginx-one/workshops/lab4/config-sync-groups.md
+- content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-r34.md
+
+---
+
+Set these environment variables:
+
+- **TOKEN**: your data plane key, for example:
+
+   ```shell
+   export TOKEN="your-data-plane-key"
+   ```
+
+- **JWT**: your NGINX Plus license JWT. Save it as `nginx-repo.jwt`, then run:
+
+   ```shell
+   export JWT=$(cat path/to/nginx-repo.jwt)
+   ```
+
+- **NAME**: a unique ID for your workshop (for example, `s.jobs`):
+
+   ```shell
+   export NAME="s.jobs"
+   ```
diff --git a/content/mesh/about/architecture.md b/content/mesh/about/architecture.md
index 1d0fb6fc1..39bd9f8b8 100644
--- a/content/mesh/about/architecture.md
+++ b/content/mesh/about/architecture.md
@@ -96,9 +96,9 @@ At this point, the packet leaves the node and enters the Host Network. The Host
 
 ##### UDP and eBPF
 
-{{< note >}}
+{{< call-out "note" >}}
 UDP traffic proxying is a beta feature that is turned off by default. You can turn it on at [deploy time]({{< ref "nginx-meshctl.md#deploy" >}}) if desired. Linux kernel 4.18 or greater is required.
-{{< /note >}}
+{{< /call-out >}}
 
 NGINX Service Mesh has developed an alternate approach to routing datagrams in answer to particular challenges associated with the UDP protocol. Information is routed via an analogous pathway, however, UDP datagrams are redirected with eBPF functions as opposed to iptables with TCP.
 
@@ -219,9 +219,9 @@ If SPIRE is using an upstream CA:
 - Each upstream CA has a different API for that exchange, and each of those transactional processes are unique to each upstream.
 - SPIRE plugins take care of the mechanics of each of those unique upstream CAs. You need to ensure that these plugins are enabled and allowed. You also need to test that it's possible to proxy each one of the auth methods supported by each of the plugins being used.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to the [Secure Mesh Traffic using mTLS]({{< ref "/mesh/guides/secure-traffic-mtls.md" >}}) guide for more information on configuring mTLS.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ### NATS Message Bus
 
@@ -247,9 +247,9 @@ NGINX Service Mesh sidecars (specifically agents) connect to NATS when they are
 
 NGINX Service Mesh lets you observe application behavior using a combination of internal and third-party solutions to expose metrics and tracing data.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 See the [Monitoring and Tracing]({{< ref "/mesh/guides/monitoring-and-tracing.md" >}}) guide for more information on integrating your Prometheus, Grafana, and/or tracing backends with NGINX Service Mesh.
-{{< /see-also >}}
+{{< /call-out>}}
 
 #### Metrics
 
@@ -259,9 +259,9 @@ See the [Monitoring and Tracing]({{< ref "/mesh/guides/monitoring-and-tracing.md
 
 - The NGINX Service Mesh metrics server is also a control plane component, extending the Kubernetes API, known as an [aggregation layer](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/). When queried, this server gets metrics data from Prometheus and formats the data adhering to the Service Mesh Interface (SMI) standards. This server provides quick access to the basic metrics data in a standard format defined by SMI.
 
-{{<see-also>}}
+{{< call-out "note" >}}
 See the [Traffic Metrics]({{< ref "/mesh/guides/smi-traffic-metrics.md" >}}) guide for more information on how to visualize metrics data from NGINX Service Mesh.
-{{</see-also>}}
+{{< /call-out>}}
 
 #### Tracing
 
@@ -288,6 +288,6 @@ NGINX Plus Ingress Controller lets you control the egress traffic from your clus
 
 The NGINX Plus Ingress Controller terminates the mTLS connection from the NGINX Service Mesh workload and routes the request to the egress service. Egress services can be services deployed outside the cluster, or they can be services deployed within the cluster that are not injected with the NGINX Service Mesh sidecar.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 Refer to the [Deploy with NGINX Plus Ingress Controller]({{< ref "/mesh/tutorials/kic/deploy-with-kic.md" >}}) guide for more information on using NGINX Plus Ingress Controller to route ingress and egress traffic to and from your NGINX Service Mesh workloads.
-{{< /see-also >}}
+{{< /call-out>}}
diff --git a/content/mesh/get-started/install/configuration.md b/content/mesh/get-started/install/configuration.md
index 7d8605389..9803372c5 100644
--- a/content/mesh/get-started/install/configuration.md
+++ b/content/mesh/get-started/install/configuration.md
@@ -12,15 +12,15 @@ type:
 
 This document provides an overview of the various options you can configure when deploying F5 NGINX Service Mesh. We strongly recommended that you review all of the available options discussed in this document *before* deploying NGINX Service Mesh.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 To manage your configuration after deployment, you can use the NGINX Service Mesh API.
 
 Refer to the [API Usage Guide]( {{< ref "/mesh/reference/api-usage.md" >}} ) for more information.
-{{< /tip >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 For Helm users, the `nginx-meshctl deploy` command-line options map directly to Helm values. Alongside this guide, check out the [Helm Configuration Options]( {{< ref "/mesh/get-started/install/install-with-helm.md#configuration-options" >}} ).
-{{< /note >}}
+{{< /call-out >}}
 
 ## Mutual TLS
 
@@ -54,9 +54,9 @@ To configure the client max body size for a specific Pod, add the `config.nsm.ng
 
 If you need to [modify the global client max body size]( {{< ref "api-usage.md#modifying-the-global-mesh-configuration" >}} ) after you've deployed NGINX Service Mesh, you can do so by using the API.
 
-{{< see-also >}}
+{{< call-out "note" >}}
 [NGINX core module documentation](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) for `client_max_body_size`.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Logging
 
@@ -115,10 +115,10 @@ The supported methods (used for both `http` and `stream` blocks) are:
 - `random two least_time`
 - `random two least_time=last_byte`
 
-{{< note >}}
+{{< call-out "note" >}}
 `least_time` and `random two least_time` are treated as "time to first byte" methods. `stream` blocks with either
 of these methods are given the `first_byte` method parameter, and `http` blocks are given the `header` parameter.
-{{< /note >}}
+{{< /call-out >}}
 
 For more information on how these load balancing methods work, see [HTTP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/) and [TCP and UDP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/).
 
diff --git a/content/mesh/get-started/install/install.md b/content/mesh/get-started/install/install.md
index a58a337e7..1db35fda2 100644
--- a/content/mesh/get-started/install/install.md
+++ b/content/mesh/get-started/install/install.md
@@ -104,11 +104,11 @@ NGINX Service Mesh will pull multiple required images into your Kubernetes clust
 Check out the [Configuration Options]({{< ref "/mesh/get-started/install/configuration.md" >}}) to learn about the deployment options.
 You can find the full list of options in the [`nginx-meshctl` Reference]( {{< ref "nginx-meshctl.md" >}} ).
 
-{{< important >}}
+{{< call-out "important" >}}
 `nginx-meshctl` creates the namespace for the NGINX Service Mesh control plane.
 This namespace is dedicated to the NGINX Service Mesh control plane and **should not be used for anything else**.
 If desired, you can specify any name for the namespace via the `--namespace` argument, but do not create this namespace yourself.
-{{< /important >}}
+{{< /call-out >}}
 
 Follow the steps below to install the NGINX Service Mesh control plane.
 
diff --git a/content/mesh/get-started/platform-setup/gke.md b/content/mesh/get-started/platform-setup/gke.md
index fd6e977c9..0fff8f586 100644
--- a/content/mesh/get-started/platform-setup/gke.md
+++ b/content/mesh/get-started/platform-setup/gke.md
@@ -10,9 +10,9 @@ type:
 
 Google Kubernetes Engine (GKE) is a hosted Kubernetes solution created by Google. To use GKE with F5 NGINX Service Mesh, your Kubernetes user account has to have the `ClusterAdmin` role.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 These resources give NGINX Service Mesh administrator access to your cluster. This allows NGINX Service Mesh to access resources across all namespaces in your Kubernetes cluster.
-{{< /warning >}}
+{{< /call-out >}}
 
 To create a ClusterRole and ClusterRoleBinding for NGINX Service Mesh, run the `kubectl` command shown below:
 
diff --git a/content/mesh/get-started/platform-setup/kubeadm.md b/content/mesh/get-started/platform-setup/kubeadm.md
index 6f892b73c..1fd91a23b 100644
--- a/content/mesh/get-started/platform-setup/kubeadm.md
+++ b/content/mesh/get-started/platform-setup/kubeadm.md
@@ -32,17 +32,17 @@ W0817 17:54:27.384011 1526706 configset.go:202] WARNING: kubeadm cannot validate
 [preflight] Running pre-flight checks
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 You can ignore the warning in the output of `kubeadm init` as we're not providing custom configuration for kubelet or kubeproxy.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Existing cluster
 
 If you are using an existing kubeadm cluster, add the following configuration to `/etc/kubernetes/manifests/kube-apiserver.yaml`:
 
-{{< note >}}
+{{< call-out "note" >}}
 This will cause the Kubernetes API Server to restart, which may lead to it being unavailable for a short period of time. Be sure to schedule a downtime window before modifying the Kubernetes API Server configuration.
-{{< /note >}}
+{{< /call-out >}}
 
 ```yaml
 spec:
diff --git a/content/mesh/get-started/platform-setup/kubespray.md b/content/mesh/get-started/platform-setup/kubespray.md
index 24f49fead..2c4a48126 100644
--- a/content/mesh/get-started/platform-setup/kubespray.md
+++ b/content/mesh/get-started/platform-setup/kubespray.md
@@ -11,9 +11,9 @@ type:
 
 ## Configuration changes
 
-{{< important >}}
+{{< call-out "important" >}}
 This section only applies to Kubespray versions older than v2.16.0.
-{{< /important >}}
+{{< /call-out >}}
 
 When creating a new cluster, you need to pass some extra flags to kubespray using [group_vars](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible/vars.md). Add the following to `inventory/<your cluster>/group_vars/k8s-cluster/k8s-cluster.yml`:
 
@@ -26,9 +26,9 @@ kube_kubeadm_apiserver_extra_args:
 
 After making the changes, deploy kubespray as you usually would.
 
-{{< note >}}
+{{< call-out "note" >}}
 If you have an existing kubespray deployment, you need to create a new cluster. First make the changes in this section and then deploy a new cluster using the same command when you deployed the cluster before. The new cluster will reflect the new configuration. After deploying the new cluster, you can delete the old one.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Persistent storage
 
diff --git a/content/mesh/get-started/platform-setup/openshift.md b/content/mesh/get-started/platform-setup/openshift.md
index ba5bfb5c6..fa2769982 100644
--- a/content/mesh/get-started/platform-setup/openshift.md
+++ b/content/mesh/get-started/platform-setup/openshift.md
@@ -47,9 +47,9 @@ kubectl delete scc nginx-mesh-spire-agent-permissions
 kubectl delete clusterrolebinding csi-driver-sentinel.builtin.nsm.nginx
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 To re-install NGINX Service Mesh, it is not necessary to re-roll or delete injected Pods before removing the CSI Driver. Simply run the removal commands listed in the snippet above and deploy NGINX Service Mesh as usual. The new CSI Driver that is deployed will be able to handle any injected Pods leftover from the previous deployment.
-{{< /note >}}
+{{< /call-out >}}
 
 ## How The CSI Driver Works
 
diff --git a/content/mesh/get-started/platform-setup/persistent-storage.md b/content/mesh/get-started/platform-setup/persistent-storage.md
index aa6310f39..f3518a099 100644
--- a/content/mesh/get-started/platform-setup/persistent-storage.md
+++ b/content/mesh/get-started/platform-setup/persistent-storage.md
@@ -13,7 +13,7 @@ F5 NGINX Service Mesh generates data that needs to persist across restarts and f
 
 The big three hosted Kubernetes environments (Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE)) all have built-in persistent storage that NGINX Service Mesh will automatically pick up and use.
 
-{{< important >}}
+{{< call-out "important" >}}
 **EKS Users:** in Kubernetes v1.23+ the in-tree to container storage interface (CSI) volume migration feature is enabled for EKS.
 This means the Amazon EBS CSI driver must be installed in your cluster in order for persistent storage to work.
 If the CSI driver is not installed prior to installing NGINX Service Mesh, the `PersistentVolumeClaim` required by SPIRE Server gets stuck in a pending state and the mesh will fail to install.
@@ -21,7 +21,7 @@ If the CSI driver is not installed prior to installing NGINX Service Mesh, the `
 See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) for instructions on how to install the EBS CSI driver on your EKS cluster.
 If you are unable to install the CSI driver you can disable persistent storage, although this is not recommended for production environments.
 Use the `--persistent-storage off` flag if deploying the mesh with `nginx-meshctl` or set the `mtls.persistentStorage` value to `"off"` if using Helm.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Determining Persistent Storage on your Cluster
 
@@ -50,9 +50,9 @@ Without persistent storage, if SPIRE Server restarts for any reason, the entire
 
 Kubernetes has an extensive ecosystem of plugins for persistent storage. These range from vSphere Volumes to Amazon Web Services (AWS) Elastic Block Store. For more details refer to the [Kubernetes Storage Classes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/).
 
-{{< important >}}
+{{< call-out "important" >}}
 Based on our testing, NFS Storage Classes introduce too much latency and aren't recommended for use with NGINX Service Mesh.
-{{< /important >}}
+{{< /call-out >}}
 
 
 ## Troubleshooting
diff --git a/content/mesh/get-started/platform-setup/rke.md b/content/mesh/get-started/platform-setup/rke.md
index f67b55d94..001552750 100644
--- a/content/mesh/get-started/platform-setup/rke.md
+++ b/content/mesh/get-started/platform-setup/rke.md
@@ -10,13 +10,13 @@ type:
 
 Rancher Kubernetes Engine (RKE) is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers. It works on bare-metal and virtualized servers.
 
-{{< important >}}
+{{< call-out "important" >}}
 Before deploying F5 NGINX Service Mesh, ensure that no other service meshes exist in your Kubernetes cluster.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Rancher has the option to deploy the community [NGINX Ingress Controller](https://github.com/kubernetes/ingress-nginx) when configuring an RKE cluster. While this ingress controller may work, NGINX Service Mesh does not guarantee support. It is recommended to use the [NGINX Plus Ingress Controller]({{< ref "/mesh/tutorials/kic/deploy-with-kic.md" >}}) in conjunction with NGINX Service Mesh.
-{{< /warning >}}
+{{< /call-out >}}
 
 ## Persistent storage
 
@@ -26,9 +26,9 @@ RKE doesn't set up any persistent storage for you, but it's required to run NGIN
 
 When creating a new cluster with RKE, you can configure it to apply a [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). If you choose to do this, NGINX Service Mesh requires a few permissions in order to function properly. The following policy is based on the default `restricted-psp` policy used by RKE, with a few additions and changes to allow the NGINX Service Mesh control plane to work.
 
-{{< important >}}
+{{< call-out "important" >}}
 When running a cluster with a PodSecurityPolicy, all of the following resources need to be created/updated before deploying NGINX Service Mesh.
-{{< /important >}}
+{{< /call-out >}}
 
 ```yaml
 apiVersion: policy/v1beta1
@@ -83,17 +83,17 @@ spec:
   - SYS_ADMIN
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 If you have separate PodSecurityPolicies for the control plane and your workloads, ensure that they are [bound to the proper Service Accounts](#bind-the-policy).
-{{< /important >}}
+{{< /call-out >}}
 
 ### Bind the Policy
 
 The `restricted-psp-nginx-mesh` policy needs to be bound to the NGINX Service Mesh control plane namespace, using the following resources:
 
-{{< note >}}
+{{< call-out "note" >}}
 The ClusterRoleBinding assumes the default namespace of `nginx-mesh`, but should be changed if you are using a different namespace for the control plane.
-{{< /note >}}
+{{< /call-out >}}
 
 ```yaml
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/content/mesh/get-started/uninstall/uninstall-with-helm.md b/content/mesh/get-started/uninstall/uninstall-with-helm.md
index 5df1a2085..a92c64c0b 100644
--- a/content/mesh/get-started/uninstall/uninstall-with-helm.md
+++ b/content/mesh/get-started/uninstall/uninstall-with-helm.md
@@ -11,9 +11,9 @@ type:
 
 ## Uninstalling the Chart
 
-{{< important >}}
+{{< call-out "important" >}}
 OpenShift users: Before uninstalling, read through the [OpenShift considerations]({{< ref "/mesh/get-started/platform-setup/openshift.md#remove" >}}) guide to make sure you understand the implications.
-{{< /important >}}
+{{< /call-out >}}
 
 To uninstall the `nsm` release in the `nginx-mesh` namespace, run:
 
diff --git a/content/mesh/get-started/uninstall/uninstall.md b/content/mesh/get-started/uninstall/uninstall.md
index 59c7f8149..ff718e24b 100644
--- a/content/mesh/get-started/uninstall/uninstall.md
+++ b/content/mesh/get-started/uninstall/uninstall.md
@@ -14,9 +14,9 @@ This topic explains how to uninstall F5 NGINX Service Mesh using nginx-meshctl.
 
 ## Uninstall
 
-{{< important >}}
+{{< call-out "important" >}}
 OpenShift users: Before uninstalling, read through the [OpenShift considerations]({{< ref "/mesh/get-started/platform-setup/openshift.md#remove" >}}) guide to make sure you understand the implications.
-{{< /important >}}
+{{< /call-out >}}
 
 Uninstalling does the following:
 
@@ -54,9 +54,9 @@ For example:
 kubectl rollout restart deployment/frontend
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If you want to redeploy NGINX Service Mesh after removing it, you need to re-roll the resources after the new NGINX Service Mesh is installed. Sidecars from an earlier NGINX Service Mesh installation won't work with a new installation.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Troubleshooting
 
diff --git a/content/mesh/get-started/upgrade/upgrade-with-helm.md b/content/mesh/get-started/upgrade/upgrade-with-helm.md
index ad8cf6c73..e5b907d5b 100644
--- a/content/mesh/get-started/upgrade/upgrade-with-helm.md
+++ b/content/mesh/get-started/upgrade/upgrade-with-helm.md
@@ -11,9 +11,9 @@ type:
 
 You can upgrade to the latest mesh version from the version immediately before it (for example, from v1.6.0 to v1.7.0). F5 NGINX Service Mesh doesn't support skipping versions.
 
-{{< important >}}
+{{< call-out "important" >}}
 Check out the [Version-specific Notes]({{< ref "#version-specific-notes" >}}) section prior to upgrading to see if there are any extra details required for the version you are using.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Upgrade via Helm
 
@@ -64,9 +64,9 @@ If breaking changes are introduced between versions, or you wish to change the [
 Some deployment configuration fields can be updated after the mesh has already been deployed, avoiding the need for manual upgrades. Those fields are discussed in the [API reference]( {{< ref "api-usage.md#modifying-the-global-mesh-configuration" >}} ) guide.
 
 ### 1. Save Custom Resources
-{{< warning >}}
+{{< call-out "warning" >}}
 When you manually upgrade NGINX Service Mesh, all of your Custom Resources will be deleted. This includes TrafficSplits, TrafficTargets, RateLimits, and so on.
-{{< /warning>}}
+{{< /call-out >}}
 
 Before you proceed with the upgrade, run the commands shown below to back up your Custom Resources.
 
diff --git a/content/mesh/get-started/upgrade/upgrade.md b/content/mesh/get-started/upgrade/upgrade.md
index 744974dec..5b1bc52b5 100644
--- a/content/mesh/get-started/upgrade/upgrade.md
+++ b/content/mesh/get-started/upgrade/upgrade.md
@@ -11,9 +11,9 @@ type:
 
 You can upgrade to the latest mesh version from the version immediately before it (for example, from v1.6.0 to v1.7.0). F5 NGINX Service Mesh doesn't support skipping versions.
 
-{{< important >}}
+{{< call-out "important" >}}
 Check out the [Version-specific Notes]({{< ref "#version-specific-notes" >}}) section prior to upgrading to see if there are any extra details required for the version you are using.
-{{< /important >}}
+{{< /call-out >}}
 
 ## In-Place Upgrade
 
@@ -51,9 +51,9 @@ Some deployment configuration fields can be updated after the mesh has already b
 Before downloading the newer version of `nginx-meshctl`, you will need to remove NGINX Service Mesh using your existing version of `nginx-meshctl`. See the following steps.
 
 ### 1. Save Custom Resources
-{{< warning >}}
+{{< call-out "warning" >}}
 When you manually upgrade NGINX Service Mesh, all of your Custom Resources will be deleted. This includes TrafficSplits, TrafficTargets, RateLimits, and so on.
-{{< /warning>}}
+{{< /call-out >}}
 
 Before you proceed with the upgrade, run the commands shown below to back up your Custom Resources.
 
diff --git a/content/mesh/guides/inject-sidecar-proxy.md b/content/mesh/guides/inject-sidecar-proxy.md
index 99f1d6a77..187bdb938 100644
--- a/content/mesh/guides/inject-sidecar-proxy.md
+++ b/content/mesh/guides/inject-sidecar-proxy.md
@@ -68,11 +68,11 @@ For example:
 kubectl rollout restart deployment/frontend
 ```
 
-{{< see-also >}}
+{{< call-out "note" >}}
 See [NGINX Service Mesh Labels and Annotations]( {{< ref "/mesh/get-started/install/configuration.md#supported-labels-and-annotations" >}}) for more information on available labels and annotations.
 
 Refer to the Kubernetes [`kubectl` Cheat Sheet](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#updating-resources) documentation for more information about rolling resources.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Manual Proxy Injection
 
@@ -105,9 +105,9 @@ You can set the proxy to ignore ports for either incoming or outgoing traffic. T
     nginx-meshctl inject --ignore-incoming-ports "port1,port2,...,portN", --ignore-outgoing-ports "port1,port2,...,portN" < resource.yaml > resource-injected.yaml
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Refer to [NGINX Service Mesh Annotations]( {{< ref "/mesh/get-started/install/configuration.md#pod-annotations" >}}) for more information around annotations.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Default Ignored Ports
 
diff --git a/content/mesh/guides/monitoring-and-tracing.md b/content/mesh/guides/monitoring-and-tracing.md
index b2ce80d04..cbf6e5bb3 100644
--- a/content/mesh/guides/monitoring-and-tracing.md
+++ b/content/mesh/guides/monitoring-and-tracing.md
@@ -15,15 +15,15 @@ F5 NGINX Service Mesh can integrate with your Prometheus, Grafana, and tracing b
 
 If you do not have Prometheus, Grafana, or tracing backends deployed, you can follow the [Observability Tutorial]( {{< ref "/mesh/tutorials/observability.md" >}}) to deploy a basic demo setup.
 
-{{< important >}}
+{{< call-out "important" >}}
 In order to prevent automatic sidecar injection into your Prometheus, Grafana, and tracing deployments, they should be deployed in a namespace where auto-injection is disabled. Alternatively, you can disable auto-injection for these deployments specifically by adding the `injector.nsm.nginx.com/auto-inject: disabled` label to the *PodTemplateSpec* of the deployments.
-{{< /important >}}
+{{< /call-out >}}
 
 ### Prometheus
 
-{{< warning >}}
+{{< call-out "warning" >}}
 We do not currently support Prometheus deployments running with TLS encryption.
-{{< /warning>}}
+{{< /call-out >}}
 
 To use NGINX Service Mesh with your Prometheus deployment:
 
@@ -57,12 +57,12 @@ To use NGINX Service Mesh with your Prometheus deployment:
    If you are deploying NGINX Plus Ingress Controller with the NGINX Service Mesh, add the `nginx-plus-ingress` scrape config as well.
    Consult the [Metrics]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#nginx-plus-ingress-controller-metrics" >}} ) section of the NGINX Ingress Controller Deployment tutorial for more information about the metrics collected.
 
-   - {{< fa "download" >}} {{< link "/examples/nginx-mesh-sidecars-scrape-config.yaml" "`nginx-mesh-sidecars-scrape-config.yaml`" >}}
-   - {{< fa "download" >}} {{< link "/examples/nginx-plus-ingress-scrape-config.yaml" "`nginx-plus-ingress-scrape-config.yaml`" >}}
+   - {{< icon "download" >}} {{< link "/examples/nginx-mesh-sidecars-scrape-config.yaml" "`nginx-mesh-sidecars-scrape-config.yaml`" >}}
+   - {{< icon "download" >}} {{< link "/examples/nginx-plus-ingress-scrape-config.yaml" "`nginx-plus-ingress-scrape-config.yaml`" >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 For more information on how to view and understand the metrics that we track, see our [Prometheus Metrics]({{< ref "prometheus-metrics.md" >}}) guide.
-{{< /see-also >}}
+{{< /call-out>}}
 
 ### Grafana
 The custom NGINX Service Mesh Grafana dashboard `NGINX Mesh Top` can be imported into your Grafana instance.
diff --git a/content/mesh/guides/private-registry.md b/content/mesh/guides/private-registry.md
index 821f86b43..fed94e5bc 100644
--- a/content/mesh/guides/private-registry.md
+++ b/content/mesh/guides/private-registry.md
@@ -30,9 +30,9 @@ There are two methods of accessing a private registry:
 - Registry username and password can be specified with `--registry-username` and `--registry-password`.
 - For a GKE registry, you can specify the path to the JSON key using `--registry-key`. The path can be relative to the working directory or absolute.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Using the `--registry-password` flag can expose your plain text password on the console and in the console history.
-{{< /warning >}}
+{{< /call-out >}}
 
 ## Images
 
diff --git a/content/mesh/guides/prometheus-metrics.md b/content/mesh/guides/prometheus-metrics.md
index 2574e480d..f4b95585b 100644
--- a/content/mesh/guides/prometheus-metrics.md
+++ b/content/mesh/guides/prometheus-metrics.md
@@ -12,17 +12,17 @@ type:
 
 F5 NGINX Service Mesh integrates with Prometheus for metrics and Grafana for visualizations.
 
-{{< note >}}
+{{< call-out "note" >}}
 To configure NGINX Service Mesh to use Prometheus when deploying, refer to the [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md#prometheus" >}} ) guide for instructions.
-{{< /note >}}
+{{< /call-out >}}
 
 The mesh supports the [SMI spec](https://github.com/servicemeshinterface/smi-spec), including traffic metrics.
 The NGINX Service Mesh creates an extension API Server and shim that query Prometheus and return the results in a traffic metrics format. See [SMI Traffic Metrics]( {{< ref "smi-traffic-metrics.md" >}}) for more information.
 
-{{< note >}}
+{{< call-out "note" >}}
 Occasionally metrics are reset when the nginx-mesh-sidecar reloads NGINX Plus. If traffic is flowing and you
 fail to see metrics, retry after 30 seconds.
-{{< /note >}}
+{{< /call-out >}}
 
 If you are deploying NGINX Plus Ingress Controller with the NGINX Service Mesh, make sure to configure the NGINX Plus Ingress Controller to export metrics.
 Refer to the [Metrics]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#nginx-plus-ingress-controller-metrics" >}} ) section of the NGINX Plus Ingress Controller Deployment tutorial for instructions.
diff --git a/content/mesh/guides/secure-traffic-mtls.md b/content/mesh/guides/secure-traffic-mtls.md
index ba6ca46fd..07493d44a 100644
--- a/content/mesh/guides/secure-traffic-mtls.md
+++ b/content/mesh/guides/secure-traffic-mtls.md
@@ -12,9 +12,9 @@ type:
 
 TLS authentication is ubiquitous. Because of the baseline level of security TLS provides the client when connecting to an unknown host, and the low barrier to entry created by the advent of services like Let's Encrypt, TLS has become table stakes for any moderately reputable website. In a microservices, multi-tenant Kubernetes environment, it is no longer sufficient for a client to authenticate a server's signature. Clients may be compromised, and in a tightly controlled environment such as a service mesh, it is paramount that clients get vetted to ensure they should be making requests to any particular server. F5 NGINX Service Mesh does this authentication through mTLS, and provides the ability to define [Access Control policies]( {{< ref "/mesh/guides/smi-traffic-policies.md#access-control" >}}) for the additional authorization piece needed to properly grant access to an incoming request from a given client. This document details the steps required to enable mTLS in your cluster using NGINX Service Mesh.
 
-{{< important >}}
+{{< call-out "important" >}}
 NGINX Service Mesh does not support mTLS communication with UDP at this time. UDP datagrams are currently proxied over plaintext.
-{{< /important >}}
+{{< /call-out >}}
 
 Within the mTLS umbrella, NGINX Service Mesh allows for some level of configurability. This allows the flexibility to better support testing, development, and production environments. The options available are:
 
@@ -28,9 +28,9 @@ Within the mTLS umbrella, NGINX Service Mesh allows for some level of configurab
 
   If you need to route traffic to a non-meshed service in a `strict` environment, see our guide on [using the NGINX Ingress Controller for egress traffic]( {{< ref "/mesh/tutorials/kic/egress-walkthrough.md" >}} ). This can be useful when migrating legacy applications. Also, see [Deploy with NGINX Plus Ingress Controller]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md" >}}) for information on how to get external traffic routed securely to resources managed by NGINX Service Mesh.
 
-  {{< important >}}
+  {{< call-out "important" >}}
 Due to how tracing is set up within NGINX Service Mesh, mTLS `strict` mode does not support tracing originating from the application itself. Each mesh sidecar automatically logs request information and aggregates that information in the configured tracing application. See [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md" >}} ) for more information on how tracing is set up within NGINX Service Mesh.
-  {{< /important >}}
+  {{< /call-out >}}
 
 All Kubernetes Resources that use the NGINX Service Mesh sidecar proxy inherit their mTLS settings from the global configuration.
 You can override the global setting for individual Resources if needed. Refer to [Change the mTLS Settings for a Resource](#change-the-mtls-setting-for-a-resource) for instructions.
@@ -41,9 +41,9 @@ You can override the global setting for individual Resources if needed. Refer to
 
 When deploying NGINX Service Mesh with mTLS enabled, you can opt to use `permissive` or `strict` mode. The default setting for mTLS is `permissive`.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 Using permissive mode is not recommended for production deployments.
-{{< /caution >}}
+{{< /call-out >}}
 
 To enable mTLS, specify the `--mtls-mode` flag with the desired setting when deploying NGINX Service Mesh. For example:
 
@@ -60,7 +60,7 @@ SPIRE uses a mechanism called "Upstream Authority" to interface with PKI systems
 In order to use a proper PKI, you must first choose one of the upstream authorities NGINX Service Mesh supports:
 
 - [disk](https://github.com/spiffe/spire/blob/v1.0.0/doc/plugin_server_upstreamauthority_disk.md): Requires certificates and private key be on disk.
-  - Template: {{< fa "download" >}} {{< link "/examples/upstream-ca/disk.yaml" "disk.yaml" >}}
+  - Template: {{< icon "download" >}} {{< link "/examples/upstream-ca/disk.yaml" "disk.yaml" >}}
 
   - The minimal configuration to successfully deploy the mesh using the `disk` upstream authority looks like this:
 
@@ -73,7 +73,7 @@ In order to use a proper PKI, you must first choose one of the upstream authorit
     ```
 
 - [aws_pca](https://github.com/spiffe/spire/blob/v1.0.0/doc/plugin_server_upstreamauthority_aws_pca.md): Uses [Amazon Certificate Manager Private Certificate Authority (ACM PCA)](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html) to manage certificates.
-  - Template: {{< fa "download" >}} {{< link "/examples/upstream-ca/aws_pca.yaml" "aws_pca.yaml" >}}
+  - Template: {{< icon "download" >}} {{< link "/examples/upstream-ca/aws_pca.yaml" "aws_pca.yaml" >}}
 
   - Here is the minimal configuration to deploy the mesh using the `aws_pca` upstream authority:
 
@@ -85,9 +85,9 @@ In order to use a proper PKI, you must first choose one of the upstream authorit
         certificate_authority_arn: "arn:aws:acm-pca::123456789012:certificate-authority/test"
     ```
 
-  {{< important >}}
+  {{< call-out "important" >}}
   This configuration assumes that the SPIRE server has access to your certificate authority in ACM PCA. See below for details on how to configure access.
-  {{< /important >}}
+  {{< /call-out >}}
 
     In order to use the `aws_pca` plugin, you need to give the SPIRE server access to your ACM PCA certificate authority.
 
@@ -97,12 +97,12 @@ In order to use a proper PKI, you must first choose one of the upstream authorit
   - Attach the IAM role to your EC2 instances where NGINX Service Mesh is running.
   - Tell SPIRE to assume the IAM role by specifying the role ARN in the `assume_role_arn` field in the `aws_pca` config file.
 
-  {{< note >}}
+  {{< call-out "note" >}}
   The SPIRE server will need permission to assume this IAM role. Either attach an IAM role to the EC2 instance with the capability to assume the ACM PCA IAM role, or provide your AWS credentials in the `aws_pca` config file.
-  {{< /note >}}
+  {{< /call-out >}}
 
 - [awssecret](https://github.com/spiffe/spire/blob/v1.0.0/doc/plugin_server_upstreamauthority_awssecret.md): Loads CA credentials from AWS SecretsManager.
-  - Template: {{< fa "download" >}} {{< link "/examples/upstream-ca/awssecret.yaml" "awssecret.yaml" >}}
+  - Template: {{< icon "download" >}} {{< link "/examples/upstream-ca/awssecret.yaml" "awssecret.yaml" >}}
 
   - Here is the minimal configuration to deploy the mesh using the `awssecret` upstream authority:
 
@@ -115,15 +115,15 @@ In order to use a proper PKI, you must first choose one of the upstream authorit
         key_file_arn: "arn:aws:acm-pca::123456789012:certificate-authority/test-key"
     ```
 
-  {{< important >}}
+  {{< call-out "important" >}}
   AWS credentials may be necessary depending on your situation. View the [SPIRE guide](https://github.com/spiffe/spire/blob/v1.0.0/doc/plugin_server_upstreamauthority_awssecret.md).
-  {{< /important >}}
+  {{< /call-out >}}
 
 - [vault](https://github.com/spiffe/spire/blob/v0.12.3/doc/plugin_server_upstreamauthority_vault.md): Uses Vault PKI Engine to manage certificates.
-  - Template: {{< fa "download" >}} {{< link "/examples/upstream-ca/vault.yaml" "vault.yaml" >}}
+  - Template: {{< icon "download" >}} {{< link "/examples/upstream-ca/vault.yaml" "vault.yaml" >}}
 
 - [cert-manager](https://github.com/spiffe/spire/blob/v1.0.0/doc/plugin_server_upstreamauthority_cert_manager.md): Uses an instance of `cert-manager` running in Kubernetes to request intermediate signing certificates for SPIRE server.
-  - Template: {{< fa "download" >}} {{< link "/examples/upstream-ca/cert-manager.yaml" "cert-manager.yaml" >}}
+  - Template: {{< icon "download" >}} {{< link "/examples/upstream-ca/cert-manager.yaml" "cert-manager.yaml" >}}
 
   - Here is the minimal configuration to deploy the mesh using the `cert-manager` upstream authority:
 
@@ -180,9 +180,9 @@ SPIRE maintains a set of keys to sign certificates. NGINX Service Mesh supports
 
 - `disk` (default): Signing keys are kept on disk and recoverable in the case of a SPIRE server restart, but keys are vulnerable due to being kept on disk.
 
-  {{< note >}}
+  {{< call-out "note" >}}
   The `disk` key manager plugin only maintains the integrity of the SPIRE CA if persistent storage is being used. For most environments, persistent storage will be deployed by default. See [Persistent Storage]( {{< ref "/mesh/get-started/platform-setup/persistent-storage.md" >}} ) setup page for more information on configuring persistent storage in your environment.
-  {{< /note >}}
+  {{< /call-out >}}
 
 - `memory`: Maintains the set of signing keys in memory and out of reach from bad actors should they gain access to your SPIRE server, but keys are lost on SPIRE server restart.
 
@@ -196,9 +196,9 @@ NGINX Service Mesh provides you the ability to modify the global mTLS setting on
 
 When configuring mTLS for resources, if your global mTLS mode is `strict`, you will not be able to modify the mode on a per resource basis. The reason for this is that we want to push users towards the most secure deployment possible when evaluating mTLS `strict` mode and production. Also if an admin configures `strict` mTLS mode globally, it will prevent the Application Developer persona from modifying NGINX Service Mesh's security settings on an ad hoc basis and potentially introducing security holes. We do provide the ability to communicate with non-meshed services using the [NGINX Ingress Controller for egress traffic]( {{< ref "/mesh/tutorials/kic/egress-walkthrough.md" >}} ). If not all of your application components are ready for `strict` mode, we encourage the use of `permissive` mode and a non-production environment.
 
-{{< important >}}
+{{< call-out "important" >}}
 If the global mTLS value is set to `strict`, then the annotation value will be ignored.
-{{< /important >}}
+{{< /call-out >}}
 
 To override the global mTLS setting for a specific resource, add an annotation to the resource's PodTemplateSpec. For example:
 
@@ -220,13 +220,13 @@ To disable mTLS for a specific resource, add the following annotation to the res
 config.nsm.nginx.com/mtls-mode: "off"
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Refer to [NGINX Service Mesh Annotations]( {{< ref "/mesh/get-started/install/configuration.md#pod-annotations" >}}) for more information.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 [How to update mTLS settings after deployment.](#update-mtls-settings-after-deployment)
-{{< /see-also >}}
+{{< /call-out>}}
 
 ## Verify Deployment
 
@@ -247,7 +247,7 @@ spire-server-0      2/2     Running   0          24h
 
 We'll use the [Istio `bookinfo`](https://istio.io/docs/examples/bookinfo/) example to test that traffic is, in fact, encrypted with mTLS enabled.
 
-- {{< fa "download" >}} {{< link "/examples/bookinfo.yaml" "`bookinfo.yaml`" >}}
+- {{< icon "download" >}} {{< link "/examples/bookinfo.yaml" "`bookinfo.yaml`" >}}
 
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Deploy the `bookinfo` application:
@@ -280,11 +280,11 @@ The following mTLS settings can be changed after the mesh has been deployed:
 - svidTTL
 - caKeyType
 
-{{< important >}}
+{{< call-out "important" >}}
 When updating `caTTL`, `svidTTL`, or `caKeyType`, the SPIRE server will be restarted and brief downtime should be expected. Certificates cannot be given out during this time, so it is advised to not create any applications until the server has fully restarted. Any existing certificates will live until their expirations, but all new certificates will use the updated mTLS settings. Workload certificates can be forced to be updated by re-rolling the workload Pods.
 
 If using persistent storage--which is the default and recommended setting when deploying the mesh--, updated `caTTL` and `caKeyType` fields will not take effect until the original root CA certificate expires. The expiry time is based on the original `caTTL` value. If you want to change these values immediately, then the fastest--but most disruptive--way to do this is to remove and redeploy NGINX Service Mesh.
-{{< /important >}}
+{{< /call-out >}}
 
 See the [API Usage Guide]( {{< ref "api-usage.md#modify-the-mesh-state-by-using-the-rest-api" >}} ) for instructions on how to update the mTLS settings using the REST API.
 
diff --git a/content/mesh/guides/smi-traffic-metrics.md b/content/mesh/guides/smi-traffic-metrics.md
index 9c07ed559..99c8d89ee 100644
--- a/content/mesh/guides/smi-traffic-metrics.md
+++ b/content/mesh/guides/smi-traffic-metrics.md
@@ -14,9 +14,9 @@ Traffic Metrics are a mechanism through which you can view important information
 
 Traffic Metrics depends on Prometheus to get the critical service information needed to visualize your applications.
 
-{{< note >}}
+{{< call-out "note" >}}
 To configure NGINX Service Mesh to export metrics to your Prometheus deployment, refer to the [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md#use-an-existing-prometheus-deployment" >}} ) guide for instructions.
-{{< /note >}}
+{{< /call-out >}}
 
 If you are deploying NGINX Plus Ingress Controller with the NGINX Service Mesh, make sure to configure the NGINX Plus Ingress Controller to export metrics.
 Refer to the [Metrics]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#nginx-plus-ingress-controller-metrics" >}} ) section of the NGINX Plus Ingress Controller Deployment tutorial for instructions.
@@ -25,10 +25,10 @@ Refer to the [Metrics]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#nginx-pl
 
 There are multiple ways you can view the traffic metrics generated by NGINX Service Mesh.
 
-{{< note >}}
+{{< call-out "note" >}}
 Occasionally metrics are reset when the nginx-mesh-sidecar reloads NGINX Plus. If traffic is flowing and you
 fail to see metrics, retry after 30 seconds.
-{{< /note >}}
+{{< /call-out >}}
 
 #### nginx-meshctl top
 
@@ -60,9 +60,9 @@ productpage-v1
                 From       nginx-plus-ingress  100.00%       183ms  47ms  31ms  161
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 A success rate of `<nil>` means that traffic metrics are still populating. Send additional traffic and wait for success rate to properly appear.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Raw
 
diff --git a/content/mesh/guides/smi-traffic-policies.md b/content/mesh/guides/smi-traffic-policies.md
index 8053f5d9b..471272c4c 100644
--- a/content/mesh/guides/smi-traffic-policies.md
+++ b/content/mesh/guides/smi-traffic-policies.md
@@ -15,10 +15,10 @@ This topic discusses the various traffic policies that are supported by F5 NGINX
 
 Refer to the [SMI GitHub repo](https://github.com/servicemeshinterface/smi-spec) to find out more about the SMI spec and how to configure it.
 
-{{< note >}}
+{{< call-out "note" >}}
 Avoid configuring traffic policies such as TrafficSplits, RateLimits, and CircuitBreakers for headless services.
 These policies will not work as expected because NGINX Service Mesh has no way to tie each pod IP address to its headless service.
-{{< /note >}}
+{{< /call-out >}}
 
 ## SMI Specification
 
@@ -34,10 +34,10 @@ NGINX Service Mesh is also compatible with Flagger and other SMI-compatible proj
 
 The [Deployments using Traffic Splitting]( {{< ref "/mesh/tutorials/trafficsplit-deployments.md" >}} ) tutorial provides a walkthrough of using traffic splits in a deployment.
 
-{{< note >}}
+{{< call-out "note" >}}
 The NGINX Plus Ingress Controller's custom resource [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/) has the same Kubernetes short name (`ts`) as the custom resource TrafficSplit.
 If you install the NGINX Plus Ingress Controller, use the full names `transportserver(s)` and `trafficsplit(s)` when managing these resources with `kubectl`.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Traffic Split Matches
 
@@ -82,10 +82,10 @@ spec:
 This example associates all matches defined in the `target-route-group` to the `target` TrafficSplit. When a request is sent to the `target-svc`, if it's a GET request to the `/metrics` endpoint or has the `x-test:true` header set, the traffic split is applied and the request is routed to the `target-v2` service.
 All other requests will be sent to the root `target-svc`, which will forward the request to one of the target services based on the load-balancing algorithm of the mesh.
 
-{{< note >}}
+{{< call-out "note" >}}
 If there are multiple matches defined in a HTTPRouteGroup, or multiple HTTPRouteGroups listed in the TrafficSplit `spec.matches` field, then all the matches across all HTTPRouteGroups will be attached to the TrafficSplit.
 Matches are evaluated with the `OR` operation, meaning that a request only needs to satisfy one of the matches in order for the traffic split to be applied.
-{{< /note >}}
+{{< /call-out >}}
 
 Services named in a TrafficSplit definition should not forward to an overlapping set of Pods. In other words, using the example above, `target-v1` and `target-v2` should have unique selectors to ensure they are forwarding to different sets of Pods. This avoids any unintentional or confusing traffic flow to incorrect destinations.
 
@@ -170,7 +170,7 @@ In this example, `GET` requests to the destination service from `source-1` will
 The burst of 10 and a delay of `nodelay` means that 10 excess requests over the rate will be forwarded to the destination service immediately.
 Requests from sources other than `source-1`, or requests from `source-1` that are _not_ `GET` requests, will not be rate limited.
 
-> You can download the schema for the RateLimit CRD here: {{< fa "download" >}} [`rate-limit-schema.yaml`](https://github.com/nginxinc/nginx-service-mesh/blob/main/helm-chart/crds/ratelimit.yaml)
+> You can download the schema for the RateLimit CRD here: {{< icon "download" >}} [`rate-limit-schema.yaml`](https://github.com/nginxinc/nginx-service-mesh/blob/main/helm-chart/crds/ratelimit.yaml)
 
 The rate limit spec contains the following fields:
 
@@ -183,7 +183,7 @@ The rate limit spec contains the following fields:
   list are able to pass unlimited traffic to their destination(s).
   If no sources are provided then the rate limit applies to all resources making requests to the destination.
 
-  {{<note>}} The sources do not have to be in the same namespace as the destination; cross-namespaces rate limiting is supported. {{</note>}}
+  {{< call-out "note" >}} The sources do not have to be in the same namespace as the destination; cross-namespaces rate limiting is supported. {{< /call-out >}}
 
 - `name`: The name of the rate limit (required).
 - `rate`: The rate to restrict traffic to (required). Example: "1r/s", "30r/m"
@@ -207,10 +207,10 @@ The rate limit spec contains the following fields:
   from `source2`, for a total rate of 100 requests per minute. If two separate policies are defined for the
   same destination, then the rate is not divided amongst the sources.
 
-  {{<important>}}
+  {{< call-out "important" >}}
   If you are creating multiple rate limit policies for the same destination, the source lists for each rate limit must be distinct.
   You cannot reference the same source and destination across multiple rate limits.
-  {{</important>}}
+  {{< /call-out >}}
 
 - `burst`: The number of requests to allow beyond a given rate (optional).
 
@@ -226,12 +226,12 @@ The rate limit spec contains the following fields:
   The `rules` field is a list of [HTTPRouteGroups](https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-specs/v1alpha3/traffic-specs.md) with an optional `matches` field.
   The `matches` field allows you to specify one or more matches from a particular HTTPRouteGroup. If the `matches` field is omitted, then all matches from the HTTPRouteGroup are attached to the RateLimit.
 
-  {{<important>}}HTTPRouteGroups must be in the same namespace as the RateLimit.{{</important>}}
+  {{< call-out "important" >}}HTTPRouteGroups must be in the same namespace as the RateLimit.{{< /call-out >}}
 
-  {{< note >}}
+  {{< call-out "note" >}}
   If there are multiple matches defined in an HTTPRouteGroup, or multiple HTTPRouteGroups listed in the RateLimit `spec.rules` field, then all the matches across all HTTPRouteGroups will be attached to the RateLimit.
   Matches are evaluated with the OR operation, meaning that a request only needs to satisfy one of the matches in order for the rate limit to be applied.
-  {{< /note >}}
+  {{< /call-out >}}
 
 Documentation for the v1alpha1 RateLimit can be found [here]({{< ref "v1alpha1-ratelimit.md" >}}).
 
@@ -338,9 +338,9 @@ API Version: v1alpha1
 You can enable circuit breaking by creating a CircuitBreaker resource.
 A circuit breaker requires a destination and an associated spec. The destination takes a `name`, `kind`, and `namespace` in order to bind to a selected resource.
 
-{{< note >}}
+{{< call-out "note" >}}
 Currently, only `kind: Service` is supported.
-{{< /note >}}
+{{< /call-out >}}
 
 The circuit breaker spec has three custom fields:
 
@@ -359,19 +359,19 @@ to wait before closing the circuit.
 
    If no namespace or port is specified, default values are `default` and `80`, respectively.
 
-{{< important >}}
+{{< call-out "important" >}}
 The destination and fallback services must be in the same namespace. The fallback service must be [injected with the sidecar proxy]( {{< ref "/mesh/guides/inject-sidecar-proxy.md" >}} ).
-{{< /important >}}
+{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 If Circuit Breakers are configured, the load balancing algorithm `random` cannot be used. Combining Circuit Breakers with `random` load balancing will cause sidecars to exit with an error. Data flow will be affected.
 
 To avoid this issue, use a different load balancing algorithm. See the [Configuration]({{< ref "/mesh/get-started/install/configuration.md" >}}) guide.
-{{< /important >}}
+{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 If a Traffic Split is applied to the same service that a Circuit Breaker is defined for, the Circuit Breaker may no longer function as intended. This is because the Traffic Split changes the destination service to a backend service, not the original root destination for which the Circuit Breaker is defined. Therefore, Circuit Breakers must be defined for each backend service individually.
-{{< /important >}}
+{{< /call-out >}}
 
 > You can download our Circuit Breaker example here: {{< link "/examples/circuit-breaker/circuit-breaker.yaml" "circuit-breaker.yaml" >}} and the Circuit Breaker schema here: [`circuit-breaker-schema.yaml`](https://github.com/nginxinc/nginx-service-mesh/blob/main/helm-chart/crds/circuitbreaker.yaml)
 
diff --git a/content/mesh/guides/v1alpha1-ratelimit.md b/content/mesh/guides/v1alpha1-ratelimit.md
index dfc4e0d62..3d1321159 100644
--- a/content/mesh/guides/v1alpha1-ratelimit.md
+++ b/content/mesh/guides/v1alpha1-ratelimit.md
@@ -46,7 +46,7 @@ The rate limit spec contains the following fields:
   list are able to pass unlimited traffic to their destination(s).
   If no sources are provided then the rate limit applies to all resources making requests to the destination.
 
-  {{<note>}} The sources do not have to be in the same namespace as the destination; cross-namespaces rate limiting is supported. {{</note>}}
+  {{< call-out "note" >}} The sources do not have to be in the same namespace as the destination; cross-namespaces rate limiting is supported. {{< /call-out >}}
 
 - `name`: The name of the rate limit (required).
 - `rate`: The rate to restrict traffic to (required). Example: "1r/s", "30r/m"
@@ -70,10 +70,10 @@ The rate limit spec contains the following fields:
   from `source2`, for a total rate of 100 requests per minute. If two separate policies are defined for the
   same destination, then the rate is not divided amongst the sources.
 
-  {{<important>}}
+  {{< call-out "important" >}}
   If you are creating multiple rate limit policies for the same destination, the source lists for each rate limit must be distinct.
   You cannot reference the same source and destination across multiple rate limits.
-  {{</important>}}
+  {{< /call-out >}}
 
 - `burst`: The number of requests to allow beyond a given rate (optional).
 
diff --git a/content/mesh/reference/api-usage.md b/content/mesh/reference/api-usage.md
index 558a693e8..e5f3845ad 100644
--- a/content/mesh/reference/api-usage.md
+++ b/content/mesh/reference/api-usage.md
@@ -22,11 +22,11 @@ kubectl edit meshconfig nginx-mesh-config -n nginx-mesh
 
 This will open your default text editor to make changes. To see the configurable fields, download the custom resource definition:
 
-{{< fa "download" >}} [`meshconfig-schema.yaml`](https://github.com/nginxinc/nginx-service-mesh/blob/main/helm-chart/crds/meshconfig.yaml)
+{{< icon "download" >}} [`meshconfig-schema.yaml`](https://github.com/nginxinc/nginx-service-mesh/blob/main/helm-chart/crds/meshconfig.yaml)
 
-{{< warning >}}
+{{< call-out "warning" >}}
 If the `meshconfig` resource is deleted, or the `spec.meshConfigClassName` field is removed or changed, then the global mesh configuration cannot be updated, and unexpected behavior may occur.
-{{< /warning >}}
+{{< /call-out >}}
 
 ## Viewing the global mesh configuration
 
diff --git a/content/mesh/releases/release-notes-0.7.0.md b/content/mesh/releases/release-notes-0.7.0.md
index 4f09ce78f..c9707a837 100644
--- a/content/mesh/releases/release-notes-0.7.0.md
+++ b/content/mesh/releases/release-notes-0.7.0.md
@@ -96,9 +96,9 @@ The following issues are known to be present in this release. Look for updates t
 
   In some cases, the NGINX Service Mesh `remove` command may fail for unexpected reasons due to environmental, network, or timeout errors. If the `remove` command fails continually, manual intervention may be necessary.
 
-{{< note >}}
+{{< call-out "note" >}}
 If deploying NGINX Service Mesh failed or you pressed ctrl-C during deployment, make sure to first remove the service mesh using the `remove` command before attempting the below steps
-{{< /note >}}
+{{< /call-out >}}
 
   <br/>
   Workaround:
diff --git a/content/mesh/releases/release-notes-0.9.0.md b/content/mesh/releases/release-notes-0.9.0.md
index e288cf92f..a9044eecd 100644
--- a/content/mesh/releases/release-notes-0.9.0.md
+++ b/content/mesh/releases/release-notes-0.9.0.md
@@ -2,7 +2,7 @@
 title: Release Notes 0.9.0
 draft: false
 toc: true
-description: Release information for F5 GINX Service Mesh, a configurable, low‑latency
+description: Release information for F5 NGINX Service Mesh, a configurable, low‑latency
   infrastructure layer designed to handle a high volume of network‑based interprocess
   communication among application infrastructure services using application programming
   interfaces (APIs).  Lists of new features and known issues are provided.
diff --git a/content/mesh/releases/release-notes-1.7.0.md b/content/mesh/releases/release-notes-1.7.0.md
index d28676239..77a3eba3a 100644
--- a/content/mesh/releases/release-notes-1.7.0.md
+++ b/content/mesh/releases/release-notes-1.7.0.md
@@ -41,9 +41,9 @@ NGINX Service Mesh 1.7.0 includes the following updates:
 - OpenShift CSI Driver volume plugin has been renamed from `wlapi-mounter.spire.nginx.com` to `csi.spiffe.io`.
 - For OpenShift deployments, NGINX Service Mesh now uses the open source [SPIFFE CSI Driver](https://github.com/spiffe/spiffe-csi).
 
-{{< important >}}
+{{< call-out "important" >}}
 OpenShift users see the [upgrade guide]({{< ref "/mesh/get-started/upgrade/upgrade.md#upgrade-to-170-in-openshift" >}}) for instructions on how to upgrade to this release version.
-{{< /important >}}
+{{< /call-out >}}
 
 
 #### **Deprecation**
diff --git a/content/mesh/support/contact-support.md b/content/mesh/support/contact-support.md
index 17e6e5772..04c4cec67 100644
--- a/content/mesh/support/contact-support.md
+++ b/content/mesh/support/contact-support.md
@@ -42,9 +42,9 @@ The `supportpkg` command generates a tar file containing information about the s
 
 ### GitHub Issues
 
-{{< note >}}
+{{< call-out "note" >}}
 Paid customers of NGINX Service Mesh should use [Commercial Support](#commercial-support) instead of GitHub Issues.
-{{< /note >}}
+{{< /call-out >}}
 
 For NGINX Service Mesh support or issues not addressed by documentation, you can reach out via the Issues tab in the [NGINX Service Mesh GitHub repo](https://github.com/nginxinc/nginx-service-mesh/issues).
 
diff --git a/content/mesh/tutorials/accesscontrol-walkthrough.md b/content/mesh/tutorials/accesscontrol-walkthrough.md
index 0ea9af63e..befb02b62 100644
--- a/content/mesh/tutorials/accesscontrol-walkthrough.md
+++ b/content/mesh/tutorials/accesscontrol-walkthrough.md
@@ -19,10 +19,10 @@ The access control mode can be [set to `deny` at the global level]( {{< ref "/me
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Download all of the example files:
 
-    - {{< fa "download" >}} {{< link "/examples/dest-svc.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/access.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/driver-allowed.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/driver-disallowed.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/dest-svc.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/access.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/driver-allowed.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/driver-disallowed.yaml" >}}
 
 ## Objectives
 
@@ -31,9 +31,9 @@ Follow the steps in this guide to learn how to use access control between servic
 ### Deploy the Destination Service
 
 1. To begin, we'll deploy a destination target server as a Deployment and ConfigMap, a destination Service, and a ServiceAccount to provide a TrafficTarget destination resource.
-  {{< tip >}}
+  {{< call-out "tip" >}}
 ServiceAccount resources are used to classify sets of workloads for access control. Multiple different types of workloads can participate in the same ServiceAccount to create M:N traffic relationships, or scaled down to a workload type per ServiceAccount for more granular control of communications. For example, a collection of frontend services that all need access to authentication or SSO endpoints can be classified together within a ServiceAccount to simplify configuration.
-  {{< /tip >}}
+  {{< /call-out >}}
 
     **Command:**
 
@@ -252,9 +252,9 @@ ServiceAccount resources are used to classify sets of workloads for access contr
     Let's take a look at the subsequent configuration.
     The TrafficTarget `.spec.sources` and `.spec.destination` reference the allowed source and destination identities; this TrafficTarget configuration allows traffic from the ServiceAccount `source-allowed-sa` to the ServiceAccount `destination-sa`.
     Additionally, the `.spec.rules` configuration maps the HTTPRouteGroup's `.spec.matches` directives to the TrafficTarget. The match directive allows `GET` methods to the `/echo` path regex, with the headers `X-Demo-1: ^demo-1$` and `x-demo-2: demo` regex values.
-    {{< note>}}
+    {{< call-out "note" >}}
 The header capitalization mismatches intentionally, header names are not case-sensitive and they match regardless of case.
-    {{< /note>}}
+    {{< /call-out >}}
     We've configured our driver-allowed workload in the `source-allowed-sa` ServiceAccount (that is to say, we've given it the `source-allowed-sa` identity). But our driver-disallowed workload is configured in the `source-disallowed-sa` ServiceAccount. This source identity is not allowed, so even traffic which passes our filtering rules remains forbidden.
 
 1. Activate previously disallowed traffic.
@@ -348,12 +348,12 @@ The following examples show snippets of the relevant sections:
   ```
 
 Traffic can be filtered via sets that are classified via ServiceAccounts. But [TrafficSpecs](https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-specs/v1alpha3/traffic-specs.md) provide additional powerful configurations; lists of HTTP methods, path regular expression matching, header regular expression matching, and specific ports.
-  {{< tip>}}
+  {{< call-out "tip" >}}
 For exact matches, be sure to use regular expression anchors. To exactly match the header value `hello`, be sure to use `^hello$`; otherwise, additional headers that contain the sequence `hello` will be allowed.
-  {{< /tip>}}
-{{< tip>}}
-For an expanded example showing configuration for an application using a headless service, checkout our example for clustered application traffic policies {{< fa "download" >}} {{< link "/examples/clustered-application.yaml" >}}
-{{< /tip>}}
+  {{< /call-out >}}
+{{< call-out "tip" >}}
+For an expanded example showing configuration for an application using a headless service, checkout our example for clustered application traffic policies {{< icon "download" >}} {{< link "/examples/clustered-application.yaml" >}}
+{{< /call-out >}}
 
 ## Resources
 
diff --git a/content/mesh/tutorials/deploy-example-app.md b/content/mesh/tutorials/deploy-example-app.md
index bbe048c50..3439e022b 100644
--- a/content/mesh/tutorials/deploy-example-app.md
+++ b/content/mesh/tutorials/deploy-example-app.md
@@ -14,20 +14,20 @@ type:
 
 In this tutorial, we will use the `bookinfo` example app Deployment.
 
-- {{< fa "download" >}} {{< link "examples/bookinfo.yaml" "examples/bookinfo.yaml" >}}
+- {{< icon "download" >}} {{< link "examples/bookinfo.yaml" "examples/bookinfo.yaml" >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 Notice in the above yaml:
 
 - All of the service spec port names are populated with the name of the protocol
 - All deployment `containerPort` fields are specified.
 
 This is used in the mesh to identify the kind of traffic being sent and where it is allowed to be received. For more information on deployment and service identification rules, see [identification-rules]( {{< ref "/mesh/get-started/install/configuration.md#identification-rules" >}} ) in the Getting Started section.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 Review the [ports reserved by F5 NGINX Service Mesh sidecar]( {{< ref "/mesh/about/mesh-tech-specs.md#ports" >}} ) and make sure there are no overlaps with ports used by your applications.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Prerequisite
 Ensure that you have deployed Prometheus, Grafana, and a tracing backend and configured NGINX Service Mesh to export data to them. Refer to the [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md" >}} ) guide for instructions.
diff --git a/content/mesh/tutorials/kic/deploy-with-kic.md b/content/mesh/tutorials/kic/deploy-with-kic.md
index 2d79bb40b..f3d339638 100644
--- a/content/mesh/tutorials/kic/deploy-with-kic.md
+++ b/content/mesh/tutorials/kic/deploy-with-kic.md
@@ -14,7 +14,7 @@ type:
 
 You can deploy NGINX Ingress Controller for Kubernetes with NGINX Service Mesh to control both ingress and [egress](#enable-egress) traffic.
 
-{{< important >}}
+{{< call-out "important" >}}
 NGINX Ingress Controller can be used for free with NGINX Open Source. Paying customers have access to NGINX Ingress Controller with NGINX Plus.
 To deploy NGINX Ingress Controller with NGINX Service Mesh, you must use either:
 
@@ -22,7 +22,7 @@ To deploy NGINX Ingress Controller with NGINX Service Mesh, you must use either:
 - NGINX Plus version of NGINX Ingress Controller
 
 Visit the [NGINX Ingress Controller](https://www.nginx.com/products/nginx-ingress-controller/) product page for more information.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Supported Versions
 
@@ -62,17 +62,17 @@ To configure NGINX Ingress Controller to communicate with mesh workloads over mT
     ```
 
    These labels tell NGINX Service Mesh to mutate the Ingress Controller Pod with the proper configuration in order to properly integrate with the mesh.
-   {{<see-also>}}
+   {{< call-out "note" >}}
    For more information, see [How NGINX Ingress Controller Integrates with NGINX Service Mesh](#how-nginx-ingress-controller-integrates-with-nginx-service-mesh).
-   {{</see-also>}}
+   {{< /call-out>}}
 
-{{< note >}}
+{{< call-out "note" >}}
 All communication between NGINX Ingress Controller and the upstream Services occurs over mTLS, using the certificates and keys generated by the SPIRE server.
 Therefore, NGINX Ingress Controller can only route traffic to Services in the mesh that have an `mtls-mode` of `permissive` or `strict`.
 In cases where you need to route traffic to both mTLS and non-mTLS Services, you may need another Ingress Controller that does not participate in the mTLS fabric.
 
 Refer to the NGINX Ingress Controller's [Running Multiple Ingress Controllers](https://docs.nginx.com/nginx-ingress-controller/installation/run-multiple-ingress-controllers/) guide for instructions on how to configure multiple Ingress Controllers.
-{{< /note >}}
+{{< /call-out >}}
 
 
 If you would like to enable egress traffic, refer to the [Enable Egress](#enable-egress) section of this guide.
@@ -83,9 +83,9 @@ Before installing NGINX Ingress Controller, you must install NGINX Service Mesh
 NGINX Ingress Controller will try to fetch certs from the SPIRE agent on startup. If it cannot reach the SPIRE agent, startup will fail, and NGINX Ingress Controller will go into CrashLoopBackoff state. The state will resolve once NGINX Ingress Controller connects to the SPIRE agent.
 For instructions on how to install NGINX Service Mesh, see the [Installation]({{< ref "/mesh/get-started/install/install.md" >}}) guide.
 
-{{< note >}}
+{{< call-out "note" >}}
 Before continuing, check the NGINX Ingress Controller [supported versions](#supported-versions) section and make sure you are working off the correct release tag for all NGINX Ingress Controller instructions.
-{{< /note >}}
+{{< /call-out >}}
 
 #### NGINX OSS Ingress Controller
 
@@ -96,18 +96,18 @@ Before continuing, check the NGINX Ingress Controller [supported versions](#supp
     - [Configure role-based access control (RBAC)](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#1-configure-rbac)
     - [Create Common Resources](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources)
 1. Create the NGINX Ingress Controller as a **Deployment** or **DaemonSet** in Kubernetes using one of the following example manifests:
-    - Kubernetes Deployment: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/oss/nginx-ingress.yaml" "`nginx-ingress-controller/oss/nginx-ingress.yaml`" >}}
-    - Kubernetes DaemonSet: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/oss/nginx-ingress-daemonset.yaml" "`nginx-ingress-controller/oss/nginx-ingress-daemonset.yaml`" >}}
-    - OpenShift Deployment: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nginx-ingress.yaml" "`nginx-ingress-controller/oss/openshift/nginx-ingress.yaml`" >}}
-    - Openshift DaemonSet:  {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nginx-ingress-daemonset.yaml" "`nginx-ingress-controller/oss/openshift/nginx-ingress-daemonset.yaml`" >}}
-      {{< note >}} The provided manifests configure NGINX Ingress Controller for ingress traffic only. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-manifests) section of this guide. {{< /note >}}
-      {{< important >}} Be sure to replace the `nginx-ingress:version` image used in the manifest with the chosen image from a supported Container registry; or the container image that you have built. {{< /important >}}
+    - Kubernetes Deployment: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/oss/nginx-ingress.yaml" "`nginx-ingress-controller/oss/nginx-ingress.yaml`" >}}
+    - Kubernetes DaemonSet: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/oss/nginx-ingress-daemonset.yaml" "`nginx-ingress-controller/oss/nginx-ingress-daemonset.yaml`" >}}
+    - OpenShift Deployment: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nginx-ingress.yaml" "`nginx-ingress-controller/oss/openshift/nginx-ingress.yaml`" >}}
+    - Openshift DaemonSet:  {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nginx-ingress-daemonset.yaml" "`nginx-ingress-controller/oss/openshift/nginx-ingress-daemonset.yaml`" >}}
+      {{< call-out "note" >}} The provided manifests configure NGINX Ingress Controller for ingress traffic only. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-manifests) section of this guide. {{< /call-out >}}
+      {{< call-out "important" >}} Be sure to replace the `nginx-ingress:version` image used in the manifest with the chosen image from a supported Container registry; or the container image that you have built. {{< /call-out >}}
 
     - *OpenShift only*:
 
       Download the SecurityContextConstraint necessary to run NGINX Ingress Controller in an OpenShift environment.
 
-        - {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nic-scc.yaml" "`nginx-ingress-controller/oss/openshift/nic-scc.yaml`" >}}
+        - {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/oss/openshift/nic-scc.yaml" "`nginx-ingress-controller/oss/openshift/nic-scc.yaml`" >}}
 
         - Apply the `nginx-ingress-permissions` SecurityContextConstraint:
 
@@ -132,18 +132,18 @@ Before continuing, check the NGINX Ingress Controller [supported versions](#supp
     - [Configure role-based access control (RBAC)](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#1-configure-rbac)
     - [Create Common Resources](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources)
 1. Create the NGINX Plus Ingress Controller as a **Deployment** or **DaemonSet** in Kubernetes using one of the following example manifests:
-    - Kubernetes Deployment: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/plus/nginx-plus-ingress.yaml" "`nginx-ingress-controller/plus/nginx-plus-ingress.yaml`" >}}
-    - Kubernetes DaemonSet: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/plus/nginx-plus-ingress-daemonset.yaml" "`nginx-ingress-controller/plus/nginx-plus-ingress-daemonset.yaml`" >}}
-    - OpenShift Deployment: {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nginx-plus-ingress.yaml" "`nginx-ingress-controller/openshift/nginx-plus-ingress.yaml`" >}}
-    - Openshift DaemonSet:  {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nginx-plus-ingress-daemonset.yaml" "`nginx-ingress-controller/openshift/nginx-plus-ingress-daemonset.yaml`" >}}
-      {{< note >}} The provided manifests configure NGINX Plus Ingress Controller for ingress traffic only. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-manifests) section of this guide. {{< /note >}}
-      {{< important >}} Be sure to replace the `nginx-plus-ingress:version` image used in the manifest with the chosen image from the F5 Container registry; or the container image that you have built. {{< /important >}}
+    - Kubernetes Deployment: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/plus/nginx-plus-ingress.yaml" "`nginx-ingress-controller/plus/nginx-plus-ingress.yaml`" >}}
+    - Kubernetes DaemonSet: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/plus/nginx-plus-ingress-daemonset.yaml" "`nginx-ingress-controller/plus/nginx-plus-ingress-daemonset.yaml`" >}}
+    - OpenShift Deployment: {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nginx-plus-ingress.yaml" "`nginx-ingress-controller/openshift/nginx-plus-ingress.yaml`" >}}
+    - Openshift DaemonSet:  {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nginx-plus-ingress-daemonset.yaml" "`nginx-ingress-controller/openshift/nginx-plus-ingress-daemonset.yaml`" >}}
+      {{< call-out "note" >}} The provided manifests configure NGINX Plus Ingress Controller for ingress traffic only. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-manifests) section of this guide. {{< /call-out >}}
+      {{< call-out "important" >}} Be sure to replace the `nginx-plus-ingress:version` image used in the manifest with the chosen image from the F5 Container registry; or the container image that you have built. {{< /call-out >}}
 
     - *OpenShift only*:
 
       Download the SecurityContextConstraint necessary to run NGINX Ingress Controller in an OpenShift environment.
 
-      - {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nic-scc.yaml" "`nginx-ingress-controller/openshift/nic-scc.yaml`" >}}
+      - {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/openshift/nic-scc.yaml" "`nginx-ingress-controller/openshift/nic-scc.yaml`" >}}
 
       - Apply the `nginx-ingress-permissions` SecurityContextConstraint:
 
@@ -165,11 +165,11 @@ Before installing NGINX Ingress Controller, you must install NGINX Service Mesh
 NGINX Ingress Controller will try to fetch certs from the SPIRE agent on startup. If it cannot reach the SPIRE agent, startup will fail, and NGINX Ingress Controller will go into CrashLoopBackoff state. The state will resolve once NGINX Ingress Controller connects to the SPIRE agent.
 For instructions on how to install NGINX Service Mesh, see the [Installation]({{< ref "/mesh/get-started/install/install.md" >}}) guide.
 
-{{< note >}} NGINX Plus Ingress Controller v2.2+ or NGINX OSS Ingress Controller v3.0+ is required to deploy via Helm and integrate with NGINX Service Mesh. {{< /note >}}
+{{< call-out "note" >}} NGINX Plus Ingress Controller v2.2+ or NGINX OSS Ingress Controller v3.0+ is required to deploy via Helm and integrate with NGINX Service Mesh. {{< /call-out >}}
 
 Follow the [instructions](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-helm/) to install the NGINX Ingress Controller with Helm.
 Set the `nginxServiceMesh.enable` parameter to `true`.
-{{< note >}} This will configure NGINX Ingress Controller to route ingress traffic to NGINX Service Mesh workloads. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-helm) section of this guide. {{< /note >}}
+{{< call-out "note" >}} This will configure NGINX Ingress Controller to route ingress traffic to NGINX Service Mesh workloads. If you would like to enable egress traffic, refer to the [Enable Egress](#enable-with-helm) section of this guide. {{< /call-out >}}
 
 The [`values-nsm.yaml`](https://github.com/nginxinc/kubernetes-ingress/blob/main/charts/nginx-ingress/values-nsm.yaml) file contains all the configuration parameters that are relevant for integration with NGINX Service Mesh. You can use this file if you are installing NGINX Ingress Controller via chart sources.
 
@@ -178,10 +178,10 @@ The [`values-nsm.yaml`](https://github.com/nginxinc/kubernetes-ingress/blob/main
 With mTLS enabled, you can use Kubernetes [Ingress](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/), [VirtualServer, and VirtualServerRoutes](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) resources to configure load balancing for HTTP and gRPC applications.
 TCP load balancing via TransportServer resources is not supported.
 
-{{< note >}}
+{{< call-out "note" >}}
 The NGINX Ingress Controller's custom resource [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/) and the SMI Spec's custom resource [TrafficSplit](https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-split/v1alpha3/traffic-split.md) share the same Kubernetes short name `ts`.
 To avoid conflicts, use the full names `transportserver(s)` and `trafficsplit(s)` when managing these resources with `kubectl`.
-{{< /note >}}
+{{< /call-out >}}
 
 To learn how to expose your applications using NGINX Ingress Controller, refer to the [Expose an Application with NGINX Ingress Controller]( {{< ref "/mesh/tutorials/kic/ingress-walkthrough.md" >}} ) tutorial.
 
@@ -189,8 +189,8 @@ To learn how to expose your applications using NGINX Ingress Controller, refer t
 
 You can configure NGINX Ingress Controller to act as the egress endpoint of the mesh, enabling your meshed services to communicate securely with external, non-meshed services.
 
-{{<note>}} Multiple endpoints for a single egress deployment are supported, but multiple egress
-deployments are not supported. {{</note>}}
+{{< call-out "note" >}} Multiple endpoints for a single egress deployment are supported, but multiple egress
+deployments are not supported. {{< /call-out >}}
 
 ### Enable with Manifests
 If you are installing NGINX Ingress Controller with manifests follow the [Install with Manifests](#install-with-manifests) instructions and make the following change to the NGINX Ingress Controller Pod spec:
@@ -209,7 +209,7 @@ If you are installing NGINX Ingress Controller with manifests follow the [Instal
 
 ### Enable with Helm
 
-{{<note>}} NGINX Plus Ingress Controller v2.2+ or NGINX OSS Ingress Controller v3.0+ is required to deploy via Helm and integrate with NGINX Service Mesh. {{</note>}}
+{{< call-out "note" >}} NGINX Plus Ingress Controller v2.2+ or NGINX OSS Ingress Controller v3.0+ is required to deploy via Helm and integrate with NGINX Service Mesh. {{< /call-out >}}
 
 If you are installing NGINX Ingress Controller with Helm, follow the [Install with Helm](#install-with-helm) instructions and set `nginxServiceMesh.enableEgress` to `true`.
 
@@ -229,10 +229,10 @@ This annotation can be removed or changed after deployment and the egress behavi
 Internal routes represent a route from NGINX Ingress Controller to a non-meshed service.
 This route is called "internal" because it is only accessible from a Pod in the mesh and is not accessible from the public internet.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 If you deploy NGINX Ingress Controller without mTLS enabled, the internal routes could be accessible from the public internet.
 We do not recommend using the egress feature with a plaintext deployment of NGINX Ingress Controller.
-{{< /caution >}}
+{{< /call-out >}}
 
 To generate an internal route, create an [Ingress resource](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/) or [VirtualServer resource](https://docs.nginx.com/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) using the information for your non-meshed service.
 
@@ -253,9 +253,9 @@ spec:
 
 If your non-meshed service is external to Kubernetes, follow the [ExternalName services example](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples/custom-resources/externalname-services).
 
-{{<note>}}
+{{< call-out "note" >}}
 The `nsm.nginx.com/internal-route: "true"` Ingress annotation or `internalRoute: true` VirtualServer field is still required for routing to external endpoints.
-{{</note>}}
+{{< /call-out >}}
 
 The [NGINX Ingress Controller egress tutorial]({{< ref "/mesh/tutorials/kic/egress-walkthrough.md" >}}) provides instructions for creating internal routes for non-meshed services.
 
@@ -277,9 +277,9 @@ By default, NGINX Ingress Controller only routes TCP traffic. You can configure
 
   This allows you to define global configuration parameters for the NGINX Ingress Controller, and create a UDP listener to route ingress UDP traffic to your backend applications.
 
-{{< important >}}
+{{< call-out "important" >}}
 mTLS does not affect UDP communication, as mTLS in NGINX Service Mesh applies only to TCP traffic at this time.
-{{< /important >}}
+{{< /call-out >}}
 
 ### Create a GlobalConfiguration Resource
 
@@ -306,12 +306,12 @@ nsm.nginx.com/enable-ingress: "true"
 nsm.nginx.com/enable-egress: "true"
 ```
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 All communication between NGINX Ingress Controller and the services in the mesh will be over plaintext!
 We do not recommend using the egress feature with a plaintext deployment of NGINX Ingress Controller,
 it is possible that internal routes could be accessible from the public internet.
 We highly recommend [installing NGINX Ingress Controller with mTLS enabled](#install-nginx-ingress-controller-with-mtls-enabled).
-{{< /caution >}}
+{{< /call-out >}}
 
 ## NGINX Ingress Controller Metrics
 
@@ -322,9 +322,9 @@ To enable metrics collection for the NGINX Ingress Controller, take the followin
    in Prometheus format via the `/metrics` path on port 9113. This port is customizable via the `-prometheus-metrics-listen-port` command-line argument; consult the
    [Command Line Arguments](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/) section of the NGINX Ingress Controller docs for more information on available command line arguments.
 
-{{< note >}}
+{{< call-out "note" >}}
 If using the NGINX Plus Ingress Controller, add this additional flag to enable latency metrics: `-enable-latency-metrics`
-{{< /note >}}
+{{< /call-out >}}
 
 1. Add the following Prometheus annotations NGINX Ingress Controller Pod spec:
 
@@ -356,17 +356,17 @@ The NGINX Service Mesh uses the Pod's container name setting to identify the NGI
 Add the applicable `nginx-ingress` scrape config to your Prometheus configuration and consult
 [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md#prometheus" >}} ) for installation instructions.
 
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-scrape-config.yaml" "`nginx-ingress-scrape-config.yaml`" >}}
-- {{< fa "download" >}} {{< link "/examples/nginx-plus-ingress-scrape-config.yaml" "`nginx-plus-ingress-scrape-config.yaml`" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-scrape-config.yaml" "`nginx-ingress-scrape-config.yaml`" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-plus-ingress-scrape-config.yaml" "`nginx-plus-ingress-scrape-config.yaml`" >}}
 
 ## Available metrics
 For a list of the NGINX Ingress Controller metrics, consult the [Available Metrics](https://docs.nginx.com/nginx-ingress-controller/logging-and-monitoring/prometheus/#available-metrics) section of the NGINX Ingress Controller docs.
 
-{{< note >}}
+{{< call-out "note" >}}
 The NGINX Plus metrics exported by the NGINX Plus Ingress Controller are renamed from `nginx_ingress_controller_<metric-name>` to `nginxplus_<metric-name>` to be consistent with the metrics exported by NGINX Service Mesh sidecars.
 For example, `nginx_ingress_controller_upstream_server_response_latency_ms_count` is renamed to `nginxplus_upstream_server_response_latency_ms_count`.
 The Ingress Controller specific metrics, such as `nginx_ingress_controller_nginx_reloads_total`, are not renamed.
-{{< /note >}}
+{{< /call-out >}}
 
 For more information on metrics, a list of Prometheus labels, and examples of querying and filtering, see the [Prometheus Metrics]({{< ref "/mesh/guides/prometheus-metrics.md" >}}) doc.
 
diff --git a/content/mesh/tutorials/kic/egress-walkthrough.md b/content/mesh/tutorials/kic/egress-walkthrough.md
index fda82ee11..f903b213f 100644
--- a/content/mesh/tutorials/kic/egress-walkthrough.md
+++ b/content/mesh/tutorials/kic/egress-walkthrough.md
@@ -12,14 +12,14 @@ type:
 ## Overview
 
 Learn how to create internal routes in F5 NGINX Ingress Controller to securely route egress traffic to non-meshed services.
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Ingress Controller can be used for free with NGINX Open Source. Paying customers have access to NGINX Ingress Controller with NGINX Plus.
 To complete this tutorial, you must use either:
 
 - Open Source NGINX Ingress Controller version 3.0+
 - NGINX Plus version of NGINX Ingress Controller
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Objectives
 
@@ -31,14 +31,14 @@ to a non-meshed service.
 1. Install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
 1. Download the example files:
 
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-v1.0.yaml" "target-v1.0.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/egress-driver.yaml" "egress-driver.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-v1.0.yaml" "target-v1.0.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/egress-driver.yaml" "egress-driver.yaml" >}}
 
 ## Install NGINX Service Mesh
 
-{{< note >}}
+{{< call-out "note" >}}
 If you want to view metrics for NGINX Ingress Controller, ensure that you have deployed Prometheus and Grafana and then configure NGINX Service Mesh to integrate with them when installing. Refer to the [Monitoring and Tracing]( {{< ref "/mesh/guides/monitoring-and-tracing.md" >}} ) guide for instructions.
-{{< /note >}}
+{{< /call-out >}}
 
 1. Follow the installation [instructions]( {{< ref "/mesh/get-started/install/install.md" >}} ) to install NGINX Service Mesh on your Kubernetes cluster.
 
@@ -173,22 +173,22 @@ To create an internal route from the NGINX Ingress Controller to the legacy `tar
      internalRoute: true
    ```
 
-{{< tip >}}
+{{< call-out "tip" >}}
 For this tutorial, the legacy Service is deployed in Kubernetes so the host name of the Ingress/VirtualServer resource is the Kubernetes
 DNS name.
 
 To create internal routes to services outside of the cluster, refer to [creating internal routes]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#create-internal-routes-for-non-meshed-services" >}} ).
-{{< /tip >}}
+{{< /call-out >}}
 
 Either copy and apply the Ingress or VirtualServer resource shown below, or download and apply the linked file.
 
 Ingress:
 
-{{< important >}}
+{{< call-out "important" >}}
 If using Kubernetes v1.18.0 or greater you must use `ingressClassName` in your Ingress resources. Uncomment line 9 in the resource below or the downloaded file, `target-internal-route.yaml`.
-{{< /important >}}
+{{< /call-out >}}
 
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/target-internal-route.yaml" "nginx-ingress-controller/target-internal-route.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/target-internal-route.yaml" "nginx-ingress-controller/target-internal-route.yaml" >}}
 
 ```yaml
 apiVersion: networking.k8s.io/v1
@@ -216,7 +216,7 @@ spec:
 
 VirtualServer:
 
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/target-vs-internal-route.yaml" "nginx-ingress-controller/target-vs-internal-route.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/target-vs-internal-route.yaml" "nginx-ingress-controller/target-vs-internal-route.yaml" >}}
 
 ```yaml
 apiVersion: k8s.nginx.org/v1
diff --git a/content/mesh/tutorials/kic/ingress-udp-walkthrough.md b/content/mesh/tutorials/kic/ingress-udp-walkthrough.md
index 4470a9f91..7e7f88a81 100644
--- a/content/mesh/tutorials/kic/ingress-udp-walkthrough.md
+++ b/content/mesh/tutorials/kic/ingress-udp-walkthrough.md
@@ -21,34 +21,34 @@ Objectives:
 - Create a Kubernetes GlobalConfiguration resource to establish a NGINX Ingress Controller UDP listener.
 - Create a Kubernetes TransportServer resource for the udp-listener application.
 
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Ingress Controller can be used for free with NGINX Open Source. Paying customers have access to NGINX Ingress Controller with NGINX Plus.
 To complete this tutorial, you must use either:
 
 - Open Source NGINX Ingress Controller version 3.0+
 - NGINX Plus version of NGINX Ingress Controller
 
-{{< /note >}}
+{{< /call-out >}}
 
 ### Install NGINX Service Mesh
 
 Follow the installation [instructions]( {{< ref "/mesh/get-started/install/install.md" >}} ) to install NGINX Service Mesh on your Kubernetes cluster. UDP traffic proxying is disabled by default, so you will need to enable it using the `--enable-udp` flag when deploying. Linux kernel 4.18 or greater is required.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 Before proceeding, verify that the mesh is running (Step 2 of the installation [instructions]( {{< ref "/mesh/get-started/install/install.md" >}} )).
 NGINX Ingress Controller will try to fetch certs from the Spire agent that gets deployed by NGINX Service Mesh on startup. If the mesh is not running, NGINX Ingress controller will fail to start.
-{{< /caution >}}
+{{< /call-out >}}
 
 ### Install NGINX Ingress Controller
 
 1. [Install NGINX Ingress Controller]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#install-nginx-ingress-controller-with-mtls-enabled">}} ) with the option to allow UDP ingress traffic. This tutorial will demonstrate installation as a Deployment.
     - Follow the instructions to [enable UDP]( {{< ref "/mesh/tutorials/kic/deploy-with-kic.md#enable-udp-traffic" >}} )
 
-    {{< important >}}
+    {{< call-out "important" >}}
     mTLS does not affect UDP communication, as mTLS in NGINX Service Mesh applies only to TCP traffic at this time.
-    {{< /important >}}
+    {{< /call-out >}}
 2. Get access to the NGINX Ingress Controller by applying the `udp-nodeport.yaml` NodePort resource.
-   - {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-nodeport.yaml" "udp-nodeport.yaml" >}}
+   - {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-nodeport.yaml" "udp-nodeport.yaml" >}}
 3. Check the exposed port from the NodePort service just defined:
 
     ```bash
@@ -77,7 +77,7 @@ NGINX Ingress Controller will try to fetch certs from the Spire agent that gets
 
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Download the manifest for the `udp-listener` app.
-    - {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-listener.yaml" "udp-listener.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-listener.yaml" "udp-listener.yaml" >}}
 1. Use `kubectl` to deploy the example `udp-listener` app.
 
     ```bash
@@ -96,8 +96,8 @@ NGINX Ingress Controller will try to fetch certs from the Spire agent that gets
 
 To route UDP requests to an application in the mesh through the NGINX Ingress Controller, you will need both a GlobalConfiguration and TransportServer Resource.
 
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/udp/nic-global-configuration.yaml" "nic-global-configuration.yaml" >}}
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-transportserver.yaml" "udp-transportserver.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/udp/nic-global-configuration.yaml" "nic-global-configuration.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/udp/udp-transportserver.yaml" "udp-transportserver.yaml" >}}
 
 1. Deploy a GlobalConfiguration to configure what port to listen for UDP requests on:
 
diff --git a/content/mesh/tutorials/kic/ingress-walkthrough.md b/content/mesh/tutorials/kic/ingress-walkthrough.md
index 578095f64..4768445ed 100644
--- a/content/mesh/tutorials/kic/ingress-walkthrough.md
+++ b/content/mesh/tutorials/kic/ingress-walkthrough.md
@@ -21,14 +21,14 @@ Objectives:
 - Deploy the example `bookinfo` app.
 - Create a Kubernetes Ingress resource for the Bookinfo application.
 
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Ingress Controller can be used for free with NGINX Open Source. Paying customers have access to NGINX Ingress Controller with NGINX Plus.
 To complete this tutorial, you must use either:
 
 - Open Source NGINX Ingress Controller version 3.0+
 - NGINX Plus version of NGINX Ingress Controller
 
-{{< /note >}}
+{{< /call-out >}}
 
 ### Install NGINX Service Mesh
 
@@ -58,7 +58,7 @@ NGINX Ingress Controller will try to fetch certs from the Spire agent that gets
 
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Download the manifest for the `bookinfo` app.
-    - {{< fa "download" >}} {{< link "/examples/bookinfo.yaml" "bookinfo.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/bookinfo.yaml" "bookinfo.yaml" >}}
 1. Use `kubectl` to deploy the example `bookinfo` app.
 
     ```bash
@@ -82,9 +82,9 @@ NGINX Ingress Controller will try to fetch certs from the Spire agent that gets
 
 (Optional) Verify that the application works:
 
-{{< note >}}
+{{< call-out "note" >}}
 The steps in this section only work with `permissive` [mTLS mode]( {{< ref "/mesh/guides/secure-traffic-mtls.md" >}} ). With `strict` mTLS mode, the sidecar will drop all traffic that is not encrypted with a certificate issued by NGINX Service Mesh, so the below steps won't work. For `strict` mTLS mode skip forward to the next section which covers how to [Expose the Bookinfo App](#expose-the-bookinfo-app).
-{{< /note >}}
+{{< /call-out >}}
 
 1. Port-forward to the `productpage` Service:
 
@@ -99,11 +99,11 @@ The steps in this section only work with `permissive` [mTLS mode]( {{< ref "/mes
 
 Create an Ingress Resource to expose the Bookinfo application, using the example `bookinfo-ingress.yaml` file.
 
-{{< important >}}
+{{< call-out "important" >}}
 If using Kubernetes v1.18.0 or greater you must use `ingressClassName` in your Ingress resources. Uncomment line 6 in the resource below or the downloaded file, `bookinfo-ingress.yaml`.
-{{< /important >}}
+{{< /call-out >}}
 
-- {{< fa "download" >}} {{< link "/examples/nginx-ingress-controller/bookinfo-ingress.yaml" "bookinfo-ingress.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/nginx-ingress-controller/bookinfo-ingress.yaml" "bookinfo-ingress.yaml" >}}
 
 ```bash
 kubectl apply -f bookinfo-ingress.yaml
diff --git a/content/mesh/tutorials/observability.md b/content/mesh/tutorials/observability.md
index e555409ed..ef46107c0 100644
--- a/content/mesh/tutorials/observability.md
+++ b/content/mesh/tutorials/observability.md
@@ -18,10 +18,10 @@ In this tutorial, we will install F5 NGINX Service Mesh with some basic observab
 
 Download the following files containing the configurations for the observability components:
 
-- {{< fa "download" >}} {{< link "/examples/prometheus.yaml" "prometheus.yaml" >}}
-- {{< fa "download" >}} {{< link "/examples/grafana.yaml" "grafana.yaml" >}}
-- {{< fa "download" >}} {{< link "/examples/otel-collector.yaml" "otel-collector.yaml" >}}
-- {{< fa "download" >}} {{< link "/examples/jaeger.yaml" "jaeger.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/prometheus.yaml" "prometheus.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/grafana.yaml" "grafana.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/otel-collector.yaml" "otel-collector.yaml" >}}
+- {{< icon "download" >}} {{< link "/examples/jaeger.yaml" "jaeger.yaml" >}}
 
 Deploy the components:
 
@@ -50,9 +50,9 @@ helm repo update
 helm install nsm nginx-stable/nginx-service-mesh --namespace nginx-mesh --create-namespace --wait --set prometheusAddress=prometheus.nsm-monitoring.svc:9090 --set telemetry.exporters.otlp.host=otel-collector.nsm-monitoring.svc --set telemetry.exporters.otlp.port=4317 --set telemetry.samplerRatio=1
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 A sampler ratio of 1 results in 100% of traces being sampled. Adjust this value (float from 0 to 1) to your needs.
-{{< /note >}}
+{{< /call-out >}}
 
 ## View the Dashboards
 
diff --git a/content/mesh/tutorials/ratelimit-walkthrough.md b/content/mesh/tutorials/ratelimit-walkthrough.md
index 9d8488846..7194cfdc0 100644
--- a/content/mesh/tutorials/ratelimit-walkthrough.md
+++ b/content/mesh/tutorials/ratelimit-walkthrough.md
@@ -26,18 +26,18 @@ This tutorial shows you how to set up rate limiting policies between your worklo
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Download all of the example files:
 
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/destination.yaml" "`destination.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/client-v1.yaml" "`client-v1.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/client-v2.yaml" "`client-v2.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/bursty-client.yaml" "`bursty-client.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/ratelimit.yaml" "`ratelimit.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/ratelimit-burst.yaml" "`ratelimit-burst.yaml`" >}}
-    - {{< fa "download" >}} {{< link "/examples/rate-limit/ratelimit-rules.yaml" "`ratelimit-rules.yaml`" >}}
-
-{{< note >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/destination.yaml" "`destination.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/client-v1.yaml" "`client-v1.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/client-v2.yaml" "`client-v2.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/bursty-client.yaml" "`bursty-client.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/ratelimit.yaml" "`ratelimit.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/ratelimit-burst.yaml" "`ratelimit-burst.yaml`" >}}
+    - {{< icon "download" >}} {{< link "/examples/rate-limit/ratelimit-rules.yaml" "`ratelimit-rules.yaml`" >}}
+
+{{< call-out "note" >}}
 Avoid configuring traffic policies such as TrafficSplits, RateLimits, and CircuitBreakers for headless services.
 These policies will not work as expected because NGINX Service Mesh has no way to tie each pod IP address to its headless service.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Objectives
 
@@ -63,9 +63,9 @@ Follow the steps in this guide to configure rate limiting between workloads.
     dest-69f4b86fb4-r8wzh            2/2     Running   0          76s
     ```
 
-   {{< note>}}
+   {{< call-out "note" >}}
    For other resource types -- for example, Deployments or Services -- use `kubectl get` for each type as appropriate.
-   {{< /note>}}
+   {{< /call-out >}}
 
 ### Deploy the Clients
 
@@ -227,9 +227,9 @@ At this point, traffic should be flowing unabated between the clients and the de
 
    This rate limit policy allows 10 requests per minute, or one request every six seconds, to be sent from `client-v1` to `dest-svc`.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The `.spec.destination.kind` and `spec.source.kind` can be a `Service`, `Deployment`, `Pod`, `Daemonset`, or `StatefulSet`.
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. The rate limit configured above only limits requests sent from `client-v1`. To limit the requests sent from `client-v2`, take the following steps to add `client-v2` to the list of sources:
 
@@ -267,11 +267,11 @@ At this point, traffic should be flowing unabated between the clients and the de
 
    **Expectation:** The requests sent from `client-v2` should be limited now. When multiple sources are listed in the rate limit spec, the rate is divided evenly across all the sources. In this spec, `client-v1` and `client-v2` can send five requests per minute or one request every 12 seconds. To verify, watch the logs of each container and check that 11 out of every 12 requests are denied.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
    If you want to enforce a single rate limit across all clients, you can omit the source list from the rate limit spec. If there no sources are listed, the rate limit applies to all clients making requests to the destination.
 
    If you want to enforce a different rate limit per source, you can create a separate rate limit for each source.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 ### Rate Limits with L7 Rules
 
@@ -319,9 +319,9 @@ If you want to limit all GET requests, you can create an `HTTPRouteGroup` resour
        - GET
    ```
 
-   {{< note>}}
+   {{< call-out "note" >}}
    The header capitalization `X-Demo` and `X-DEMO` in the `HTTPRouteGroup` mismatches intentionally; header names are not case-sensitive.
-   {{< /note>}}
+   {{< /call-out >}}
 
    The [HTTPRouteGroup](https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-specs/v1alpha3/traffic-specs.md#httproutegroup) is used to describe HTTP traffic.
    The `spec.matches` field defines a list of routes that an application can serve. Routes are made up of the following match conditions: pathRegex, headers, and HTTP methods.
@@ -363,9 +363,9 @@ If you want to limit all GET requests, you can create an `HTTPRouteGroup` resour
 
    In this case, we're mapping just the `get-only` match directive from the `HTTPRouteGroup` : `hrg` to our rate limit . The match `get-only` matches all `GET` requests.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
    You can reference multiple `HTTPRouteGroups` in the `spec.rules` list, but they all must be in the same namespace of the rate limit.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. To rate limit only `GET` requests, take the following steps:
 
@@ -475,9 +475,9 @@ If you want to limit all GET requests, you can create an `HTTPRouteGroup` resour
 
    **Expectation:** Only the requests from `client-v2` are rate limited. Even though `client-v1` has the `x-demo:true` header, the rest of the request's attributes do not match the criteria in the `v2-only` match.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
    If you want to add all of the matches from a single `HTTPRouteGroup`, you can omit the `matches` field from the rule.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. Clean up.
 
@@ -634,9 +634,9 @@ Let's create a bursty application and a rate limit to demonstrate this behavior.
 
     Delaying the excess requests in the queue can make your application appear slow. If you want to have the excess requests forwarded immediately, you can set the `delay` field to `nodelay`.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
    The default value for `delay` is `0`. A delay of `0` means that every request in the queue is delayed according to the rate specified in the rate limit spec.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. To forward the excess requests to the destination service immediately, edit the rate limit and set delay to `nodelay`.
 
@@ -671,9 +671,9 @@ Let's create a bursty application and a rate limit to demonstrate this behavior.
 
    **Expectation:** A delay of `nodelay` means that the requests in the queue are immediately sent to the destination service. You can verify this by looking at the timestamps of the responses in the `bursty-client` logs; they should all be within the same second.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
    You can also set the `delay` field to an integer. For example, a delay of `1` means that one request is forwarded immediately, and all other requests in the queue are delayed.
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. Clean up all the resources.
 
diff --git a/content/mesh/tutorials/trafficsplit-deployments.md b/content/mesh/tutorials/trafficsplit-deployments.md
index 1a2a5018e..a87121633 100644
--- a/content/mesh/tutorials/trafficsplit-deployments.md
+++ b/content/mesh/tutorials/trafficsplit-deployments.md
@@ -24,25 +24,25 @@ You can use traffic splitting for most deployment scenarios, including canary, b
 1. Enable [automatic sidecar injection]( {{< ref "/mesh/guides/inject-sidecar-proxy.md#automatic-proxy-injection" >}} ) for the `default` namespace.
 1. Download all the example files:
 
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/gateway.yaml" "gateway.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-svc.yaml" "target-svc.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-v1.0.yaml" "target-v1.0.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-v2.0-failing.yaml" "target-v2.0-failing.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-v2.1-successful.yaml" "target-v2.1-successful.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/target-v3.0.yaml" "target-v3.0.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/trafficsplit.yaml" "trafficsplit.yaml" >}}
-    - {{< fa "download" >}} {{< link "/examples/traffic-split/trafficsplit-matches.yaml" "trafficsplit-matches.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/gateway.yaml" "gateway.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-svc.yaml" "target-svc.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-v1.0.yaml" "target-v1.0.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-v2.0-failing.yaml" "target-v2.0-failing.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-v2.1-successful.yaml" "target-v2.1-successful.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/target-v3.0.yaml" "target-v3.0.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/trafficsplit.yaml" "trafficsplit.yaml" >}}
+    - {{< icon "download" >}} {{< link "/examples/traffic-split/trafficsplit-matches.yaml" "trafficsplit-matches.yaml" >}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 The NGINX Plus Ingress Controller's custom resource [TransportServer](https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/) has the same Kubernetes short name(`ts`) as the custom resource TrafficSplit.
 If you have the NGINX Plus Ingress Controller installed, use the full name `trafficsplit(s)` instead of `ts` in the following instructions.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 Avoid configuring traffic policies such as TrafficSplits, RateLimits, and CircuitBreakers for headless services.
 These policies will not work as expected because NGINX Service Mesh has no way to tie each pod IP address to its headless service.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Objectives
 
@@ -51,9 +51,9 @@ Follow the steps in this guide to learn how to use traffic splitting for various
 ### Deploy the Production Version of the Target App
 
 1. First, let's begin by deploying the "production" v1.0 target app, the load balancer Service, and the ingress gateway.
-{{< tip>}}
+{{< call-out "tip" >}}
 For simplicity, this guide uses a simple NGINX reverse proxy for the ingress gateway. For production usage and for more advanced ingress control, we recommend using the [NGINX Ingress Controller for Kubernetes](https://www.nginx.com/products/nginx-ingress-controller/). Refer to [Deploy NGINX Ingress Controller with NGINX Service Mesh]( {{< ref "ingress-walkthrough.md" >}} ) to learn more.
-{{< /tip>}}
+{{< /call-out >}}
 
     **Command:**
 
@@ -319,9 +319,9 @@ spec:
 The [HTTPRouteGroup](https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-specs/v1alpha3/traffic-specs.md#httproutegroup) is used to describe HTTP traffic. The `spec.matches` field defines a list of routes that an application can serve. Routes are made up of the following match conditions: pathRegex, headers, and HTTP methods.
 In the `target-hrg` example above, we have defined one route, `firefox-users`, using the header filter `user-agent: ".*Firefox.*"`. Incoming HTTP traffic that has the `user-agent` header set to a value that matches the regex `".*Firefox.*"` satisfies the `firefox-users` match condition.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 A route with multiple match conditions (pathRegex, headers, and/or HTTP methods) within a single match represent an `AND` condition. This means that all match conditions must be satisfied for the traffic to match the route.
-{{< /tip >}}
+{{< /call-out >}}
 
 To associate the `target-hrg` HTTPRouteGroup with the traffic split we need to add the `matches` field to our traffic split spec:
 
@@ -394,7 +394,7 @@ In this example, all traffic sent to the root Service `target-svc` that contains
 
    **Expectation:** The `target-hrg` HTTPRouteGroup is created and the `target-ts` traffic split is updated.
 
-   {{< tip >}} Use `kubectl get` and `kubectl describe` for `httproutegroups` and `trafficsplits` to make sure the resources were created or updated. {{< /tip >}}
+   {{< call-out "tip" >}} Use `kubectl get` and `kubectl describe` for `httproutegroups` and `trafficsplits` to make sure the resources were created or updated. {{< /call-out >}}
 
    In the terminal window where you are generating traffic to the gateway Service you should now see responses from both the `target-v2-1` and `target-v3` backends. To test the A/B traffic shaping, open another terminal window and generate traffic to the gateway Service with the header `user-agent: Firefox`:
 
diff --git a/content/modsec-waf/_index.md b/content/modsec-waf/_index.md
index 619f4e5a1..dde12cb54 100644
--- a/content/modsec-waf/_index.md
+++ b/content/modsec-waf/_index.md
@@ -10,6 +10,6 @@ cascade:
   logo: "NGINX-WAF-product-icon-RGB.svg"
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 {{% modsec-eol-notice %}}
-{{< /important >}}
+{{< /call-out >}}
diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md
index bf7cffa0d..3eefcbafd 100644
--- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md
+++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md
@@ -5,9 +5,9 @@ toc: true
 weight: 100
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 {{% modsec-eol-notice %}}
-{{< /important >}}
+{{< /call-out >}}
 
 This chapter explains how to install the F5 NGINX ModSecurity web application firewall (WAF), configure a simple rule, and set up logging. The NGINX ModSecurity WAF is the NGINX Plus build of ModSecurity. The NGINX ModSecurity WAF was previously called the NGINX WAF, and the NGINX Plus with ModSecurity WAF before that.
 
diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md
index 224acea09..c2eab10ba 100644
--- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md
+++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md
@@ -5,9 +5,9 @@ toc: true
 weight: 200
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 {{% modsec-eol-notice %}}
-{{< /important >}}
+{{< /call-out >}}
 
 This chapter explains how to enable and test the Open Web Application Security Project Core Rule Set (OWASP CRS) for use with the NGINX ModSecurity web application firewall (WAF).
 
diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md
index 2be3c5cef..cfe54f2d1 100644
--- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md
+++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md
@@ -6,9 +6,9 @@ toc: true
 weight: 300
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 {{% modsec-eol-notice %}}
-{{< /important >}}
+{{< /call-out >}}
 
 This chapter explains how to configure the Commercial ModSecurity Rules from Trustwave SpiderLabs for use with the F5 NGINX ModSecurity web application firewall (WAF)).
 
diff --git a/content/modsec-waf/technical-specs.md b/content/modsec-waf/technical-specs.md
index 47266a3d6..0f1d08c8a 100644
--- a/content/modsec-waf/technical-specs.md
+++ b/content/modsec-waf/technical-specs.md
@@ -5,9 +5,9 @@ toc: true
 weight: 300
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 {{% modsec-eol-notice %}}
-{{< /important >}}
+{{< /call-out >}}
 
 F5 NGINX ModSecurity WAF is a module for NGINX Plus.
 
diff --git a/content/nap-dos/_index.md b/content/nap-dos/_index.md
index 179526ba7..97c301af7 100644
--- a/content/nap-dos/_index.md
+++ b/content/nap-dos/_index.md
@@ -1,9 +1,44 @@
 ---
-description: "F5 NGINX App Protect DoS provides behavioral DoS detection and mitigation."
+# The title is the product name
 title: F5 NGINX App Protect DoS
+# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
 url: /nginx-app-protect-dos/
+# The cascade directive applies its nested parameters down the page tree until overwritten
 cascade:
-  logo: "NGINX-App-Protect-DoS-product-icon.svg"
+  # The logo file is resolved from the theme, in the folder /static/images/icons/
+  logo: NGINX-App-Protect-DoS-product-icon.svg
+# The subtitle displays directly underneath the heading of a given page
+nd-subtitle: Enhance Security, Automate Defense, and Accelerate Protection with NGINX
+# Indicates that this is a custom landing page
+nd-landing-page: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: landing-page
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-DOS
 ---
 
-Request your [free 30‑day trial](https://www.nginx.com/free-trial-request) today.
\ No newline at end of file
+## About
+Achieve comprehensive protection against DoS and DDoS attacks for your apps and APIs with a multi-layered, adaptive, automated mitigation strategy for DevOps environments. 
+
+Running natively on NGINX Plus and NGINX Ingress Controller, NGINX App Protect DoS is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.
+
+## Featured content
+[//]: # "You can add a maximum of three cards: any extra will not display."
+[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
+[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
+
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Deployment" titleUrl="/nginx-app-protect-dos/deployment-guide/learn-about-deployment/">}}
+    Read how to install and upgrade NGINX App Protect DoS
+  {{</card>}}
+  <!-- The titleURL and icon are both optional -->
+  <!-- Lucide icon names can be found at https://lucide.dev/icons/ -->
+  {{<card title="Troubleshooting" titleUrl="/nginx-app-protect-dos/troubleshooting-guide/how-to-troubleshoot/">}}
+    Learn how to debug NGINX App Protect DoS
+  {{</card>}}
+  {{<card title="Releases" titleUrl="/nginx-app-protect-dos/releases/" icon="clock-alert">}}
+    Review changelogs for NGINX App Protect DoS
+  {{</card>}}
+{{</card-section>}}
diff --git a/content/nap-dos/deployment-guide/learn-about-deployment.md b/content/nap-dos/deployment-guide/learn-about-deployment.md
index 8fe7c9059..b4eeb180b 100644
--- a/content/nap-dos/deployment-guide/learn-about-deployment.md
+++ b/content/nap-dos/deployment-guide/learn-about-deployment.md
@@ -21,21 +21,17 @@ NGINX Plus Release 24 and later supports NGINX App Protect DoS.
 
 NGINX App Protect DoS supports the following operating systems:
 
-- [CentOS 7.4.x and above](#centos-74-installation) (Deprecated starting from NGINX Plus R33)
-- [RHEL 7.4.x and above](#rhel-74-installation) (Deprecated starting from NGINX Plus R33)
-- [RHEL 8.1.x / Rocky Linux 8 and above](#rhel-8--rocky-linux-8-installation)
-- [RHEL 9 and above](#rhel-9-installation)
-- [Debian 10 (Buster)](#debian--ubuntu-installation) - (Deprecated starting from NGINX Plus R28)
+- [RHEL 8.1+ / Rocky Linux 8](#rhel-8--rocky-linux-8-installation)
+- [RHEL 9.0+ / Rocky Linux 9](#rhel-9--rocky-linux-9-installation)
 - [Debian 11 (Bullseye)](#debian--ubuntu-installation)
 - [Debian 12 (Bookworm)](#debian--ubuntu-installation)
-- [Ubuntu 18.04 (Bionic)](#debian--ubuntu-installation) - (Deprecated starting from NGINX Plus R30)
-- [Ubuntu 20.04 (Focal)](#debian--ubuntu-installation)
+- [Ubuntu 20.04 (Focal)](#debian--ubuntu-installation) - (Deprecated starting from NGINX Plus R35)
 - [Ubuntu 22.04 (Jammy)](#debian--ubuntu-installation)
 - [Ubuntu 24.04 (Noble)](#debian--ubuntu-installation)
-- [Alpine 3.15](#alpine-315x--317x--319x-installation) - (Deprecated starting from NGINX Plus R30)
-- [Alpine 3.17](#alpine-315x--317x--319x-installation) - (Deprecated starting from NGINX Plus R34)
-- [Alpine 3.19](#alpine-315x--317x--319x-installation)
-- [AmazonLinux 2023](#amazonlinux-linux-2023-installation)
+- [Alpine 3.19](#alpine-installation)
+- [Alpine 3.21](#alpine-installation)
+- [AmazonLinux 2023](#amazon-linux-2023-installation)
+
 
 The NGINX App Protect DoS package has the following dependencies:
 
@@ -48,13 +44,12 @@ The NGINX App Protect DoS package has the following dependencies:
 
 See the NGINX Plus full list of prerequisites for more details. NGINX App Protect DoS can be installed as a module to an existing NGINX Plus installation or as a complete NGINX Plus with App Protect DoS installation in a clean environment or to a system with NGINX App Protect WAF.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - gRPC, HTTP/2 and WebSocket protection require active monitoring of the protected service. The directive `app_protect_dos_monitor` is mandatory for the attack to be detected.
-- TLS fingerprint feature is not used in CentOS 7.4 and RHEL 7 / UBI 7 due to the old OpenSSL version. The required OpenSSL version is 1.1.1 or higher.
 - Monitor directive `app_protect_dos_monitor` with proxy_protocol parameter can not be configured on Ubuntu 18.04. As a result, gRPC and HTTP/2 DoS protection for proxy_protocol configuration is not supported.
 - Regularly update the Operating System (OS) to avoid known OS vulnerabilities which may impact the service.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Platform Security Considerations
 
@@ -66,7 +61,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
 ## CentOS 7.4+ Installation
 
-{{< note >}}CentOS 7.4 and RHEL 7.4 are deprecated as of NGINX Plus Release 32 (R32) and are not supported in Release 33 (R33) or later. For the list of supported distributions, refer to the [NGINX Plus Tech Specs]({{< relref "nginx/technical-specs.md" >}}).{{< /note >}}
+{{< call-out "note" >}}CentOS 7.4 and RHEL 7.4 are deprecated as of NGINX Plus Release 32 (R32) and are not supported in Release 33 (R33) or later. For the list of supported distributions, refer to the [NGINX Plus Tech Specs]({{< relref "nginx/technical-specs.md" >}}).{{< /call-out >}}
 
 1. If you already have NGINX packages in your system, back up your configs and logs:
 
@@ -129,7 +124,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start nginx
     ```
 
-    {{< note >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /note >}}
+    {{< call-out "note" >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /call-out >}}
 
 9. Check the NGINX binary version to ensure that you have NGINX Plus installed correctly:
 
@@ -198,7 +193,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     If you encounter any issues, refer to the [Troubleshooting Guide]({{< ref "/nap-dos/troubleshooting-guide/how-to-troubleshoot.md" >}}).
 
-    {{< note >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /note >}}
+    {{< call-out "note" >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /call-out >}}
 
 14. To enable the NGINX/App-Protect-DoS service to start at boot, run the command:
 
@@ -214,7 +209,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
 ## RHEL 7.4+ Installation
 
-{{< note >}}CentOS 7.4 and RHEL 7.4 are deprecated as of NGINX Plus Release 32 (R32) and are not supported in Release 33 (R33) or later. For the list of supported distributions, refer to the [NGINX Plus Tech Specs]({{< relref "nginx/technical-specs.md" >}}).{{< /note >}}
+{{< call-out "note" >}}CentOS 7.4 and RHEL 7.4 are deprecated as of NGINX Plus Release 32 (R32) and are not supported in Release 33 (R33) or later. For the list of supported distributions, refer to the [NGINX Plus Tech Specs]({{< relref "nginx/technical-specs.md" >}}).{{< /call-out >}}
 1. If you already have NGINX packages in your system, back up your configs and logs:
 
     ```shell
@@ -309,7 +304,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start nginx
     ```
 
-    {{< note >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /note >}}
+    {{< call-out "note" >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /call-out >}}
 
 10. Check the NGINX binary version to ensure that you have NGINX Plus installed correctly:
 
@@ -378,7 +373,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     If you encounter any issues, refer to the [Troubleshooting Guide]({{< ref "/nap-dos/troubleshooting-guide/how-to-troubleshoot.md" >}}).
 
-    {{< note >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /note >}}
+    {{< call-out "note" >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /call-out >}}
 
 15. To enable the NGINX/App-Protect-DoS service to start at boot, run the command:
 
@@ -445,10 +440,10 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo dnf install app-protect-dos-ebpf-manager
     ```
 
-    {{< note >}}
+    {{< call-out "note" >}}
    L4 accelerated mitigation feature (RHEL 8.6+):
    - `app-protect-dos-ebpf-manager` run with root privileges.
-    {{< /note >}}
+    {{< /call-out >}}
 
     Alternatively, you can use the following command to list available versions:
 
@@ -470,7 +465,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start nginx
     ```
 
-    {{< note >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /note >}}
+    {{< call-out "note" >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /call-out >}}
 
 1. {{< include "nginx-plus/install/check-nginx-binary-version.md" >}}
 
@@ -574,7 +569,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     If you encounter any issues, refer to the [Troubleshooting Guide]({{< ref "/nap-dos/troubleshooting-guide/how-to-troubleshoot.md" >}}).
 
-    {{< note >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /note >}}
+    {{< call-out "note" >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /call-out >}}
 
 16. To enable the NGINX/App-Protect-DoS service to start at boot, run the command:
 
@@ -599,7 +594,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start app-protect-dos-ebpf-manager
     ```
 
-## RHEL 9+ Installation
+## RHEL 9+ / Rocky Linux 9 Installation
 
 1. If you already have NGINX packages on your system, back up your configs and logs:
 
@@ -622,6 +617,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     ```shell
     sudo dnf install ca-certificates wget
+    ```
 
 6. Enable the yum repositories to pull NGINX App Protect DoS dependencies:
 
@@ -652,10 +648,10 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo dnf install app-protect-dos-ebpf-manager
     ```
 
-    {{< note >}}
+    {{< call-out "note" >}}
    L4 accelerated mitigation feature (RHEL 9):
    - `app-protect-dos-ebpf-manager` run with root privileges.
-    {{< /note >}}
+    {{< /call-out >}}
 
     Alternatively, you can use the following command to list available versions:
 
@@ -677,7 +673,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start nginx
     ```
 
-    {{< note >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /note >}}
+    {{< call-out "note" >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /call-out >}}
 
 10. Check the NGINX binary version to ensure that you have NGINX Plus installed correctly:
 
@@ -784,7 +780,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     If you encounter any issues, refer to the [Troubleshooting Guide]({{< ref "/nap-dos/troubleshooting-guide/how-to-troubleshoot.md" >}}).
 
-    {{< note >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /note >}}
+    {{< call-out "note" >}}Additional SELinux configuration may be required to allow NGINX Plus to listen on specific network ports, connect to upstreams, and send syslog entries to remote systems. Refer to the practices outlined in the [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/) article for details.{{< /call-out >}}
 
 16. To enable the NGINX/App-Protect-DoS service to start at boot, run the command:
 
@@ -843,7 +839,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
     ```
 
-    {{< note >}}In case the apt installation or database update fails due to release info change, run the below command before you install.{{< /note >}}
+    {{< call-out "note" >}}In case the apt installation or database update fails due to release info change, run the below command before you install.{{< /call-out >}}
 
     ```shell
     sudo apt-get update --allow-releaseinfo-change
@@ -890,10 +886,10 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo apt-get install app-protect-dos-ebpf-manager
     ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    L4 accelerated mitigation feature (Debian 11 /  Debian 12 /  Ubuntu 20.04 / Ubuntu 22.04 / Ubuntu 24.04):
    - `app-protect-dos-ebpf-manager` run with root privileges.
-   {{< /note >}}
+   {{< /call-out >}}
 
     Alternatively, to install a specific version, use the following commands to update and list available versions:
 
@@ -997,7 +993,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
      sudo systemctl start app-protect-dos-ebpf-manager
     ```
 
-## Alpine 3.15.x / 3.17.x / 3.19.x Installation
+## Alpine Installation
 
 1. If you already have NGINX packages in your system, back up your configs and logs:
 
@@ -1012,7 +1008,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
 1. {{< include "licensing-and-reporting/download-jwt-crt-from-myf5.md" >}}
 
-1. {{< include "nginx-plus/install/copy-crt-and-key.md" >}}
+3. Upload `nginx-repo.key` to `/etc/apk/cert.key` and `nginx-repo.crt` to `/etc/apk/cert.pem`. Make sure that files do not contain other certificates and keys, as Alpine Linux does not support mixing client certificates for different repositories.
 
 1. {{< include "nginx-plus/install/copy-jwt-to-etc-nginx-dir.md" >}}
 
@@ -1060,10 +1056,10 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo sudo apk add app-protect-dos-ebpf-manager
     ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    L4 accelerated mitigation feature:
    - `app-protect-dos-ebpf-manager` run with root privileges.
-   {{< /note >}}
+   {{< /call-out >}}
 
     Alternatively, to install a specific version, use the following commands to update and list available versions:
 
@@ -1159,7 +1155,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
 
     ```shell
     sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
-    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-amazonlinux2023.repo
+    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-amazonlinux2023.repo
     ```
 
 7. In case of fresh installation, update the repository and install the most recent version of the NGINX Plus App Protect DoS package (which includes NGINX Plus):
@@ -1174,10 +1170,10 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo dnf install app-protect-dos-ebpf-manager
     ```
 
-    {{< note >}}
+    {{< call-out "note" >}}
    L4 accelerated mitigation feature:
    - `app-protect-dos-ebpf-manager` run with root privileges.
-    {{< /note >}}
+    {{< /call-out >}}
 
     Alternatively, you can use the following command to list available versions:
 
@@ -1199,7 +1195,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s
     sudo systemctl start nginx
     ```
 
-    {{< note >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /note >}}
+    {{< call-out "note" >}} Make sure to restore configuration from `/etc/nginx-plus-backup` back to `/etc/nginx-plus`.{{< /call-out >}}
 
 9. Confirm the NGINX binary version to make sure that you have NGINX Plus installed correctly:
 
@@ -1270,8 +1266,9 @@ You need root permissions to execute the following steps.
    - `license.jwt`: JWT license file for NGINX Plus license management
    - `nginx.conf`: User defined `nginx.conf` with `app-protect-dos` enabled
    - `entrypoint.sh`: Docker startup script which spins up all App Protect DoS processes, must have executable permissions
+   - custom_log_format.json: Optional user-defined security log format file (if not used - remove its references from the nginx.conf and Dockerfile)
 
-2. Log in to NGINX Plus Customer Portal and download your `nginx-repo.crt`, `nginx-repo.key`, and `license.jwt` files.
+2. Log in to NGINX Plus Customer Portal and download your `nginx-repo.crt`, `nginx-repo.key` and `license.jwt` files.
 
 3. Copy the files to the directory where the Dockerfile is located.
 
@@ -1355,14 +1352,12 @@ You need root permissions to execute the following steps.
     }
     ```
 
-   {{< important >}}
+   {{< call-out "important" >}}
    Make sure to replace upstream and proxy pass directives in this example with relevant application backend settings.
-   {{< /important >}}
+   {{< /call-out >}}
 
 5. In the same directory create an `entrypoint.sh` file with executable permissions, with the following content:
 
-    For CentOS 7 / UBI 7:
-
     ```shell
     #!/usr/bin/env bash
 
@@ -1371,64 +1366,48 @@ You need root permissions to execute the following steps.
 
     # prepare environment
     mkdir -p /var/run/adm /tmp/cores ${LOGDIR}
-    chmod 755 /var/run/adm /tmp/cores ${LOGDIR}
+    chmod55 /var/run/adm /tmp/cores ${LOGDIR}
     chown ${USER}:${USER} /var/run/adm /tmp/cores ${LOGDIR}
 
-    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/rpm/lib64
-    export LD_LIBRARY_PATH
-
     # run processes
     /bin/su -s /bin/bash -c "/usr/bin/adminstall > ${LOGDIR}/adminstall.log 2>&1" ${USER}
-    /usr/sbin/nginx -g 'daemon off;' &
     /bin/su -s /bin/bash -c "/usr/bin/admd -d --log info > ${LOGDIR}/admd.log 2>&1 &" ${USER}
+    /usr/sbin/nginx -g 'daemon off;'
     ```
 
-    For Alpine / Debian / Ubuntu / UBI 8/ UBI 9:
+6. Create a Docker image:
 
     ```shell
-    #!/usr/bin/env bash
-
-    USER=nginx
-    LOGDIR=/var/log/adm
-
-    # prepare environment
-    mkdir -p /var/run/adm /tmp/cores ${LOGDIR}
-    chmod 755 /var/run/adm /tmp/cores ${LOGDIR}
-    chown ${USER}:${USER} /var/run/adm /tmp/cores ${LOGDIR}
-
-    # run processes
-    /bin/su -s /bin/bash -c "/usr/bin/adminstall > ${LOGDIR}/adminstall.log 2>&1" ${USER}
-    /usr/sbin/nginx -g 'daemon off;' &
-    /bin/su -s /bin/bash -c "/usr/bin/admd -d --log info > ${LOGDIR}/admd.log 2>&1 &" ${USER}
+    DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=./license.jwt -t app-protect-dos .
     ```
 
-6. Create a Docker image:
+    The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.
 
+   For RHEL8/9 with subctiption manager setup add build arguments:
+   
     ```shell
-    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
+    DOCKER_BUILDKIT=1 docker build --build-arg RHEL_ORG=... --build-arg RHEL_ACTIVATION_KEY=...  --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=./license.jwt -t app-protect-dos .
     ```
 
-    The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.
-
-7. Verify that the `app-protect-dos` image was created successfully with the docker images command:
+8. Verify that the `app-protect-dos` image was created successfully with the docker images command:
 
     ```shell
     docker images app-protect-dos
     ```
 
-8. Create a container based on this image, for example, `my-app-protect-dos` container:
+9. Create a container based on this image, for example, `my-app-protect-dos` container:
 
     ```shell
     docker run --name my-app-protect-dos -p 80:80 -d app-protect-dos
     ```
 
-9. Verify that the `my-app-protect-dos` container is up and running with the `docker ps` command:
+10. Verify that the `my-app-protect-dos` container is up and running with the `docker ps` command:
 
     ```shell
     docker ps
     ```
 
-10. L4 Accelerated Mitigation Deployment Options:<br>
+11. L4 Accelerated Mitigation Deployment Options:<br>
     There are three different ways to deploy the L4 accelerated mitigation feature:<br>
     1. Deploy in a Dedicated Container. <br>
        Create a shared folder on the host:
@@ -1473,333 +1452,259 @@ You need root permissions to execute the following steps.
            docker run --name my-app-protect-dos -p 80:80 -d app-protect-dos
            ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    L4 accelerated mitigation feature:
    - `app-protect-dos-ebpf-manager` need to run with root privileges.
-   {{< /note >}}
+   {{< /call-out >}}
 
-### CentOS 7.4 Docker Deployment Example
 
-```dockerfile
-# For CentOS 7:
-FROM centos:7.4.1708
-
-# Download certificate and key from the customer portal (https://my.f5.com)
-# and copy to the build context:
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-
-# Install prerequisite packages:
-RUN yum -y install wget ca-certificates epel-release
-
-# Add NGINX Plus and  NGINX App Protect DoS repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-7.repo
-
-# Install NGINX App Protect DoS:
-RUN yum -y install app-protect-dos \
-    && yum clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
-
-# Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
-
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
-
-### UBI7 Docker Deployment Example
+### Alpine Docker Deployment Example
 
 ```Dockerfile
-FROM registry.access.redhat.com/ubi7:ubi
+# syntax=docker/dockerfile:1
+# For Alpine 3.19:
+FROM alpine:3.19
 
-# Download certificate and key from the customer portal (https://my.f5.com)
-# and copy to the build context:
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-
-# Setup the Redhat subscription
-RUN subscription-manager register --force --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY}
-RUN subscription-manager refresh
-RUN subscription-manager attach --auto
+# Download and add the NGINX signing keys:
+RUN wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub
 
-# Install prerequisite packages:
-RUN yum -y install wget ca-certificates
+# Add NGINX Plus/NGINX App Protect Dos repository:
+RUN printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
+    printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
 
-# Install dependencies
-RUN subscription-manager repos --enable rhel-*-optional-rpms \
-                               --enable rhel-*-extras-rpms \
-                               --enable rhel-ha-for-rhel-*-server-rpms
-RUN yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+# Update the repository and install the most recent version of the NGINX App Protect Dos package (which includes NGINX Plus):
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apk update && apk add app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt
 
-# Add NGINX Plus and NGINX App Protect DoS repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-7.repo
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
-# Install NGINX App Protect DoS:
-RUN yum -y install app-protect-dos \
-    && yum clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
-
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
-
-### RHEL 8 / Rocky Linux 8 Docker Deployment Example
-
-```Dockerfile
-# For UBI 8
-FROM registry.access.redhat.com/ubi8:ubi
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
-
-# Setup the Redhat subscription
-RUN subscription-manager register --force --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY}
-RUN subscription-manager refresh
-RUN subscription-manager attach --auto
-
-# Setup repos and Install dependencies
-RUN subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms
-RUN subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms
-RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-
-# Install prerequisite packages:
-RUN dnf -y install wget ca-certificates
-
-# Add NGINX Plus and NGINX App Protect DoS repo to Yum: https://cs.nginx.com/static/files/nginx-plus-8.4.repo
-RUN wget -P /etc/yum.repos.d
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-8.repo
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-# Install NGINX App Protect DoS:
-RUN dnf -y install app-protect-dos \
-    && dnf clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+EXPOSE 80
 
-# Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
+STOPSIGNAL SIGQUIT
 
-CMD /root/entrypoint.sh && tail -f /dev/null
+CMD ["sh", "/root/entrypoint.sh"]
 ```
 
-### RHEL 9 Docker Deployment Example
+### AmazonLinux 2023 Docker Deployment Example
 
 ```Dockerfile
-# For RHEL ubi9:
-FROM registry.access.redhat.com/ubi9/ubi
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
-
-# Setup the Redhat subscription
-RUN subscription-manager register --force --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY}
-RUN subscription-manager refresh
-RUN subscription-manager attach --auto
-
-# Setup repos and Install dependencies
-RUN subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms
-RUN subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms
-RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+# For AmazonLinux 2023:
+FROM amazonlinux:2023
 
 # Install prerequisite packages:
-RUN dnf -y install wget ca-certificates
+RUN dnf -y install ca-certificates
 
-# Add NGINX Plus repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
-
-# Add NGINX App-protect & dependencies repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-9.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \
-    # You can use either of the dependencies or epel repo
-    # && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
-    && dnf clean all
+# Add NGINX Plus/NGINX App Protect Dos repository:
+RUN curl -o /etc/yum.repos.d/plus-amazonlinux2023.repo https://cs.nginx.com/static/files/plus-amazonlinux2023.repo && \
+    curl -o  /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-dos-amazonlinux2023.repo
 
 # Install NGINX App Protect DoS:
-RUN dnf -y install app-protect-dos \
-    && dnf clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    dnf install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    rm /etc/yum.repos.d/plus-amazonlinux2023.repo && \
+    rm /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
-
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
-
-
-### Debian 10 (Buster) / Debian 11 (Bullseye) / Debian 12 (Bookworm) Docker Deployment Example
-
-```Dockerfile
-
-ARG OS_CODENAME
-# Where OS_CODENAME can be: buster/bullseye/bookworm
-
-FROM debian:${OS_CODENAME}
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
-
-# Install prerequisite packages:
-RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
-
-# Download and add the NGINX signing key:
-RUN wget https://cs.nginx.com/static/keys/nginx_signing.key && apt-key add nginx_signing.key
-RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
-
-# Add NGINX Plus and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
-
-# Download the apt configuration to `/etc/apt/apt.conf.d`:
-RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
-
-# Update the repository and install the most recent version of the NGINX App Protect package (which includes NGINX Plus):
-RUN apt-get update && apt-get install -y app-protect-dos
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-# Remove nginx repository key/cert from docker
-RUN rm -rf /etc/ssl/nginx
+EXPOSE 80
 
-# Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
+STOPSIGNAL SIGQUIT
 
-CMD /root/entrypoint.sh && tail -f /dev/null
+CMD ["sh", "/root/entrypoint.sh"]
 ```
 
-### Ubuntu 18.04 (Bionic) / 20.04 (Focal) / 22.04 (Jammy) / 24.04 (Noble) Docker Deployment Example
+### Debian 11 (Bullseye) / Debian 12 (Bookworm) Docker Deployment Example
 
 ```Dockerfile
+# Where can be bullseye/bookworm
+FROM debian:bullseye
+
+# Setup repository keys
+RUN mkdir -p /etc/ssl/nginx/ /etc/nginx/ && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring && \
+    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
+    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list && \
+    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
+    wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
+
+# Install Nginx App Protect Dos
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list  && \
+    rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
-ARG OS_CODENAME
-# Where OS_CODENAME can be: bionic/focal/jammy/noble
-
-FROM ubuntu:${OS_CODENAME}
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
-
-# Install prerequisite packages:
-RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
+COPY nginx.conf /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-# Download and add the NGINX signing key:
-RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+EXPOSE 80
 
-# Add NGINX Plus and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
+STOPSIGNAL SIGQUIT
 
-# Download the apt configuration to `/etc/apt/apt.conf.d`:
-RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
+CMD ["sh", "/root/entrypoint.sh"]
+```
 
-# Update the repository and install the most recent version of the NGINX App Protect DoS package (which includes NGINX Plus):
-RUN apt-get update && apt-get install -y app-protect-dos
+### Ubuntu 22.04 (Jammy) / 24.04 (Noble) Docker Deployment Example
 
-# Remove nginx repository key/cert from docker
-RUN rm -rf /etc/ssl/nginx
+```Dockerfile
+# Where version can be: jammy/noble
+FROM ubuntu:noble
+
+# Setup repository keys
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring && \
+    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
+    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list && \
+    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
+    wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
+
+# Install Nginx App Protect Dos
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
+    rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
-# Copy configuration files:
 COPY nginx.conf /etc/nginx/
 COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
+EXPOSE 80
 
-### Alpine Docker Deployment Example
+STOPSIGNAL SIGQUIT
 
-```Dockerfile
-# For Alpine 3.15 / 3.17 / 3.19:
-ARG OS_CODENAME
-# Where OS_CODENAME can be: 3.15 / 3.17 / 3.19
-FROM alpine:${OS_CODENAME}
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
-
-# Download and add the NGINX signing key:
-RUN wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub
-
-# Add NGINX Plus repository:
-RUN printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
-
-# Add NGINX App Protect DoS repository:
-RUN printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
+CMD ["sh", "/root/entrypoint.sh"]
+```
 
-# Add prerequisite packages
-RUN apk update && apk add bash
+### RHEL 8 Docker Deployment Example
 
-# Update the repository and install the most recent version of the NGINX App Protect DoS package (which includes NGINX Plus):
-RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
-    --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
-    apk update && apk add nginx-plus app-protect-dos
+```Dockerfile
+# For UBI 8
+FROM registry.access.redhat.com/ubi8
+
+ARG RHEL_ORG
+ARG RHEL_ACTIVATION_KEY
+
+# Setup repository keys
+RUN subscription-manager register --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY} && \
+    subscription-manager refresh && \
+    subscription-manager attach --auto || true && \
+    subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms && \
+    subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms && \
+    dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    dnf -y install ca-certificates && \
+    curl -o /etc/yum.repos.d/plus-8.repo https://cs.nginx.com/static/files/plus-8.repo && \
+    curl -o /etc/yum.repos.d/app-protect-dos-8.repo https://cs.nginx.com/static/files/app-protect-dos-8.repo
+
+# Install Nginx App Protect Dos
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    dnf -y install app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    rm /etc/yum.repos.d/plus-8.repo && \
+    rm /etc/yum.repos.d/app-protect-dos-8.repo && \
+    dnf clean all && \
+    rm -rf /var/cache/yum
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
 
 CMD ["sh", "/root/entrypoint.sh"]
 ```
 
-### AmazonLinux 2023 Docker Deployment Example
+### Rocky Linux 9 Docker Deployment Example
 
 ```Dockerfile
-# For AmazonLinux 2023:
-FROM registry.access.redhat.com/ubi9/ubi
-
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
+# syntax=docker/dockerfile:1
+# For Rocky Linux 9:
+FROM rockylinux:9
 
 # Install prerequisite packages:
-RUN dnf -y install wget ca-certificates
+RUN dnf -y install ca-certificates epel-release 'dnf-command(config-manager)'
 
-# Add NGINX Plus repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
-
-# Add NGINX App-protect & dependencies repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-amazonlinux2023.repo
+# Add NGINX App-protect-DoS & NGINX Plus repo to Yum:
+RUN curl -o /etc/yum.repos.d/plus-9.repo https://cs.nginx.com/static/files/plus-9.repo && \
+    curl -o /etc/yum.repos.d/app-protect-dos-9.repo https://cs.nginx.com/static/files/app-protect-dos-9.repo && \
+    dnf config-manager --set-enabled crb && \
+    dnf clean all
 
 # Install NGINX App Protect DoS:
-RUN dnf -y install app-protect-dos \
-    && dnf clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    dnf install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    rm /etc/yum.repos.d/plus-9.repo && \
+    rm /etc/yum.repos.d/app-protect-dos-9.repo && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf /etc/nginx/
-COPY entrypoint.sh  /root/
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
+EXPOSE 80
 
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+```
 
 ## Docker Deployment with NGINX App Protect
 
@@ -1814,12 +1719,28 @@ You need root permissions to execute the following steps.
     - `license.jwt`: JWT license file for NGINX Plus license management
     - `nginx.conf`: User defined `nginx.conf` with `app-protect-dos` enabled
     - `entrypoint.sh`: Docker startup script which spins up all App Protect DoS processes, must have executable permissions
+    - `custom_log_format.json`: Optional user-defined security log format file (if not used - remove its references from the nginx.conf and Dockerfile)
 
 2. Log in to NGINX Plus Customer Portal and download your `nginx-repo.crt`, `nginx-repo.key` and `license.jwt` files.
 
 3. Copy the files to the directory where the Dockerfile is located.
 
-4. In the same directory create the `nginx.conf` file with the following contents:
+4. Optionally, create `custom_log_format.json` in the same directory, for example:
+
+    ```json
+    {
+        "filter": {
+            "request_type": "all"
+        },
+        "content": {
+            "format": "splunk",
+            "max_request_size": "any",
+            "max_message_size": "10k"
+        }
+    }
+    ```
+
+5. In the same directory create the `nginx.conf` file with the following contents:
 
     ```nginx
     user nginx;
@@ -1856,6 +1777,7 @@ You need root permissions to execute the following steps.
 
             app_protect_policy_file "/etc/app_protect/conf/NginxDefaultPolicy.json";
             app_protect_security_log_enable on;
+            app_protect_security_log "/etc/nginx/custom_log_format.json" syslog:server=127.0.0.1:514;
 
             set $loggable '0';
             access_log /var/log/nginx/access.log log_napd if=$loggable;
@@ -1903,11 +1825,11 @@ You need root permissions to execute the following steps.
     }
     ```
 
-{{< important >}}
+{{< call-out "important" >}}
 Make sure to replace upstream and proxy pass directives in this example with relevant application backend settings.
-{{< /important >}}
+{{< /call-out >}}
 
-5. For the L4 accelerated mitigation feature: <br />
+6. For the L4 accelerated mitigation feature: <br />
    The following line in the `nginx.conf` file needs to be modified:<br />
    Change:
     ```nginx
@@ -1918,29 +1840,7 @@ Make sure to replace upstream and proxy pass directives in this example with rel
    user root;
    ```
 
-5. In the same directory create an `entrypoint.sh` file with executable permissions, with the following content:
-
-   For CentOS 7 / UBI 7:
-
-     ```shell
-     #!/usr/bin/env bash
-    USER=nginx
-    LOGDIR=/var/log/adm
-
-    # prepare environment
-    mkdir -p /var/run/adm /tmp/cores ${LOGDIR}
-    chmod 755 /var/run/adm /tmp/cores ${LOGDIR}
-    chown ${USER}:${USER} /var/run/adm /tmp/cores ${LOGDIR}
-
-    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/rpm/lib64
-    export LD_LIBRARY_PATH
-
-    # run processes
-    /bin/su -s /bin/bash -c "/usr/bin/adminstall > ${LOGDIR}/adminstall.log 2>&1" ${USER}/bin/su -s /bin/bash -c '/opt/app_protect/bin/bd_agent &' ${USER}
-    /bin/su -s /bin/bash -c "/usr/share/ts/bin/bd-socket-plugin tmm_count 4 proc_cpuinfo_cpu_mhz 2000000 total_xml_memory 307200000 total_umu_max_size 3129344 sys_max_account_id 1024 no_static_config 2>&1 > /var/log/app_protect/bd-socket-plugin.log &" ${USER}
-    /usr/sbin/nginx -g 'daemon off;' &
-    /bin/su -s /bin/bash -c "/usr/bin/admd -d --log info > ${LOGDIR}/admd.log 2>&1 &" ${USER}
-    ```
+7. In the same directory create an `entrypoint.sh` file with executable permissions, with the following content:
 
    For Alpine / Debian / Ubuntu / UBI 8/ UBI 9:
 
@@ -1957,204 +1857,219 @@ Make sure to replace upstream and proxy pass directives in this example with rel
     # run processes
     /bin/su -s /bin/bash -c "/usr/bin/adminstall > ${LOGDIR}/adminstall.log 2>&1" ${USER}/bin/su -s /bin/bash -c '/opt/app_protect/bin/bd_agent &' ${USER}
     /bin/su -s /bin/bash -c "/usr/share/ts/bin/bd-socket-plugin tmm_count 4 proc_cpuinfo_cpu_mhz 2000000 total_xml_memory 307200000 total_umu_max_size 3129344 sys_max_account_id 1024 no_static_config 2>&1 > /var/log/app_protect/bd-socket-plugin.log &" ${USER}
-    /usr/sbin/nginx -g 'daemon off;' &
     /bin/su -s /bin/bash -c "/usr/bin/admd -d --log info > ${LOGDIR}/admd.log 2>&1 &" ${USER}
+    /usr/sbin/nginx -g 'daemon off;'
     ```
+  
+8. Create a Docker image:
 
-6. Create a Docker image:
-
-    For CentOS:
+    For Debian/Ubuntu/Alpine/Amazon Linux:
 
     ```shell
-    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
-    ```
+    DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=./license.jwt -t app-protect-dos .    ```
 
     For RHEL:
 
     ```shell
-    docker build --platform linux/amd64 --build-arg RHEL_ORGANIZATION=${RHEL_ORGANIZATION} --build-arg RHEL_ACTIVATION_KEY=${RHEL_ACTIVATION_KEY} --no-cache -t app-protect-dos .
+    DOCKER_BUILDKIT=1 docker build --build-arg RHEL_ORG=... --build-arg RHEL_ACTIVATION_KEY=...  --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=./license.jwt -t app-protect-dos .
     ```
 
-    The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.
+**Notes:**
+    - The `--no-cache` option tells Docker/Podman to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect WAF 4.x. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the cache.
+    - For RHEL:<br>
+    The subscription-manager is disabled when running inside containers based on Red Hat Universal Base images. You will need a registered and subscribed RHEL system.
 
-7. Verify that the `app-protect-dos` image was created successfully with the docker images command:
+9. Verify that the `app-protect-dos` image was created successfully with the docker images command:
 
     ```shell
     docker images app-protect-dos
     ```
 
-8. Create a container based on this image, for example, `my-app-protect-dos` container:
+10. Create a container based on this image, for example, `my-app-protect-dos` container:
 
     ```shell
     docker run --name my-app-protect-dos -p 80:80 -d app-protect-dos
     ```
 
-9. Verify that the `my-app-protect-dos` container is up and running with the `docker ps` command:
+11. Verify that the `my-app-protect-dos` container is up and running with the `docker ps` command:
 
     ```shell
     docker ps
     ```
 
-### Centos 7.4 Docker Deployment Example
+### Alpine Dockerfile example
 
-```Dockerfile
-# For CentOS 7:
-FROM centos:7.4.1708
+```dockerfile
+# syntax=docker/dockerfile:1
+# For Alpine 3.19:
+FROM alpine:3.19
 
-# Download certificate and key from the customer portal (https://my.f5.com)
-# and copy to the build context:
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
+# Download and add the NGINX signing keys:
+RUN wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub && \
+    wget -O /etc/apk/keys/app-protect-security-updates.rsa.pub https://cs.nginx.com/static/keys/app-protect-security-updates.rsa.pub
 
-# Install prerequisite packages:
-RUN yum -y install wget ca-certificates epel-release
+# Add NGINX Plus repository:
+RUN printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
 
-# Add NGINX Plus, NGINX App Protect DoS and NGINX App Protect repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-7.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-7.repo
+# Add NGINX App Protect Waf & Dos repositories:
+RUN printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
+    printf "https://pkgs.nginx.com/app-protect/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
+    printf "https://pkgs.nginx.com/app-protect-security-updates/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
 
-# Install NGINX App Protect DoS and NGINX App Protect:
-RUN yum -y install app-protect-dos app-protect\
-    && yum clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+# Update the repository and install the most recent version of the NGINX App Protect DoS package (which includes NGINX Plus):
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apk update && apk add app-protect app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
 COPY nginx.conf custom_log_format.json /etc/nginx/
-COPY entrypoint.sh  /root/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
 
-CMD /root/entrypoint.sh && tail -f /dev/null
+CMD ["sh", "/root/entrypoint.sh"]
 ```
 
-### RHEL 7.4 Docker Deployment Example
+### Amazon Linux Dockerfile example
 
-```Dockerfile
-# For Red Hat 7.4+:
-FROM registry.access.redhat.com/rhel7:7.4
-
-# Download certificate and key from the customer portal (https://my.f5.com)
-# and copy to the build context:
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-
-# Setup the Red Hat subscription
-RUN subscription-manager register --force --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY}
-RUN subscription-manager refresh
-RUN subscription-manager attach --auto
-
-# Install prerequisite packages
-RUN yum -y install wget ca-certificates
-
-# Install dependencies
-RUN subscription-manager repos --enable rhel-*-optional-rpms \
-                               --enable rhel-*-extras-rpms \
-                               --enable rhel-ha-for-rhel-*-server-rpms
-RUN yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-
-# Add NGINX Plus, NGINX App Protect DoS and NGINX App Protect repo to Yum:
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-dos-7.repo
-RUN wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-7.repo
-
-# Install NGINX App Protect DoS and NGINX App Protect:
-RUN yum -y install app-protect-dos app-protect\
-    && yum clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /etc/ssl/nginx
+```dockerfile
+# syntax=docker/dockerfile:1
+FROM amazonlinux:2023
+
+# Install prerequisite packages:
+RUN dnf -y install ca-certificates
+
+# Add NGINX/NAP WAF/NAP DOS repositories:
+RUN curl -o /etc/yum.repos.d/plus-amazonlinux2023.repo https://cs.nginx.com/static/files/plus-amazonlinux2023.repo && \
+    curl -o /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-dos-amazonlinux2023.repo && \
+    curl -o /etc/yum.repos.d/app-protect-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-amazonlinux2023.repo && \
+    curl -o /etc/yum.repos.d/dependencies.amazonlinux2023.repo https://cs.nginx.com/static/files/dependencies.amazonlinux2023.repo
+
+# Install NGINX App Protect WAF:
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    dnf -y install app-protect app-protect-dos  && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    rm /etc/yum.repos.d/plus-amazonlinux2023.repo && \
+    rm /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf && \
+    rm -rf /var/cache/yum
+
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
 COPY nginx.conf custom_log_format.json /etc/nginx/
-COPY entrypoint.sh  /root/
-
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-### Debian 10 (Buster) / Debian 11 (Bullseye)  / Debian 12 (Bookworm) Docker Deployment Example
+EXPOSE 80
 
-```Dockerfile
+STOPSIGNAL SIGQUIT
 
-ARG OS_CODENAME
-# Where OS_CODENAME can be: buster/bullseye/bookworm
+CMD ["sh", "/root/entrypoint.sh"]
+```
 
-FROM debian:${OS_CODENAME}
+### Debian Docker Deployment Example
 
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
+```Dockerfile
+# Where verionn can be: bullseye/bookworm
+FROM debian:bullseye
 
 # Install prerequisite packages:
-RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
-
-# Download and add the NGINX signing key:
-RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring && \
+    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 
 # Add NGINX Plus, NGINX App Protect and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
+RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
 
 # Download the apt configuration to `/etc/apt/apt.conf.d`:
 RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
 
-# Update the repository and install the most recent version of the NGINX App Protect DoS and NGINX App Protect package (which includes NGINX Plus):
-RUN apt-get update && apt-get install -y app-protect-dos app-protect
+# Install Nginx App Protect Dos
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list  && \
+    rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
 
-# Remove nginx repository key/cert from docker
-RUN rm -rf /etc/ssl/nginx
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
-# Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
-COPY entrypoint.sh  /root/
-
-CMD /root/entrypoint.sh && tail -f /dev/null
-```
-
-### Ubuntu 18.04 (Bionic) / 20.04 (Focal) / 22.04 (Jammy) / 24.04 (Noble)  Docker Deployment Example
+COPY nginx.conf /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-```Dockerfile
+EXPOSE 80
 
-ARG OS_CODENAME
-# Where OS_CODENAME can be: bionic/focal/jammy/noble
+STOPSIGNAL SIGQUIT
 
-FROM ubuntu:${OS_CODENAME}
+CMD ["sh", "/root/entrypoint.sh"]
+```
 
-ARG DEBIAN_FRONTEND=noninteractive
+### Ubuntu Docker Deployment Example
 
-# Download certificate, key, and JWT license from the customer portal (https://my.f5.com)
-# and copy to the build context:
-RUN mkdir -p /etc/ssl/nginx/
-RUN mkdir -p /etc/nginx/
-COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/
-COPY nginx-repo.crt license.jwt /etc/nginx/
+```Dockerfile
+# Where version can be:jammy/noble
+FROM ubuntu:noble
 
 # Install prerequisite packages:
-RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
-
-# Download and add the NGINX signing key:
-RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring && \
+    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 
 # Add NGINX Plus, NGINX App Protect and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
+RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
 
 # Download the apt configuration to `/etc/apt/apt.conf.d`:
 RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
 
-# Update the repository and install the most recent version of the NGINX App Protect DoS and NGINX App Protect package (which includes NGINX Plus):
-RUN apt-get update && apt-get install -y app-protect-dos app-protect
+# Install Nginx App Protect Dos
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
+    cat license.jwt > /etc/nginx/license.jwt && \
+    apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list  && \
+    rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
 
-# Remove nginx repository key/cert from docker
-RUN rm -rf /etc/ssl/nginx
+# Forward request logs to Docker log collector:
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
 
-# Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf /etc/nginx/
 COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
 
-CMD /root/entrypoint.sh && tail -f /dev/null
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
 ```
 
 ## NGINX App Protect DoS Arbitrator
diff --git a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md
index f1cca1a75..3f2635b52 100644
--- a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md
+++ b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md
@@ -153,12 +153,12 @@ Monitor directive has four arguments - **uri**, **protocol**, **timeout** and **
 - **URI** - The URI of the Protected Object as defined in the `nginx.conf`. This must point to a location block that proxies traffic to the backend (upstream) to ensure accurate monitoring.<br>
   Format: **scheme://server_name:port/location**.
 
-  {{< note >}}For gRPC, the URI must specify a valid gRPC method (for example, /RouteGuide/GetFeature).<br>
-  The health check is not a true gRPC client, so its requests do not conform to the gRPC wire protocol. As a result, the backend responds with grpc-status: 12 (UNIMPLEMENTED), which is expected and treated as a successful health check. Regular gRPC client traffic is unaffected by this behavior.{{< /note >}}
+  {{< call-out "note" >}}For gRPC, the URI must specify a valid gRPC method (for example, /RouteGuide/GetFeature).<br>
+  The health check is not a true gRPC client, so its requests do not conform to the gRPC wire protocol. As a result, the backend responds with grpc-status: 12 (UNIMPLEMENTED), which is expected and treated as a successful health check. Regular gRPC client traffic is unaffected by this behavior.{{< /call-out >}}
 
 - **Protocol** -  determines the protocol type of the service. Options are `http1 / http2 / grpc / websocket`.<br>Default: `http1`.<br>
 
-  {{< note >}}HTTP2 and gRPC are supported from NGINX App Protect DoS v2, while WebSocket is supported from NGINX App Protect DoS v4. {{< /note >}}
+  {{< call-out "note" >}}HTTP2 and gRPC are supported from NGINX App Protect DoS v2, while WebSocket is supported from NGINX App Protect DoS v4. {{< /call-out >}}
 
 - **Timeout** - determines how long (in seconds) should NGINX App Protect DoS wait for a response. <br>Default: 10 seconds for `http1/http2/websocket` and 5 seconds for `grpc`.<br>
 
@@ -167,7 +167,7 @@ Monitor directive has four arguments - **uri**, **protocol**, **timeout** and **
   <br>Format is **proxy_protocol | proxy_protocol=on**.<br>
   Default: off.<br>
 
-  {{< note >}}The proxy_protocol is supported from NGINX App Protect DoS v3.1. {{< /note >}}
+  {{< call-out "note" >}}The proxy_protocol is supported from NGINX App Protect DoS v3.1. {{< /call-out >}}
 
 
 #### For Older Versions (NGINX App Protect DoS v1)
@@ -190,7 +190,7 @@ location / {
 }
 ```
 
-{{< note >}}For NGINX App Protect DoS v1, use: app_protect_dos_monitor <http://serv:80/>; {{< /note >}}
+{{< call-out "note" >}}For NGINX App Protect DoS v1, use: app_protect_dos_monitor <http://serv:80/>; {{< /call-out >}}
 
 2. HTTP/2 Over SSL
 
@@ -279,11 +279,11 @@ Second argument is the destination (the location which the events will be sent t
 
 Implemented according to: [NGINX App Protect DoS Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}})
 
-   {{< note >}}
+   {{< call-out "note" >}}
 
 - When using stderr, make sure that the process `admd` is not redirecting the stderr output to file.
 - When using the Docker `entrypoint.sh` startup script from the admin guide, make sure that it doesn’t redirect stderr.
-   {{< /note >}}
+   {{< /call-out >}}
 
 
 **Examples:**
@@ -330,9 +330,9 @@ This directive has 3 arguments.
 
 {{</bootstrap-table>}}
 
-   {{< note >}}
+   {{< call-out "note" >}}
 Second and Third arguments are optional; if one or more is not written, the default will take place.
-   {{< /note >}}
+   {{< /call-out >}}
 
 If liveness is enabled, a request with URI and PORT that matches the probe configuration (i.e. `/app_protect_dos_liveness:8090`) will be answered with RC 200 "Alive" by our NGINX module, without being counted or pass to other handlers nor the backend server.
 
@@ -357,9 +357,9 @@ This directive has 3 arguments.
 {{</bootstrap-table>}}
 
 
-   {{< note >}}
+   {{< call-out "note" >}}
 Second and Third arguments are optional; if one or more is not written, the default will take place.
-   {{< /note >}}
+   {{< /call-out >}}
 
 If readiness is enabled, a request with URI and PORT that matches the probe configuration (i.e. `/app_protect_dos_readiness:8090`) will be answered with RC 200 "Ready" or RC 503 "Not Ready" by our NGINX module, without being counted or pass to other handlers nor the backend server.
 
@@ -435,12 +435,12 @@ In syn_drop mode, the SYN packet of detected bad actors will be dropped.
 syn_drop mode is recommended for the deployments of NGINX App Protect DoS at the perimeter network or behind L3 load balancer.
 Using this mode when NGINX App Protect DoS is deployed behind L4/L7 load balancer may result in the load balancer’s starvation during an attack.
 
-{{< note >}}
+{{< call-out "note" >}}
 To use this directive you need to install the eBPF package.
 
 For more information about eBPF, you can read the [Accelerating DDoS Mitigation with eBPF in F5 NGINX App Protect DoS](https://www.f5.com/company/blog/nginx/accelerating-ddos-mitigation-with-ebpf-in-f5-nginx-app-protect-dos) article.
 
-{{< /note >}}
+{{< /call-out >}}
 
 **Example:**
 
diff --git a/content/nap-dos/monitoring/access-log.md b/content/nap-dos/monitoring/access-log.md
index 296155491..0efcb3fb0 100644
--- a/content/nap-dos/monitoring/access-log.md
+++ b/content/nap-dos/monitoring/access-log.md
@@ -35,9 +35,9 @@ These are the variables added to Access Log. They are a subset of the Security l
 
 {{</bootstrap-table>}}
 
-   {{< note >}}
+   {{< call-out "note" >}}
 Many of the other Security log attributes that are not included here have exact or similar parallels among the NGINX variables also available for access log. For example, `$request` is parallel to the `request` security log attribute. See the full list of [NGINX variables](https://nginx.org/en/docs/http/ngx_http_log_module.html).
-   {{< /note >}}
+   {{< /call-out >}}
 
 
 ## Logging Rate Limit - mandatory configuration
diff --git a/content/nap-dos/monitoring/types-of-logs.md b/content/nap-dos/monitoring/types-of-logs.md
index 0d6cc61ea..865adafd7 100644
--- a/content/nap-dos/monitoring/types-of-logs.md
+++ b/content/nap-dos/monitoring/types-of-logs.md
@@ -15,9 +15,9 @@ There are 4 types of logs corresponding to App Protect DoS:
 - [Debug Logs](#debug-log): Technical messages at different levels of severity used to debug and resolve incidents and error behaviors.
 - [Request Logging](#request-log): F5 NGINX App Protect DoS adds information to each request logged to NGINX's access logging mechanism.
 
-{{% note %}}
+{{< call-out "note" >}}
 NGINX does not have audit logs in the sense of *"**who** did **what**"*. This can be done either from the orchestration system controlling NGINX (such as NGINX Controller) or by tracking the configuration files and the systemd invocations using Linux tools.
-{{% /note %}}
+{{< /call-out >}}
 
  {{<bootstrap-table "table table-bordered table-striped table-responsive table-sm">}}
 
@@ -61,9 +61,9 @@ In order to change the log level at run time, the following command can be calle
 admd -l DEBUG_LEVEL
 ```
 
-{{% note %}}
+{{< call-out "note" >}}
 `nginx.conf` does not refer to the NGINX App Protect DoS debug log configuration neither directly nor indirectly.
-{{% /note %}}
+{{< /call-out >}}
 
 ## NGINX Error log
 
diff --git a/content/nap-dos/releases/about-4.7.md b/content/nap-dos/releases/about-4.7.md
new file mode 100644
index 000000000..77e7f2e9a
--- /dev/null
+++ b/content/nap-dos/releases/about-4.7.md
@@ -0,0 +1,37 @@
+---
+title: NGINX App Protect DoS 4.7
+toc: true
+weight: 50
+nd-docs: DOCS-1783
+---
+
+Here you can find the release information for F5 NGINX App Protect DoS v4.7
+
+NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications.
+
+## Release 4.7
+
+August 13, 2025
+
+### New features
+
+- R35 support
+- Add support for Alpine 3.21
+- Add support for Rocky 9
+- Remove support for Ubuntu 20.04 (EOL)
+- Bugs fixing 
+
+### Supported packages
+
+| Distribution name        | Package file                                         |
+|--------------------------|------------------------------------------------------|
+| Alpine 3.19              | _app-protect-dos-35+4.7.3-r1.apk_                    |
+| Alpine 3.21              | _app-protect-dos-35+4.7.3-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-dos-35+4.7.3-1.amzn2023.ngx.x86_64.rpm_ |
+| RHEL 8 and Rocky Linux 8 | _app-protect-dos-35+4.7.3-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-dos-35+4.7.3-1.el9.ngx.x86_64.rpm_      |
+| Debian 11                | _app-protect-dos_35+4.7.3-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-dos_35+4.7.3-1\~bookworm_amd64.deb_     |
+| Ubuntu 22.04             | _app-protect-dos_35+4.7.3-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-dos_35+4.7.3-1\~noble_amd64.deb_        |
+| NGINX Plus               | _NGINX Plus R35_                                     |
diff --git a/content/nap-waf/_index.md b/content/nap-waf/_index.md
index 464ae344d..cb5c35d15 100644
--- a/content/nap-waf/_index.md
+++ b/content/nap-waf/_index.md
@@ -1,9 +1,41 @@
 ---
-description: Modern app security solution that works seamlessly in DevOps environments.
+# The title is the product name
 title: F5 NGINX App Protect WAF
-weight: 100
+# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
 url: /nginx-app-protect-waf/
+# The cascade directive applies its nested parameters down the page tree until overwritten
 cascade:
+  # The logo file is resolved from the theme, in the folder /static/images/icons/
   logo: NGINX-App-Protect-WAF-product-icon.svg
+# The subtitle displays directly underneath the heading of a given page
+nd-subtitle:  Secure, automate, and scale modern apps and APIs with a platform-agnostic WAF 
+# Indicates that this is a custom landing page
+nd-landing-page: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: landing-page
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
 ---
 
+## About
+
+Defend your applications and APIs with a software security solution that seamlessly integrates into DevOps environments as a lightweight web application firewall (WAF), layer 7 denial-of-service (DoS) protection, bot protection, API security, and threat intelligence services. F5 NGINX App Protect delivers consistent protection across distributed architectures and hybrid environments.
+
+## Featured content
+[//]: # "You can add a maximum of three cards: any extra will not display."
+[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
+[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
+
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Administration Guide" titleUrl="/nginx-app-protect-waf/v5/admin-guide/overview/">}}
+    Read the use cases and technical specifications for NGINX App Protect WAF
+  {{</card>}}
+  {{<card title="Installing NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf/v5/admin-guide/install/">}}
+    Install NGINX App Protect WAF in a virtual environment
+  {{</card>}}
+  {{<card title="Releases" titleUrl="/nginx-app-protect-waf/v5/releases/" icon="clock-alert">}}
+    Review the latest changes to NGINX App Protect WAF
+  {{</card>}}
+{{</card-section>}}
diff --git a/content/nap-waf/v4/admin-guide/install.md b/content/nap-waf/v4/admin-guide/install.md
index 67cfa0518..5f3b342ed 100644
--- a/content/nap-waf/v4/admin-guide/install.md
+++ b/content/nap-waf/v4/admin-guide/install.md
@@ -236,7 +236,7 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
 
 
@@ -374,7 +374,7 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
 ## Debian Installation
 
@@ -407,7 +407,7 @@ If a user other than **nginx** is to be used, note the following:
     sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2
     ```
 
-    {{< note >}} In case the apt installation or database update fails due to release info change, run the below command before you install. {{< /note >}}
+    {{< call-out "note" >}} In case the apt installation or database update fails due to release info change, run the below command before you install. {{< /call-out >}}
 
     ```shell
     sudo apt-get update --allow-releaseinfo-change
@@ -471,7 +471,7 @@ If a user other than **nginx** is to be used, note the following:
     sudo apt-cache policy app-protect
     ```
 
-    {{< note >}} When installing an older version of NGINX App Protect WAF, the dependent packages have to be installed manually, as shown in the command above. The following script can be used to find out the dependent packages for a specific version of NGINX App Protect WAF.{{< /note >}}
+    {{< call-out "note" >}} When installing an older version of NGINX App Protect WAF, the dependent packages have to be installed manually, as shown in the command above. The following script can be used to find out the dependent packages for a specific version of NGINX App Protect WAF.{{< /call-out >}}
 
     ```shell
     findDeps () { local pkgs=$(apt show $1 2>/dev/null | grep Depends: | grep -oE "(nginx-plus-module|app-protect)-[a-z]+ *\(= *[0-9\+\.-]+~`lsb_release -cs`\)" | tr -d ' ()'); for p in ${pkgs[@]}; do echo $p; findDeps $p; done; }
@@ -535,10 +535,10 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
-{{< warning >}} Debian enables **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
-{{< /warning >}}
+{{< call-out "warning" >}} Debian enables **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
+{{< /call-out >}}
 
 ## Oracle Linux / RHEL 8.1+ Installation
 
@@ -678,7 +678,7 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
     ---
 
@@ -820,7 +820,7 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
    ---
 
@@ -926,7 +926,7 @@ If a user other than **nginx** is to be used, note the following:
     <br>
     <br>
 
-    {{< note >}} When installing an older version of NGINX App Protect WAF, the dependent packages have to be installed manually, as shown in the command above. The following script can be used to find out the dependent packages for a specific version of NGINX App Protect WAF.{{< /note >}}
+    {{< call-out "note" >}} When installing an older version of NGINX App Protect WAF, the dependent packages have to be installed manually, as shown in the command above. The following script can be used to find out the dependent packages for a specific version of NGINX App Protect WAF.{{< /call-out >}}
 
     ```shell
     findDeps () { local pkgs=$(apt show $1 2>/dev/null | grep Depends: | grep -oE "(nginx-plus-module|app-protect)-[a-z]+ *\(= *[0-9\+\.-]+~`lsb_release -cs`\)" | tr -d ' ()'); for p in ${pkgs[@]}; do echo $p; findDeps $p; done; }
@@ -977,10 +977,10 @@ If a user other than **nginx** is to be used, note the following:
 
     Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}})  command to make changes take effect
 
-    {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}}
+    {{< call-out "note" >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /call-out >}}
 
-{{< note >}} Ubuntu 20.04 / Ubuntu 22.04 / Ubuntu 24.04 activates **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
-{{< /note >}}
+{{< call-out "note" >}} Ubuntu 20.04 / Ubuntu 22.04 / Ubuntu 24.04 activates **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
+{{< /call-out >}}
 
 ## Docker Deployments
 
@@ -1060,7 +1060,7 @@ If a user other than **nginx** is to be used, note the following:
     }
     ```
 
-    {{< important >}}Make sure to replace upstream and proxy pass directives in this example with relevant application backend settings.{{< /important >}}
+    {{< call-out "important" >}}Make sure to replace upstream and proxy pass directives in this example with relevant application backend settings.{{< /call-out >}}
 6. In the same directory create an `entrypoint.sh` file with the following content:
 
     ```shell
@@ -1363,7 +1363,7 @@ RUN dnf config-manager --set-enabled crb \
 # Install NGINX App Protect WAF:
 RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
-    dnf install --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms -y app-protect \
+    dnf install -y app-protect \
     && dnf clean all \
     && rm -rf /var/cache/dnf
 
@@ -2038,7 +2038,7 @@ The way to achieve the goal of better protection will use the package dependency
 
 In case the user has an older version of NGINX App Protect WAF and never installed the Attack Signatures package, upgrading NGINX App Protect WAF will install the latest Attack Signatures. However, if they have installed Attack Signatures package previously at any point in time, NGINX App Protect WAF will not install the latest Attack Signatures.
 
-{{< note >}}The user can upgrade or downgrade the Attack Signatures regardless of the installed version of NGINX App Protect WAF.{{< /note >}}
+{{< call-out "note" >}}The user can upgrade or downgrade the Attack Signatures regardless of the installed version of NGINX App Protect WAF.{{< /call-out >}}
 
 ### Attack Signatures Package
 The attack signature package is named: app-protect-attack-signatures-2022.08.04. The version number for this package reflects the date the package was released. The format is: _YYYY.MM.DD_ where:
@@ -2270,7 +2270,7 @@ The way to achieve the goal of better protection will use the package dependency
 
 In case the user has an older version of NGINX App Protect WAF and never installed the Threat Campaigns package, upgrading NGINX App Protect will install the latest Threat Campaigns. However, if they have installed Threat Campaigns package previously at any point in time, NGINX App Protect WAF will not install the latest Threat Campaigns.
 
-{{< note >}}The user can upgrade or downgrade the Threat Campaigns regardless of the installed version of NGINX App Protect WAF.{{< /note >}}
+{{< call-out "note" >}}The user can upgrade or downgrade the Threat Campaigns regardless of the installed version of NGINX App Protect WAF.{{< /call-out >}}
 
 ### Installing Threat Campaigns Update
 
diff --git a/content/nap-waf/v4/configuration-guide/configuration.md b/content/nap-waf/v4/configuration-guide/configuration.md
index a98931787..3ade043c4 100644
--- a/content/nap-waf/v4/configuration-guide/configuration.md
+++ b/content/nap-waf/v4/configuration-guide/configuration.md
@@ -14,9 +14,9 @@ This guide explains the F5 NGINX App Protect WAF security features and how to us
 
 For more information on the NGINX App Protect WAF security features, see [NGINX App Protect WAF Terminology](#nginx-app-protect-waf-terminology).
 
-{{< important >}}
+{{< call-out "important" >}}
 When configuring NGINX App Protect WAF, `app_protect_enable` should always be enabled in a `proxy_pass` location. If configuration returns static content, the user must add a location which enables App Protect, and proxies the request via `proxy_pass` to the internal static content location. An example can be found in [Configure Static Location](#configure-static-location).
-{{< /important >}}
+{{< /call-out >}}
 
 ## Supported Security Policy Features
 
@@ -79,7 +79,7 @@ See [signature sets](#signature-sets) for configuring the signature sets include
 
 The NGINX App Protect WAF security policy configuration uses the declarative format based on a pre-defined base template. The policy is represented in a JSON file which you can edit to add, modify and remove security capabilities with respect to the base template. The way the policy is integrated into the NGINX configuration is via referencing the JSON file (using the full path) in the `nginx.conf` file.
 
-{{< note >}}NGINX App Protect WAF provides a [JSON Schema](https://json-schema.org/) which can be used to validate a JSON policy file to ensure file format compliance. The schema file can be generated using a script once NGINX App Protect WAF is installed: `sudo /opt/app_protect/bin/generate_json_schema.pl`. This script will output the schema to a file named `policy.json` into the current working directory. Once the schema file is generated, you can use validation tools such as [AJV](https://ajv.js.org/standalone.html) to validate a JSON policy file.{{< /note >}}
+{{< call-out "note" >}}NGINX App Protect WAF provides a [JSON Schema](https://json-schema.org/) which can be used to validate a JSON policy file to ensure file format compliance. The schema file can be generated using a script once NGINX App Protect WAF is installed: `sudo /opt/app_protect/bin/generate_json_schema.pl`. This script will output the schema to a file named `policy.json` into the current working directory. Once the schema file is generated, you can use validation tools such as [AJV](https://ajv.js.org/standalone.html) to validate a JSON policy file.{{< /call-out >}}
 
 In the following example, the NGINX configuration file with App Protect enabled in the HTTP context and the policy /etc/app_protect/conf/NginxDefaultPolicy.json is used:
 
@@ -270,8 +270,8 @@ http {
 
 apreload events use the same format as the current operation log events written in the NGINX error log, namely: `configuration_load_success` or `configuration_load_failure` with the details in JSON format. Refer to the [Operation logs]({{< ref "/nap-waf/v4/logging-overview/operation-logs.md" >}}) for more details.
 
-{{< note >}}
-Note that if any of the configuration files are invalid, apreload will discover that and return the proper error message in the `configuration_load_failure` event. The Enforcer continues to run with the previous configuration.{{< /note >}}
+{{< call-out "note" >}}
+Note that if any of the configuration files are invalid, apreload will discover that and return the proper error message in the `configuration_load_failure` event. The Enforcer continues to run with the previous configuration.{{< /call-out >}}
 
 ### Modification to nginx.conf file and App Protect Configurations
 
@@ -339,7 +339,7 @@ An OpenAPI-ready policy template is provided with the NGINX App Protect WAF pack
 
 It contains violations related to OpenAPI set to blocking (enforced).
 
-{{< note >}} NGINX App Protect WAF supports only one OpenAPI Specification file reference per policy.{{< /note >}}
+{{< call-out "note" >}} NGINX App Protect WAF supports only one OpenAPI Specification file reference per policy.{{< /call-out >}}
 
 ### Types of OpenAPI References
 
@@ -435,7 +435,7 @@ It contains violations related to OpenAPI set to blocking (enforced).
 
 {{< include "/nap-waf/concept/graphql-profile.md" >}}
 
-{{< note >}} For GraphQL profile default values and GraphQL violations reference, see NGINX App Protect WAF [Declarative Policy guide.]({{< ref "/nap-waf/v4/declarative-policy/policy.md" >}})  {{< /note >}}
+{{< call-out "note" >}} For GraphQL profile default values and GraphQL violations reference, see NGINX App Protect WAF [Declarative Policy guide.]({{< ref "/nap-waf/v4/declarative-policy/policy.md" >}})  {{< /call-out >}}
 
 ### Define URL settings
 {{< include "nap-waf/config/common/graphql-define-url-settings.md" >}}
@@ -509,7 +509,7 @@ For the full reference of Override Rules condition syntax and usage see the NGIN
 
 NGINX App Protect WAF introduces a new policy entity known as "**access profile**" to authenticate JSON Web Token. Access Profile is added to the app protect policy to enforce JWT settings. JSON Web Token needs to be applied to the URLs for enforcement and includes the actions to be taken with respect to access tokens. It is specifically associated with HTTP URLs and does not have any predefined default profiles.
 
-{{< note >}}At present, only one access profile is supported within the App Protect policy. However, the JSON schema for the policy will be designed to accommodate multiple profiles in the future.{{< /note >}}
+{{< call-out "note" >}}At present, only one access profile is supported within the App Protect policy. However, the JSON schema for the policy will be designed to accommodate multiple profiles in the future.{{< /call-out >}}
 
 The access profile includes:
 
@@ -574,7 +574,7 @@ Refer to the following example where all access profile properties are configure
 }
 ```
 
-{{< note >}} For access profile default values and their related field names, see NGINX App Protect WAF [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy.md" >}}). {{< /note >}}
+{{< call-out "note" >}} For access profile default values and their related field names, see NGINX App Protect WAF [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy.md" >}}). {{< /call-out >}}
 
 #### Access Profile in URL Settings
 
@@ -717,7 +717,7 @@ A login page specifies the login URL that users must pass through to get authent
         ]
 ```
 
-{{< note >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy/#policy/login-pages" >}}). {{< /note >}}
+{{< call-out "note" >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy/#policy/login-pages" >}}). {{< /call-out >}}
 
 ---
 ### Brute force prevention example
@@ -831,7 +831,7 @@ The following example adds all three of the pieces for a complete example policy
 }
 ```
 
-{{< note >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy/#policy/brute-force-attack-preventions" >}}). {{< /note >}}
+{{< call-out "note" >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v4/declarative-policy/policy/#policy/brute-force-attack-preventions" >}}). {{< /call-out >}}
 
 ## Custom Dimensions Log Entries
 
@@ -1010,7 +1010,7 @@ The Policy Converter tool `/opt/app_protect/bin/convert-policy` is used for conv
 
 Elements in the XML policy that are not supported in the NGINX App Protect WAF environment will generate warnings. Note that any configuration that is invalid or irrelevant to the NGINX App Protect WAF environment is removed from the exported declarative policy.
 
-{{< note >}} All NGINX App Protect WAF versions support converting XML policies exported from BIG-IP regardless of any version. If the source XML policy has not changed from when it was in use on BIG-IP, then it's always a good idea to convert it with the Policy Converter tool included with the version of NGINX App Protect WAF you are using. This way, as more configuration items from BIG-IP become supported in NGINX App Protect WAF, they will be included in the converted policy. A policy that was converted will work on the same or greater NGINX App Protect WAF version it originally came from.{{< /note >}}
+{{< call-out "note" >}} All NGINX App Protect WAF versions support converting XML policies exported from BIG-IP regardless of any version. If the source XML policy has not changed from when it was in use on BIG-IP, then it's always a good idea to convert it with the Policy Converter tool included with the version of NGINX App Protect WAF you are using. This way, as more configuration items from BIG-IP become supported in NGINX App Protect WAF, they will be included in the converted policy. A policy that was converted will work on the same or greater NGINX App Protect WAF version it originally came from.{{< /call-out >}}
 
 The Policy Converter tool has options to include the following elements in a full export:
 - Elements that are the same as the default template policy. (Invalid elements are removed, but no warnings reported.)
diff --git a/content/nap-waf/v4/logging-overview/logs-overview.md b/content/nap-waf/v4/logging-overview/logs-overview.md
index 1ad2fd13d..5067a13c8 100644
--- a/content/nap-waf/v4/logging-overview/logs-overview.md
+++ b/content/nap-waf/v4/logging-overview/logs-overview.md
@@ -86,4 +86,4 @@ In `/etc/nginx/nginx.conf`:
   app_protect_security_log "/opt/app_protect/share/defaults/log_illegal.json" /var/log/app_protect/security.log;
   ```
 
-{{< note >}} The log rotation policy is provided as a default policy. Users can customize to adapt to their need. {{< /note >}}
+{{< call-out "note" >}} The log rotation policy is provided as a default policy. Users can customize to adapt to their need. {{< /call-out >}}
diff --git a/content/nap-waf/v4/releases/about-4.10.md b/content/nap-waf/v4/releases/about-4.10.md
index 7bdd5c45c..b94080368 100644
--- a/content/nap-waf/v4/releases/about-4.10.md
+++ b/content/nap-waf/v4/releases/about-4.10.md
@@ -9,9 +9,9 @@ nd-docs: DOCS-1787
 
 May 29, 2024
 
-{{< note >}}
+{{< call-out "note" >}}
 Release 4.8.1 cannot be upgraded to v4.10.  You must uninstall 4.8.1 and install 4.10.  Upgrade is supported for versions prior to 4.8.1.
-{{< /note >}}
+{{< /call-out >}}
 
 ### New Features
 
diff --git a/content/nap-waf/v4/releases/about-4.11.md b/content/nap-waf/v4/releases/about-4.11.md
index daf3c93ad..3c42f77f5 100644
--- a/content/nap-waf/v4/releases/about-4.11.md
+++ b/content/nap-waf/v4/releases/about-4.11.md
@@ -9,9 +9,9 @@ nd-docs: DOCS-1786
 
 September 25, 2024
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Release 4.8.1 cannot be upgraded to v4.11. You must uninstall 4.8.1 and install 4.11. Upgrade is supported for versions prior to 4.8.1.
-{{< /warning >}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nap-waf/v4/releases/about-4.16.md b/content/nap-waf/v4/releases/about-4.16.md
new file mode 100644
index 000000000..28a4ed564
--- /dev/null
+++ b/content/nap-waf/v4/releases/about-4.16.md
@@ -0,0 +1,27 @@
+---
+title: NGINX App Protect WAF 4.16
+weight: 70
+toc: true
+nd-content-type: reference
+nd-product: NAP-WAF
+---
+
+August 13th, 2025
+
+## New features
+
+- Added support for NGINX Plus R35
+
+## Supported packages
+
+| Distribution name        | Package file                                       |
+|--------------------------|----------------------------------------------------|
+| Alpine 3.19              | _app-protect-35.5.498.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-35+5.498.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect_35+5.498.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect_35+5.498.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect_35+5.498.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect_35+5.498.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-35+5.498.0-1.el9.ngx.x86_64.rpm_      |
diff --git a/content/nap-waf/v4/releases/about-4.9.md b/content/nap-waf/v4/releases/about-4.9.md
index aeb44e88d..b2be97069 100644
--- a/content/nap-waf/v4/releases/about-4.9.md
+++ b/content/nap-waf/v4/releases/about-4.9.md
@@ -9,9 +9,9 @@ nd-docs: DOCS-1478
 
 April 18, 2024
 
-{{< note >}}
+{{< call-out "note" >}}
 Release 4.8.1 cannot be upgraded to v4.9.  You must uninstall 4.8.1 and install 4.9.  Upgrade is supported for versions prior to 4.8.1.
-{{< /note >}}
+{{< /call-out >}}
 
 ### New Features
 
diff --git a/content/nap-waf/v5/admin-guide/compiler.md b/content/nap-waf/v5/admin-guide/compiler.md
index 0e1a3564c..9d4254837 100644
--- a/content/nap-waf/v5/admin-guide/compiler.md
+++ b/content/nap-waf/v5/admin-guide/compiler.md
@@ -19,9 +19,9 @@ The F5 NGINX App Protect WAF v5 Compiler is a tool that compiles security polici
 
 ## Building Compiler Image
 
-{{< important >}}
+{{< call-out "important" >}}
 To ensure you are using the latest security updates, it is recommended to regularly rebuild your compiler image with the latest signature packages and recompile security policies.
-{{< /important >}}
+{{< /call-out >}}
 
 1. Download Certificates
 
@@ -73,7 +73,7 @@ To ensure you are using the latest security updates, it is recommended to regula
     # non-root default user (UID 101)
     USER nginx
     ```
-{{< note >}}The user can upgrade or downgrade one of the Signatures by specifying a specific version, for example: app-protect-attack-signatures-2020.04.30.{{< /note >}}
+{{< call-out "note" >}}The user can upgrade or downgrade one of the Signatures by specifying a specific version, for example: app-protect-attack-signatures-2020.04.30.{{< /call-out >}}
 
 You can use the Docker registry API to list the available image tags.
 Replace `<path-to-your-nginx-repo.key>` with the location of your client key and `<path-to-your-nginx-repo.crt>` with the location of your client certificate. The optional `jq` command is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
@@ -104,9 +104,9 @@ curl -s https://private-registry.nginx.com/v2/nap/waf-compiler/tags/list --key <
     -t waf-compiler-<version-tag>:custom .
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Never upload your NGINX App Protect WAF images to a public container registry such as Docker Hub. Doing so violates your license agreement.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Usage
 
@@ -118,11 +118,11 @@ Make sure that input files are accessible to UID 101.
 
 To compile a security policy from a JSON file and create a policy bundle, execute the following command:
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 Ensure that the output directory is writable, otherwise you may encounter a permission denied error.
 
-{{< /warning >}}
+{{< /call-out >}}
 
 ```shell
 docker run --rm \
@@ -259,9 +259,9 @@ The Policy Converter tool is used for converting XML formatted ASM and Advanced
 
 Elements in the XML policy that are not supported in the NGINX App Protect WAF environment will generate warnings. Note that any configuration that is invalid or irrelevant to the NGINX App Protect WAF environment is removed from the exported declarative policy.
 
-{{< note >}}
+{{< call-out "note" >}}
 All NGINX App Protect WAF versions support converting XML policies exported from BIG-IP regardless of any version. If the source XML policy has not changed from when it was in use on BIG-IP, then it's always a good idea to convert it with the Policy Converter tool included with the version of NGINX App Protect WAF you are using. This way, as more configuration items from BIG-IP become supported in NGINX App Protect WAF, they will be included in the converted policy. A policy that was converted will work on the same or greater NGINX App Protect WAF version it originally came from.
-{{< /note >}}
+{{< /call-out >}}
 
 The Policy Converter tool has options to include the following elements in a full export:
 
diff --git a/content/nap-waf/v5/admin-guide/deploy-on-docker.md b/content/nap-waf/v5/admin-guide/deploy-on-docker.md
index a135e5a5f..6c5af3cf4 100644
--- a/content/nap-waf/v5/admin-guide/deploy-on-docker.md
+++ b/content/nap-waf/v5/admin-guide/deploy-on-docker.md
@@ -365,8 +365,8 @@ volumes:
 
 To secure traffic between NGINX and App Protect Enforcer using mTLS, create a `docker-compose.yml` with the following configuration:
 
-{{< note >}} Refer to the [Configuration Guide]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#secure-traffic-between-nginx-and-app-protect-enforcer-using-mtls" >}}) to generate certificates and modify the `nginx.conf` for mTLS.
-{{< /note >}}
+{{< call-out "note" >}} Refer to the [Configuration Guide]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#secure-traffic-between-nginx-and-app-protect-enforcer-using-mtls" >}}) to generate certificates and modify the `nginx.conf` for mTLS.
+{{< /call-out >}}
 
 ```yaml
 services:
diff --git a/content/nap-waf/v5/admin-guide/install.md b/content/nap-waf/v5/admin-guide/install.md
index b6263a507..252b11f17 100644
--- a/content/nap-waf/v5/admin-guide/install.md
+++ b/content/nap-waf/v5/admin-guide/install.md
@@ -28,9 +28,9 @@ sudo cp -a /var/log/nginx /var/log/nginx-plus-backup
 
 1. Follow the steps below for the operating system you are working with.
 
-{{< note >}}
+{{< call-out "note" >}}
 If not already installed, `nginx` or `nginx-plus` will be installed automatically as a dependency.
-{{< /note >}}
+{{< /call-out >}}
 
 
 ### Common Steps for NGINX Open Source and NGINX Plus
@@ -173,7 +173,7 @@ Download the NGINX Plus repository file [nginx-plus-8.repo](https://cs.nginx.com
 sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
 ```
 
-{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md" >}}
+{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-8.md" >}}
 
 
 {{%/tab%}}
@@ -186,7 +186,7 @@ Download the NGINX Plus repository file [plus-9.repo](https://cs.nginx.com/stati
 sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
 ```
 
-{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md" >}}
+{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-9.md" >}}
 
 {{%/tab%}}
 
@@ -302,9 +302,9 @@ networks:
     driver: bridge
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 In some operating systems, security mechanisms like **SELinux** or **AppArmor** are enabled by default, potentially blocking necessary file access for the `nginx` process and `waf-config-mgr` and `waf-enforcer` containers. To ensure NGINX App Protect WAF v5 operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile. For short-term troubleshooting, you may use `permissive` (SELinux) or `complain` (AppArmor) mode to avoid these restrictions, but keep in mind that this lowers security and isn't advised for prolonged use.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Docker Compose File with IP Intelligence
 
@@ -350,9 +350,9 @@ After deploying NGINX App Protect WAF, learn how to utilize the [NGINX App Prote
 
 3. Follow the steps below for the operating system you are working with.
 
-{{< note >}}
+{{< call-out "note" >}}
 If not already installed, `nginx` or `nginx-plus` will be installed automatically as a dependency.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Common Steps for NGINX Open Source and NGINX Plus
 
@@ -728,7 +728,7 @@ Then you can move onto the next step, depending on your chosen operating system.
 {{%/tab%}}
 {{%tab name="Oracle Linux 8.1+"%}}
 
-{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md" >}}
+{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-8.md" >}}
 
 3. Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
 
@@ -747,7 +747,7 @@ Then you can move onto the next step, depending on your chosen operating system.
 {{%/tab%}}
 {{%tab name="RHEL 8.1+"%}}
 
-{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md" >}}
+{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-8.md" >}}
 
 3. Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
 
@@ -766,7 +766,7 @@ Then you can move onto the next step, depending on your chosen operating system.
 {{%/tab%}}
 {{%tab name="RHEL 9 / Rocky Linux 9"%}}
 
-{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos.md" >}}
+{{< include "nap-waf/config/v5/host-based-nginx-instructions/nginx-plus-centos-9.md" >}}
 
 3. Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
 
@@ -993,9 +993,9 @@ networks:
     driver: bridge
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 In some operating systems, security mechanisms like **SELinux** or **AppArmor** are enabled by default, potentially blocking necessary file access for the `nginx` process and `waf-config-mgr` and `waf-enforcer` containers. To ensure NGINX App Protect WAF v5 operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile. For short-term troubleshooting, you may use `permissive` (SELinux) or `complain` (AppArmor) mode to avoid these restrictions, but keep in mind that this lowers security and isn't advised for prolonged use.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Docker Compose File with IP Intelligence
 
diff --git a/content/nap-waf/v5/admin-guide/overview.md b/content/nap-waf/v5/admin-guide/overview.md
index 4470b987b..563b1e637 100644
--- a/content/nap-waf/v5/admin-guide/overview.md
+++ b/content/nap-waf/v5/admin-guide/overview.md
@@ -72,9 +72,9 @@ For signature updates, read the [Update App Protect Signatures]({{< ref "/nap-wa
 
 Upgrading from v4 to v5 is not supported due to architectural changes in NGINX App Protect WAF v5.
 
-{{< note >}}
+{{< call-out "note" >}}
 We recommend that you deploy the NGINX App Protect WAF v5 in a staging environment.  Compile policies with WAF compiler and test the enforcement before you transfer the traffic from the v4 to v5. This keeps the v4 deployment for backup.
-{{< /note >}}
+{{< /call-out >}}
 
 1. Back up your NGINX App Protect WAF configuration files. These include NGINX configurations, JSON policies, logging profiles, user-defined signatures, and global settings.
 
@@ -85,14 +85,14 @@ We recommend that you deploy the NGINX App Protect WAF v5 in a staging environme
 
 3. Compile your `.json` policies and logging profiles to `.tgz` bundles using [compiler-image]({{<ref "/nap-waf/v5/admin-guide/compiler.md">}}). NGINX App Protect WAF v5 supports policies and logging profiles in a compiled bundle format only.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    If you were previously using a default [logging profile]({{<ref "/nap-waf/v5/admin-guide/deploy-on-docker.md#using-policy-and-logging-profile-bundles">}}) JSON like `/opt/app_protect/share/defaults/log_all.json`, you can replace it with the default constant such as `log_all`, and then you will not need to compile the logging profile into a bundle.
 
    ```nginx
    app_protect_security_log log_all /log_volume/security.log;
    ```
 
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Replace the `.json` references in nginx.conf with the above created `.tgz` [bundles]({{<ref "/nap-waf/v5/admin-guide/install.md#using-policy-and-logging-profile-bundles">}}).
 
diff --git a/content/nap-waf/v5/configuration-guide/configuration.md b/content/nap-waf/v5/configuration-guide/configuration.md
index df837908e..7b01bac9e 100644
--- a/content/nap-waf/v5/configuration-guide/configuration.md
+++ b/content/nap-waf/v5/configuration-guide/configuration.md
@@ -144,9 +144,9 @@ NGINX App Protect WAF offers prebuilt bundles for security policies:
 - app_protect_default_policy
 - app_protect_strict_policy
 
-{{< important >}}
+{{< call-out "important" >}}
 You cannot mix these prebuilt bundles with custom policy bundles within the same `nginx.conf` file.
-{{< /important >}}
+{{< /call-out >}}
 
 Example:
 
@@ -166,9 +166,9 @@ Example:
 
 ### Updating Default Policy Bundles
 
-{{< note >}}
+{{< call-out "note" >}}
 This section assumes that you have built a [compiler image]({{< ref "/nap-waf/v5/admin-guide/compiler.md" >}}) named `waf-compiler-1.0.0:custom`.
-{{< /note >}}
+{{< /call-out >}}
 
 To generate versions of the default policies that include the latest security updates, use the `-factory-policy` option instead of a source policy file.
 
@@ -286,8 +286,8 @@ app_protect_policy_file /policies_mount/new_default_policy.tgz;
 
 apreload events use the same format as the current operation log events written in the NGINX error log, namely: `configuration_load_success` or `configuration_load_failure` with the details in JSON format. Refer to the [Operation logs]({{< ref "/nap-waf/v4/logging-overview/operation-logs.md" >}}) for more details.
 
-{{< note >}}
-Note that if any of the configuration files are invalid, apreload will discover that and return the proper error message in the `configuration_load_failure` event. The Enforcer continues to run with the previous configuration.{{< /note >}}
+{{< call-out "note" >}}
+Note that if any of the configuration files are invalid, apreload will discover that and return the proper error message in the `configuration_load_failure` event. The Enforcer continues to run with the previous configuration.{{< /call-out >}}
 
 ### Modification to nginx.conf file and App Protect Configurations
 
@@ -334,7 +334,7 @@ Ensure to substitute 1.0.0 with the specific version that you are using.
 
 It contains violations related to OpenAPI set to blocking (enforced).
 
-{{< note >}} NGINX App Protect WAF supports only one OpenAPI Specification file reference per policy.{{< /note >}}
+{{< call-out "note" >}} NGINX App Protect WAF supports only one OpenAPI Specification file reference per policy.{{< /call-out >}}
 
 ### Types of OpenAPI References
 
@@ -430,7 +430,7 @@ It contains violations related to OpenAPI set to blocking (enforced).
 
 {{< include "/nap-waf/concept/graphql-profile.md" >}}
 
-{{< note >}} For GraphQL profile default values and GraphQL violations reference, see NGINX App Protect WAF [Declarative Policy guide.]({{< ref "/nap-waf/v5/declarative-policy/policy.md" >}}) {{< /note >}}
+{{< call-out "note" >}} For GraphQL profile default values and GraphQL violations reference, see NGINX App Protect WAF [Declarative Policy guide.]({{< ref "/nap-waf/v5/declarative-policy/policy.md" >}}) {{< /call-out >}}
 
 ### Define URL settings
 
@@ -505,7 +505,7 @@ For the full reference of Override Rules condition syntax and usage see the NGIN
 
 NGINX App Protect WAF introduces a new policy entity known as "**access profile**" to authenticate JSON Web Token. Access Profile is added to the app protect policy to enforce JWT settings. JSON Web Token needs to be applied to the URLs for enforcement and includes the actions to be taken with respect to access tokens. It is specifically associated with HTTP URLs and does not have any predefined default profiles.
 
-{{< note >}}At present, only one access profile is supported within the App Protect policy. However, the JSON schema for the policy will be designed to accommodate multiple profiles in the future.{{< /note >}}
+{{< call-out "note" >}}At present, only one access profile is supported within the App Protect policy. However, the JSON schema for the policy will be designed to accommodate multiple profiles in the future.{{< /call-out >}}
 
 The access profile includes:
 
@@ -570,7 +570,7 @@ Refer to the following example where all access profile properties are configure
 }
 ```
 
-{{< note >}} For access profile default values and their related field names, see NGINX App Protect WAF [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy.md" >}}). {{< /note >}}
+{{< call-out "note" >}} For access profile default values and their related field names, see NGINX App Protect WAF [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy.md" >}}). {{< /call-out >}}
 
 #### Access Profile in URL Settings
 
@@ -679,8 +679,8 @@ To enable mTLS in NGINX, you need to perform the following steps:
 
     Below are the steps for using self-signed certificates:
 
-    {{< note >}} The below commands will generate a self-signed certificates in `/etc/ssl/certs/`  valid for the default period of 30 days. You can adjust the command to fit your needs. For instance, to specify a different validity period, add the `-days` option followed by the number of days you want the certificate to be valid (for example, `-days 90`).
-	{{< /note >}}
+    {{< call-out "note" >}} The below commands will generate a self-signed certificates in `/etc/ssl/certs/`  valid for the default period of 30 days. You can adjust the command to fit your needs. For instance, to specify a different validity period, add the `-days` option followed by the number of days you want the certificate to be valid (for example, `-days 90`).
+	{{< /call-out >}}
 
     ```shell
 	mkdir -p /etc/ssl/certs
@@ -857,7 +857,7 @@ A login page specifies the login URL that users must pass through to get authent
         ]
 ```
 
-{{< note >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy/#policy/login-pages" >}}). {{< /note >}}
+{{< call-out "note" >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy/#policy/login-pages" >}}). {{< /call-out >}}
 
 ---
 
@@ -971,7 +971,7 @@ The following example adds all three of the pieces for a complete example policy
 }
 ```
 
-{{< note >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy/#policy/brute-force-attack-preventions" >}}). {{< /note >}}
+{{< call-out "note" >}} For further configuration details, see NGINX App Protect WAF Declarative Policy Guide [Declarative Policy guide]({{< ref "/nap-waf/v5/declarative-policy/policy/#policy/brute-force-attack-preventions" >}}). {{< /call-out >}}
 
 ## Custom Dimensions Log Entries
 
diff --git a/content/nap-waf/v5/releases/about-5.0.md b/content/nap-waf/v5/releases/about-5.0.md
index fdbc765df..ad843fab1 100644
--- a/content/nap-waf/v5/releases/about-5.0.md
+++ b/content/nap-waf/v5/releases/about-5.0.md
@@ -15,9 +15,9 @@ March 19, 2024
 
 ### New features
 
-{{< note >}}
+{{< call-out "note" >}}
 These features are only available in F5 NGINX App Protect WAF version 5.0 and above. Attempting to install this update over an earlier version is not supported.
-{{< /note >}}
+{{< /call-out >}}
 
 In this release, NGINX App Protect WAF supports NGINX Open Source 1.25.4 and NGINX Plus R31 P1.
 
diff --git a/content/nap-waf/v5/releases/about-5.3.md b/content/nap-waf/v5/releases/about-5.3.md
index 344f49a2b..c935afdf2 100644
--- a/content/nap-waf/v5/releases/about-5.3.md
+++ b/content/nap-waf/v5/releases/about-5.3.md
@@ -32,7 +32,7 @@ September 25, 2024
 
 ### Supported packages
 
-{{< important >}} Starting from this release, CentOS 7.4, Rhel 7.4 and Amazon Linux 2 support has been deprecated. {{< /important >}}
+{{< call-out "important" >}} Starting from this release, CentOS 7.4, Rhel 7.4 and Amazon Linux 2 support has been deprecated. {{< /call-out >}}
 
 #### App Protect Module for NGINX Open Source
 
diff --git a/content/nap-waf/v5/releases/about-5.8.md b/content/nap-waf/v5/releases/about-5.8.md
new file mode 100644
index 000000000..b2f03dc21
--- /dev/null
+++ b/content/nap-waf/v5/releases/about-5.8.md
@@ -0,0 +1,43 @@
+---
+title: NGINX App Protect WAF 5.8
+weight: 830
+toc: true
+nd-content-type: reference
+nd-product: NAP-WAF
+---
+
+August 13th, 2025
+
+## New features
+
+- Added support for NGINX Plus R35
+
+## Supported packages
+
+### NGINX Open Source
+
+| Distribution name        | Package file                                                      |
+|--------------------------|-------------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-oss-1.29.0+5.498.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.29.0+5.498.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.29.0+5.498.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.29.0+5.498.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.29.0+5.498.0-1.el9.ngx.x86_64.rpm_      |
+
+### NGINX Plus
+
+| Distribution name        | Package file                                                   |
+|--------------------------|----------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-plus-35+5.498.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-plus-35+5.498.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-plus_35+5.498.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-plus_35+5.498.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-plus_35+5.498.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-plus_35+5.498.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-module-plus-35+5.498.0-1.el9.ngx.x86_64.rpm_      |
diff --git a/content/ngf/_index.md b/content/ngf/_index.md
index 88824442a..5f7b85fde 100644
--- a/content/ngf/_index.md
+++ b/content/ngf/_index.md
@@ -1,11 +1,73 @@
 ---
+# The title is the product name
 title: NGINX Gateway Fabric
+# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
 url: /nginx-gateway-fabric/
+# The cascade directive applies its nested parameters down the page tree until overwritten
 cascade:
-  logo: NGINX-Gateway-Fabric-product-icon.png
+  # The logo file is resolved from the theme, in the folder /static/images/icons/
+  logo: NGINX-Gateway-Fabric-product-icon.svg
   nd-banner:
     enabled: true
     type: deprecation
     start-date: 2025-05-30
     md: /_banners/ngf-2.0-release.md
----
\ No newline at end of file
+# The subtitle displays directly underneath the heading of a given page
+nd-subtitle: Implement the Gateway API across hybrid and multi-cloud Kubernetes environments with a secure, fast, and reliable NGINX data plane.
+# Indicates that this is a custom landing page
+nd-landing-page: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: landing-page
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGF
+---
+
+## About
+
+NGINX Gateway Fabric provides an implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/) using [NGINX](https://nginx.org/) as the data plane. The goal of the project is to implement the core Gateway APIs needed to configure an HTTP or TCP/UDP load balancer, reverse proxy, or API gateway for Kubernetes applications.
+
+For a list of supported Gateway API resources and features, see the [Gateway API Compatibility]({{< ref "/ngf/overview/gateway-api-compatibility.md" >}}) documentation.
+
+## Featured content
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Get started" titleUrl="/nginx-gateway-fabric/get-started">}}
+    Use kind to quickly deploy and test a NGINX Gateway Fabric cluster.
+  {{</card>}}
+  {{<card title="Deploy NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric/install">}}
+    Choose how to deploy NGINX Gateway Fabric in production.
+  {{</card>}}
+  {{<card title="Changelog" titleUrl="/nginx-gateway-fabric/changelog">}}
+    Review the changes from the latest releases.
+  {{</card>}}
+{{</card-section>}}
+
+## Design
+
+NGINX Gateway Fabric separates the control plane and data plane into distinct deployments. The control plane interacts with the Kubernetes API, watching for Gateway API resources. 
+
+When a new Gateway resource is provisioned, it dynamically creates and manages a corresponding NGINX data plane Deployment and Service.
+
+Each NGINX data plane pod consists of an NGINX container integrated with [NGINX Agent](https://github.com/nginx/agent). The control plane translates Gateway API resources into NGINX configurations and sends these configurations to the agent to ensure consistent traffic management.
+
+This design enables centralized management of multiple Gateways while ensuring that each NGINX instance stays aligned with the cluster’s current configuration.
+
+For more information, see the [Gateway architecture]({{< ref "/ngf/overview/gateway-architecture.md" >}}) topic.
+
+## More information
+
+{{<card-section showAsCards="true">}}
+  {{<card title="Gateway API compatibility" titleUrl="/nginx-gateway-fabric/overview/gateway-api-compatibility/">}}
+    View how much of the Gateway API NGINX Gateway Fabric supports.
+  {{</card>}}
+  {{<card title="Technical specifications" titleUrl="/nginx-gateway-fabric/reference/technical-specifications/">}}
+    Check which versions of NGINX Gateway Fabric match the API.
+  {{</card>}}
+  {{<card title="Routing traffic to applications" titleUrl="/nginx-gateway-fabric/traffic-management/basic-routing/">}}
+    Create simple rules for directing network traffic with HTTPRoute resources.
+  {{</card>}}
+  {{<card title="Secure traffic using Let's Encrypt and cert-manager" titleUrl="/nginx-gateway-fabric/traffic-security/integrate-cert-manager/">}}
+    Implement HTTPS with Let's Encrypt to secure client-server communication.
+  {{</card>}}
+{{</card-section>}}
\ No newline at end of file
diff --git a/content/ngf/get-started.md b/content/ngf/get-started.md
index 83bd9029f..48310cd99 100644
--- a/content/ngf/get-started.md
+++ b/content/ngf/get-started.md
@@ -7,11 +7,11 @@ nd-product: NGF
 nd-docs: DOCS-1834
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 This document is for trying out NGINX Gateway Fabric, and not intended for a production environment.
 
 For standard deployments, you should read the [Install NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}) section.
-{{< /important >}}
+{{< /call-out >}}
 
 This is a guide for getting started with NGINX Gateway Fabric. It explains how to:
 
@@ -47,9 +47,9 @@ nodes:
         protocol: TCP
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The _containerPort_ value is used to later configure a _NodePort_.
-{{< /note >}}
+{{< /call-out >}}
 
 Run the following command:
 
@@ -73,14 +73,14 @@ kubectl cluster-info --context kind-kind
 Thanks for using kind! 😊
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If you have cloned [the NGINX Gateway Fabric repository](https://github.com/nginx/nginx-gateway-fabric/tree/main), you can also create a kind cluster from the root folder with the following _make_ command:
 
 ```shell
 make create-kind-cluster
 ```
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Install NGINX Gateway Fabric
 
@@ -109,9 +109,9 @@ NGINX Service when it is provisioned:
 helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway --set nginx.service.type=NodePort --set-json 'nginx.service.nodePorts=[{"port":31437,"listenerPort":80}]'
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The port value should equal the _containerPort_ value from _cluster-config.yaml_ [when you created the kind cluster](#set-up-a-kind-cluster). The _listenerPort_ value will match the port that we expose in the Gateway listener.
-{{< /note >}}
+{{< /call-out >}}
 
 ```text
 NAME: ngf
@@ -126,19 +126,82 @@ TEST SUITE: None
 
 In the previous section, you deployed NGINX Gateway Fabric to a local cluster. This section shows you how to deploy a simple web application to test that NGINX Gateway Fabric works.
 
-{{< note >}}
+{{< call-out "note" >}}
 The YAML code in the following sections can be found in the [cafe-example folder](https://github.com/nginx/nginx-gateway-fabric/tree/main/examples/cafe-example) of the GitHub repository.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Create the application resources
 
-Create the file _cafe.yaml_ with the following contents:
-
-{{< ghcode `https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/refs/heads/main/examples/cafe-example/cafe.yaml`>}}
-
-Apply it using `kubectl`:
-
-```shell
+Run the following command to create the file _cafe.yaml_, which is then used to deploy the *coffee* application to your cluster:
+
+```yaml
+cat <<EOF > cafe.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coffee
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: coffee
+  template:
+    metadata:
+      labels:
+        app: coffee
+    spec:
+      containers:
+      - name: coffee
+        image: nginxdemos/nginx-hello:plain-text
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: coffee
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: coffee
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tea
+  template:
+    metadata:
+      labels:
+        app: tea
+    spec:
+      containers:
+      - name: tea
+        image: nginxdemos/nginx-hello:plain-text
+        ports:
+        - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tea
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: tea
+EOF
 kubectl apply -f cafe.yaml
 ```
 
@@ -163,13 +226,22 @@ tea-6fbfdcb95d-9lhbj      1/1     Running   0          9s
 
 ### Create Gateway and HTTPRoute resources
 
-Create the file _gateway.yaml_ with the following contents:
-
-{{< ghcode `https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/refs/heads/main/examples/cafe-example/gateway.yaml`>}}
-
-Apply it using `kubectl`:
-
-```shell
+Run the following command to create the file _gateway.yaml_, which is then used to deploy a Gateway to your cluster:
+
+```yaml
+cat <<EOF > gateway.yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: gateway
+spec:
+  gatewayClassName: nginx
+  listeners:
+  - name: http
+    port: 80
+    protocol: HTTP
+    hostname: "*.example.com"
+EOF
 kubectl apply -f gateway.yaml
 ```
 
@@ -190,13 +262,48 @@ gateway-nginx-66b5d78f8f-4fmtb   1/1     Running   0          13s
 tea-6fbfdcb95d-9lhbj             1/1     Running   0          31s
 ```
 
-Create the file _cafe-routes.yaml_ with the following contents:
-
-{{< ghcode `https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/refs/heads/main/examples/cafe-example/cafe-routes.yaml`>}}
-
-Apply it using `kubectl`:
-
-```shell
+Run the following command to create the file _cafe-routes.yaml_. It is then used to deploy two *HTTPRoute* resources in your cluster: one each for _/coffee_ and _/tea_.
+
+```yaml
+cat <<EOF > cafe-routes.yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: coffee
+spec:
+  parentRefs:
+  - name: gateway
+    sectionName: http
+  hostnames:
+  - "cafe.example.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /coffee
+    backendRefs:
+    - name: coffee
+      port: 80
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: tea
+spec:
+  parentRefs:
+  - name: gateway
+    sectionName: http
+  hostnames:
+  - "cafe.example.com"
+  rules:
+  - matches:
+    - path:
+        type: Exact
+        value: /tea
+    backendRefs:
+    - name: tea
+      port: 80
+EOF
 kubectl apply -f cafe-routes.yaml
 ```
 
diff --git a/content/ngf/how-to/control-plane-configuration.md b/content/ngf/how-to/control-plane-configuration.md
index 65a358784..245b454ed 100644
--- a/content/ngf/how-to/control-plane-configuration.md
+++ b/content/ngf/how-to/control-plane-configuration.md
@@ -30,7 +30,7 @@ Additionally, the control plane updates the status of the resource (if it exists
 
 ## Viewing and Updating the Configuration
 
-{{< note >}} For the following examples, the name `ngf-config` should be updated to the name of the resource created for your installation.{{< /note >}}
+{{< call-out "note" >}} For the following examples, the name `ngf-config` should be updated to the name of the resource created for your installation.{{< /call-out >}}
 
 To view the current configuration and its status:
 
diff --git a/content/ngf/how-to/data-plane-configuration.md b/content/ngf/how-to/data-plane-configuration.md
index ff16d6e1e..1fb00c9c2 100644
--- a/content/ngf/how-to/data-plane-configuration.md
+++ b/content/ngf/how-to/data-plane-configuration.md
@@ -180,7 +180,7 @@ When installed using the Helm chart, the NginxProxy resource is named `<release-
 
 **For a full list of configuration options that can be set, see the `NginxProxy spec` in the [API reference]({{< ref "/ngf/reference/api.md" >}}).**
 
-{{< note >}} Some global configuration also requires an [associated policy]({{< ref "/ngf/overview/custom-policies.md" >}}) to fully enable a feature (such as [tracing]({{< ref "/ngf/monitoring/tracing.md" >}}), for example). {{< /note >}}
+{{< call-out "note" >}} Some global configuration also requires an [associated policy]({{< ref "/ngf/overview/custom-policies.md" >}}) to fully enable a feature (such as [tracing]({{< ref "/ngf/monitoring/tracing.md" >}}), for example). {{< /call-out >}}
 
 ---
 
@@ -222,7 +222,7 @@ infrastructure:
         name: ngf-proxy-config
 ```
 
-{{< note >}} The `NginxProxy` resource must reside in the same namespace as the Gateway it is attached to. {{< /note >}}
+{{< call-out "note" >}} The `NginxProxy` resource must reside in the same namespace as the Gateway it is attached to. {{< /call-out >}}
 
 After updating, you can check the status of the Gateway to see if the configuration is valid:
 
@@ -266,9 +266,9 @@ EOF
 
 To view the full list of supported log levels, see the `NginxProxy spec` in the [API reference]({{< ref "/ngf/reference/api.md" >}}).
 
-{{< note >}}For `debug` logging to work, NGINX needs to be built with `--with-debug` or "in debug mode". NGINX Gateway Fabric can easily
+{{< call-out "note" >}}For `debug` logging to work, NGINX needs to be built with `--with-debug` or "in debug mode". NGINX Gateway Fabric can easily
 be [run with NGINX in debug mode](#run-nginx-gateway-fabric-with-nginx-in-debug-mode) upon startup through the addition
-of a few arguments. {{</ note >}}
+of a few arguments. {{< /call-out >}}
 
 ---
 
@@ -299,7 +299,7 @@ spec:
 EOF
 ```
 
-{{< note >}} When modifying any _deployment_ field in the _NginxProxy_ resource, any corresponding NGINX instances will be restarted. {{< /note >}}
+{{< call-out "note" >}} When modifying any _deployment_ field in the _NginxProxy_ resource, any corresponding NGINX instances will be restarted. {{< /call-out >}}
 
 ---
 
@@ -336,7 +336,7 @@ spec:
 EOF
 ```
 
-{{< note >}} When sending curl requests to a server expecting proxy information, use the flag `--haproxy-protocol` to avoid broken header errors. {{< /note >}}
+{{< call-out "note" >}} When sending curl requests to a server expecting proxy information, use the flag `--haproxy-protocol` to avoid broken header errors. {{< /call-out >}}
 
 ---
 
@@ -375,3 +375,124 @@ To view the full list of configuration options, see the `NginxProxy spec` in the
 
 ---
 
+### Patch data plane Service, Deployment, and DaemonSet
+
+NGINX Gateway Fabric supports advanced customization of the data plane Service, Deployment, and DaemonSet objects using patches in the `NginxProxy` resource. This allows you to apply Kubernetes-style patches to these resources, enabling custom labels, annotations, or other modifications that are not directly exposed via the NginxProxy spec.
+
+#### Supported Patch Types
+
+You can specify one or more patches for each of the following resources:
+
+- `spec.kubernetes.service.patches`
+- `spec.kubernetes.deployment.patches`
+- `spec.kubernetes.daemonSet.patches`
+
+Each patch has two fields:
+
+- `type`: The patch type. Supported values are:
+    - `StrategicMerge` (default): Strategic merge patch (Kubernetes default for most resources)
+    - `Merge`: JSON merge patch (RFC 7386)
+    - `JSONPatch`: JSON patch (RFC 6902)
+- `value`: The patch data. For `StrategicMerge` and `Merge`, this should be a JSON object. For `JSONPatch`, this should be a JSON array of patch operations.
+
+Patches are applied in the order they appear in the array. Later patches can override fields set by earlier patches.
+
+**Which patch type should I use?**
+
+- **StrategicMerge** is the default and most user-friendly for Kubernetes-native resources like Deployments and Services. It understands lists and merges fields intelligently (for example, merging containers by name). Use this for most use cases.
+- **Merge** (JSON Merge Patch) is simpler and works well for basic object merges, but does not handle lists or complex merging. Use this if you want to replace entire fields or for non-Kubernetes-native resources.
+- **JSONPatch** is the most powerful and flexible, allowing you to add, remove, or replace specific fields using RFC 6902 operations. Use this for advanced or fine-grained changes, but it is more verbose and error-prone.
+
+If unsure, start with StrategicMerge. Use JSONPatch only if you need to surgically modify fields that cannot be addressed by the other patch types.
+
+Patches are applied after all other NginxProxy configuration is rendered. Invalid patches will result in a validation error and will not be applied.
+
+#### Example: Configure Service with session affinity
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha2
+kind: NginxProxy
+metadata:
+  name: ngf-proxy-patch-service
+spec:
+  kubernetes:
+    service:
+      patches:
+        - type: StrategicMerge
+          value:
+            spec:
+              sessionAffinity: ClientIP
+              sessionAffinityConfig:
+                clientIP:
+                  timeoutSeconds: 300
+```
+
+#### Example: Configure Deployment with custom strategy
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha2
+kind: NginxProxy
+metadata:
+  name: ngf-proxy-patch-deployment
+spec:
+  kubernetes:
+    deployment:
+      patches:
+        - type: Merge
+          value:
+            spec:
+              strategy:
+                type: RollingUpdate
+                rollingUpdate:
+                  maxUnavailable: 0
+                  maxSurge: 2
+```
+
+#### Example: Use JSONPatch to configure DaemonSet host networking and priority
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha2
+kind: NginxProxy
+metadata:
+  name: ngf-proxy-patch-daemonset
+spec:
+  kubernetes:
+    daemonSet:
+      patches:
+        - type: JSONPatch
+          value:
+            - op: add
+              path: /spec/template/spec/hostNetwork
+              value: true
+            - op: add
+              path: /spec/template/spec/dnsPolicy
+              value: "ClusterFirstWithHostNet"
+            - op: add
+              path: /spec/template/spec/priorityClassName
+              value: "system-node-critical"
+```
+
+#### Example: Multiple patches, later patch overrides earlier
+
+```yaml
+apiVersion: gateway.nginx.org/v1alpha2
+kind: NginxProxy
+metadata:
+  name: ngf-proxy-multi-patch
+spec:
+  kubernetes:
+    service:
+      patches:
+        - type: StrategicMerge
+          value:
+            spec:
+              sessionAffinity: ClientIP
+              publishNotReadyAddresses: false
+        - type: StrategicMerge
+          value:
+            spec:
+              sessionAffinity: None
+              publishNotReadyAddresses: true
+```
+
+In this example, the final Service will have `sessionAffinity: None` and `publishNotReadyAddresses: true` because the second patch overrides the values from the first patch.
\ No newline at end of file
diff --git a/content/ngf/how-to/scaling.md b/content/ngf/how-to/scaling.md
index 8e9961798..b316cf1d0 100644
--- a/content/ngf/how-to/scaling.md
+++ b/content/ngf/how-to/scaling.md
@@ -16,36 +16,64 @@ It provides guidance on how to scale each plane effectively, and when you should
 
 The data plane is the NGINX deployment that handles user traffic to backend applications. Every Gateway object created provisions its own NGINX deployment and configuration.
 
-You have two options for scaling the data plane:
+You have multiple options for scaling the data plane:
 
+- Increasing the number of [worker connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) for an existing deployment
 - Increasing the number of replicas for an existing deployment
 - Creating a new Gateway for a new data plane
 
-#### When to increase replicas or create a new Gateway
+#### When to increase worker connections, replicas, or create a new Gateway
 
-Understanding when to increase replicas or create a new Gateway is key to managing traffic effectively.
+Understanding when to increase worker connections, replicas, or create a new Gateway is key to managing traffic effectively.
 
-Increasing data plane replicas is ideal when you need to handle more traffic without changing the configuration.
+Increasing worker connections or replicas is ideal when you need to handle more traffic without changing the overall routing configuration. Setting the worker connections field allows a single NGINX data plane instance to handle more connections without needing to scale the replicas. However, scaling the replicas can be beneficial to reduce single points of failure.
 
-For example, if you're routing traffic to `api.example.com` and notice an increase in load, you can scale the replicas from 1 to 5 to better distribute the traffic and reduce latency.
+Scaling replicas can be done manually or automatically using a [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) (HPA).
 
-All replicas will share the same configuration from the Gateway used to set up the data plane, simplifying configuration management.
+To update worker connections (default: 1024), replicas, or enable autoscaling, you can edit the `NginxProxy` resource:
 
-There are two ways to modify the number of replicas for an NGINX deployment:
+```shell
+kubectl edit nginxproxies.gateway.nginx.org ngf-proxy-config -n nginx-gateway
+```
 
-First, at the time of installation you can modify the field `nginx.replicas` in the `values.yaml` or add the `--set nginx.replicas=` flag to the `helm install` command:
+{{< call-out "note" >}}
 
-```shell
-helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway --set nginx.replicas=5
+The NginxProxy resource in this example lives in the control plane namespace (default: `nginx-gateway`) and applies to the GatewayClass, but you can also define one per Gateway. See the [Data plane configuration]({{< ref "/ngf/how-to/data-plane-configuration.md" >}}) document for more information.
+
+{{< /call-out >}}
+
+- Worker connections is set using the `workerConnections` field:
+
+```yaml
+spec:
+  workerConnections: 4096
 ```
 
-Secondly, you can update the `NginxProxy` resource while NGINX is running to modify the `kubernetes.deployment.replicas` field and scale the data plane deployment dynamically:
+- Replicas are set using the `kubernetes.deployment.replicas` field:
 
-```shell
-kubectl edit nginxproxies.gateway.nginx.org ngf-proxy-config -n nginx-gateway
+```yaml
+spec:
+  kubernetes:
+    deployment:
+      replicas: 3
+```
+
+- Autoscaling can be enabled using the `kubernetes.deployment.autoscaling` field. The default `replicas` value will be used until the Horizontal Pod Autoscaler is running.
+
+```yaml
+spec:
+  kubernetes:
+    deployment:
+      autoscaling:
+        enable: true
+        maxReplicas: 10
 ```
 
-The alternate way to scale the data plane is by creating a new Gateway.  This is beneficial when you need distinct configurations, isolation, or separate policies.
+See the `NginxProxy` section of the [API reference]({{< ref "/ngf/reference/api.md" >}}) for the full specification.
+
+All of these fields are also available at installation time by setting them in the [helm values](https://github.com/nginx/nginx-gateway-fabric/blob/main/charts/nginx-gateway-fabric/values.yaml).
+
+An alternate way to scale the data plane is by creating a new Gateway.  This is beneficial when you need distinct configurations, isolation, or separate policies. 
 
 For example, if you're routing traffic to a new domain `admin.example.com` and require a different TLS certificate, stricter rate limits, or separate authentication policies, creating a new Gateway could be a good approach.
 
@@ -60,7 +88,9 @@ Scaling the control plane can be beneficial in the following scenarios:
 1. _Higher availability_ - When a control plane pod crashes, runs out of memory, or goes down during an upgrade, it can interrupt configuration delivery. By scaling to multiple replicas, another pod can quickly step in and take over, keeping things running smoothly with minimal downtime.
 1. _Faster configuration distribution_ - As the number of connected NGINX instances grows, a single control plane pod may become a bottleneck in handling connections or streaming configuration updates. Scaling the control plane improves concurrency and responsiveness when delivering configuration over gRPC.
 
-To scale the control plane, use the `kubectl scale` command on the control plane deployment to increase or decrease the number of replicas. For example, the following command scales the control plane deployment to 3 replicas:
+To automatically scale the control plane, you can create a [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) (HPA) in the control plane namespace (default: `nginx-gateway`). At installation time, the [NGINX Gateway Fabric helm chart](https://github.com/nginx/nginx-gateway-fabric/blob/main/charts/nginx-gateway-fabric/values.yaml) allows you to set the HPA configuration in the `nginxGateway.autoscaling` section, which will provision an HPA for you. If NGINX Gateway Fabric is already running, then you can manually define the HPA and deploy it.
+
+To manually scale the control plane, use the `kubectl scale` command on the control plane deployment to increase or decrease the number of replicas. For example, the following command scales the control plane deployment to 3 replicas:
 
   ```shell
   kubectl scale deployment -n nginx-gateway ngf-nginx-gateway-fabric --replicas 3
diff --git a/content/ngf/how-to/upgrade-apps-without-downtime.md b/content/ngf/how-to/upgrade-apps-without-downtime.md
index f8aeb5e9d..bff6032f5 100644
--- a/content/ngf/how-to/upgrade-apps-without-downtime.md
+++ b/content/ngf/how-to/upgrade-apps-without-downtime.md
@@ -13,7 +13,7 @@ Learn how to use NGINX Gateway Fabric to upgrade applications without downtime.
 
 ## Overview
 
-{{< note >}} See the [Architecture document]({{< ref "/ngf/overview/gateway-architecture.md" >}}) to learn more about NGINX Gateway Fabric architecture.{{< /note >}}
+{{< call-out "note" >}} See the [Architecture document]({{< ref "/ngf/overview/gateway-architecture.md" >}}) to learn more about NGINX Gateway Fabric architecture.{{< /call-out >}}
 
 NGINX Gateway Fabric allows upgrading applications without downtime. To understand the upgrade methods, you need to be familiar with the NGINX features that help prevent application downtime: Graceful configuration reloads and upstream server updates.
 
@@ -44,7 +44,7 @@ Adding and removing endpoints are two of the most common cases:
 
 As long as you have more than one endpoint ready, clients won't experience downtime during upgrades.
 
-{{< note >}}It is good practice to configure a [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) in the deployment so that a pod can report when it is ready to receive traffic. Note that NGINX Gateway Fabric will not add any endpoint to NGINX that is not ready.{{< /note >}}
+{{< call-out "note" >}}It is good practice to configure a [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) in the deployment so that a pod can report when it is ready to receive traffic. Note that NGINX Gateway Fabric will not add any endpoint to NGINX that is not ready.{{< /call-out >}}
 
 ---
 
@@ -66,7 +66,7 @@ For example, an application can be exposed using a routing rule like below:
       port: 80
 ```
 
-{{< note >}} See the [Cafe example](https://github.com/nginx/nginx-gateway-fabric/tree/v{{< version-ngf >}}/examples/cafe-example) for a basic example. {{< /note >}}
+{{< call-out "note" >}} See the [Cafe example](https://github.com/nginx/nginx-gateway-fabric/tree/v{{< version-ngf >}}/examples/cafe-example) for a basic example. {{< /call-out >}}
 
 The upgrade methods in the next sections cover:
 
@@ -119,7 +119,7 @@ A more flexible and precise way to implement canary releases is to configure a t
       weight: 5
 ```
 
-{{< note >}} Every request coming from the same client won't necessarily be sent to the same backend. NGINX will independently split each request among the backend references. {{< /note >}}
+{{< call-out "note" >}} Every request coming from the same client won't necessarily be sent to the same backend. NGINX will independently split each request among the backend references. {{< /call-out >}}
 
 By updating the rule you can further increase the share of traffic the new version gets and finally completely switch to the new version:
 
diff --git a/content/ngf/install/deploy-data-plane.md b/content/ngf/install/deploy-data-plane.md
index dd7eaf598..9961c47b7 100644
--- a/content/ngf/install/deploy-data-plane.md
+++ b/content/ngf/install/deploy-data-plane.md
@@ -102,7 +102,7 @@ The Service type can be changed, as explained in the next section.
 
 The NginxProxy custom resource can modify the provisioning of the Service object and NGINX deployment when a Gateway is created.
 
-{{< note >}} Updating most Kubernetes related fields in NginxProxy will trigger a restart of the related resources. {{< /note >}}
+{{< call-out "note" >}} Updating most Kubernetes related fields in NginxProxy will trigger a restart of the related resources. {{< /call-out >}}
 
 An NginxProxy resource is created by default after deploying NGINX Gateway Fabric. This NginxProxy resource is attached to the GatewayClass (created on NGINX Gateway Fabric installation), and
 its settings are applied globally to all Gateways.
@@ -159,8 +159,8 @@ Under `Spec.Kubernetes` you can see a few things:
 - How many NGINX Deployment replicas are specified
 - The type of Service and external traffic policy
 
-{{< note >}} Depending on installation configuration, the default NginxProxy settings may be slightly different from what is shown in the example.
-For more information on NginxProxy and its configurable fields, see the [API reference]({{< ref "/ngf/reference/api.md" >}}). {{< /note >}}
+{{< call-out "note" >}} Depending on installation configuration, the default NginxProxy settings may be slightly different from what is shown in the example.
+For more information on NginxProxy and its configurable fields, see the [API reference]({{< ref "/ngf/reference/api.md" >}}). {{< /call-out >}}
 
 Modify the NginxProxy resource to change the type of Service.
 
diff --git a/content/ngf/install/helm.md b/content/ngf/install/helm.md
index 7c997fb3e..a7e08fe01 100644
--- a/content/ngf/install/helm.md
+++ b/content/ngf/install/helm.md
@@ -20,7 +20,7 @@ To complete this guide, you will need:
 - [Helm 3.0 or later](https://helm.sh/docs/intro/install/), for deploying and managing applications on Kubernetes.
 - [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}) in a production environment.
 
-{{< important >}} If you’d like to use NGINX Plus, some additional setup is also required: {{</ important >}}
+{{< call-out "important" >}} If you’d like to use NGINX Plus, some additional setup is also required: {{< /call-out >}}
 
 <details closed>
 <summary>NGINX Plus JWT setup</summary>
@@ -39,7 +39,7 @@ To complete this guide, you will need:
 
 {{< include "/ngf/installation/nginx-plus/nginx-plus-secret.md" >}}
 
-{{< note >}} For more information on why this is needed and additional configuration options, including how to report to NGINX Instance Manager instead, see the [NGINX Plus Image and JWT Requirement]({{< ref "/ngf/install/nginx-plus.md" >}}) document. {{< /note >}}
+{{< call-out "note" >}} For more information on why this is needed and additional configuration options, including how to report to NGINX Instance Manager instead, see the [NGINX Plus Image and JWT Requirement]({{< ref "/ngf/install/nginx-plus.md" >}}) document. {{< /call-out >}}
 
 </details>
 
@@ -68,7 +68,7 @@ helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namesp
 
 {{%tab name="NGINX Plus"%}}
 
-{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
+{{< call-out "note" >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /call-out >}}
 
 To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
 
@@ -110,7 +110,7 @@ helm install ngf . --create-namespace -n nginx-gateway
 
 {{%tab name="NGINX Plus"%}}
 
-{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
+{{< call-out "note" >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /call-out >}}
 
 To install the chart into the **nginx-gateway** namespace, run the following command:
 
@@ -151,7 +151,7 @@ experimental features of Gateway API which are supported by NGINX Gateway Fabric
 helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway --set nginxGateway.gwAPIExperimentalFeatures.enable=true
 ```
 
-{{< note >}} Requires the Gateway APIs installed from the experimental channel. {{< /note >}}
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
 
 
 #### Examples
diff --git a/content/ngf/install/manifests.md b/content/ngf/install/manifests.md
index af8324f4b..3a7552e6d 100644
--- a/content/ngf/install/manifests.md
+++ b/content/ngf/install/manifests.md
@@ -18,7 +18,7 @@ To complete this guide, you'll need to install:
 - [kubectl](https://kubernetes.io/docs/tasks/tools/), a command-line interface for managing Kubernetes clusters.
 - [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}) in a production environment.
 
-{{< important >}} If you’d like to use NGINX Plus, some additional setup is also required: {{</ important >}}
+{{< call-out "important" >}} If you’d like to use NGINX Plus, some additional setup is also required: {{< /call-out >}}
 
 <details closed>
 <summary>NGINX Plus JWT setup</summary>
@@ -37,7 +37,7 @@ To complete this guide, you'll need to install:
 
 {{< include "/ngf/installation/nginx-plus/nginx-plus-secret.md" >}}
 
-{{< note >}} For more information on why this is needed and additional configuration options, including how to report to NGINX Instance Manager instead, see the [NGINX Plus Image and JWT Requirement]({{< ref "/ngf/install/nginx-plus.md" >}}) document. {{< /note >}}
+{{< call-out "note" >}} For more information on why this is needed and additional configuration options, including how to report to NGINX Instance Manager instead, see the [NGINX Plus Image and JWT Requirement]({{< ref "/ngf/install/nginx-plus.md" >}}) document. {{< /call-out >}}
 
 </details>
 
@@ -65,7 +65,7 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gat
 
 ### Deploy NGINX Gateway Fabric
 
-{{< note >}} By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files. {{< /note >}}
+{{< call-out "note" >}} By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files. {{< /call-out >}}
 
 {{<tabs name="install-manifests">}}
 
@@ -129,7 +129,7 @@ Deploys NGINX Gateway Fabric with NGINX OSS and experimental features.
 kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/experimental/deploy.yaml
 ```
 
-{{< note >}} Requires the Gateway APIs installed from the experimental channel. {{< /note >}}
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
 
 {{% /tab %}}
 
@@ -143,7 +143,7 @@ The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume m
 kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nginx-plus-experimental/deploy.yaml
 ```
 
-{{< note >}} Requires the Gateway APIs installed from the experimental channel. {{< /note >}}
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
 
 {{% /tab %}}
 
diff --git a/content/ngf/install/nginx-plus.md b/content/ngf/install/nginx-plus.md
index 535b3bfac..b097f76ab 100644
--- a/content/ngf/install/nginx-plus.md
+++ b/content/ngf/install/nginx-plus.md
@@ -15,7 +15,7 @@ This requirement is part of F5’s broader licensing program and aligns with ind
 
 The JWT is required for validating your subscription and reporting telemetry data. For environments connected to the internet, telemetry is automatically sent to F5’s licensing endpoint. In offline environments, telemetry is routed through [NGINX Instance Manager]({{< ref "/nim/" >}}). Usage is reported every hour and on startup whenever NGINX is reloaded.
 
-{{< note >}} The following Secrets should be created in the same namespace as the NGINX Gateway Fabric control plane (default: nginx-gateway). The control plane will copy these Secrets into any namespaces where NGINX gets deployed. If you need to update the Secrets, update the originals that you created in the control plane namespace, and the control plane will propagate those updates to all duplicated Secrets. {{< /note >}}
+{{< call-out "note" >}} The following Secrets should be created in the same namespace as the NGINX Gateway Fabric control plane (default: nginx-gateway). The control plane will copy these Secrets into any namespaces where NGINX gets deployed. If you need to update the Secrets, update the originals that you created in the control plane namespace, and the control plane will propagate those updates to all duplicated Secrets. {{< /call-out >}}
 
 ## Set up the JWT
 
@@ -71,7 +71,7 @@ Specify the Secret name in the `--usage-report-secret` command-line flag on the
 
 {{</tabs>}}
 
-{{< note >}} If you are reporting to the default licensing endpoint, then you can now proceed with [installing NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}). Otherwise, follow the steps below to configure reporting to NGINX Instance Manager. {{< /note >}}
+{{< call-out "note" >}} If you are reporting to the default licensing endpoint, then you can now proceed with [installing NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}). Otherwise, follow the steps below to configure reporting to NGINX Instance Manager. {{< /call-out >}}
 
 ### Reporting to NGINX Instance Manager {#nim}
 
@@ -129,7 +129,7 @@ Specify the CA Secret name in the `--usage-report-ca-secret` command-line flag o
 
 <br>
 
-{{< note >}} Once these Secrets are created and configuration options are set, you can now [install NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}). {{< /note >}}
+{{< call-out "note" >}} Once these Secrets are created and configuration options are set, you can now [install NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}). {{< /call-out >}}
 
 ## Installation flags to configure usage reporting {#flags}
 
diff --git a/content/ngf/install/secure-certificates.md b/content/ngf/install/secure-certificates.md
index 92b78bb85..2f5425168 100644
--- a/content/ngf/install/secure-certificates.md
+++ b/content/ngf/install/secure-certificates.md
@@ -13,11 +13,11 @@ However, because these certificates are self-signed and will expire after 3 year
 
 This guide will step through how to install and use `cert-manager` to secure this connection.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 
 These steps should be completed before you install NGINX Gateway Fabric.
 
-{{< /caution >}}
+{{< /call-out >}}
 
 ---
 
@@ -56,7 +56,7 @@ This also enables Gateway API features for cert-manager, which can be useful for
 
 The first step is to create the CA (certificate authority) issuer.
 
-{{< note >}} This example uses a self-signed Issuer, which should not be used in production environments. For production environments, you should use a real [CA issuer](https://cert-manager.io/docs/configuration/ca/). {{< /note >}}
+{{< call-out "note" >}} This example uses a self-signed Issuer, which should not be used in production environments. For production environments, you should use a real [CA issuer](https://cert-manager.io/docs/configuration/ca/). {{< /call-out >}}
 
 Create the namespace:
 
diff --git a/content/ngf/install/upgrade-version.md b/content/ngf/install/upgrade-version.md
index 45b4fa3fd..b586bec06 100644
--- a/content/ngf/install/upgrade-version.md
+++ b/content/ngf/install/upgrade-version.md
@@ -13,21 +13,17 @@ It covers the necessary steps for minor versions as well as major versions (such
 
 Many of the nuances in upgrade paths relate to how custom resource definitions (CRDs) are managed.
 
-{{< tip >}}
-
-To avoid interruptions, review the [Delay pod termination for zero downtime upgrades](#configure-delayed-pod-termination-for-zero-downtime-upgrades) section.
-
-{{< /tip >}}
+## Minor NGINX Gateway Fabric upgrades
 
+Upgrading from v2.0.x to v2.1 requires the NGINX Gateway Fabric control plane to be uninstalled and then reinstalled to avoid any downtime to user traffic. 
 
-## Minor NGINX Gateway Fabric upgrades
+CRDs **do not** need to be removed. The NGINX data plane deployment **is not** affected by this process, and traffic should still flow uninterrupted.
 
-{{< important >}} NGINX Plus users need a JWT secret before upgrading from version 1.4.0 to 1.5.x.
+{{< call-out "important" >}} NGINX Plus users need a JWT secret before upgrading from version 1.4.0 to 1.5.x.
 
 Follow the steps in [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up-the-jwt" >}}) to create the Secret.
 
-{{< /important >}}
-
+{{< /call-out >}}
 
 ### Upgrade Gateway resources
 
@@ -56,7 +52,7 @@ Run the following command to upgrade the CRDs:
 kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Ignore the following warning, as it is expected.
 
@@ -64,7 +60,7 @@ Ignore the following warning, as it is expected.
 Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply.
 ```
 
-{{< /note >}}
+{{< /call-out >}}
 
 ### Upgrade NGINX Gateway Fabric release
 
@@ -72,7 +68,7 @@ Warning: kubectl apply should be used on resource created by either kubectl crea
 
 {{% tab name="Helm" %}}
 
-{{< important >}} If you are using NGINX Plus and have a different Secret name than the default `nplus-license` name, specify the Secret name by setting `--set nginx.usage.secretName=<secret-name>` when running `helm upgrade`. {{< /important >}}
+{{< call-out "important" >}} If you are using NGINX Plus and have a different Secret name than the default `nplus-license` name, specify the Secret name by setting `--set nginx.usage.secretName=<secret-name>` when running `helm install` or `helm upgrade`. {{< /call-out >}}
 
 To upgrade the release with Helm, you can use the OCI registry, or download the chart and upgrade from the source.
 
@@ -80,6 +76,15 @@ If needed, replace `ngf` with your chosen release name.
 
 **Upgrade from the OCI registry**
 
+To avoid downtime when upgrading from v2.0.x to v2.1, run the following commands. Be sure to include your previous installation flags and values if necessary. This will not affect user traffic, as the NGINX data plane deployment won't be removed as part of this process.
+
+```shell
+helm uninstall ngf -n nginx-gateway
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric -n nginx-gateway
+```
+
+Otherwise, for all other version upgrades:
+
 ```shell
 helm upgrade ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric -n nginx-gateway
 ```
@@ -88,7 +93,14 @@ helm upgrade ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric -n nginx-gatewa
 
 {{< include "/ngf/installation/helm/pulling-the-chart.md" >}}
 
-To upgrade, run the following command:
+To avoid downtime when upgrading from v2.0.x to v2.1, run the following. Be sure to include your previous installation flags and values if necessary. This will not affect user traffic, as the NGINX data plane deployment won't be removed as part of this process.
+
+```shell
+helm uninstall ngf -n nginx-gateway
+helm install ngf . -n nginx-gateway
+```
+
+Otherwise, for all other version upgrades:
 
 ```shell
 helm upgrade ngf . -n nginx-gateway
@@ -98,7 +110,9 @@ helm upgrade ngf . -n nginx-gateway
 
 {{% tab name="Manifests" %}}
 
-Select the deployment manifest that matches your current deployment from options available in the [Deploy NGINX Gateway Fabric]({{< ref "/ngf/install/manifests.md#deploy-nginx-gateway-fabric-1">}}) section and apply it.
+Select the deployment manifest that matches your current deployment from options available in the [Deploy NGINX Gateway Fabric]({{< ref "/ngf/install/manifests.md#deploy-nginx-gateway-fabric-1">}}) section.
+
+To avoid downtime when upgrading from v2.0.x to v2.1, delete the previous NGINX Gateway Fabric control plane deployment in the `nginx-gateway` namespace, using `kubectl delete deployment`. Then `kubectl apply` the updated manifest file. This will not affect user traffic, as the NGINX data plane deployment won't be removed as part of this process.
 
 {{% /tab %}}
 
@@ -110,7 +124,7 @@ This section provides step-by-step instructions for upgrading NGINX Gateway Fabr
 
 To upgrade NGINX Gateway Fabric from version 1.x to the new architecture in version 2.x, you must uninstall the existing NGINX Gateway Fabric CRDs and deployment, and perform a fresh installation. This will cause brief downtime during the upgrade process.
 
-{{<note>}} You do not need to uninstall the Gateway API CRDs during the upgrade. These resources are compatible with the new NGINX Gateway Fabric version. {{</note>}}
+{{< call-out "note" >}} You do not need to uninstall the Gateway API CRDs during the upgrade. These resources are compatible with the new NGINX Gateway Fabric version. {{< /call-out >}}
 
 ### Uninstall NGINX Gateway Fabric v1.x
 
@@ -130,13 +144,13 @@ kubectl delete -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v
 
 ### Install NGINX Gateway Fabric 2.x
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Before installing 2.x, we recommend following [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}).
 
 By default, NGINX Gateway Fabric installs self-signed certificates, which may be unsuitable for a production environment.
 
-{{< /important >}}
+{{< /call-out >}}
 
 {{<tabs name="install-ngf-2.x">}}
 
@@ -240,69 +254,22 @@ You can then follow [this localhost link](http://localhost:1313/nginx-gateway-fa
 
 ## Upgrade from NGINX Open Source to NGINX Plus
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Ensure that you [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up-the-jwt" >}}) before upgrading. These instructions only apply to Helm.
 
-{{< /important >}}
+{{< /call-out >}}
 
 To upgrade from NGINX Open Source to NGINX Plus, update the Helm command to include the necessary values for Plus:
 
-{{< note >}} If applicable:
+{{< call-out "note" >}} If applicable:
 
 - Replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image
 - Replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials
 - Replace `ngf` with your chosen release name.
-{{< /note >}}
+{{< /call-out >}}
 
 
 ```shell
 helm upgrade ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus --set nginx.plus=true --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway
 ```
-
-## Delay pod termination for zero downtime upgrades {#configure-delayed-pod-termination-for-zero-downtime-upgrades}
-
-{{< include "/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md" >}}
-
-Follow these steps to configure delayed pod termination:
-
-1. Open the `values.yaml` for editing.
-
-1. **Add delayed shutdown hooks**:
-
-   - In the `values.yaml` file, add `lifecycle: preStop` hooks to both the `nginx` and `nginx-gateway` container definitions. These hooks instruct the containers to delay their shutdown process, allowing time for connections to close gracefully. Update the `sleep` value to what works for your environment.
-
-     ```yaml
-      nginxGateway:
-      <...>
-      lifecycle:
-          preStop:
-          exec:
-              command:
-              - /usr/bin/gateway
-              - sleep
-              - --duration=40s # This flag is optional, the default is 30s
-
-      nginx:
-      <...>
-      lifecycle:
-          preStop:
-          exec:
-              command:
-              - /bin/sleep
-              - "40"
-     ```
-
-1. **Set the termination grace period**:
-
-   - {{< include "/ngf/installation/delay-pod-termination/termination-grace-period.md">}}
-
-1. Save the changes.
-
-{{<see-also>}}
-For additional information on configuring and understanding the behavior of containers and pods during their lifecycle, refer to the following Kubernetes documentation:
-
-- [Container Lifecycle Hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks)
-- [Pod Lifecycle](https://kubernetes.io/docs/concepts/workloads/Pods/Pod-lifecycle/#Pod-termination)
-
-{{</see-also>}}
\ No newline at end of file
diff --git a/content/ngf/monitoring/dashboard.md b/content/ngf/monitoring/dashboard.md
index 60ee15e29..7dd873fc5 100644
--- a/content/ngf/monitoring/dashboard.md
+++ b/content/ngf/monitoring/dashboard.md
@@ -27,7 +27,7 @@ The dashboard will look like this:
 
 {{< img src="/ngf/img/nginx-plus-dashboard.png" alt="">}}
 
-{{< note >}} The [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) used by the dashboard for metrics is also accessible using the `/api` path. {{< /note >}}
+{{< call-out "note" >}} The [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) used by the dashboard for metrics is also accessible using the `/api` path. {{< /call-out >}}
 
 ### Configure dashboard access through NginxProxy
 
diff --git a/content/ngf/monitoring/prometheus.md b/content/ngf/monitoring/prometheus.md
index 369789dcd..0ce414ebd 100644
--- a/content/ngf/monitoring/prometheus.md
+++ b/content/ngf/monitoring/prometheus.md
@@ -21,7 +21,7 @@ Metrics are served over HTTP by default. Enabling HTTPS will secure the metrics
 
 ## Installing Prometheus and Grafana
 
-{{< note >}} These installations are for demonstration purposes and have not been tuned for a production environment. {{< /note >}}
+{{< call-out "note" >}} These installations are for demonstration purposes and have not been tuned for a production environment. {{< /call-out >}}
 
 ### Prometheus
 
diff --git a/content/ngf/monitoring/tracing.md b/content/ngf/monitoring/tracing.md
index ae895179c..22ed240ff 100644
--- a/content/ngf/monitoring/tracing.md
+++ b/content/ngf/monitoring/tracing.md
@@ -32,7 +32,7 @@ Download the following files containing the configurations for the collectors:
 - {{< download "/ngf/otel-collector.yaml" "otel-collector.yaml" >}}
 - {{< download "/ngf/jaeger.yaml" "jaeger.yaml" >}}
 
-{{< note >}} These collectors are for demonstration purposes and are not tuned for production use. {{< /note >}}
+{{< call-out "note" >}} These collectors are for demonstration purposes and are not tuned for production use. {{< /call-out >}}
 
 Then install them:
 
@@ -70,7 +70,7 @@ When installed using the Helm chart, the NginxProxy resource is named `<release-
 
   The `NginxProxy` resource contains configuration for the collector, and applies to all Gateways and routes under the GatewayClass. It does not enable tracing, but is a prerequisite to the next piece of configuration.
 
-{{< note >}} You can also override the tracing configuration for a particular Gateway by manually creating and attaching specific `NginxProxy` resources to target the different Gateways. This guide covers the global tracing configuration only. {{< /note >}}
+{{< call-out "note" >}} You can also override the tracing configuration for a particular Gateway by manually creating and attaching specific `NginxProxy` resources to target the different Gateways. This guide covers the global tracing configuration only. {{< /call-out >}}
 
 - `ObservabilityPolicy`: This resource is a [Direct PolicyAttachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that targets HTTPRoutes or GRPCRoutes. It is created by the [application developer](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/) and enables tracing for a specific route or routes. It requires the `NginxProxy` resource to exist in order to complete the tracing configuration.
 
@@ -78,7 +78,7 @@ For all the possible configuration options for these resources, see the [API ref
 
 ### Install NGINX Gateway Fabric with global tracing configuration
 
-{{< note >}} Ensure that you [install the Gateway API resources]({{< ref "/ngf/install/helm.md#installing-the-gateway-api-resources" >}}).{{< /note >}}
+{{< call-out "note" >}} Ensure that you [install the Gateway API resources]({{< ref "/ngf/install/helm.md#installing-the-gateway-api-resources" >}}).{{< /call-out >}}
 
 Referencing the previously deployed collector, create the following `values.yaml` file for installing NGINX Gateway Fabric:
 
@@ -255,7 +255,7 @@ GW_PORT=<port number>
 
 Check that traffic can flow to the application.
 
-{{< note >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /note >}}
+{{< call-out "note" >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /call-out >}}
 
 ```shell
 curl --resolve cafe.example.com:$GW_PORT:$GW_IP http://cafe.example.com:$GW_PORT/coffee
diff --git a/content/ngf/overview/custom-policies.md b/content/ngf/overview/custom-policies.md
index 03dda319b..400e2353d 100644
--- a/content/ngf/overview/custom-policies.md
+++ b/content/ngf/overview/custom-policies.md
@@ -15,7 +15,6 @@ These custom policies follow the Gateway API [Policy Attachment](https://gateway
 Policies are a Kubernetes object that augments the behavior of an object in a standard way. Policies can be attached to one object ([Direct Policy Attachment](#direct-policy-attachment)) or objects in a hierarchy ([Inherited Policy Attachment](#inherited-policy-attachment)).
 The following table summarizes NGINX Gateway Fabric custom policies:
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
 
 | Policy                                                                                      | Description                                             | Attachment Type | Supported Target Object(s)    | Supports Multiple Target Refs | Mergeable | API Version |
 |---------------------------------------------------------------------------------------------|---------------------------------------------------------|-----------------|-------------------------------|-------------------------------|-----------|-------------|
@@ -23,11 +22,9 @@ The following table summarizes NGINX Gateway Fabric custom policies:
 | [ObservabilityPolicy]({{< ref "/ngf/monitoring/tracing.md" >}})                      | Define settings related to tracing, metrics, or logging | Direct          | HTTPRoute, GRPCRoute          | Yes                           | No        | v1alpha2    |
 | [UpstreamSettingsPolicy]({{< ref "/ngf/traffic-management/upstream-settings.md" >}}) | Configure connection behavior between NGINX and backend | Direct          | Service                       | Yes                           | Yes       | v1alpha1    |
 
-{{< /bootstrap-table >}}
-
-{{< important >}}
+{{< call-out "important" >}}
 If attaching a Policy to a Route, that Route must not share a hostname:port/path combination with any other Route that is not referenced by the same Policy. If it does, the Policy will be rejected. This is because the Policy would end up affecting other Routes that it is not attached to.
-{{< /important >}}
+{{< /call-out >}}
 
 ## Terminology
 
diff --git a/content/ngf/overview/gateway-api-compatibility.md b/content/ngf/overview/gateway-api-compatibility.md
index 5638ed596..ab641d44c 100644
--- a/content/ngf/overview/gateway-api-compatibility.md
+++ b/content/ngf/overview/gateway-api-compatibility.md
@@ -11,8 +11,7 @@ Learn which Gateway API resources NGINX Gateway Fabric supports and to which lev
 
 ## Summary
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource                              | Core Support Level  | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |---------------------------------------|---------------------|------------------------|---------------------------------------|-------------|---------------------|
 | [GatewayClass](#gatewayclass)         | Supported           | Not supported          | Supported                             | v1          | Standard            |
@@ -25,8 +24,7 @@ Learn which Gateway API resources NGINX Gateway Fabric supports and to which lev
 | [UDPRoute](#udproute)                 | Not supported       | Not supported          | Not supported                         | v1alpha2    | Experimental        |
 | [BackendTLSPolicy](#backendtlspolicy) | Partially Supported | Supported              | Partially supported                   | v1alpha3    | Experimental        |
 | [Custom policies](#custom-policies)   | N/A                 | N/A                    | Supported                             | N/A         | N/A                 |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 ## Terminology
 
@@ -38,7 +36,7 @@ Gateway API features has three [support levels](https://gateway-api.sigs.k8s.io/
 - _Not supported_. The resource or field is not yet supported. It will become partially or fully supported in future
   releases.
 
-{{< note >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. {{< /note >}}
+{{< call-out "note" >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. {{< /call-out >}}
 
 
 ## Resources
@@ -49,13 +47,11 @@ For a description of each field, visit the [Gateway API documentation](https://g
 
 ### GatewayClass
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource     | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |--------------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | GatewayClass | Supported          | Not supported          | Supported                             | v1          | Standard            |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 NGINX Gateway Fabric supports a single GatewayClass resource configured with the `--gatewayclass` flag of the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command.
 
@@ -77,13 +73,11 @@ NGINX Gateway Fabric supports a single GatewayClass resource configured with the
 
 ### Gateway
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | Gateway  | Supported          | Partially supported    | Not supported                         | v1          | Standard            |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 NGINX Gateway Fabric supports multiple Gateway resources. The Gateway resources must reference NGINX Gateway Fabric's corresponding GatewayClass.
 
@@ -136,20 +130,19 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
       - `ResolvedRefs/True/ResolvedRefs`
       - `ResolvedRefs/False/InvalidCertificateRef`
       - `ResolvedRefs/False/InvalidRouteKinds`
+      - `ResolvedRefs/False/RefNotPermitted`
       - `Conflicted/True/ProtocolConflict`
       - `Conflicted/True/HostnameConflict`
       - `Conflicted/False/NoConflicts`
+      - `OverlappingTLSConfig/True/OverlappingHostnames`
 
 ### HTTPRoute
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource  | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | HTTPRoute | Supported          | Partially supported    | Not supported                         | v1          | Standard            |
-
-{{< /bootstrap-table >}}
-
+{{< /table >}}
 **Fields**:
 
 - `spec`
@@ -167,7 +160,7 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
       - `requestHeaderModifier`: Supported. If multiple filters are configured, NGINX Gateway Fabric will choose the first and ignore the rest.
       - `urlRewrite`: Supported. If multiple filters are configured, NGINX Gateway Fabric will choose the first and ignore the rest. Incompatible with `requestRedirect`.
       - `responseHeaderModifier`: Supported. If multiple filters are configured, NGINX Gateway Fabric will choose the first and ignore the rest.
-      - `requestMirror`: Supported. Multiple mirrors can be specified.
+      - `requestMirror`: Supported. Multiple mirrors can be specified. Percent and fraction-based mirroring are supported.
       - `extensionRef`: Supported for SnippetsFilters.
     - `backendRefs`: Partially supported. Backend ref `filters` are not supported.
 - `status`
@@ -189,17 +182,16 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
       - `ResolvedRefs/False/BackendNotFound`
       - `ResolvedRefs/False/UnsupportedValue`: Custom reason for when one of the HTTPRoute rules has a backendRef with an unsupported value.
       - `ResolvedRefs/False/InvalidIPFamily`: Custom reason for when one of the HTTPRoute rules has a backendRef that has an invalid IPFamily.
+      - `ResolvedRefs/False/UnsupportedProtocol`
       - `PartiallyInvalid/True/UnsupportedValue`
 
 ### GRPCRoute
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource  | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | GRPCRoute | Supported          | Partially supported    | Not supported                         | v1          | Standard            |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 **Fields**:
 
@@ -238,13 +230,11 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
 
 ### ReferenceGrant
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource       | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | ReferenceGrant | Supported          | N/A                    | Not supported                         | v1beta1     | Standard            |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 Fields:
 
@@ -260,13 +250,11 @@ Fields:
 
 ### TLSRoute
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | TLSRoute | Supported          | Not supported          | Not supported                         | v1alpha2    | Experimental        |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 **Fields**:
 
@@ -300,33 +288,27 @@ Fields:
 
 ### TCPRoute
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | TCPRoute | Not supported      | Not supported          | Not supported                         | v1alpha2    | Experimental        |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 ### UDPRoute
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |----------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | UDPRoute | Not supported      | Not supported          | Not supported                         | v1alpha2    | Experimental        |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 ### BackendTLSPolicy
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource         | Core Support Level  | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |------------------|---------------------|------------------------|---------------------------------------|-------------|---------------------|
 | BackendTLSPolicy | Partially Supported | Supported              | Partially Supported                   | v1alpha3    | Experimental        |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 Fields:
 
@@ -352,17 +334,15 @@ Fields:
       - `Accepted/True/PolicyReasonAccepted`
       - `Accepted/False/PolicyReasonInvalid`
 
-{{< note >}} If multiple `backendRefs` are defined for a HTTPRoute rule, all the referenced Services *must* have matching BackendTLSPolicy configuration. BackendTLSPolicy configuration is considered to be matching if 1. CACertRefs reference the same ConfigMap, or 2. WellKnownCACerts are the same, and 3. Hostname is the same. {{< /note >}}
+{{< call-out "note" >}} If multiple `backendRefs` are defined for a HTTPRoute rule, all the referenced Services *must* have matching BackendTLSPolicy configuration. BackendTLSPolicy configuration is considered to be matching if 1. CACertRefs reference the same ConfigMap, or 2. WellKnownCACerts are the same, and 3. Hostname is the same. {{< /call-out >}}
 
 ### Custom Policies
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
+{{< table >}}
 | Resource        | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel |
 |-----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------|
 | Custom policies | N/A                | N/A                    | Supported                             | N/A         | N/A                 |
-
-{{< /bootstrap-table >}}
+{{< /table >}}
 
 Custom policies are NGINX Gateway Fabric-specific CRDs (Custom Resource Definitions) that support features such as tracing, and client connection settings. These important data-plane features are not part of the Gateway API specifications.
 While these CRDs are not part of the Gateway API, the mechanism to attach them to Gateway API resources is part of the Gateway API. See the [Policy Attachment documentation](https://gateway-api.sigs.k8s.io/references/policy-attachment/).
diff --git a/content/ngf/overview/gateway-architecture.md b/content/ngf/overview/gateway-architecture.md
index 7d826635c..78123ea44 100644
--- a/content/ngf/overview/gateway-architecture.md
+++ b/content/ngf/overview/gateway-architecture.md
@@ -7,38 +7,23 @@ nd-product: NGF
 nd-docs: DOCS-1413
 ---
 
-Learn about the architecture and design principles of NGINX Gateway Fabric.
+Learn about the architecture and design principles of NGINX Gateway Fabric: a Kubernetes Gateway API implementation which uses NGINX as the data plane. 
 
-The intended audience for this information is primarily the two following groups:
+This document is intended for:
 
-- _Cluster Operators_ who would like to know how the software works and understand how it can fail.
-- _Developers_ who would like to [contribute](https://github.com/nginx/nginx-gateway-fabric/blob/main/CONTRIBUTING.md) to the project.
+- _Cluster Operators_ who want to understand how NGINX Gateway Fabric works in production, how it manages traffic, and how to troubleshoot failures.
 
-The reader needs to be familiar with core Kubernetes concepts, such as pods, deployments, services, and endpoints. For an understanding of how NGINX itself works, you can read the ["Inside NGINX: How We Designed for Performance & Scale"](https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/) blog post.
-
----
-
-## Overview
-
-NGINX Gateway Fabric is an open source project that provides an implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/) using [NGINX](https://nginx.org/) as the data plane. The goal of this project is to implement the core Gateway APIs -- _Gateway_, _GatewayClass_, _HTTPRoute_, _GRPCRoute_, _TCPRoute_, _TLSRoute_, and _UDPRoute_ -- to configure an HTTP or TCP/UDP load balancer, reverse proxy, or API gateway for applications running on Kubernetes. NGINX Gateway Fabric supports a subset of the Gateway API.
-
-For a list of supported Gateway API resources and features, see the [Gateway API Compatibility]({{< ref "/ngf/overview/gateway-api-compatibility.md" >}}) documentation.
-
-NGINX Gateway Fabric separates the control plane and data plane into distinct deployments. This architectural separation enhances scalability, security, and operational isolation between the two components.
+- _Application Developers_ who would like to use NGINX Gateway Fabric to expose and route traffic to their applications within Kubernetes.
 
-The control plane interacts with the Kubernetes API, watching for Gateway API resources. When a new Gateway resource is provisioned, it dynamically creates and manages a corresponding NGINX data plane Deployment and Service. This ensures that the system can adapt to changes in the cluster state seamlessly.
-
-Each NGINX data plane pod consists of an NGINX container integrated with the [NGINX agent](https://github.com/nginx/agent). The agent securely communicates with the control plane using gRPC. The control plane translates Gateway API resources into NGINX configurations and sends these configurations to the agent to ensure consistent traffic management.
-
-This design enables centralized management of multiple Gateways while ensuring that each NGINX instance stays aligned with the cluster's current configuration. Labels, annotations, and infrastructure settings such as service type or replica count can be specified globally via the Helm chart or customized per Gateway using the enhanced NginxProxy CRD and the Gateway's `infrastructure` section.
+The reader needs to be familiar with core Kubernetes concepts, such as pods, deployments, services, and endpoints. For an understanding of how NGINX itself works, you can read the ["Inside NGINX: How We Designed for Performance & Scale"](https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/) blog post.
 
-We have more information regarding our [design principles](https://github.com/nginx/nginx-gateway-fabric/blob/v1.6.1/docs/developer/design-principles.md) in the project's GitHub repository.
+If you are interested in contributing to the project or learning about its internal implementation details, please see the [Developer Architecture Guide](https://github.com/nginx/nginx-gateway-fabric/tree/main/docs/architecture).
 
 ---
 
 ## NGINX Gateway Fabric Deployment Model and Architectural Overview
 
-The NGINX Gateway Fabric architecture separates the control plane and data plane into distinct and independent Deployments, ensuring enhanced security, flexibility, and resilience.
+NGINX Gateway Fabric splits its architecture into two main parts to provide better security, flexibility, and reliability:
 
 ### Control Plane: Centralized Management
 
@@ -52,205 +37,143 @@ Key functionalities include:
 
 ### Data Plane: Autonomous Traffic Management
 
-Each NGINX data plane pod is provisioned as an independent Deployment containing an `nginx` container. This container runs both the `nginx` process and the [NGINX agent](https://github.com/nginx/agent), which is responsible for:
+Each NGINX data plane pod can be provisioned as an independent Deployment or DaemonSet containing an `nginx` container. This container runs both the `nginx` process and the [NGINX agent](https://github.com/nginx/agent), which is responsible for:
 
 - Applying configurations: The agent receives updates from the control plane and applies them to the NGINX instance.
 - Handling reloads: NGINX Agent handles configuration reconciliation and reloading NGINX, eliminating the need for shared volumes or Unix signals between the control plane and data plane pods.
 
-With this design, multiple NGINX data planes can be managed by a single control plane, enabling fine-grained, Gateway-specific control and isolation.
-
 ### Gateway Resource Management
 
-The architecture supports flexible operation and isolation across multiple Gateways:
+Users can have multiple gateways running side-by-side in the same cluster. This supports flexible operation and isolation across Gateways:
 
 - Concurrent Gateways: Multiple Gateway objects can run simultaneously within a single installation.
 - 1:1 resource mapping: Each Gateway resource corresponds uniquely to a dedicated data plane deployment, ensuring clear delineation of ownership and operational segregation.
 
-### Resilience and Fault Isolation
-
-One of the primary advantages of this architecture is enhanced operational resilience and fault isolation:
-
-#### Control Plane Resilience
-
-In the event of a control plane failure or downtime:
-- Existing data plane pods continue serving traffic using their last-valid cached configurations.
-- Updates to routes or Gateways are temporarily paused, but stable traffic delivery continues without degradation.
-- Recovery restores functionality, resynchronizing configuration updates seamlessly.
-
-#### Data Plane Resilience
-
-If a data plane pod encounters an outage or restarts:
-- Only routes tied to the specific linked Gateway object experience brief disruptions.
-- Configurations automatically resynchronize with the data plane upon pod restart, minimizing the scope of impact.
-- Other data plane pods remain unaffected and continue serving traffic normally.
-
-This split architecture ensures operational boundaries between the control plane and data plane, delivering improved scalability, security, and robustness while minimizing risks associated with failures in either component.
-
 ---
 
-## High-Level Example of NGINX Gateway Fabric in Action
+## High-level overview of NGINX Gateway Fabric in execution
 
 This figure depicts an example of NGINX Gateway Fabric exposing three web applications within a Kubernetes cluster to clients on the internet:
 
 ```mermaid
 graph LR
     %% Nodes and Relationships
-    subgraph KubernetesCluster[Kubernetes Cluster]
-
-        subgraph applications2[Namespace: applications2]
-
-                subgraph DataplaneComponentsC[Dataplane Components]
-                    GatewayC[Gateway C<br>Listener: *.other-example.com]
-
-                    subgraph NGINXPodC[NGINX Pod]
-                        subgraph NGINXContainerC[NGINX Container]
-                            NGINXProcessC(NGINX)
-                            NGINXAgentC(NGINX Agent)
-                        end
+    subgraph KubernetesCluster["Kubernetes Cluster"]
+        subgraph NamespaceNGF["Namespace: nginx-gateway"]
+            NGFControlPlanePod["NGINX Gateway Fabric Control Plane Pod"]
+            NGFControlPlanePod --> KubernetesAPI["Kubernetes API"]
+        end
+        subgraph ApplicationsNamespaceA["Namespace: applications"]
+            subgraph DataplaneComponentsA["Dataplane Components"]
+                GatewayA["Gateway A<br>Listener: *.example.com"]
+                subgraph NGINXDataPlanePodA["NGINX Data Plane Pod"]
+                    subgraph NGINXContainerA["NGINX Container"]
+                        NGINXProcessA["NGINX Process"]
+                        NGINXAgentA["NGINX Agent"]
                     end
                 end
-
-                subgraph HTTPRouteCAndApplicationC[HTTPRoute C and Application C]
-                    HTTPRouteC[HTTPRoute C<br>Host: c.other-example.com]
-                    ApplicationC[Application C<br>Pods: 1]
-                end
-
-        end
-
-        subgraph nginx-gateway[Namespace: nginx-gateway]
-            NGFPod[NGF Pod]
+            end
+            subgraph HTTPRouteAAndApplications["HTTPRoutes and Applications"]
+                HTTPRouteA["HTTPRoute A<br>Host: a.example.com"]
+                HTTPRouteB["HTTPRoute B<br>Host: b.example.com"]
+                ApplicationA["Application A<br>Pods: 2"]
+                ApplicationB["Application B<br>Pods: 1"]
+            end
         end
-
-        subgraph applications1[Namespace: applications]
-
-            subgraph DataplaneComponentsAB[Dataplane Components]
-                GatewayAB[Gateway AB<br>Listener: *.example.com]
-
-                subgraph NGINXPodAB[NGINX Pod]
-                    subgraph NGINXContainerAB[NGINX Container]
-                        NGINXProcessAB(NGINX)
-                        NGINXAgentAB(NGINX Agent)
+        subgraph ApplicationsNamespaceB["Namespace: applications-2"]
+            subgraph DataplaneComponentsB["Dataplane Components"]
+                GatewayB["Gateway B<br>Listener: *.other-example.com"]
+                subgraph NGINXDataPlanePodB["NGINX Data Plane Pod"]
+                    subgraph NGINXContainerB["NGINX Container"]
+                        NGINXProcessB["NGINX Process"]
+                        NGINXAgentB["NGINX Agent"]
                     end
                 end
             end
-
-            subgraph HTTPRouteBAndApplicationB[HTTPRoute B and Application B]
-                HTTPRouteB[HTTPRoute B<br>Host: b.example.com]
-                ApplicationB[Application B<br>Pods: 1]
-            end
-
-            subgraph HTTPRouteAAndApplicationA[HTTPRoute A and Application A]
-                HTTPRouteA[HTTPRoute A<br>Host: a.example.com]
-                ApplicationA[Application AB<br>Pods: 2]
+            subgraph HTTPRouteBandApplications["HTTPRoutes and Applications"]
+                HTTPRouteC["HTTPRoute C<br>Host: c.other-example.com"]
+                ApplicationC["Application C<br>Pods: 1"]
             end
         end
-
-        KubernetesAPI[Kubernetes API]
     end
-
-    subgraph Users[Users]
-        ClusterOperator[Cluster Operator]
-        AppDevA[Application Developer A]
-        AppDevB[Application Developer B]
-        AppDevC[Application Developer C]
-    end
-
-    subgraph Clients[Clients]
-        ClientsA[Clients A]
-        ClientsB[Clients B]
-        ClientsC[Clients C]
+    subgraph UsersAndClients["Users and Clients"]
+        UserOperator["Cluster Operator"]
+        UserDevA["Application Developer A"]
+        UserDevB["Application Developer B"]
+        ClientA["Client A"]
+        ClientB["Client B"]
     end
-
-    subgraph "Public Endpoints"
-        PublicEndpointAB[Public Endpoint AB<br>TCP Load Balancer/NodePort]
-        PublicEndpointC[Public Endpoint C<br>TCP Load Balancer/NodePort]
+    subgraph SharedInfrastructure["Public Endpoint"]
+        PublicEndpoint["TCP Load Balancer / NodePort"]
     end
-
     %% Updated Traffic Flow
-    ClientsA == a.example.com ==> PublicEndpointAB
-    ClientsB == b.example.com ==> PublicEndpointAB
-    ClientsC == c.other-example.com ==> PublicEndpointC
-
-    PublicEndpointAB ==> NGINXProcessAB
-    PublicEndpointC ==> NGINXProcessC
-    NGINXProcessAB ==> ApplicationA
-    NGINXProcessAB ==> ApplicationB
-    NGINXProcessC ==> ApplicationC
-
+    ClientA-->|a.example.com|PublicEndpoint
+    ClientB-->|c.other-example.com|PublicEndpoint
+    PublicEndpoint==>NGINXProcessA
+    PublicEndpoint==>NGINXProcessB
+    NGINXProcessA==>ApplicationA
+    NGINXProcessA==>ApplicationB
+    NGINXProcessB==>ApplicationC
     %% Kubernetes Configuration Flow
-    HTTPRouteA --> GatewayAB
-    HTTPRouteB --> GatewayAB
-    HTTPRouteC --> GatewayC
-
-    NGFPod --> KubernetesAPI
-    NGFPod --gRPC--> NGINXAgentAB
-    NGINXAgentAB --> NGINXProcessAB
-    NGFPod --gRPC--> NGINXAgentC
-    NGINXAgentC --> NGINXProcessC
-
-    ClusterOperator --> KubernetesAPI
-    AppDevA --> KubernetesAPI
-    AppDevB --> KubernetesAPI
-    AppDevC --> KubernetesAPI
-
+    HTTPRouteA-->GatewayA
+    HTTPRouteB-->GatewayA
+    HTTPRouteC-->GatewayB
+    UserOperator-->KubernetesAPI
+    NGFControlPlanePod--gRPC-->NGINXAgentA
+    NGFControlPlanePod--gRPC-->NGINXAgentB
+    NGINXAgentA-->NGINXProcessA
+    NGINXAgentB-->NGINXProcessB
+    UserDevA-->KubernetesAPI
+    UserDevB-->KubernetesAPI
     %% Styling
-    style ClusterOperator fill:#66CDAA,stroke:#333,stroke-width:2px
-    style GatewayAB fill:#66CDAA,stroke:#333,stroke-width:2px
-    style GatewayC fill:#66CDAA,stroke:#333,stroke-width:2px
-    style NGFPod fill:#66CDAA,stroke:#333,stroke-width:2px
-
-    style NGINXProcessAB fill:#66CDAA,stroke:#333,stroke-width:2px
-    style NGINXProcessC fill:#66CDAA,stroke:#333,stroke-width:2px
-
+    style UserOperator fill:#66CDAA,stroke:#333,stroke-width:2px
+    style GatewayA fill:#66CDAA,stroke:#333,stroke-width:2px
+    style GatewayB fill:#66CDAA,stroke:#333,stroke-width:2px
+    style NGFControlPlanePod fill:#66CDAA,stroke:#333,stroke-width:2px
+    style NGINXProcessA fill:#66CDAA,stroke:#333,stroke-width:2px
+    style NGINXProcessB fill:#66CDAA,stroke:#333,stroke-width:2px
     style KubernetesAPI fill:#9370DB,stroke:#333,stroke-width:2px
-
-    style HTTPRouteAAndApplicationA fill:#E0FFFF,stroke:#333,stroke-width:2px
-    style HTTPRouteBAndApplicationB fill:#E0FFFF,stroke:#333,stroke-width:2px
-
-    style AppDevA fill:#FFA07A,stroke:#333,stroke-width:2px
+    style HTTPRouteAAndApplications fill:#E0FFFF,stroke:#333,stroke-width:2px
+    style HTTPRouteBandApplications fill:#E0FFFF,stroke:#333,stroke-width:2px
+    style UserDevA fill:#FFA07A,stroke:#333,stroke-width:2px
     style HTTPRouteA fill:#FFA07A,stroke:#333,stroke-width:2px
+    style HTTPRouteB fill:#FFA07A,stroke:#333,stroke-width:2px
     style ApplicationA fill:#FFA07A,stroke:#333,stroke-width:2px
-    style ClientsA fill:#FFA07A,stroke:#333,stroke-width:2px
+    style ApplicationB fill:#FFA07A,stroke:#333,stroke-width:2px
+    style ClientA fill:#FFA07A,stroke:#333,stroke-width:2px
+    style UserDevB fill:#87CEEB,stroke:#333,stroke-width:2px
+    style HTTPRouteC fill:#87CEEB,stroke:#333,stroke-width:2px
+    style ApplicationC fill:#87CEEB,stroke:#333,stroke-width:2px
+    style ClientB fill:#87CEEB,stroke:#333,stroke-width:2px
+    style PublicEndpoint fill:#FFD700,stroke:#333,stroke-width:2px
+```
 
-    style AppDevB fill:#87CEEB,stroke:#333,stroke-width:2px
-    style HTTPRouteB fill:#87CEEB,stroke:#333,stroke-width:2px
-    style ApplicationB fill:#87CEEB,stroke:#333,stroke-width:2px
-    style ClientsB fill:#87CEEB,stroke:#333,stroke-width:2px
+{{< call-out "note" >}} The figure does not show many of the necessary Kubernetes resources the Cluster Operators and Application Developers need to create, like deployment and services. {{< /call-out >}}
 
-    style AppDevC fill:#FFC0CB,stroke:#333,stroke-width:2px
-    style HTTPRouteC fill:#FFC0CB,stroke:#333,stroke-width:2px
-    style ApplicationC fill:#FFC0CB,stroke:#333,stroke-width:2px
-    style ClientsC fill:#FFC0CB,stroke:#333,stroke-width:2px
+The figure shows:
 
-    style PublicEndpointAB fill:#FFD700,stroke:#333,stroke-width:2px
-    style PublicEndpointC fill:#FFD700,stroke:#333,stroke-width:2px
+{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
 
-    %% Styling
-    classDef dashedSubgraph stroke-dasharray: 5, 5;
+| **Category**           | **Description**                                                                                                                                       |
+|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Namespaces**          | - _Namespace: nginx-gateway_: Contains the NGINX Gateway Fabric Control Plane Pod, responsible for managing Gateway API configurations and provisioning NGINX Data Plane Pods.<br>- _Namespace: applications_: Contains Gateway A for `*.example.com`, handling Application A and Application B.<br>- _Namespace: applications-2_: Contains Gateway B for `*.other-example.com`, handling Application C. |
+| **Users**               | - _Cluster Operator_: Sets up the NGINX Gateway Fabric Control Plane Pod and manages Gateway API resources by provisioning Gateways (A and B).<br>- _Developers A & B_: Developers deploy their applications and create HTTPRoutes associated with their Gateways. |
+| **Clients**             | - _Client A_: Interacts with Application A through `a.example.com`.<br>- _Client B_: Interacts with Application C through `c.other-example.com`.     |
+| **NGINX Gateway Fabric Control Plane Pod** | The control plane pod, deployed in the `nginx-gateway` namespace, communicates with the Kubernetes API to:<br>- Fetch Gateway API resources.<br>- Dynamically provision and configure NGINX Data Plane Pods.<br>- Deliver traffic routing and configuration updates to NGINX Agent instances over gRPC. |
+| **Gateways**            | - _Gateway A_: Listens for requests under `*.example.com`. Routes:<br>&nbsp;&nbsp;&nbsp;• _HTTPRoute A_: Routes requests to `a.example.com` into Application A.<br>&nbsp;&nbsp;&nbsp;• _HTTPRoute B_: Routes requests to `b.example.com` into Application B.<br>- _Gateway B_: Listens for requests under `*.other-example.com`. Routes:<br>&nbsp;&nbsp;&nbsp;• _HTTPRoute C_: Routes requests to `c.other-example.com` into Application C. |
+| **Applications**        | - _Application A_: Deployed by Developer A (2 pods), routed by Gateway A via HTTPRoute A.<br>- _Application B_: Deployed by Developer A (1 pod), routed by Gateway A via HTTPRoute B.<br>- _Application C_: Deployed by Developer B (1 pod), routed by Gateway B via HTTPRoute C. |
+| **NGINX Data Plane Pods** | - _NGINX Data Plane Pod A_: Handles traffic routed from Gateway A:<br>&nbsp;&nbsp;&nbsp;• _NGINX Process A_: Forwards requests to Application A and Application B as defined in Gateway A's HTTPRoutes.<br>&nbsp;&nbsp;&nbsp;• _NGINX Agent A_: Receives configuration updates from the NGINX Gateway Fabric Control Plane Pod via gRPC.<br>- _NGINX Data Plane Pod B_: Manages traffic routed from Gateway B:<br>&nbsp;&nbsp;&nbsp;• _NGINX Process B_: Forwards requests to Application C as defined in Gateway B’s HTTPRoute.<br>&nbsp;&nbsp;&nbsp;• _NGINX Agent B_: Receives configuration updates via gRPC from the NGINX Gateway Fabric Control Plane Pod. |
+| **Traffic Flow**        | - _Client A_:<br>&nbsp;&nbsp;&nbsp;1. Sends requests to `a.example.com` via the Public Endpoint.<br>&nbsp;&nbsp;&nbsp;2. Requests are routed by Gateway A and processed by NGINX Process A.<br>&nbsp;&nbsp;&nbsp;3. Traffic is forwarded to Application A.<br>- _Client B_:<br>&nbsp;&nbsp;&nbsp;1. Sends requests to `c.other-example.com` via the Public Endpoint.<br>&nbsp;&nbsp;&nbsp;2. Requests are routed by Gateway B and processed by NGINX Process B.<br>&nbsp;&nbsp;&nbsp;3. Traffic is forwarded to Application C. |
+| **Public Endpoint**     | A shared entry point (TCP Load Balancer or NodePort) that exposes the NGINX Data Plane externally to forward client traffic into the cluster.                   |
+| **Kubernetes API**      | Acts as the central hub for resource management:<br>- Fetches Gateway API resources for Gateway A and Gateway B.<br>- Facilitates NGINX configuration updates via the NGINX Gateway Fabric Control Plane Pod. |
 
-    %% Assign Custom Style Classes
-    class DataplaneComponentsAB dashedSubgraph;
-    class DataplaneComponentsC dashedSubgraph;
-```
+{{< /bootstrap-table >}}
 
-{{< note >}} The figure does not show many of the necessary Kubernetes resources the Cluster Operators and Application Developers need to create, like deployment and services. {{< /note >}}
 
-The figure shows:
-
-- A _Kubernetes cluster_.
-- Users _Cluster Operator_, _Application Developer A_, _B_ and _C_. These users interact with the cluster through the Kubernetes API by creating Kubernetes objects.
-- _Clients A_, _B_, and _C_ connect to _Applications A_, _B_, and _C_ respectively, which the developers have deployed.
-- The _NGF Pod_, [deployed by _Cluster Operator_]({{< ref "/ngf/install/">}}) in the namespace _nginx-gateway_. For scalability and availability, you can have multiple replicas. The _NGF_ container interacts with the Kubernetes API to retrieve the most up-to-date Gateway API resources created within the cluster. When a new Gateway resource is provisioned, the control plane dynamically creates and manages a corresponding NGINX data plane Deployment and Service. It watches the Kubernetes API and dynamically configures these _NGINX_ deployments based on the Gateway API resources, ensuring proper alignment between the cluster state and the NGINX configuration.
-- The _NGINX Pod_ consists of an NGINX container and the integrated NGINX agent, which securely communicates with the control plane over gRPC. The control plane translates Gateway API resources into NGINX configuration, and sends the configuration to the agent.
-- Gateways _Gateway AB_ and _Gateway C_, created by _Cluster Operator_, request points where traffic can be translated to Services within the cluster. _Gateway AB_, includes a listener with a hostname `*.example.com`. _Gateway C_, includes a listener with a hostname `*.other-example.com`. Application Developers have the ability to attach their application's routes to the _Gateway AB_ if their application's hostname matches `*.example.com`, or to _Gateway C_ if their application's hostname matches `*.other-example.com`
-- _Application A_ with two pods deployed in the _applications_ namespace by _Application Developer A_. To expose the application to its clients (_Clients A_) via the host `a.example.com`, _Application Developer A_ creates _HTTPRoute A_ and attaches it to `Gateway AB`.
-- _Application B_ with one pod deployed in the _applications_ namespace by _Application Developer B_. To expose the application to its clients (_Clients B_) via the host `b.example.com`, _Application Developer B_ creates _HTTPRoute B_ and attaches it to `Gateway AB`.
-- _Application C_ with one pod deployed in the _applications2_ namespace by _Application Developer C_. To expose the application to its clients (_Clients C_) via the host `c.other-example.com`, _Application Developer C_ creates _HTTPRoute C_ and attaches it to `Gateway C`.
-- _Public Endpoint AB_, and _Public Endpoint C_ and  which fronts the _NGINX AB_, and _NGINX C_ pods respectively. A public endpoint is typically a TCP load balancer (cloud, software, or hardware) or a combination of such load balancer with a NodePort service. _Clients A_ and _B_ connect to their applications via the _Public Endpoint AB_, and _Clients C_ connect to their applications via the _Public Endpoint C_.
-- The bold arrows represent connections related to the client traffic. Note that the traffic from _Clients C_ to _Application C_ is completely isolated from the traffic between _Clients A_ and _B_ and _Application A_ and _B_ respectively.
-
-The resources within the cluster are color-coded based on the user responsible for their creation.
-For example, the Cluster Operator is denoted by the color green, indicating they create and manage all the green resources.
+_Color Coding_ :
+  - Cluster Operator resources (e.g., NGINX Gateway Fabric, NGINX Pods and Gateways) are marked in _green_.
+  - Resources owned by _Application Developer A_ (e.g., HTTPRoute A, Application A) are marked in _orange_.
+  - Resources owned by _Application Developer B_ (e.g., HTTPRoute B, Application C) are marked in _blue_.
 
 ---
 
@@ -259,126 +182,105 @@ For example, the Cluster Operator is denoted by the color green, indicating they
 ```mermaid
 graph LR
     %% Main Components
-    KubernetesAPI[Kubernetes API]
-    PrometheusMonitor[Prometheus]
-    F5Telemetry[F5 Telemetry Service]
-    NGFPod[NGF Pod]
-    NGINXPod[NGINX Pod]
-    Client[Client]
-    Backend[Backend]
-
-    %% NGINX Pod Grouping
-    subgraph NGINXPod[NGINX Pod]
+    subgraph nginx-gateway["Namespace: nginx-gateway"]
+        NGFPod[NGINX Gateway Fabric Control Plane Pod]
+    end
+    
+    subgraph NGINXDataPlane["NGINX Data Plane Pod"]
         NGINXAgent[NGINX Agent]
         NGINXMaster[NGINX Master]
         NGINXWorker[NGINX Worker]
         ConfigFiles[Config Files]
-        ContainerRuntimeNGINX[stdout/stderr]
-    end
-
-    subgraph NGFPod[NGF Pod]
-        NGFProcess[NGF Process]
-        ContainerRuntimeNGF[stdout/stderr]
     end
 
-    %% External Components Grouping
-    subgraph ExternalComponents[.]
-        KubernetesAPI[Kubernetes API]
-        PrometheusMonitor[Prometheus]
-        F5Telemetry[F5 Telemetry Service]
-    end
-
-    %% HTTPS: Communication with Kubernetes API
-    NGFProcess -- "(1) Reads Updates" --> KubernetesAPI
-    NGFProcess -- "(1) Writes Statuses" --> KubernetesAPI
-
-    %% Prometheus: Metrics Collection
-    PrometheusMonitor -- "(2) Fetches controller-runtime metrics" --> NGFPod
-    PrometheusMonitor -- "(5) Fetches NGINX metrics" --> NGINXWorker
-
-    %% Telemetry: Product telemetry data
-    NGFProcess -- "(3) Sends telemetry data" --> F5Telemetry
-
-    %% File I/O: Logging
-    NGFProcess -- "(4) Write logs" --> ContainerRuntimeNGF
-    NGINXMaster -- "(11) Write logs" --> ContainerRuntimeNGINX
-    NGINXWorker -- "(12) Write logs" --> ContainerRuntimeNGINX
+    F5Telemetry[F5 Telemetry Service]
+    PrometheusMonitor[Prometheus]
+    KubernetesAPI[Kubernetes API]
+    Client[Client]
+    BackendApplication[Backend Application]
 
-    %% gRPC: Configuration Updates
-    NGFProcess -- "(6) Sends Config to Agent" --> NGINXAgent
-    NGINXAgent -- "(7) Validates & Writes Config & TLS Certs" --> ConfigFiles
-    NGINXAgent -- "(8) Reloads NGINX" --> NGINXMaster
-    NGINXAgent -- "(9) Sends DataPlaneResponse" --> NGFProcess
+    %% High-Level Configuration Flow
+    KubernetesAPI -->|"(1) Updates Resources"| NGFPod
+    NGFPod -->|"(2) Sends Configuration Metadata via gRPC"| NGINXAgent
+    NGINXAgent -->|"(3) Validates & Writes Configuration"| ConfigFiles
+    NGINXAgent -->|"(4) Signals NGINX Master to Reload"| NGINXMaster
 
-    %% File I/O: Configuration and Secrets
-    NGINXMaster -- "(10) Reads TLS Secrets" --> ConfigFiles
-    NGINXMaster -- "(11) Reads nginx.conf & NJS Modules" --> ConfigFiles
+    %% Prometheus Monitoring
+    PrometheusMonitor -->|"(5) Fetches Metrics from NGINX"| NGINXWorker
 
-    %% Signals: Worker Lifecycle Management
-    NGINXMaster -- "(14) Manages Workers (Update/Shutdown)" --> NGINXWorker
+    %% Telemetry Data
+    NGFPod -->|"(6) Sends Telemetry Data"| F5Telemetry
 
-    %% Traffic Flow
-    Client -- "(15) Sends Traffic" --> NGINXWorker
-    NGINXWorker -- "(16) Routes Traffic" --> Backend
+    %% Client Traffic Flow
+    Client -->|"(7) Sends Traffic"| NGINXWorker
+    NGINXWorker -->|"(8) Routes Traffic"| BackendApplication
 
     %% Styling
     classDef important fill:#66CDAA,stroke:#333,stroke-width:2px;
     classDef metrics fill:#FFC0CB,stroke:#333,stroke-width:2px;
     classDef io fill:#FFD700,stroke:#333,stroke-width:2px;
-    classDef signal fill:#87CEEB,stroke:#333,stroke-width:2px;
-    style ExternalComponents fill:transparent,stroke-width:0px
-
-    %% Class Assignments for Node Colors
-    class NGFPod,KubernetesAPI important;
+    class KubernetesAPI,NGFPod important;
     class PrometheusMonitor,F5Telemetry metrics;
-    class ConfigFiles,NGINXMaster,NGINXWorker,NGINXAgent io;
-    class Client,Backend signal;
+    class NGINXAgent,NGINXMaster,NGINXWorker,ConfigFiles io;
+    class Client,BackendApplication important;
 ```
 
-The following list describes the connections, preceeded by their types in parentheses. For brevity, the suffix "process" has been omitted from the process descriptions.
-
-1. (HTTPS)
-   - Read: _NGF_ reads the _Kubernetes API_ to get the latest versions of the resources in the cluster.
-   - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginx/nginx-gateway-fabric/tree/v1.6.1/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_.
-1. (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default).
-Prometheus is **not** required by NGINX Gateway Fabric, and its endpoint can be turned off.
-1. (HTTPS) NGF sends [product telemetry data]({{< ref "/ngf/overview/product-telemetry.md" >}}) to the F5 telemetry service.
-1. (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
-1. (HTTP, HTTPS) _Prometheus_ fetches the NGINX metrics via an HTTP endpoint that _NGINX_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX, and its endpoint can be turned off.
-1. (gRPC) _NGF_ generates NGINX _configuration_ based on the cluster resources and sends them to _NGINX Agent_ over a secure gRPC connection.
-    - NGF sends a message containing file metadata to all pods (subscriptions) for the deployment.
-    - Agent receives a ConfigApplyRequest with the list of file metadata.
-    - Agent calls GetFile for each file in the list, which NGF sends back to the agent.
-1. (File I/O)
-   - Write: __NGINX Agent_ validates the received configuration, and then writes and applies the config if valid. It also writes _TLS certificates_ and _keys_ from [TLS secrets](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets) referenced in the accepted Gateway resource.
-1. (Signal)  To reload NGINX, Agent sends the reload signal to the NGINX master.
-1. (gRPC) Agent responds to NGF with a DataPlaneResponse.
-1. (File I/O)
-   - Read: The _NGINX master_ reads _configuration files_ and the _TLS cert and keys_ referenced in the configuration when it starts or during a reload.
-1. (File I/O)
-   - Read: The _NGINX master_ reads the `nginx.conf` file from the `/etc/nginx` directory. This [file](https://github.com/nginx/nginx-gateway-fabric/blob/v1.6.1/internal/mode/static/nginx/conf/nginx.conf) contains the global and http configuration settings for NGINX. In addition, _NGINX master_ reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the `/usr/lib/nginx/modules` directory.
-1. (File I/O) The _NGINX master_ sends logs to its _stdout_ and _stderr_, which are collected by the container runtime.
-1. (File I/O) An _NGINX worker_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime.
-1. (Signal) The _NGINX master_ controls the [lifecycle of _NGINX workers_](https://nginx.org/en/docs/control.html#reconfiguration) it creates workers with the new configuration and shutdowns workers with the old configuration.
-1. (HTTP, HTTPS) A _client_ sends traffic to and receives traffic from any of the _NGINX workers_ on ports 80 and 443.
-1. (HTTP, HTTPS) An _NGINX worker_ sends traffic to and receives traffic from the _backends_.
+The following table describes the connections, preceeded by their types in parentheses. For brevity, the suffix "process" has been omitted from the process descriptions.
+
+{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
+
+| #  | Component/Protocol      | Description                                                                                                  |
+| ---| ----------------------- | ------------------------------------------------------------------------------------------------------------ |
+| 1  | Kubernetes API (HTTPS)  | _Kubernetes API → NGINX Gateway Fabric Control Plane Pod_: The NGINX Gateway Fabric Control Plane Pod (in the `nginx-gateway` namespace) watches the Kubernetes API for updates to Gateway API resources (e.g., Gateways, HTTPRoutes), fetching the latest configuration to manage routing and traffic control. |
+| 2  | gRPC                    | _NGINX Gateway Fabric Control Plane Pod → NGINX Agent_: The NGINX Gateway Fabric Control Plane Pod processes Gateway API resources, generates NGINX configuration settings, and securely delivers them to the NGINX Agent inside the NGINX Data Plane Pod via gRPC. |
+| 3  | File I/O                | _NGINX Agent → Config Files_: The NGINX Agent (within the NGINX Data Plane Pod) validates the configuration metadata received from the Control Plane Pod and writes it to NGINX configuration files within the pod. These files store dynamic routing rules and traffic settings. |
+| 4  | Signal                  | _NGINX Agent → NGINX Master_: After writing the configuration files, the NGINX Agent signals the NGINX Master process to reload the configuration. This ensures the NGINX Data Plane Pod immediately applies the updated routes and settings. |
+| 5  | HTTP/HTTPS              | _Prometheus → NGINX Worker_: Prometheus collects runtime metrics (e.g., traffic statistics, request rates, and active connections) from the NGINX Worker process, which is part of the NGINX Data Plane Pod. The `/metrics` endpoint exposes these metrics for monitoring and observability. |
+| 6  | HTTPS                   | _NGINX Gateway Fabric Control Plane Pod → F5 Telemetry Service_: The NGINX Gateway Fabric Control Plane Pod sends telemetry data (e.g., API requests handled, usage metrics, performance stats, error rates) to the external F5 Telemetry Service for centralized monitoring and diagnostics. |
+| 7  | HTTP/HTTPS              | _Client → NGINX Worker_: Clients send incoming application traffic (e.g., HTTP/HTTPS requests) to the NGINX Worker process within the NGINX Data Plane Pod. These requests are typically routed through a shared Public Endpoint (e.g., LoadBalancer or NodePort) before reaching the NGINX Data Plane. |
+| 8  | HTTP/HTTPS              | _NGINX Worker → Backend Application_: The NGINX Worker process forwards client traffic to the appropriate backend application services (e.g., Pods) as defined in the routing rules and configuration received from the Control Plane Pod. |
+
+{{< /bootstrap-table >}}
 
 ---
 
-### Differences with NGINX Plus
+### Additional features and enhancements when using NGINX Plus
+
+NGINX Gateway Fabric supports both NGINX Open Source and NGINX Plus. While the previous diagram shows NGINX Open Source, using NGINX Plus provides additional capabilities, including:
 
-The previous diagram depicts NGINX Gateway Fabric using NGINX Open Source. NGINX Gateway Fabric with NGINX Plus has the following difference:
+- The ability for administrators to connect to the NGINX Plus API on port 8765 (restricted to localhost by default).
+- Dynamic updates to upstream servers without requiring a full reload:
+  - Changes to upstream servers, such as application scaling (e.g., adding or removing pods in Kubernetes), can be applied using the [NGINX Plus API](http://nginx.org/en/docs/http/ngx_http_api_module.html).
+  - This reduces the frequency of configuration reloads, minimizing potential disruptions and improving system stability during updates.
 
-- An _admin_ can connect to the NGINX Plus API using port 8765. NGINX only allows connections from localhost.
+These features enable reduced downtime, improved performance during scaling events, and more fine-grained control over traffic management.
 
 ---
 
-## Updating upstream servers
+### Resilience and fault isolation
+
+This architecture separates the control plane and data plane, creating clear operational boundaries that improve resilience and fault isolation:
 
-The normal process to update any changes to NGINX is to write the configuration files and reload NGINX. However, when using NGINX Plus, we can take advantage of the [NGINX Plus API](http://nginx.org/en/docs/http/ngx_http_api_module.html) to limit the amount of reloads triggered when making changes to NGINX. Specifically, when the endpoints of an application in Kubernetes change (Such as scaling up or down), the NGINX Plus API is used to update the upstream servers in NGINX with the new endpoints without a reload. This reduces the potential for a disruption that could occur when reloading.
+#### Control plane resilience
+
+In the event of a control plane failure or downtime:
+- Existing data plane pods continue serving traffic using their last-valid cached configurations.
+- Updates to routes or Gateways are temporarily paused, but stable traffic delivery continues without degradation.
+- Recovery restores functionality, resynchronizing configuration updates seamlessly.
+
+#### Data plane resilience
+
+If a data plane pod encounters an outage or restarts:
+- Only routes tied to the specific linked Gateway object experience brief disruptions.
+- Configurations automatically resynchronize with the data plane upon pod restart, minimizing the scope of impact.
+- Other data plane pods remain unaffected and continue serving traffic normally.
 
 ---
 
 ## Pod readiness
 
-The `nginx-gateway` container exposes a readiness endpoint at `/readyz`. During startup, a [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) periodically checks this endpoint. The probe returns a `200 OK` response once the control plane initializes successfully and is ready to begin configuring NGINX. At that point, the pod is marked as ready.
+The control plane (`nginx-gateway`) and data plane (`nginx`) containers provide a readiness endpoint at `/readyz`. A [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes) periodically checks this endpoint during startup. The probe reports `200 OK` when:
+- The control plane is ready to configure the NGINX data planes.
+- The data plane is ready to handle traffic.
+
+This marks the pods ready ensuring traffic is routed to healthy pods, ensuring reliable startup and smooth operations.
diff --git a/content/ngf/overview/product-telemetry.md b/content/ngf/overview/product-telemetry.md
index 837f71eda..45237d56d 100644
--- a/content/ngf/overview/product-telemetry.md
+++ b/content/ngf/overview/product-telemetry.md
@@ -32,6 +32,7 @@ Telemetry data is collected once every 24 hours and sent to a service managed by
 - **SnippetsFilters Info** a list of directive-context strings from applied SnippetFilters and a total count per strings. The actual value of any NGINX directive is **not** collected.
 - **Control Plane Pod Count** the count of NGINX Gateway Fabric Pods.
 - **Data Plane Pod Count** the count of NGINX data plane Pods.
+- **NGINX One Console Connection Info** indicates whether the connection to the NGINX One Console is enabled. 
 This data is used to identify the following information:
 
 - The flavors of Kubernetes environments that are most popular among our users.
@@ -39,6 +40,7 @@ This data is used to identify the following information:
 - The scale of NGINX Gateway Fabric Deployments.
 - The scale of Gateway API resources.
 - The used features of NGINX Gateway Fabric.
+- The cluster is connected to NGINX One Console.
 
 Our goal is to publicly discuss data trends to drive roadmap discussions in our [Community Meeting](https://github.com/nginx/nginx-gateway-fabric/discussions/1472).
 
@@ -56,4 +58,4 @@ helm install ... --set nginxGateway.productTelemetry.enable=false
 
 ### Manifests
 
-Add the `--product-telemetry-disable` flag to the `nginx-gateway` container in your Deployment manifest.
+Add the `--product-telemetry-disable` flag to the `nginx-gateway` container in your Deployment manifest.
\ No newline at end of file
diff --git a/content/ngf/overview/resource-validation.md b/content/ngf/overview/resource-validation.md
index 3c11f9b18..64c2d3188 100644
--- a/content/ngf/overview/resource-validation.md
+++ b/content/ngf/overview/resource-validation.md
@@ -33,7 +33,7 @@ kubectl apply -f coffee-route.yaml
 The HTTPRoute "coffee" is invalid: spec.hostnames[0]: Invalid value: "cafe.!@#$%example.com": spec.hostnames[0] in body should match '^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
 ```
 
-{{< note >}}While unlikely, bypassing this validation step is possible if the Gateway API CRDs are modified to remove the validation. If this happens, Step 4 will reject any invalid values (from NGINX perspective).{{< /note >}}
+{{< call-out "note" >}}While unlikely, bypassing this validation step is possible if the Gateway API CRDs are modified to remove the validation. If this happens, Step 4 will reject any invalid values (from NGINX perspective).{{< /call-out >}}
 
 ### Step 2 - CEL validation by Kubernetes API Server
 
@@ -83,7 +83,7 @@ Status:
       Section Name:  http
 ```
 
-{{< note >}} This validation step always runs and cannot be bypassed. {{< /note >}}
+{{< call-out "note" >}} This validation step always runs and cannot be bypassed. {{< /call-out >}}
 
 ### Confirm validation
 
@@ -108,7 +108,7 @@ Status:
       Section Name:  http
 ```
 
-{{< note >}} Make sure the reported observed generation is the same as the resource generation. {{< /note >}}
+{{< call-out "note" >}} Make sure the reported observed generation is the same as the resource generation. {{< /call-out >}}
 
 ## NGINX Gateway Fabric Resource validation
 
@@ -124,7 +124,7 @@ kubectl apply -f nginx-gateway-config.yaml
 The NginxGateway "nginx-gateway-config" is invalid: spec.logging.level: Unsupported value: "some-level": supported values: "info", "debug", "error"
 ```
 
-{{< note >}}While unlikely, bypassing this validation step is possible if the NGINX Gateway Fabric CRDs are modified to remove the validation. If this happens, Step 2 will report an error in the resource's status.{{< /note >}}
+{{< call-out "note" >}}While unlikely, bypassing this validation step is possible if the NGINX Gateway Fabric CRDs are modified to remove the validation. If this happens, Step 2 will report an error in the resource's status.{{< /call-out >}}
 
 ### Step 2 - Validation by NGINX Gateway Fabric
 
diff --git a/content/ngf/reference/api.md b/content/ngf/reference/api.md
index d88e6111b..47984b6a3 100644
--- a/content/ngf/reference/api.md
+++ b/content/ngf/reference/api.md
@@ -1827,6 +1827,23 @@ If not specified, or set to false, http2 will be enabled for all servers.</p>
 </tr>
 <tr>
 <td>
+<code>disableSNIHostValidation</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DisableSNIHostValidation disables the validation that ensures the SNI hostname
+matches the Host header in HTTPS requests. When disabled, HTTPS connections can
+be reused for requests to different hostnames covered by the same certificate.
+This resolves HTTP/2 connection coalescing issues with wildcard certificates but
+introduces security risks as described in Gateway API GEP-3567.
+If not specified, defaults to false (validation enabled).</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>kubernetes</code><br/>
 <em>
 <a href="#gateway.nginx.org/v1alpha2.KubernetesSpec">
@@ -1839,6 +1856,19 @@ KubernetesSpec
 <p>Kubernetes contains the configuration for the NGINX Deployment and Service Kubernetes objects.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>workerConnections</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>WorkerConnections specifies the maximum number of simultaneous connections that can be opened by a worker process.
+Default is 1024.</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -1988,6 +2018,114 @@ sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus
 </td>
 </tr></tbody>
 </table>
+<h3 id="gateway.nginx.org/v1alpha2.AutoscalingSpec">AutoscalingSpec
+<a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.AutoscalingSpec" title="Permanent link">¶</a>
+</h3>
+<p>
+(<em>Appears on: </em>
+<a href="#gateway.nginx.org/v1alpha2.DeploymentSpec">DeploymentSpec</a>)
+</p>
+<p>
+<p>AutoscalingSpec is the configuration for the Horizontal Pod Autoscaling.</p>
+</p>
+<table class="table table-bordered table-striped">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>behavior</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#horizontalpodautoscalerbehavior-v2-autoscaling">
+Kubernetes autoscaling/v2.HorizontalPodAutoscalerBehavior
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Behavior configures the scaling behavior of the target
+in both Up and Down directions (scaleUp and scaleDown fields respectively).
+If not set, the default HPAScalingRules for scale up and scale down are used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>targetCPUUtilizationPercentage</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Target cpu utilization percentage of HPA.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>targetMemoryUtilizationPercentage</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Target memory utilization percentage of HPA.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>minReplicas</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Minimum number of replicas.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>metrics</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#metricspec-v2-autoscaling">
+[]Kubernetes autoscaling/v2.MetricSpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Metrics configures additional metrics options.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>maxReplicas</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<p>Maximum number of replicas.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>enable</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>Enable or disable Horizontal Pod Autoscaler.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="gateway.nginx.org/v1alpha2.ContainerSpec">ContainerSpec
 <a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.ContainerSpec" title="Permanent link">¶</a>
 </h3>
@@ -2065,6 +2203,34 @@ until the action is complete, unless the container process fails, in which case
 </tr>
 <tr>
 <td>
+<code>readinessProbe</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.ReadinessProbeSpec">
+ReadinessProbeSpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ReadinessProbe defines the readiness probe for the NGINX container.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>hostPorts</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.HostPort">
+[]HostPort
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>HostPorts are the list of ports to expose on the host.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>volumeMounts</code><br/>
 <em>
 <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core">
@@ -2099,6 +2265,20 @@ until the action is complete, unless the container process fails, in which case
 <tbody>
 <tr>
 <td>
+<code>container</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.ContainerSpec">
+ContainerSpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Container defines container fields for the NGINX container.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>pod</code><br/>
 <em>
 <a href="#gateway.nginx.org/v1alpha2.PodSpec">
@@ -2113,16 +2293,16 @@ PodSpec
 </tr>
 <tr>
 <td>
-<code>container</code><br/>
+<code>patches</code><br/>
 <em>
-<a href="#gateway.nginx.org/v1alpha2.ContainerSpec">
-ContainerSpec
+<a href="#gateway.nginx.org/v1alpha2.Patch">
+[]Patch
 </a>
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Container defines container fields for the NGINX container.</p>
+<p>Patches are custom patches to apply to the NGINX DaemonSet.</p>
 </td>
 </tr>
 </tbody>
@@ -2159,6 +2339,20 @@ int32
 </tr>
 <tr>
 <td>
+<code>autoscaling</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.AutoscalingSpec">
+AutoscalingSpec
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Autoscaling defines the configuration for Horizontal Pod Autoscaling.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>pod</code><br/>
 <em>
 <a href="#gateway.nginx.org/v1alpha2.PodSpec">
@@ -2185,6 +2379,20 @@ ContainerSpec
 <p>Container defines container fields for the NGINX container.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>patches</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.Patch">
+[]Patch
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Patches are custom patches to apply to the NGINX Deployment.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="gateway.nginx.org/v1alpha2.DisableTelemetryFeature">DisableTelemetryFeature
@@ -2238,6 +2446,48 @@ routing only to endpoints on the same node as the traffic was received on
 </td>
 </tr></tbody>
 </table>
+<h3 id="gateway.nginx.org/v1alpha2.HostPort">HostPort
+<a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.HostPort" title="Permanent link">¶</a>
+</h3>
+<p>
+(<em>Appears on: </em>
+<a href="#gateway.nginx.org/v1alpha2.ContainerSpec">ContainerSpec</a>)
+</p>
+<p>
+<p>HostPort exposes an nginx container port on the host.</p>
+</p>
+<table class="table table-bordered table-striped">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>port</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<p>Port to expose on the host.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>containerPort</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<p>ContainerPort is the port on the nginx container to map to the HostPort.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="gateway.nginx.org/v1alpha2.IPFamilyType">IPFamilyType
 (<code>string</code> alias)</p><a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.IPFamilyType" title="Permanent link">¶</a>
 </h3>
@@ -2749,6 +2999,23 @@ If not specified, or set to false, http2 will be enabled for all servers.</p>
 </tr>
 <tr>
 <td>
+<code>disableSNIHostValidation</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DisableSNIHostValidation disables the validation that ensures the SNI hostname
+matches the Host header in HTTPS requests. When disabled, HTTPS connections can
+be reused for requests to different hostnames covered by the same certificate.
+This resolves HTTP/2 connection coalescing issues with wildcard certificates but
+introduces security risks as described in Gateway API GEP-3567.
+If not specified, defaults to false (validation enabled).</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>kubernetes</code><br/>
 <em>
 <a href="#gateway.nginx.org/v1alpha2.KubernetesSpec">
@@ -2761,6 +3028,19 @@ KubernetesSpec
 <p>Kubernetes contains the configuration for the NGINX Deployment and Service Kubernetes objects.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>workerConnections</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>WorkerConnections specifies the maximum number of simultaneous connections that can be opened by a worker process.
+Default is 1024.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="gateway.nginx.org/v1alpha2.NodePort">NodePort
@@ -2791,9 +3071,7 @@ int32
 </em>
 </td>
 <td>
-<p>Port is the NodePort to expose.
-kubebuilder:validation:Minimum=1
-kubebuilder:validation:Maximum=65535</p>
+<p>Port is the NodePort to expose.</p>
 </td>
 </tr>
 <tr>
@@ -2804,9 +3082,7 @@ int32
 </em>
 </td>
 <td>
-<p>ListenerPort is the Gateway listener port that this NodePort maps to.
-kubebuilder:validation:Minimum=1
-kubebuilder:validation:Maximum=65535</p>
+<p>ListenerPort is the Gateway listener port that this NodePort maps to.</p>
 </td>
 </tr>
 </tbody>
@@ -2862,6 +3138,84 @@ be unique across all targetRef entries in the ObservabilityPolicy.</p>
 </tr>
 </tbody>
 </table>
+<h3 id="gateway.nginx.org/v1alpha2.Patch">Patch
+<a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.Patch" title="Permanent link">¶</a>
+</h3>
+<p>
+(<em>Appears on: </em>
+<a href="#gateway.nginx.org/v1alpha2.DaemonSetSpec">DaemonSetSpec</a>,
+<a href="#gateway.nginx.org/v1alpha2.DeploymentSpec">DeploymentSpec</a>,
+<a href="#gateway.nginx.org/v1alpha2.ServiceSpec">ServiceSpec</a>)
+</p>
+<p>
+<p>Patch defines a patch to apply to a Kubernetes object.</p>
+</p>
+<table class="table table-bordered table-striped">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>type</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.PatchType">
+PatchType
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Type is the type of patch. Defaults to StrategicMerge.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>value</code><br/>
+<em>
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Value is the patch data as raw JSON.
+For StrategicMerge and Merge patches, this should be a JSON object.
+For JSONPatch patches, this should be a JSON array of patch operations.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="gateway.nginx.org/v1alpha2.PatchType">PatchType
+(<code>string</code> alias)</p><a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.PatchType" title="Permanent link">¶</a>
+</h3>
+<p>
+(<em>Appears on: </em>
+<a href="#gateway.nginx.org/v1alpha2.Patch">Patch</a>)
+</p>
+<p>
+<p>PatchType specifies the type of patch.</p>
+</p>
+<table class="table table-bordered table-striped">
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;JSONPatch&#34;</p></td>
+<td><p>PatchTypeJSONPatch uses JSON patch (RFC 6902).</p>
+</td>
+</tr><tr><td><p>&#34;Merge&#34;</p></td>
+<td><p>PatchTypeMerge uses merge patch (RFC 7386).</p>
+</td>
+</tr><tr><td><p>&#34;StrategicMerge&#34;</p></td>
+<td><p>PatchTypeStrategicMerge uses strategic merge patch.</p>
+</td>
+</tr></tbody>
+</table>
 <h3 id="gateway.nginx.org/v1alpha2.PodSpec">PodSpec
 <a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.PodSpec" title="Permanent link">¶</a>
 </h3>
@@ -3003,6 +3357,53 @@ image isn&rsquo;t present.</p>
 </td>
 </tr></tbody>
 </table>
+<h3 id="gateway.nginx.org/v1alpha2.ReadinessProbeSpec">ReadinessProbeSpec
+<a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.ReadinessProbeSpec" title="Permanent link">¶</a>
+</h3>
+<p>
+(<em>Appears on: </em>
+<a href="#gateway.nginx.org/v1alpha2.ContainerSpec">ContainerSpec</a>)
+</p>
+<p>
+<p>ReadinessProbeSpec defines the configuration for the NGINX readiness probe.</p>
+</p>
+<table class="table table-bordered table-striped">
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>port</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Port is the port on which the readiness endpoint is exposed.
+If not specified, the default port is 8081.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>initialDelaySeconds</code><br/>
+<em>
+int32
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>InitialDelaySeconds is the number of seconds after the container has
+started before the readiness probe is initiated.
+If not specified, the default is 3 seconds.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="gateway.nginx.org/v1alpha2.RewriteClientIP">RewriteClientIP
 <a class="headerlink" href="#gateway.nginx.org%2fv1alpha2.RewriteClientIP" title="Permanent link">¶</a>
 </h3>
@@ -3286,6 +3687,20 @@ Each NodePort MUST map to a Gateway listener port, otherwise it will be ignored.
 The default NodePort range enforced by Kubernetes is 30000-32767.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>patches</code><br/>
+<em>
+<a href="#gateway.nginx.org/v1alpha2.Patch">
+[]Patch
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Patches are custom patches to apply to the NGINX Service.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="gateway.nginx.org/v1alpha2.ServiceType">ServiceType
diff --git a/content/ngf/reference/cli-help.md b/content/ngf/reference/cli-help.md
index 193f1c45e..a25a2faff 100644
--- a/content/ngf/reference/cli-help.md
+++ b/content/ngf/reference/cli-help.md
@@ -27,8 +27,6 @@ This command runs the NGINX Gateway Fabric control plane.
 
 ### Flags
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
-
 | Name                                | Type     | Description                                                                                                                                                                                                                                                                                                                                                                              |
 |-------------------------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | _gateway-ctlr-name_                 | _string_ | The name of the Gateway controller. The controller name must be in the form: `DOMAIN/PATH`. The controller's domain is `gateway.nginx.org`.                                                                                                                                                                                                                                              |
@@ -51,13 +49,13 @@ This command runs the NGINX Gateway Fabric control plane.
 | _usage-report-resolver_         | _string_ | The nameserver used to resolve the NGINX Plus usage reporting endpoint. Used with NGINX Instance Manager.                                                                                                                                                                                                                                                                                                     |
 | _usage-report-skip-verify_          | _bool_   | Disable client verification of the NGINX Plus usage reporting server certificate.                                                                                                                                                                                                                                                                                                        |
 | _usage-report-ca-secret_               | _string_ | The name of the Secret containing the NGINX Instance Manager CA certificate. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway)                                                                                                                                                                                                                                                                                              |
-| _usage-report-client-ssl-secret_               | _string_ | TThe name of the Secret containing the client certificate and key for authenticating with NGINX Instance Manager. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway)                                                                                                                                                                                                                                                                                              |
+| _usage-report-client-ssl-secret_               | _string_ | The name of the Secret containing the client certificate and key for authenticating with NGINX Instance Manager. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway)                                                                                                                                                                                                                                                                                              |
 | _snippets-filters_                  | _bool_   | Enable SnippetsFilters feature. SnippetsFilters allow inserting NGINX configuration into the generated NGINX config for HTTPRoute and GRPCRoute resources.                                                                                                                                                                                                                               |
 | _nginx-scc_                  | _string_   | The name of the SecurityContextConstraints to be used with the NGINX data plane Pods. Only applicable in OpenShift.                                                                                                                                                                                                                               |
-
-{{% /bootstrap-table %}}
-
----
+| _nginx-one-dataplane-key-secret_ | _string_ | The name of the secret which holds the dataplane key that is required to authenticate with the NGINX One Console. Secret must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). |
+| _nginx-one-telemetry-endpoint-host_ | _string_ | The endpoint host that the NGINX One Console telemetry metrics will be sent to. |
+| _nginx-one-telemetry-endpoint-port_ | _int_ | The endpoint port that the NGINX One Console telemetry metrics will be sent to. |
+| _nginx-one-tls-skip-verify_ | _bool_ | Skip TLS verification for NGINX One Console connections. |
 
 ## Sleep
 
@@ -69,10 +67,6 @@ _Usage_:
   gateway sleep [flags]
 ```
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
-
 | Name     | Type            | Description                                                                                                                   |
 | -------- | --------------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| duration | `time.Duration` | Set the duration of sleep. Must be parsable by [`time.ParseDuration`](https://pkg.go.dev/time#ParseDuration). (default `30s`) |
-
-{{% /bootstrap-table %}}
+| duration | `time.Duration` | Set the duration of sleep. Must be parsable by [`time.ParseDuration`](https://pkg.go.dev/time#ParseDuration). (default `30s`) |
\ No newline at end of file
diff --git a/content/ngf/reference/permissions.md b/content/ngf/reference/permissions.md
new file mode 100644
index 000000000..ad95e3bef
--- /dev/null
+++ b/content/ngf/reference/permissions.md
@@ -0,0 +1,110 @@
+---
+title: Permissions
+description: NGINX Gateway Fabric permissions required by components.
+weight: 300
+toc: true
+type: reference
+product: NGF
+---
+
+## Overview
+
+NGINX Gateway Fabric uses a split-plane architecture with three components that require different permissions:
+
+- **Control Plane**: Manages Kubernetes APIs and data plane deployments. Needs broad API access but handles no user traffic.
+- **Data Plane**: Processes user traffic. Requires minimal permissions since configuration comes from control plane via secure gRPC.
+- **Certificate Generator**: One-time job that creates TLS certificates for inter-plane communication.
+
+## Security Context
+
+All components share these security settings:
+
+- **User ID**: 101 (non-root)
+- **Group ID**: 1001  
+- **Capabilities**: All dropped (`drop: ALL`)
+- **Root Filesystem**: Read-only except for specific writable volumes
+- **Seccomp**: Runtime default profile
+
+## Control Plane
+
+Runs as a single container in the `nginx-gateway` deployment.
+
+**Additional Security Settings:**
+- **Privilege Escalation**: Disabled
+
+**Volumes:**
+- Secret mounts for TLS certificates
+
+**RBAC Permissions:**
+- **Secrets, ConfigMaps, Services**: Create, update, delete, list, get, watch
+- **Deployments, DaemonSets**: Create, update, delete, list, get, watch
+- **ServiceAccounts**: Create, update, delete, list, get, watch
+- **Namespaces, Pods**: Get, list, watch
+- **Events**: Create, patch
+- **EndpointSlices**: List, watch
+- **Gateway API resources**: List, watch (read-only) + update status subresources only
+- **NGF Custom resources**: Get, list, watch (read-only) + update status subresources only
+- **Leases**: Create, get, update (for leader election)
+- **CustomResourceDefinitions**: List, watch
+- **TokenReviews**: Create (for authentication)
+
+## Data Plane
+
+NGINX containers managed by the control plane. No RBAC permissions needed since configuration comes via secure gRPC.
+
+**Additional Security Settings:**
+- **Privilege Escalation**: Disabled
+- **Sysctl**: `net.ipv4.ip_unprivileged_port_start=0` (enables binding to ports < 1024)
+
+**Volumes:**
+- EmptyDir volumes for NGINX configuration, runtime files, logs, and cache
+- Secret mounts for TLS certificates and the NGINX Plus JWT token 
+- Projected token mounts for service account authentication
+
+**Volume Permissions:**
+- **EmptyDir**: Read-write (required for NGINX operation)
+- **Secret/ConfigMap/Projected**: Read-only
+
+## Certificate Generator
+
+Kubernetes Job that creates initial TLS certificates.
+
+**RBAC Permissions:**
+- **Secrets**: Create, update, get (control plane namespace only)
+
+## Platform-Specific Considerations
+
+### OpenShift Compatibility
+
+NGINX Gateway Fabric includes Security Context Constraints (SCCs) for OpenShift:
+
+**Control Plane SCC:**
+- **Privilege Escalation**: Disabled
+- **Host Access**: Disabled (network, IPC, PID, ports)
+- **User ID Range**: 101-101 (fixed)
+- **Group ID Range**: 1001-1001 (fixed)
+- **Volumes**: Secret only
+
+**Data Plane SCC:**
+Same restrictions as control plane, plus additional volume types:
+- **Additional Volumes**: EmptyDir, ConfigMap, Projected
+
+### Linux Capabilities
+
+NGINX Gateway Fabric drops ALL Linux capabilities and adds none, following security best practices.
+
+**How It Works Without Capabilities:**
+- **Process Management**: Standard Unix signals (no elevated privileges needed)
+- **Port Binding**: Uses sysctl `net.ipv4.ip_unprivileged_port_start=0` for ports < 1024
+- **File Operations**: Volume mounts provide necessary write access
+
+
+## Security Features
+
+- **Separation of concerns**: Control plane (API access, no traffic) vs data plane (traffic, no API access)
+- **Non-root execution**: All components run as unprivileged user (UID 101)
+- **Zero capabilities**: All Linux capabilities dropped
+- **Read-only root filesystem**: Prevents runtime modifications
+- **Ephemeral storage**: Temporary volumes only, no persistent storage
+- **Least privilege RBAC**: Minimal required permissions per component
+- **Secure communication**: mTLS-encrypted gRPC (TLS 1.3+) between planes
\ No newline at end of file
diff --git a/content/ngf/traffic-management/advanced-routing.md b/content/ngf/traffic-management/advanced-routing.md
index 8f187c223..ba52cc477 100644
--- a/content/ngf/traffic-management/advanced-routing.md
+++ b/content/ngf/traffic-management/advanced-routing.md
@@ -15,7 +15,43 @@ In this guide we will configure advanced routing rules for multiple applications
 
 The following image shows the traffic flow that we will be creating with these rules.
 
-{{< img src="/ngf/img/advanced-routing.png" alt="" >}}
+```mermaid
+graph LR
+    users[Users]
+    ngfSvc["Public Endpoint<br>for<br>cafe.example.com"]
+    subgraph cluster [Kubernetes Cluster]
+        subgraph appNs [Namespace<br>default]
+            subgraph nsPadding [" "]
+                nginxPod[Pod<br>NGINX]
+                coffeeV1Pod[Pod<br>coffee v1]
+                coffeeV2Pod[Pod<br>coffee v2]
+                teaPod[Pod<br>tea]
+                teaPostPod[Pod<br>tea-post]
+            end
+        end
+    end
+
+  ngfSvc --> nginxPod
+  nginxPod --/coffee--> coffeeV1Pod
+  nginxPod --/coffee<br>header: version=v2<br>OR<br>/coffee?TEST=v2--> coffeeV2Pod
+  nginxPod --GET /tea--> teaPod
+  nginxPod --POST /tea--> teaPostPod
+  users --> ngfSvc
+
+  class clusterPadding,nsPadding,clusterPadding2 noBorder
+  class gwNS,appNs namespace
+  class ngfSvc,nginxPod nginxNode
+  class coffeeV1Pod,coffeeV2Pod coffeeNode
+  class teaPod,teaPostPod teaNode
+
+  classDef noBorder stroke:none,fill:none
+  classDef default fill:#FFFFFF,stroke:#000000
+  classDef namespace fill:#FFFFFF,stroke:#036ffc,stroke-dasharray: 5 5,text-align:center
+  classDef nginxNode fill:#b4e0ad,stroke:#2AA317
+  classDef coffeeNode fill:#edbd8c,stroke:#D9822B
+  classDef teaNode fill:#ff8f6a,stroke:#e5805f
+
+```
 
 The goal is to create a set of rules that will result in client requests being sent to specific backends based on the request attributes. In this diagram, we have two versions of the `coffee` service. Traffic for v1 needs to be directed to the old application, while traffic for v2 needs to be directed towards the new application. We also have two `tea` services, one that handles GET operations and one that handles POST operations. Both the `tea` and `coffee` applications share the same Gateway.
 
@@ -62,11 +98,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) is typically deployed by the [application developer](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#roles-and-personas_1). To deploy the `coffee` HTTPRoute:
 
@@ -137,14 +173,14 @@ This HTTPRoute has a few important properties:
   - Request with the path prefix `/coffee` and header `version=v2`.
   - Request with the path prefix `/coffee` and the query parameter `TEST=v2`.
 
-  {{< note >}} The match type is `Exact` for both header and query param, by default. {{< /note >}}
+  {{< call-out "note" >}} The match type is `Exact` for both header and query param, by default. {{< /call-out >}}
 
 - The third rule defines two matching conditions. If *either* of these conditions match, requests are forwarded to the `coffee-v3` Service:
 
   - Request with the path prefix `/coffee` and header `HeaderRegex=Header-[a-z]{1}`.
   - Request with the path prefix `/coffee` and the query parameter `QueryRegex=Query-[a-z]{1}`.
 
-  {{< note >}} The match type used here is `RegularExpression`. A request will succeed if the header or query parameter value matches the specified regular expression. {{< /note >}}
+  {{< call-out "note" >}} The match type used here is `RegularExpression`. A request will succeed if the header or query parameter value matches the specified regular expression. {{< /call-out >}}
 
   If you want both conditions to be required, you can define headers and queryParams in the same match object.
 
@@ -152,7 +188,7 @@ This HTTPRoute has a few important properties:
 
 Using the external IP address and port for the NGINX Service, we can send traffic to our coffee applications.
 
-{{< note >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /note >}}
+{{< call-out "note" >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /call-out >}}
 
 ```shell
 curl --resolve cafe.example.com:$GW_PORT:$GW_IP http://cafe.example.com:$GW_PORT/coffee
@@ -259,7 +295,7 @@ The properties of this HTTPRoute include:
 
 Using the external IP address and port for the NGINX Service, we can send traffic to our tea applications.
 
-{{< note >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /note >}}
+{{< call-out "note" >}} If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve. {{< /call-out >}}
 
 ```shell
 curl --resolve cafe.example.com:$GW_PORT:$GW_IP http://cafe.example.com:$GW_PORT/tea
diff --git a/content/ngf/traffic-management/basic-routing.md b/content/ngf/traffic-management/basic-routing.md
index 78b02c338..bae0147fc 100644
--- a/content/ngf/traffic-management/basic-routing.md
+++ b/content/ngf/traffic-management/basic-routing.md
@@ -21,7 +21,21 @@ You can route traffic to your Kubernetes applications using the Gateway API and
 
 The application we are going to use in this guide is a simple **coffee** application comprised of one service and two pods:
 
-{{<img src="ngf/img/route-all-traffic-app.png" alt="This image shows a single 'coffee' Service connecting to two 'coffee' Pods.">}}
+```mermaid
+graph TB
+  subgraph cluster [Kubernetes Cluster]
+    style cluster fill:#FFFFFF,stroke:#000000
+    svc[Service<br>coffee]
+    pod1[Pod<br>coffee]
+    pod2[Pod<br>coffee]
+  end
+
+  svc --> pod1 & pod2
+
+  class pod1,pod2,svc appNode
+  classDef appNode fill:#edbd8c,stroke:#D9822B
+
+```
 
 Using this architecture, the **coffee** application is not accessible outside the cluster. We want to expose this application on the hostname "cafe.example.com" so that clients outside the cluster can access it.
 
@@ -96,7 +110,49 @@ service/coffee       ClusterIP   198.51.100.1     <none>        80/TCP    77s
 
 To route traffic to the **coffee** application, we will create a Gateway and HTTPRoute. The following diagram shows the configuration we are creating in the next step:
 
-{{<img src="ngf/img/route-all-traffic-config.png" alt="">}}
+```mermaid
+graph LR
+    subgraph config [Namespace default]
+      subgraph padding [" "]
+          direction LR
+          style config fill:#FFFFFF,stroke:#000000
+          subgraph gw[Gateway cafe]
+              subgraph gwPadding [" "]
+                  gwContents[HTTP/80]
+              end
+          end
+          subgraph hr[HTTPRoute coffee]
+              subgraph hrPadding [" "]
+                  hrContents[cafe.example.com]
+                  subgraph describeMatchAll [Match all<br>traffic]
+                      subgraph describeMatchPadding [" "]
+                          matchAll[Host: *<br>Path: *]
+                      end
+                  end
+                  subgraph describeService [Group matching<br>pods within a Service]
+                      subgraph describePadding [" "]
+                          coffeeSvc[Service<br>coffee]
+                      end
+                  end
+              end
+          end
+      end
+    end
+
+  gwContents --> hrContents --> matchAll --> coffeeSvc
+  class padding,gwPadding,hrPadding,describeMatchAll,describeService,describePadding,describeMatchPadding noBorder
+  class gw gateway
+  class hr httpRoute
+  class matchAll,hrContents,coffeeSvc appDevNode
+  class gwContents clusterOppNode
+
+  classDef noBorder stroke:none,fill:none,text-align:center
+  classDef default fill:#FFFFFF,stroke:#000000
+  classDef gateway fill:#FFFFFF,stroke:#blue,stroke-dasharray: 3 3,text-align:center
+  classDef httpRoute fill:#FFFFFF,stroke:#D9822B,stroke-dasharray: 3 3,text-align:center
+  classDef appDevNode fill:#edbd8c,stroke:#D9822B
+  classDef clusterOppNode fill:lightblue,stroke:darkblue
+```
 
 We need a Gateway to create an entry point for HTTP traffic coming into the cluster. The **cafe** Gateway we are going to create will open an entry point to the cluster on port 80 for HTTP traffic.
 
@@ -104,13 +160,47 @@ To route HTTP traffic from the Gateway to the **coffee** service, we need to cre
 
 Once NGINX Gateway Fabric processes the **cafe** Gateway and **coffee** HTTPRoute, it will configure a data plane (NGINX) to route all HTTP requests sent to "cafe.example.com" to the pods that the **coffee** service targets:
 
-{{<img src="ngf/img/route-all-traffic-flow.png" alt="Traffic Flow">}}
+```mermaid
+graph LR
+  style cluster fill:#FFFFFF,stroke:#000000
+  clients[Clients]
+  ngfSvc["Public IP Address for<br>cafe.example.com"]
+    subgraph cluster [Kubernetes Cluster]
+        
+        subgraph appNs [Namespace<br>default]
+            subgraph nsPadding [" "]
+            nginxPod[Pod NGINX]
+                coffeePod1[Pod coffee]
+                coffeePod2[Pod coffee]
+            end
+        end
+    end
+
+  ngfSvc --> nginxPod
+  nginxPod --> coffeePod1 & coffeePod2
+  clients --> ngfSvc
+
+  class clusterPadding,nsPadding,clusterPadding2 noBorder
+  class gwNS,appNs namespace
+  class nginxPod nginxNode
+  class coffeePod1,coffeePod2 coffeeNode
+  class ngfSvc svc
+  class clients clientNode
+
+  classDef noBorder stroke:none,fill:none
+  classDef default fill:#FFFFFF,stroke:#000000
+  classDef namespace fill:#FFFFFF,stroke:#036ffc,stroke-dasharray: 5 5,text-align:center
+  classDef nginxNode fill:#b4e0ad,stroke:#2AA317
+  classDef svc fill:lightblue,stroke:darkblue
+  classDef coffeeNode fill:#edbd8c,stroke:#D9822B
+  classDef clientNode fill:#D3D3D3
+```
 
 The **coffee** service is omitted from the diagram above because the NGINX Pod routes directly to the pods that the **coffee** service targets.
 
-{{< note >}}In the diagrams above, all resources that are the responsibility of the cluster operator are shown in blue. The orange resources are the responsibility of the application developers.
+{{< call-out "note" >}}In the diagrams above, all resources that are the responsibility of the cluster operator are shown in blue. The orange resources are the responsibility of the application developers.
 
-See the [roles and personas](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#roles-and-personas_1) Gateway API document for more information on these roles.{{< /note >}}
+See the [roles and personas](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#roles-and-personas_1) Gateway API document for more information on these roles.{{< /call-out >}}
 
 ---
 
@@ -142,11 +232,11 @@ Save the public IP address and port of the NGINX Service into shell variables:
  GW_PORT=<port number>
  ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 This Gateway is associated with NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a GatewayClass with the name **nginx**. NGINX Gateway Fabric will only configure Gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#controller" >}}).
 
@@ -191,7 +281,7 @@ The [**rules**](https://gateway-api.sigs.k8s.io/references/spec/#gateway.network
 
 To test the configuration, we will send a request to the public IP and port of the NGINX Service that you saved earlier after creating the Gateway resource and verify that the response comes from one of the **coffee** pods.
 
-{{< note >}}Your clients should be able to resolve the domain name "cafe.example.com" to the public IP of the NGINX Service. In this guide we will simulate that using curl's `--resolve` option. {{< /note >}}
+{{< call-out "note" >}}Your clients should be able to resolve the domain name "cafe.example.com" to the public IP of the NGINX Service. In this guide we will simulate that using curl's `--resolve` option. {{< /call-out >}}
 
 
 First, let's send a request to the path "/":
@@ -378,7 +468,7 @@ If you have any issues while testing the configuration, try the following to deb
   }
   ```
 
-{{< note >}} The entire configuration is not shown because it is subject to change. Ellipses indicate that there's configuration not shown. {{< /note >}}
+{{< call-out "note" >}} The entire configuration is not shown because it is subject to change. Ellipses indicate that there's configuration not shown. {{< /call-out >}}
 
 If your issue persists, [contact us](https://github.com/nginx/nginx-gateway-fabric#contacts).
 
diff --git a/content/ngf/traffic-management/client-settings.md b/content/ngf/traffic-management/client-settings.md
index 881f890af..588991b10 100644
--- a/content/ngf/traffic-management/client-settings.md
+++ b/content/ngf/traffic-management/client-settings.md
@@ -63,11 +63,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Test the configuration:
 
diff --git a/content/ngf/traffic-management/https-termination.md b/content/ngf/traffic-management/https-termination.md
index 9c2736f5b..299bdd1f7 100644
--- a/content/ngf/traffic-management/https-termination.md
+++ b/content/ngf/traffic-management/https-termination.md
@@ -164,11 +164,11 @@ Save the public IP address and ports of the NGINX Service into shell variables:
  GW_HTTPS_PORT=<https port number>
  ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 To create the httproute resources, copy and paste the following into your terminal:
 
@@ -218,7 +218,7 @@ The first route issues a `requestRedirect` from the `http` listener on port 80 t
 
 Using the external IP address and ports for the NGINX Service, we can send traffic to our coffee application.
 
-{{< note >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /note >}}
+{{< call-out "note" >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /call-out >}}
 
 To test that NGINX sends an HTTPS redirect, we will send requests to the `coffee` service on the HTTP port. We
 will use curl's `--include` option to print the response headers (we are interested in the `Location` header).
diff --git a/content/ngf/traffic-management/mirror.md b/content/ngf/traffic-management/mirror.md
index a1d3e95e7..cf13c924f 100644
--- a/content/ngf/traffic-management/mirror.md
+++ b/content/ngf/traffic-management/mirror.md
@@ -142,11 +142,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Now create an HTTPRoute that defines a RequestMirror filter that copies all requests sent to `/coffee` to be sent to the **coffee** backend and mirrored to the **tea** backend. Use the following command:
 
diff --git a/content/ngf/traffic-management/redirects-and-rewrites.md b/content/ngf/traffic-management/redirects-and-rewrites.md
index a29ca6a1f..8cbacbf79 100644
--- a/content/ngf/traffic-management/redirects-and-rewrites.md
+++ b/content/ngf/traffic-management/redirects-and-rewrites.md
@@ -53,11 +53,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## URLRewrite example
 
@@ -177,7 +177,7 @@ EOF
 
 Using the external IP address and port for the NGINX Service, we can send traffic to our coffee application.
 
-{{< note >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /note >}}
+{{< call-out "note" >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /call-out >}}
 
 This example demonstrates a rewrite from `http://cafe.example.com/coffee/flavors` to `http://cafe.example.com/beans`.
 
@@ -416,7 +416,7 @@ EOF
 
 Using the external IP address and port for the NGINX Service, we can send traffic to our tea and soda applications to verify the redirect is successful. We will use curl's `--include` option to print the response headers (we are interested in the `Location` header).
 
-{{< note >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /note >}}
+{{< call-out "note" >}}If you have a DNS record allocated for `cafe.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /call-out >}}
 
 This example demonstrates a redirect from `http://cafe.example.com/tea` to `http://cafe.example.com/organic`.
 
diff --git a/content/ngf/traffic-management/request-response-headers.md b/content/ngf/traffic-management/request-response-headers.md
index 724b27096..d6fe3806f 100644
--- a/content/ngf/traffic-management/request-response-headers.md
+++ b/content/ngf/traffic-management/request-response-headers.md
@@ -51,11 +51,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## RequestHeaderModifier example
 
diff --git a/content/ngf/traffic-management/snippets.md b/content/ngf/traffic-management/snippets.md
index 6fc35d1f5..75b3a0fb5 100644
--- a/content/ngf/traffic-management/snippets.md
+++ b/content/ngf/traffic-management/snippets.md
@@ -22,8 +22,8 @@ that can be defined in an HTTPRoute/GRPCRoute rule and is intended to modify NGI
 
 ## Disadvantages of Snippets
 
-{{< warning >}} We recommend managing NGINX configuration through Gateway API resources, [first-class policies]({{< ref "/ngf/overview/custom-policies.md" >}}), and other existing [NGINX extensions]({{< ref "/ngf/how-to/data-plane-configuration.md" >}})
-before using Snippets. {{< /warning >}}
+{{< call-out "warning" >}} We recommend managing NGINX configuration through Gateway API resources, [first-class policies]({{< ref "/ngf/overview/custom-policies.md" >}}), and other existing [NGINX extensions]({{< ref "/ngf/how-to/data-plane-configuration.md" >}})
+before using Snippets. {{< /call-out >}}
 
 Snippets are configured using the `SnippetsFilter` API, but are disabled by default due to their complexity and security implications.
 
@@ -35,7 +35,7 @@ Snippets have the following disadvantages:
 - _Decreased robustness_. An incorrect Snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Gateway resources.
 - _Security implications_. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Gateway Fabric. For example, a Snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Gateway resources.
 
-{{< note >}} If the NGINX configuration includes an invalid Snippet, NGINX will continue to operate with the last valid configuration. No new configuration will be applied until the invalid Snippet is fixed. {{< /note >}}
+{{< call-out "note" >}} If the NGINX configuration includes an invalid Snippet, NGINX will continue to operate with the last valid configuration. No new configuration will be applied until the invalid Snippet is fixed. {{< /call-out >}}
 
 ## Best practices for SnippetsFilters
 
@@ -77,7 +77,7 @@ After creating the Gateway resource, NGINX Gateway Fabric will provision an NGIN
   GW_PORT=<port number>
   ```
 
-  {{< note >}} In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for. {{< /note >}}
+  {{< call-out "note" >}} In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for. {{< /call-out >}}
 
 
 - Create HTTPRoutes for the coffee and tea applications:
@@ -455,8 +455,8 @@ Conditions:
       Type:                  ResolvedRefs
 ```
 
-{{< note >}} If you run into situations where an NGINX directive fails to be applied and the troubleshooting information here isn't sufficient, please create an issue in the
-[NGINX Gateway Fabric Github repository](https://github.com/nginx/nginx-gateway-fabric). {{< /note >}}
+{{< call-out "note" >}} If you run into situations where an NGINX directive fails to be applied and the troubleshooting information here isn't sufficient, please create an issue in the
+[NGINX Gateway Fabric Github repository](https://github.com/nginx/nginx-gateway-fabric). {{< /call-out >}}
 
 ## See also
 
diff --git a/content/ngf/traffic-management/tls-passthrough.md b/content/ngf/traffic-management/tls-passthrough.md
index 2306f01e6..fb56bec2c 100644
--- a/content/ngf/traffic-management/tls-passthrough.md
+++ b/content/ngf/traffic-management/tls-passthrough.md
@@ -15,7 +15,7 @@ In this guide, we will show how to configure TLS passthrough for your applicatio
 
 ## Note on Gateway API Experimental Features
 
-{{< important >}} TLSRoute is a Gateway API resource from the experimental release channel. {{< /important >}}
+{{< call-out "important" >}} TLSRoute is a Gateway API resource from the experimental release channel. {{< /call-out >}}
 
 {{< include "/ngf/installation/install-gateway-api-experimental-features.md" >}}
 
@@ -153,7 +153,7 @@ EOF
 
 This Gateway will configure NGINX Gateway Fabric to accept TLS connections on port 443 and route them to the corresponding backend Services without decryption. The routing is done based on the SNI, which allows clients to specify a server name (like example.com) during the SSL handshake.
 
-{{< note >}}It is possible to add an HTTPS listener on the same port that terminates TLS connections so long as the hostname does not overlap with the TLS listener hostname.{{< /note >}}
+{{< call-out "note" >}}It is possible to add an HTTPS listener on the same port that terminates TLS connections so long as the hostname does not overlap with the TLS listener hostname.{{< /call-out >}}
 
 After creating the Gateway resource, NGINX Gateway Fabric will provision an NGINX Pod and Service fronting it to route traffic.
 
@@ -164,11 +164,11 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_TLS_PORT=<port number>
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the Gateway will forward for.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Create a TLSRoute that attaches to the Gateway and routes requests to `app.example.com` to the `secure-app` Service:
 
@@ -192,13 +192,13 @@ spec:
 EOF
 ```
 
-{{< note >}}To route to a Service in a Namespace different from the TLSRoute Namespace, create a [ReferenceGrant](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1beta1.ReferenceGrant) to permit the cross-namespace reference. {{< /note >}}
+{{< call-out "note" >}}To route to a Service in a Namespace different from the TLSRoute Namespace, create a [ReferenceGrant](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1beta1.ReferenceGrant) to permit the cross-namespace reference. {{< /call-out >}}
 
 ## Send traffic
 
 Using the external IP address and port for the NGINX Service, send traffic to the `secure-app` application.
 
-{{< note >}}If you have a DNS record allocated for `app.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /note >}}
+{{< call-out "note" >}}If you have a DNS record allocated for `app.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /call-out >}}
 
 Send a request to the `secure-app` Service on the TLS port with the `--insecure` flag. The `--insecure` flag is required because the `secure-app` is using self-signed certificates.
 
diff --git a/content/ngf/traffic-management/upstream-settings.md b/content/ngf/traffic-management/upstream-settings.md
index 153e9d4b3..d13d1b8cf 100644
--- a/content/ngf/traffic-management/upstream-settings.md
+++ b/content/ngf/traffic-management/upstream-settings.md
@@ -159,7 +159,7 @@ Lookup the name of the NGINX pod and save into shell variable:
 NGINX_POD_NAME=<NGINX Pod>
 ```
 
-{{< note >}}In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.{{< /note >}}
+{{< call-out "note" >}}In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.{{< /call-out >}}
 
 Create HTTPRoutes for the `coffee` and `tea` applications:
 
diff --git a/content/ngf/traffic-security/secure-backend.md b/content/ngf/traffic-security/secure-backend.md
index b2545c9ec..652d10235 100644
--- a/content/ngf/traffic-security/secure-backend.md
+++ b/content/ngf/traffic-security/secure-backend.md
@@ -17,7 +17,7 @@ The intended use-case is when a service or backend owner is managing their own T
 
 ## Note on Gateway API Experimental Features
 
-{{< important >}} BackendTLSPolicy is a Gateway API resource from the experimental release channel. {{< /important >}}
+{{< call-out "important" >}} BackendTLSPolicy is a Gateway API resource from the experimental release channel. {{< /call-out >}}
 
 {{< include "/ngf/installation/install-gateway-api-experimental-features.md" >}}
 
@@ -180,7 +180,7 @@ GW_IP=XXX.YYY.ZZZ.III
 GW_PORT=<port number>
 ```
 
-{{< note >}}In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.{{< /note >}}
+{{< call-out "note" >}}In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.{{< /call-out >}}
 
 ---
 
@@ -188,7 +188,7 @@ GW_PORT=<port number>
 
 Using the external IP address and port for the NGINX Service, we can send traffic to our secure-app application. To show what happens if we send plain HTTP traffic from NGINX to our `secure-app`, let's try sending a request before we create the backend TLS configuration.
 
-{{< note >}}If you have a DNS record allocated for `secure-app.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /note >}}
+{{< call-out "note" >}}If you have a DNS record allocated for `secure-app.example.com`, you can send the request directly to that hostname, without needing to resolve.{{< /call-out >}}
 
 ```shell
 curl --resolve secure-app.example.com:$GW_PORT:$GW_IP http://secure-app.example.com:$GW_PORT/
@@ -211,7 +211,7 @@ We can see we a status 400 Bad Request message from NGINX.
 
 ## Create the backend TLS configuration
 
-{{< note >}} This example uses a `ConfigMap` to store the CA certificate, but you can also use a `Secret`. This could be a better option if integrating with [cert-manager](https://cert-manager.io/). The `Secret` should have a `ca.crt` key that holds the contents of the CA certificate. {{< /note >}}
+{{< call-out "note" >}} This example uses a `ConfigMap` to store the CA certificate, but you can also use a `Secret`. This could be a better option if integrating with [cert-manager](https://cert-manager.io/). The `Secret` should have a `ca.crt` key that holds the contents of the CA certificate. {{< /call-out >}}
 
 To configure the backend TLS termination, first we will create the ConfigMap that holds the `ca.crt` entry for verifying our self-signed certificates:
 
diff --git a/content/ngf/troubleshooting.md b/content/ngf/troubleshooting.md
index 90387ec6b..9e3bb4c09 100644
--- a/content/ngf/troubleshooting.md
+++ b/content/ngf/troubleshooting.md
@@ -79,9 +79,9 @@ kubectl exec -it -n <nginx-pod-namespace> <nginx-pod-name> -- /bin/sh
 
 Logs from the NGINX Gateway Fabric control plane and data plane can contain information that isn't available to status or events. These can include errors in processing or passing traffic.
 
-{{< note >}}
+{{< call-out "note" >}}
 You can see logs for a crashed or killed container by adding the `-p` flag to the `kubectl logs` commands below.
-{{< /note >}}
+{{< /call-out >}}
 
 1. Container Logs
 
@@ -268,9 +268,9 @@ Handling connection for 8080
 </body>
 ```
 
-{{< warning >}}
+{{< call-out "warning" >}}
 The configuration may change in future releases. This configuration is valid for version 1.3.
-{{< /warning >}}
+{{< /call-out >}}
 
 #### Metrics for troubleshooting
 
@@ -283,8 +283,6 @@ Verify that the port number (for example, `8080`) matches the port number you ha
 
 ### Common errors
 
-{{< bootstrap-table "table table-striped table-bordered" >}}
-
 | Problem Area | Symptom | Troubleshooting Method | Common Cause |
 |------------------------------|----------------------------------------|---------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
 | Startup | NGINX Gateway Fabric fails to start. | Check logs for _nginx_ and _nginx-gateway_ containers. | Readiness probe failed. |
@@ -293,8 +291,6 @@ Verify that the port number (for example, `8080`) matches the port number you ha
 | NGINX Plus errors | Failure to start; traffic interruptions | Set up the [NGINX Plus JWT]({{< ref "/ngf/install/nginx-plus.md" >}}) | License is not configured or has expired. |
 | Client Settings | Request entity too large error | Adjust client settings. Refer to [Client Settings Policy]({{< ref "/ngf/traffic-management/client-settings.md" >}}) | Payload is greater than the [`client_max_body_size`](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) value.|
 
-{{< /bootstrap-table >}}
-
 ##### NGINX fails to reload
 
 NGINX reload errors can occur for various reasons, including syntax errors in configuration files, permission issues, and more. To determine if NGINX has failed to reload, check logs for your _nginx-gateway_ and _nginx_ containers.
diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md
index 3cfd13708..801ad0113 100644
--- a/content/nginx-one/_index.md
+++ b/content/nginx-one/_index.md
@@ -19,76 +19,87 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an
 [//]: # "You can add a maximum of three cards: any extra will not display."
 [//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
 [//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
-{{<card-layout>}}
-  {{<card-section showAsCards="true" isFeaturedSection="true">}}
-    {{<card title="Get started" titleUrl="/nginx-one/getting-started/" isFeatured="true" icon="unplug">}}
-      Get up and running with NGINX One Console
-    {{</card >}}
-  {{</card-section>}}
-{{</card-layout>}}
 
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Get started" titleUrl="getting-started/" icon="unplug" isFullSize="true">}}
+    Get up and running with NGINX One Console
+  {{</card >}}
+{{</card-section>}}
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Connect more NGINX instances" titleUrl="connect-instances/" >}}
+    Work with data plane keys, containers, and proxy servers
+  {{</card>}}
+  {{<card title="Secure your fleet" titleUrl="/nginx-one/secure-your-fleet/" >}}
+    Configure alerts that match your security policies
+  {{</ card >}}
+  {{<card title="Manage your NGINX instances" titleUrl="/nginx-one/nginx-configs/" >}}
+    Manage one instance or groups of instances. Monitor certificates. Set up metrics.
+  {{</card>}}
+  {{<card title="Connect Kubernetes deployments" titleUrl="/nginx-one/k8s/">}}
+    Monitor deployments for CVEs and certificates
+  {{</ card >}}
+{{</card-section>}}
+
+### Workshops
+
+
+{{<card-section showAsCards="true">}}
+  {{<card title="NGINX One Console workshops" titleUrl="/nginx-one/workshops/" icon="wrench" >}}
+    Guided labs to help you secure, monitor, and scale your NGINX fleet with NGINX One Console.
+  {{</card>}}
+{{</card-section>}}
 
-{{<card-layout>}}
-  {{<card-section showAsCards="true" >}}
-    {{<card title="Connect more NGINX instances" titleUrl="/nginx-one/connect-instances/" >}}
-      Work with data plane keys, containers, and proxy servers
-    {{</card>}}
-    {{<card title="Manage your NGINX instances" titleUrl="/nginx-one/nginx-configs/" >}}
-      Manage one instance or groups of instances. Monitor certificates. Set up metrics.
-    {{</card>}}
-    {{<card title="Organize users with RBAC" titleUrl="/nginx-one/rbac/" >}}
-      Assign responsibilities with role-based access control 
-    {{</card>}}
-    {{<card title="Automate with the NGINX One API" titleUrl="/nginx-one/api/" >}}
-      Manage your NGINX fleet over REST
-    {{</card>}}
-  {{</card-section>}}
-{{</card-layout>}}
 
 ### More information
 
-{{<card-layout>}}
-  {{<card-section showAsCards="true" >}}
-    {{<card title="Glossary" titleUrl="/nginx-one/glossary/" >}}
-      See latest updates: New features, improvements, and bug fixes
-    {{</card>}}
-    {{<card title="Changelog" titleUrl="/nginx-one/changelog/" icon="clock-alert">}}
-      See latest updates: New features, improvements, and bug fixes
-    {{</card>}}
-  {{</card-section>}}
-{{</card-layout>}}
+{{<card-section showAsCards="true" >}}
+  {{<card title="Secure with NGINX App Protect" titleUrl="/nginx-one/nap-integration/" >}}
+    Set up security policies by instance and group
+  {{</card>}}
+  {{<card title="Organize users with RBAC" titleUrl="/nginx-one/rbac/" >}}
+    Assign responsibilities with role-based access control
+  {{</card>}}
+  {{<card title="Automate with the NGINX One API" titleUrl="/nginx-one/api/" >}}
+    Manage your NGINX fleet over REST
+  {{</card>}}
+  {{<card title="Glossary" titleUrl="/nginx-one/glossary/" >}}
+    Includes NGINX-specific security alert labels
+  {{</card>}}
+  {{<card title="Changelog" titleUrl="changelog/" icon="clock-alert">}}
+    See latest updates: New features, improvements, and bug fixes
+  {{</card>}}
+{{</card-section>}}
 
 ## NGINX One components
 [//]: # "You can add any extra content for the page here, such as additional cards, diagrams or text."
 
-{{< card-layout >}}
-  {{< card-section title="Kubernetes Solutions">}}
-    {{< card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon">}}
-      Kubernetes traffic management with API gateway, identity, and observability features.
-    {{</ card >}}
-    {{< card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric" brandIcon="NGINX-product-icon">}}
-      Next generation Kubernetes connectivity using the Gateway API.
-    {{</ card >}}
-  {{</ card-section >}}
-  {{< card-section title="Local Console Option">}}
-    {{< card title="NGINX Instance Manager" titleUrl="/nginx-instance-manager" brandIcon="NGINX-Instance-Manager-product-icon">}}
-      Track and control NGINX Open Source and NGINX Plus instances.
-    {{</ card >}}
-  {{</ card-section >}}
-  {{< card-section title="Modern App Delivery">}}
-    {{< card title="NGINX Plus" titleUrl="/nginx" brandIcon="NGINX-Plus-product-icon-RGB">}}
-      The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
-    {{</ card >}}
-    {{< card title="NGINX Open Source" titleUrl="https://nginx.org" brandIcon="NGINX-product-icon">}}
-      The open source all-in-one load balancer, content cache, and web server
-    {{</ card >}}
-  {{</ card-section >}}
-  {{< card-section title="Security">}}
-    {{< card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf" brandIcon="NGINX-App-Protect-WAF-product-icon">}}
-      Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs.
-    {{</ card >}}
-    {{< card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos" brandIcon="NGINX-App-Protect-DoS-product-icon">}}
-      Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs.
-    {{</ card >}}
-  {{</ card-section >}}
-{{</card-layout>}}
+{{< card-section title="Kubernetes Solutions">}}
+  {{< card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon.svg">}}
+    Kubernetes traffic management with API gateway, identity, and observability features.
+  {{</ card >}}
+  {{< card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric" brandIcon="NGINX-Gateway-Fabric-product-icon.svg">}}
+    Next generation Kubernetes connectivity using the Gateway API.
+  {{</ card >}}
+{{</ card-section >}}
+{{< card-section title="Local Console Option">}}
+  {{< card title="NGINX Instance Manager" titleUrl="/nginx-instance-manager" brandIcon="NGINX-Instance-Manager-product-icon.svg">}}
+    Track and control NGINX Open Source and NGINX Plus instances.
+  {{</ card >}}
+{{</ card-section >}}
+{{< card-section title="Modern App Delivery">}}
+  {{< card title="NGINX Plus" titleUrl="/nginx/" brandIcon="NGINX-Plus-product-icon.svg">}}
+    The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
+  {{</ card >}}
+  {{< card title="NGINX Open Source" titleUrl="https://nginx.org" brandIcon="NGINX-Open-Source-product-icon.svg">}}
+    The open source all-in-one load balancer, content cache, and web server
+  {{</ card >}}
+{{</ card-section >}}
+{{< card-section title="Security">}}
+  {{< card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf" brandIcon="NGINX-App-Protect-WAF-product-icon.svg">}}
+    Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs.
+  {{</ card >}}
+  {{< card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos" brandIcon="NGINX-App-Protect-DoS-product-icon.svg">}}
+    Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs.
+  {{</ card >}}
+{{</ card-section >}}
diff --git a/content/nginx-one/agent/configure-instance-reporting/_index.md b/content/nginx-one/agent/configure-instance-reporting/_index.md
deleted file mode 100644
index daac817e1..000000000
--- a/content/nginx-one/agent/configure-instance-reporting/_index.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "Configure instance reporting"
-weight: 400
-url: /nginx-one/agent/configure-instance-reporting/
----
\ No newline at end of file
diff --git a/content/nginx-one/agent/configure-instances/_index.md b/content/nginx-one/agent/configure-instances/_index.md
new file mode 100644
index 000000000..e4b8d1288
--- /dev/null
+++ b/content/nginx-one/agent/configure-instances/_index.md
@@ -0,0 +1,5 @@
+---
+title: "Configure instances"
+weight: 400
+url: /nginx-one/agent/configure-instances/
+---
\ No newline at end of file
diff --git a/content/nginx-one/agent/configure-instance-reporting/configuration-overview.md b/content/nginx-one/agent/configure-instances/configuration-overview.md
similarity index 98%
rename from content/nginx-one/agent/configure-instance-reporting/configuration-overview.md
rename to content/nginx-one/agent/configure-instances/configuration-overview.md
index 5bfb8e7f9..98a41ca4e 100644
--- a/content/nginx-one/agent/configure-instance-reporting/configuration-overview.md
+++ b/content/nginx-one/agent/configure-instances/configuration-overview.md
@@ -8,7 +8,7 @@ nd-docs: DOCS-1879
 
 This page describes how to configure F5 NGINX Agent using configuration files, CLI (Command line interface) flags, and environment variables.
 
-{{<note>}}
+{{< call-out "note" >}}
 
 - NGINX Agent interprets configuration values set by configuration files, CLI flags, and environment variables in the following priorities:
 
@@ -18,7 +18,7 @@ This page describes how to configure F5 NGINX Agent using configuration files, C
 
 - You must open any required firewall ports or add SELinux/AppArmor rules for the ports and IPs you want to use.
 
-{{</note>}}
+{{< /call-out >}}
 
 ## Configuration via Configuration Files 
 
@@ -49,8 +49,8 @@ sudo docker run \
   --env=NGINX_AGENT_LOG_LEVEL=debug \
   -d agent
 ```
-<details>
-<summary>NGINX Agent configuration options</summary>
+
+### NGINX Agent configuration options
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 | **Environment Variable**                         | **Command-Line Option**                             | **Description**                                                                                              | **Default Value**                                      |
@@ -83,5 +83,4 @@ sudo docker run \
 | NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_CERT     | --collector-extensions-health-tls-cert          | TLS Certificate file path for communication with OTel health server.                                         | N/A                                                    |
 | NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_KEY      | --collector-extensions-health-tls-key           | File path for TLS key used when connecting with OTel health server.                                           | N/A                                                    |
 | NGINX_AGENT_COLLECTOR_PROCESSORS_BATCH_SEND_BATCH_TIMEOUT    | --collector-processors-batch-send-batch-timeout                                               | Maximum time duration for sending batch data metrics regardless of size.                                      | 200ms
-{{< /bootstrap-table >}}                             |%
-</details>
\ No newline at end of file
+{{< /bootstrap-table >}}
diff --git a/content/nginx-one/agent/configure-instance-reporting/configure-agent-group.md b/content/nginx-one/agent/configure-instances/configure-agent-group.md
similarity index 100%
rename from content/nginx-one/agent/configure-instance-reporting/configure-agent-group.md
rename to content/nginx-one/agent/configure-instances/configure-agent-group.md
diff --git a/content/nginx-one/agent/configure-instance-reporting/configure-selinux.md b/content/nginx-one/agent/configure-instances/configure-selinux.md
similarity index 75%
rename from content/nginx-one/agent/configure-instance-reporting/configure-selinux.md
rename to content/nginx-one/agent/configure-instances/configure-selinux.md
index 03e98bb7b..51297d7e3 100644
--- a/content/nginx-one/agent/configure-instance-reporting/configure-selinux.md
+++ b/content/nginx-one/agent/configure-instances/configure-selinux.md
@@ -9,7 +9,7 @@ nd-docs: DOCS-1880
 
 You can use the optional SELinux policy module included in the package to secure F5 NGINX Agent operations with flexible, mandatory access control that follows the principle of least privilege.
 
-{{< important >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /important >}}
+{{< call-out "important" >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /call-out >}}
 
 ## Before you begin
 
@@ -19,7 +19,7 @@ Take these preparatory steps before configuring SELinux:
 2. Install the tools `load_policy`, `semodule`, and `restorecon`.
 3. [Install NGINX Agent]({{< ref "/nginx-one/agent/install-upgrade/_index.md" >}}) with SELinux module files in place.
 
-{{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}}
+{{< call-out "important" >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /call-out >}}
 
 ---
 
diff --git a/content/nginx-one/agent/containers/run-agent-container.md b/content/nginx-one/agent/containers/run-agent-container.md
index e902de08b..d608c6a8e 100644
--- a/content/nginx-one/agent/containers/run-agent-container.md
+++ b/content/nginx-one/agent/containers/run-agent-container.md
@@ -15,9 +15,9 @@ This guide serves as a step-by-step guide to run NGINX Agent in a container. It
 
 Before you begin this guide ensure:
 
-{{< note >}}
+{{< call-out "note" >}}
 This guide uses Docker but NGINX Agent also works with other container applications.
-{{< /note >}}
+{{< /call-out >}}
 
 - **Docker:** Ensure Docker is installed and configured on your system. [Download Docker from the official site](https://www.docker.com/products/docker-desktop/).
 - **Credentials:** Acquire any necessary authentication tokens or credentials required for the NGINX Agent.
diff --git a/content/nginx-one/agent/install-upgrade/install-from-github.md b/content/nginx-one/agent/install-upgrade/install-from-github.md
index 30795537f..68a8d0cc0 100644
--- a/content/nginx-one/agent/install-upgrade/install-from-github.md
+++ b/content/nginx-one/agent/install-upgrade/install-from-github.md
@@ -6,13 +6,13 @@ docs: DOCS-000
 nd-docs: DOCS-1876
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}})
 to manage your NGINX instances, NGINX Agent is installed automatically when you
 add an NGINX instance to NGINX One Console.
 
 For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 Follow the steps in this guide to install NGINX Agent in your NGINX instance using
 GitHub package files.
@@ -54,12 +54,6 @@ Use your system's package manager to install the package. Some examples:
   sudo apk add nginx-agent-<agent-version>.apk
   ```
 
-- FreeBSD
-
-  ```shell
-  sudo pkg add nginx-agent-<agent-version>.pkg
-  ```
-
 ### Manually connect NGINX Agent to NGINX One Console
 
 {{< include "agent/installation/manually-connect-to-console" >}}
diff --git a/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md b/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md
index f362ec8d5..f0bf93874 100644
--- a/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md
+++ b/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md
@@ -6,13 +6,13 @@ docs: DOCS-000
 nd-docs: DOCS-1873
 ---
 
-{{< note>}}
+{{< call-out "note" >}}
 If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}})
 to manage your NGINX instances, NGINX Agent is installed automatically when you
 add an NGINX instance to NGINX One Console.
 
 For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 ## Overview
 
@@ -30,7 +30,7 @@ up the `nginx-agent` packages repository. Afterward, you can install and update
 NGINX Agent from the repository.
 
 <details>
-<summary>{{< fa "brands fa-centos" >}} Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
+<summary>Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
 
 ### Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
 
@@ -39,7 +39,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-ubuntu" >}} Install NGINX Agent on Ubuntu</summary>
+<summary>Install NGINX Agent on Ubuntu</summary>
 
 ### Install NGINX Agent on Ubuntu
 
@@ -48,7 +48,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-debian" >}} Install NGINX Agent on Debian</summary>
+<summary>Install NGINX Agent on Debian</summary>
 
 ### Install NGINX Agent on Debian
 
@@ -57,7 +57,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-suse" >}} Install NGINX Agent on SLES</summary>
+<summary>Install NGINX Agent on SLES</summary>
 
 ### Install NGINX Agent on SLES
 
@@ -66,7 +66,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "solid fa-mountain-sun" >}} Install NGINX Agent on Alpine Linux</summary>
+<summary>Install NGINX Agent on Alpine Linux</summary>
 
 ### Install NGINX Agent on Alpine Linux
 
@@ -75,20 +75,12 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux</summary>
+<summary>Install NGINX Agent on Amazon Linux</summary>
 
 ### Install NGINX Agent on Amazon Linux
 
 {{< include "/agent/installation/oss/oss-amazon-linux.md" >}}
 
-</details>
-<details>
-<summary>{{< fa "brands fa-freebsd" >}} Install NGINX Agent on FreeBSD</summary>
-
-### Install NGINX Agent on FreeBSD
-
-{{< include "/agent/installation/oss/oss-freebsd.md" >}}
-
 </details>
 
 ### Manually connect NGINX Agent to NGINX One Console
diff --git a/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md
index eb20efab1..726814b19 100644
--- a/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md
+++ b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md
@@ -6,13 +6,13 @@ docs: DOCS-000
 nd-docs: DOCS-1877
 ---
 
-{{< note>}}
+{{< call-out "note" >}}
 If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}})
 to manage your NGINX instances, NGINX Agent is installed automatically when you
 add an NGINX instance to NGINX One Console.
 
 For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 ## Overview
 
@@ -31,7 +31,7 @@ NGINX Agent from the repository.
 
 
 <details>
-<summary>{{< fa "brands fa-centos" >}} Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
+<summary>Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
 
 ### Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux<a name="install-nginx-agent-on-rhel-centos-rocky-linux-almalinux-and-oracle-linux-plus"></a>
 
@@ -40,7 +40,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-ubuntu" >}} Install NGINX Agent on Ubuntu</summary>
+<summary>Install NGINX Agent on Ubuntu</summary>
 
 ### Install NGINX Agent on Ubuntu<a name="install-nginx-agent-on-ubuntu-plus"></a>
 
@@ -49,7 +49,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-debian" >}} Install NGINX Agent on Debian</summary>
+<summary>Install NGINX Agent on Debian</summary>
 
 ### Install NGINX Agent on Debian<a name="install-nginx-agent-on-debian-plus"></a>
 
@@ -58,7 +58,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "brands fa-suse" >}} Install NGINX Agent on SLES</summary>
+<summary>Install NGINX Agent on SLES</summary>
 
 ### Install NGINX Agent on SLES<a name="install-nginx-agent-on-sles-plus"></a>
 
@@ -67,7 +67,7 @@ NGINX Agent from the repository.
 </details>
 
 <details>
-<summary>{{< fa "solid fa-mountain-sun" >}} Install NGINX Agent on Alpine Linux</summary>
+<summary>Install NGINX Agent on Alpine Linux</summary>
 
 ### Install NGINX Agent on Alpine Linux<a name="install-nginx-agent-on-alpine-linux-plus"></a>
 
@@ -75,7 +75,7 @@ NGINX Agent from the repository.
 
 </details>
 <details>
-<summary>{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux</summary>
+<summary>Install NGINX Agent on Amazon Linux</summary>
 
 ### Install NGINX Agent on Amazon Linux<a name="install-nginx-agent-on-amazon-linux-plus"></a>
 
@@ -83,15 +83,6 @@ NGINX Agent from the repository.
 
 </details>
 
-<details>
-<summary>{{< fa "brands fa-freebsd" >}} Install NGINX Agent on FreeBSD</summary>
-
-### Install NGINX Agent on FreeBSD<a name="install-nginx-agent-on-freebsd-plus"></a>
-
-{{< include "/agent/installation/plus/plus-freebsd.md" >}}
-
-</details>
-
 ### Manually connect NGINX Agent to NGINX One Console
 
 {{< include "agent/installation/manually-connect-to-console" >}}
diff --git a/content/nginx-one/agent/install-upgrade/uninstall.md b/content/nginx-one/agent/install-upgrade/uninstall.md
index 3a7c95aef..0a4137c09 100644
--- a/content/nginx-one/agent/install-upgrade/uninstall.md
+++ b/content/nginx-one/agent/install-upgrade/uninstall.md
@@ -19,7 +19,7 @@ The user following performing the uninstall steps needs to have `root` privilege
 Complete the following steps on each host where you've installed NGINX Agent
 
 <details>
-<summary>{{< fa "brands fa-centos" >}} Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
+<summary>Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux</summary>
 
 ### Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
 
@@ -28,7 +28,7 @@ Complete the following steps on each host where you've installed NGINX Agent
 </details>
 
 <details>
-<summary>{{< fa "brands fa-ubuntu" >}} Uninstall NGINX Agent on Ubuntu</summary>
+<summary>Uninstall NGINX Agent on Ubuntu</summary>
 
 ### Uninstall NGINX Agent on Ubuntu
 
@@ -37,7 +37,7 @@ Complete the following steps on each host where you've installed NGINX Agent
 </details>
 
 <details>
-<summary>{{< fa "brands fa-debian" >}} Uninstall NGINX Agent on Debian</summary>
+<summary>Uninstall NGINX Agent on Debian</summary>
 
 ### Uninstall NGINX Agent on Debian
 
@@ -46,7 +46,7 @@ Complete the following steps on each host where you've installed NGINX Agent
 </details>
 
 <details>
-<summary>{{< fa "brands fa-suse" >}} Uninstall NGINX Agent on SLES</summary>
+<summary>Uninstall NGINX Agent on SLES</summary>
 
 ### Uninstall NGINX Agent on SLES
 
@@ -55,7 +55,7 @@ Complete the following steps on each host where you've installed NGINX Agent
 </details>
 
 <details>
-<summary>{{< fa "solid fa-mountain-sun" >}} Uninstall NGINX Agent on Alpine Linux</summary>
+<summary>Uninstall NGINX Agent on Alpine Linux</summary>
 
 ### Uninstall NGINX Agent on Alpine Linux
 
@@ -64,19 +64,10 @@ Complete the following steps on each host where you've installed NGINX Agent
 </details>
 
 <details>
-<summary>{{< fa "brands fa-aws" >}} Uninstall NGINX Agent on Amazon Linux</summary>
+<summary>Uninstall NGINX Agent on Amazon Linux</summary>
 
 ### Uninstall NGINX Agent on Amazon Linux
 
 {{< include "/agent/installation/uninstall/uninstall-amazon-linux.md" >}}
 
 </details>
-
-<details>
-<summary>{{< fa "brands fa-freebsd" >}} Uninstall NGINX Agent on FreeBSD</summary>
-
-### Uninstall NGINX Agent on FreeBSD
-
-{{< include "/agent/installation/uninstall/uninstall-freebsd.md" >}}
-
-</details>
diff --git a/content/nginx-one/agent/install-upgrade/update.md b/content/nginx-one/agent/install-upgrade/update.md
index a6f5cfd10..37b395af6 100644
--- a/content/nginx-one/agent/install-upgrade/update.md
+++ b/content/nginx-one/agent/install-upgrade/update.md
@@ -1,5 +1,5 @@
 ---
-title: Update NGINX Agent
+title: Upgrade NGINX Agent
 toc: true
 weight: 400
 docs: DOCS-000
diff --git a/content/nginx-one/agent/metrics/configure-otel-metrics.md b/content/nginx-one/agent/metrics/configure-otel-metrics.md
index 78824f3bc..598017cf8 100644
--- a/content/nginx-one/agent/metrics/configure-otel-metrics.md
+++ b/content/nginx-one/agent/metrics/configure-otel-metrics.md
@@ -12,9 +12,9 @@ F5 NGINX Agent now includes an embedded [OpenTelemetry](https://opentelemetry.io
 * Metrics from NGINX Plus and NGINX Open Source
 * Host metrics (CPU, memory, disk, and network activity) from VMs or Containers
 
-{{< note >}}
+{{< call-out "note" >}}
 The OpenTelemetry exporter is enabled by default. Once a valid connection to the management plane is established, the Agent will automatically begin exporting metrics.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Key benefits
 
@@ -27,7 +27,7 @@ You can validate that metrics are successfully exported by using the methods bel
 
 - **NGINX One dashboard**
 
-   - When an instance has connected to NGINX One Console [See: Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}), you should see metrics showing on the NGINX One Dashboard.
+   - When an instance has connected to NGINX One Console [See: Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}), you should see metrics showing on the NGINX One Console Dashboard.
 
 - **Agent logs**
 
diff --git a/content/nginx-one/agent/overview/_index.md b/content/nginx-one/agent/overview/_index.md
index 25d1de757..b38b31aa3 100644
--- a/content/nginx-one/agent/overview/_index.md
+++ b/content/nginx-one/agent/overview/_index.md
@@ -1,5 +1,5 @@
 ---
 title: "Overview"
 weight: 100
-url: /nginx-one/agent/install-upgrade/
----
\ No newline at end of file
+url: /nginx-one/agent/overview/
+---
diff --git a/content/nginx-one/api/_index.md b/content/nginx-one/api/_index.md
index 5b3284d5e..3a1598f3f 100644
--- a/content/nginx-one/api/_index.md
+++ b/content/nginx-one/api/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Automate with the NGINX One API
 description:
-weight: 700
+weight: 800
 url: /nginx-one/api
 ---
diff --git a/content/nginx-one/api/api-reference-guide.md b/content/nginx-one/api/api-reference-guide.md
index d3034aa1e..77c9e4acc 100644
--- a/content/nginx-one/api/api-reference-guide.md
+++ b/content/nginx-one/api/api-reference-guide.md
@@ -9,6 +9,5 @@ tags:
 title: API reference guide
 toc: false
 weight: null
+nd-api-reference: "./nginx-one/api/one.json"
 ---
-
-{{< openapi spec="./nginx-one/api/one.json" >}}
diff --git a/content/nginx-one/api/authentication.md b/content/nginx-one/api/authentication.md
index 7518c3677..165a0401f 100644
--- a/content/nginx-one/api/authentication.md
+++ b/content/nginx-one/api/authentication.md
@@ -20,9 +20,9 @@ Before you begin, make sure you have either an API Token or API Certificate for
 
 You can authenticate API requests in two ways: using an API Token or an API Certificate. Below are examples of how to do this with curl, but you can also use other tools like Postman.
 
-{{<see-also>}}
+{{< call-out "note" >}}
 For definitions of terms such as _'tenant'_ and _'namespace'_ used in the following examples, refer to the [NGINX One Glossary]({{<ref "/nginx-one/glossary.md" >}}).
-{{</see-also>}}
+{{< /call-out>}}
 
 <br>
 
diff --git a/content/nginx-one/changelog.md b/content/nginx-one/changelog.md
index dd9cf1216..e66dd29f8 100644
--- a/content/nginx-one/changelog.md
+++ b/content/nginx-one/changelog.md
@@ -30,6 +30,24 @@ h2 {
 
 Stay up-to-date with what's new and improved in the F5 NGINX One Console.
 
+## July 15, 2025
+
+### Set up F5 NGINX App Protect WAF security policies
+
+You can now incorporate [NGINX App Protect WAF]({{< ref "/nap-waf/" >}}) in NGINX One Console UI. For details, see [Secure with NGINX App Protect]({{< ref "/nginx-one/nap-integration/" >}}).
+
+In NGINX One Console, you can:
+
+- Toggle between [Default policy bundles]({{< ref "/nap-waf/v5/configuration-guide/configuration/#updating-default-policy-bundles" >}})
+- Set a blocking or transparant [Policy enforcement mode]({{< ref "/nap-waf/v5/configuration-guide/configuration/#policy-enforcement-modes" >}})
+
+### Monitor F5 NGINX Ingress Controller deployments
+
+You can now monitor your NGINX Ingress Controller deployments. For details, see how
+you can [Connect to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}).
+
+Unlike other NGINX instances, when you connect NGINX Ingress Controller to NGINX One Console, access is read-only. Refer to our [NGINX Ingress Controller]({{< ref "/nic/" >}}) for details on how to modify these instances.
+
 ## July 1, 2025
 
 ### NGINX Agent version 3 support
diff --git a/content/nginx-one/connect-instances/add-instance.md b/content/nginx-one/connect-instances/add-instance.md
index db4af6a8f..33585c398 100644
--- a/content/nginx-one/connect-instances/add-instance.md
+++ b/content/nginx-one/connect-instances/add-instance.md
@@ -21,7 +21,7 @@ Before you add an instance to NGINX One Console, ensure:
 - You have or are ready to configure a [data plane key]({{< ref "/nginx-one/getting-started.md#generate-data-plane-key" >}}).
 - You have or are ready to set up [managed certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}).
 
-{{< note >}}If this is the first time an instance is being added to a Config Sync Group, and you have not yet defined the configuration for that Config Sync Group, that instance provides the template for that group. For more information, see [Configuration management]({{< ref "nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups#configuration-management" >}}).{{< /note >}}
+{{< call-out "note" >}}If this is the first time an instance is being added to a Config Sync Group, and you have not yet defined the configuration for that Config Sync Group, that instance provides the template for that group. For more information, see [Configuration management]({{< ref "nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups#configuration-management" >}}).{{< /call-out >}}
 
 ## Add an instance
 
diff --git a/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md b/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md
index 5f4d251b5..31c796b67 100644
--- a/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md
+++ b/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md
@@ -73,13 +73,13 @@ For more details, see [About subscription licenses]({{< ref "solutions/about-sub
 ```sh
 sudo docker run \
 --env=NGINX_LICENSE_JWT="YOUR_JWT_HERE" \
---env=NGINX_AGENT_SERVER_GRPCPORT=443 \
---env=NGINX_AGENT_SERVER_HOST=agent.connect.nginx.com \
---env=NGINX_AGENT_SERVER_TOKEN="YOUR_NGINX_ONE_DATA_PLANE_KEY_HERE" \
---env=NGINX_AGENT_TLS_ENABLE=true \
+--env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
+--env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
+--env=NGINX_AGENT_COMMAND_AUTH_TOKEN="DPK" \
+--env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
 --restart=always \
 --runtime=runc \
--d private-registry.nginx.com/nginx-plus/agent:<version-tag>
+-d private-registry.nginx.com/nginx-plus/agentv3:<version-tag>
 ```
 
 <br>
@@ -90,13 +90,13 @@ To start the container with the `debian` image:
 ```sh
 sudo docker run \
 --env=NGINX_LICENSE_JWT="YOUR_JWT_HERE" \
---env=NGINX_AGENT_SERVER_GRPCPORT=443 \
---env=NGINX_AGENT_SERVER_HOST=agent.connect.nginx.com \
---env=NGINX_AGENT_SERVER_TOKEN="YOUR_NGINX_ONE_DATA_PLANE_KEY_HERE" \
---env=NGINX_AGENT_TLS_ENABLE=true \
+--env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
+--env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
+--env=NGINX_AGENT_COMMAND_AUTH_TOKEN="DPK" \
+--env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
 --restart=always \
 --runtime=runc \
--d private-registry.nginx.com/nginx-plus/agent:debian
+-d private-registry.nginx.com/nginx-plus/agentv3:debian
 ```
 
 {{</call-out>}}
diff --git a/content/nginx-one/connect-instances/connect-using-forward-proxy.md b/content/nginx-one/connect-instances/connect-using-forward-proxy.md
new file mode 100644
index 000000000..b313ae55c
--- /dev/null
+++ b/content/nginx-one/connect-instances/connect-using-forward-proxy.md
@@ -0,0 +1,124 @@
+---
+title: Prepare - Set up an explicit forward proxy
+toc: true
+weight: 250
+nd-docs: DOCS-000
+---
+
+NGINX Agent can be configured to connect to NGINX One using an explicit forward
+proxy. This is useful in environments where direct internet access is restricted or monitored.
+
+## Before you start
+
+Ensure you have the following:
+
+- An explicit forward proxy server installed and configured in your network.
+- [NGINX Agent is installed]({{< ref "nginx-one/agent/install-upgrade/" >}})
+- Access to the [NGINX One console]({{< ref "/nginx-one/getting-started.md#before-you-begin" >}}).
+
+
+## NGINX Agent configuration for proxy usage
+
+1. Open a secure connection to your instance using SSH and log in.
+1. Open the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) with a text editor. To edit this file you need superuser privileges.
+1. Add or modify the `proxy` section to include the proxy URL, port number, and timeout settings:
+
+   ```conf
+   server:
+      host: agent.connect.nginx.com
+      port: 443
+      proxy:
+         url: "http://proxy.example.com:<port number>"
+   ```
+
+1. Restart NGINX Agent to apply the changes:
+
+    ```sh
+    sudo systemctl restart nginx-agent
+    ```
+
+### In a containerized environment
+
+To configure NGINX Agent in a containerized environment:
+
+1. Run the NGINX Agent container with the environment variables set as follows:
+
+   ```sh
+   sudo docker run \
+      --add-host "myproxy.example.com:host-gateway" \
+      --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
+      --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
+      --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \
+      --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
+      --env=NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://myproxy.example.com:<port number> \
+      --restart=always \
+      --runtime=runc \
+      -d private-registry.nginx.com/nginx-plus/agentv3:latest
+   ```
+
+
+## NGINX Agent proxy authentication
+
+If your forward proxy requires authentication, you can specify the username and password in the `proxy` section of the `agent.conf` file:
+
+1. Open a secure connection to your instance using SSH and log in.
+1. Add or modify the `proxy` section of the NGINX Agent configuration file (/etc/nginx-agent/nginx-agent.conf) to include the authentication details:
+
+   ```conf
+   proxy:
+      url: "http://proxy.example.com:<port number>"
+      auth_method: "basic"
+      username: "user"
+      password: "pass"
+   ```
+
+1. Restart NGINX Agent to apply the changes:
+
+    ```sh
+    sudo systemctl restart nginx-agent
+    ```
+
+### In a containerized environment
+
+To set proxy authentication in a containerized environment:
+
+1. Run the NGINX Agent container with the environment variables set as follows:
+
+
+   ```sh
+   sudo docker run \
+      --add-host "myproxy.example.com:host-gateway" \
+      --env=NGINX_AGENT_COMMAND_SERVER_PORT=443 \
+      --env=NGINX_AGENT_COMMAND_SERVER_HOST=agent.connect.nginx.com \
+      --env=NGINX_AGENT_COMMAND_AUTH_TOKEN="<your-data-plane-key-here>" \
+      --env=NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY=false \
+      --env NGINX_AGENT_COMMAND_SERVER_PROXY_URL=http://proxy.example.com:<port number>
+      --env NGINX_AGENT_COMMAND_SERVER_PROXY_AUTH_METHOD=basic
+      --env NGINX_AGENT_COMMAND_SERVER_PROXY_USERNAME="user"
+      --env NGINX_AGENT_COMMAND_SERVER_PROXY_PASSWORD="pass"
+      --restart=always \
+      --runtime=runc \
+      -d private-registry.nginx.com/nginx-plus/agentv3:latest
+   ```
+
+## Validate connectivity between the components
+
+To test the connectivity between NGINX Agent, your proxy, and NGINX One Console, you can use the `curl` command with the proxy settings.
+
+1. Open a secure connection to your instance using SSH and log in.
+1. Run the following `curl` command to test the connection:
+   ```sh
+   curl -x http://proxy.example.com:<port number> -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents
+   ```
+
+   - Replace `proxy.example.com:<port number>` with your proxy address and port number.
+   - Replace `your_user` and `your_password` with the credentials you set up for proxy in the previous steps.
+
+To test the configuration from a containerized environment, run the following command from within the container:
+
+   ```sh
+   curl -x http://host.docker.internal:<port number> -U your_user:your_password https://agent.connect.nginx.com/api/v1/agents
+   ```
+
+   - Replace `your_user` and `your_password` with the credentials you set up for proxy in the previous steps.
+
diff --git a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
index 0052e684c..f12585911 100644
--- a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
+++ b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
@@ -24,7 +24,12 @@ Data plane keys are displayed only once and cannot be retrieved later. Be sure t
 
 Data plane keys expire after one year. You can change this expiration date later by editing the key.
 
-Revoking a data plane key disconnects all instances that were registered with that key.
+You can disconnect all instances associated with a data plane key in the following ways:
+
+- Revoke the data plane key
+- Let the data plane key expire
+
+Either action disconnects all instances registered with that key.
 {{</call-out>}}
 
 ## Create a new data plane key
diff --git a/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md b/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md
index c29aec28b..96114fc4a 100644
--- a/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md
+++ b/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md
@@ -69,7 +69,27 @@ To set up your other NGINX instances to use the proxy instance to connect to NGI
 2. Open the NGINX Agent configuration file (**/etc/nginx-agent/nginx-agent.conf**) with a text editor.
 3. Add the following configuration. Replace `YOUR_DATA_PLANE_KEY_HERE` with your actual data plane key and `YOUR_PROXY_IP_ADDRESS_HERE` with the IP address of the NGINX proxy instance.
 
-    ```yaml
+   {{< tabs name="Configure NGINX Agent to use the proxy" >}}
+
+   {{%tab name="NGINX Agent 3.x"%}}
+
+   ```yaml
+    command:
+      server:
+        # Replace YOUR_PROXY_IP_ADDRESS_HERE with the IP address of the NGINX proxy instance.
+        host: YOUR_PROXY_IP_ADDRESS_HERE
+        port: 5000
+      auth:
+        # Replace YOUR_DATA_PLANE_KEY_HERE with your NGINX One Console data plane key.
+        token: "YOUR_DATA_PLANE_KEY_HERE"
+      tls:
+        skip_verify: False
+        server_name: agent.connect.nginx.com
+   ```
+
+   {{%/tab%}}
+   {{%tab name="NGINX Agent 2.x"%}}
+   ```yaml
     server:
       # Replace YOUR_DATA_PLANE_KEY_HERE with your NGINX One Data Plane Key.
       token: "YOUR_DATA_PLANE_KEY_HERE"
@@ -79,9 +99,11 @@ To set up your other NGINX instances to use the proxy instance to connect to NGI
       command: agent.connect.nginx.com
       metrics: agent.connect.nginx.com
     tls:
-      enable: true
-      skip_verify: false
-    ```
+      enable: True
+      skip_verify: False
+   ```
+   {{%/tab%}}
+   {{%/tabs%}}
 
 4. Restart NGINX Agent:
 
diff --git a/content/nginx-one/getting-started.md b/content/nginx-one/getting-started.md
index 8f5605201..c5f0cf60e 100644
--- a/content/nginx-one/getting-started.md
+++ b/content/nginx-one/getting-started.md
@@ -110,20 +110,9 @@ The following instructions include minimal information, sufficient to "get start
 
 ### Generate a data plane key {#generate-data-plane-key}
 
-A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One.
-
-To generate a data plane key:
-
-- **For a new key:** In the **Add Instance** pane, select **Generate Data Plane Key**.
-- **To reuse an existing key:** If you already have a data plane key and want to use it again, select **Use existing key**. Then, enter the key's value in the **Data Plane Key** box.
-
-{{<call-out "caution" "Data plane key guidelines" "fas fa-key" >}}
-Data plane keys are displayed only once and cannot be retrieved later. Be sure to copy and store this key securely.
-
-Data plane keys expire after one year. You can change this expiration date later by [editing the key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#change-expiration-date" >}}).
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
 
 [Revoking a data plane key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#revoke-data-plane-key" >}}) disconnects all instances that were registered with that key.
-{{</call-out>}}
 
 ### Add an instance
 
@@ -132,7 +121,6 @@ Depending on whether this is your first time using NGINX One Console or you've u
 - **For first-time users:** On the welcome screen, select **Add Instance**.
 - **For returning users:** If you've added instances previously and want to add more, select **Instances** on the left menu, then select **Add Instance**.
 
-
 ### Install NGINX Agent
 
 After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install NGINX Agent. Once installed, NGINX Agent typically registers with NGINX One within a few seconds.
@@ -176,14 +164,14 @@ The `install` script writes an `nginx-agent.conf` file to the `/etc/nginx-agent/
 
 {{< include "/nginx-one/conf/nginx-agent-conf.md" >}}
 
-<span style="display: inline-block; margin-top: 20px;" >
-
 {{<call-out "note" "Note: NGINX Agent poll interval" >}} We recommend keeping `dataplane.status.poll_interval` between `30s` and `60s` in the NGINX Agent config (`/etc/nginx-agent/nginx-agent.conf`). If the interval is set above `60s`, NGINX One Console may report incorrect instance statuses.{{</call-out>}}
 
 <br>
 
 ---
 
+## Enable NGINX metrics reporting {#enable-nginx-metrics-reporting}
+
 The NGINX One Console dashboard relies on APIs for NGINX Plus and NGINX Open Source Stub Status to report traffic and system metrics. The following sections show you how to enable those metrics.
 
 ### Enable NGINX Plus API
diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md
index 69c264c63..8a6324a99 100644
--- a/content/nginx-one/glossary.md
+++ b/content/nginx-one/glossary.md
@@ -3,13 +3,13 @@ description: ''
 nd-docs: DOCS-1396
 title: Glossary
 toc: true
-weight: 800
-type:
-- reference
+weight: 1000
+nd-content-type: reference
 ---
 
 This glossary defines terms used in the F5 NGINX One Console and F5 Distributed Cloud.
 
+## General terms
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 | Term        | Definition |
@@ -24,6 +24,14 @@ This glossary defines terms used in the F5 NGINX One Console and F5 Distributed
 | **Tenant** | A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC). |
 {{</bootstrap-table>}}
 
+## NGINX App Protect WAF terminology
+
+{{< include "nap-waf/config/common/nginx-app-protect-waf-terminology.md" >}}
+
+## NGINX Alerts
+
+{{< include "/nginx-one/alert-labels.md" >}}
+
 ## Legal notice: Licensing agreements for NGINX products
 
 Using NGINX One is subject to our End User Service Agreement (EUSA). For [NGINX Plus]({{< ref "/nginx" >}}), usage is governed by the End User License Agreement (EULA). Open source projects, including [NGINX Agent](https://github.com/nginx/agent) and [NGINX Open Source](https://github.com/nginx/nginx), are covered under their respective licenses. For more details on these licenses, follow the provided links.
diff --git a/content/nginx-one/k8s/_index.md b/content/nginx-one/k8s/_index.md
new file mode 100644
index 000000000..794456588
--- /dev/null
+++ b/content/nginx-one/k8s/_index.md
@@ -0,0 +1,8 @@
+---
+title: Connect Kubernetes deployments
+description:
+weight: 700
+url: /nginx-one/k8s
+nd-product: NGINX One
+---
+
diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
new file mode 100644
index 000000000..680987ff1
--- /dev/null
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -0,0 +1,146 @@
+---
+title: Connect NGINX Gateway Fabric with Helm
+toc: true
+weight: 300
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Helm.
+Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Gateway Fabric. For each instance, you can review:
+
+- Read-only configuration file
+- Unmanaged SSL/TLS certificates for Control Planes
+
+## Before you begin
+
+Log in to NGINX One Console. If you need more information, review our [Get started guide]({{< ref "/nginx-one/getting-started.md#before-you-begin" >}}).
+
+You also need:
+
+- Administrator access to a Kubernetes cluster.
+- If you use [Helm](https://helm.sh) and [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl), install them locally.
+
+### Create a data plane key
+
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
+
+### Create a Kubernetes secret with the data plane key
+
+{{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
+
+## Install Gateway API resources
+<!-- Corresponds to step 2 in the UX -->
+{{< include "/ngf/installation/install-gateway-api-resources.md" >}}
+
+## Install from the OCI registry
+<!-- Corresponds to step 3 in the UX -->
+
+The following steps install NGINX Gateway Fabric directly from the OCI helm registry. If you prefer, you can [install from sources](#install-from-sources) instead.
+
+{{<tabs name="install-helm-oci">}}
+
+{{%tab name="NGINX"%}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+{{< call-out "note" >}} 
+
+If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. 
+
+{{< /call-out >}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
+  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
+  --set nginx.plus=true \
+  --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> 
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
+
+If you want the latest version from the **main** branch, add `--version 0.0.0-edge` to your install command.
+
+To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
+
+```shell
+kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
+```
+
+### Install from sources {#install-from-sources}
+<!-- Corresponds to step 4 in the UX -->
+If you prefer to install directly from sources, instead of through the OCI helm registry, use the following steps.
+
+{{< include "/ngf/installation/helm/pulling-the-chart.md" >}}
+
+{{<tabs name="install-helm-src">}}
+
+{{%tab name="NGINX"%}}
+
+To install the chart into the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf .  \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+{{< call-out "note" >}} 
+
+If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. 
+
+{{< /call-out >}}
+
+To install the chart into the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf . \
+  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  --set nginx.plus=true \
+  --set nginx.imagePullSecret=nginx-plus-registry-secret \
+  -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
+
+To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
+
+```shell
+kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
+```
+
+## Verify a connection to NGINX One Console
+
+{{< include "/nginx-one/how-to/verify-connection.md" >}}
+
+## Troubleshooting
+
+{{< include "/nginx-one/how-to/ngf-troubleshooting.md" >}}
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
new file mode 100644
index 000000000..b7d675331
--- /dev/null
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -0,0 +1,59 @@
+---
+title: Connect NGINX Gateway Fabric with Manifests
+toc: true
+weight: 300
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Manifests.
+Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Gateway Fabric. For each instance, you can review:
+
+- Read-only configuration file
+- Unmanaged SSL/TLS certificates for Control Planes
+
+## Before you begin
+
+Log in to NGINX One Console. If you need more information, review our [Get started guide]({{< ref "/nginx-one/getting-started.md#before-you-begin" >}}).
+
+{{< include "/ngf/installation/install-manifests-prereqs.md" >}}
+
+### Create a data plane key
+
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
+
+### Create a Kubernetes secret with the data plane key
+
+{{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
+
+## Install Gateway API resources
+<!-- Corresponds to step 2 in the UX -->
+{{< include "/ngf/installation/install-gateway-api-resources.md" >}}
+
+## Deploy NGINX Gateway Fabric CRDs
+<!-- Corresponds to step 3 in the UX -->
+
+{{< include "/ngf/installation/deploy-ngf-crds.md" >}}
+
+## Deploy NGINX Gateway Fabric
+
+Specify the data plane key Secret name in the `--nginx-one-dataplane-key-secret` command-line argument of the nginx-gateway container.
+
+{{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
+
+## Verify a connection to NGINX One Console
+
+{{< include "/nginx-one/how-to/verify-connection.md" >}}
+
+## Troubleshooting
+
+{{< include "/nginx-one/how-to/ngf-troubleshooting.md" >}}
+
+## References
+
+For more details, see:
+
+- [Install NGINX Gateway Fabric with Manifests]({{< ref "/ngf/install/manifests.md" >}})
+
diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md
new file mode 100644
index 000000000..efe6a5f53
--- /dev/null
+++ b/content/nginx-one/k8s/add-nic.md
@@ -0,0 +1,177 @@
+---
+title: Connect NGINX Ingress Controller
+toc: true
+weight: 200
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Ingress Controller to F5 NGINX One Console using NGINX Agent.
+Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review:
+
+- Read-only configuration file
+- Unmanaged SSL/TLS certificates for Control Planes
+
+## Before you begin
+
+If you do not already have a [data plane key]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}), you can create one. Pay attention to the expiration date of that key. Any instance that's connected to a data plane key that's expired or revoked will stop working.
+
+You can create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
+
+Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
+
+```shell
+kubectl create secret generic dataplane-key \
+  --from-literal=dataplane.key=<Your Dataplane Key> \
+  -n <namespace>
+```
+
+When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running. 
+If you use [`-watch-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-namespace-string" >}}) or [`watch-secret-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-secret-namespace-string" >}}) arguments with NGINX Ingress Controller, 
+you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod.
+
+{{< call-out "note" >}}
+You can also create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
+{{< /call-out >}}
+
+## Deploy NGINX Ingress Controller with NGINX Agent
+
+{{<tabs name="deploy-config-resource">}}
+{{%tab name="Helm"%}}
+
+Upgrade or install NGINX Ingress Controller with the following command to configure NGINX Agent and connect to NGINX One Console:
+
+- For NGINX:
+
+    ```shell
+    helm upgrade --install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} \
+      --set nginxAgent.enable=true \
+      --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+      --set nginxAgent.endpointHost=agent.connect.nginx.com
+    ```
+
+- For NGINX Plus: (This assumes you have pushed NGINX Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`)
+
+    ```shell
+    helm upgrade --install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} \
+      --set controller.image.repository=myregistry.example.com/nginx-plus-ingress \
+      --set controller.nginxplus=true \
+      --set nginxAgent.enable=true \
+      --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+      --set nginxAgent.endpointHost=agent.connect.nginx.com
+    ```
+
+The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
+for instructions on how to generate your dataplane key from the NGINX One Console.
+
+Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{%tab name="Manifests"%}}
+
+Add the following flag to the Deployment/DaemonSet file of NGINX Ingress Controller:
+
+```yaml
+args:
+- -agent=true
+```
+
+Create a `ConfigMap` with an `nginx-agent.conf` file:
+
+```yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nginx-agent-config
+  namespace: <namespace>
+data:
+  nginx-agent.conf: |-
+    log:
+      # set log level (error, info, debug; default "info")
+      level: info
+      # set log path. if empty, don't log to file.
+      path: ""
+  
+    allowed_directories:
+      - /etc/nginx
+      - /usr/lib/nginx/modules
+  
+    features:
+      - certificates
+      - connection
+      - metrics
+      - file-watcher
+  
+    ## command server settings
+    command:
+      server:
+        host: agent.connect.nginx.com
+        port: 443
+      auth:
+        tokenpath: "/etc/nginx-agent/secrets/dataplane.key"
+      tls:
+        skip_verify: false
+```      
+
+Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller.
+Mount the ConfigMap to the Deployment/DaemonSet file of NGINX Ingress Controller:
+
+```yaml
+volumeMounts:
+- name: nginx-agent-config
+  mountPath: /etc/nginx-agent/nginx-agent.conf
+  subPath: nginx-agent.conf
+- name: dataplane-key
+  mountPath: /etc/nginx-agent/secrets
+volumes:
+- name: nginx-agent-config
+  configMap:
+    name: nginx-agent-config
+- name: dataplane-key
+  secret:
+    secretName: "<data_plane_key_secret_name>"
+```
+
+Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{</tabs>}}
+
+## Verify a connection to NGINX One Console
+
+After deploying NGINX Ingress Controller <!-- or NGINX Gateway Fabric --> with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name.
+
+## Troubleshooting
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent -v
+```
+  
+If nginx-agent version is v3, continue with the following steps.
+Otherwise, make sure you are using an image that does not include NGINX App Protect. 
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent
+```
+
+Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see information associated with:
+
+- Unmanaged SSL/TLS certificates for Control Planes 
+- Configuration recommendations 
+
+Under the **Configuration** tab, you'll see a **read-only** view of the configuration files.
diff --git a/content/nginx-one/k8s/overview.md b/content/nginx-one/k8s/overview.md
new file mode 100644
index 000000000..b2da7f2d1
--- /dev/null
+++ b/content/nginx-one/k8s/overview.md
@@ -0,0 +1,19 @@
+---
+# We use sentence case and present imperative tone
+title: "Integrate Kubernetes control planes"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: concept
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to:
+
+- Set up a connection to F5 NGINX One Console through a data plane key.
+- Review the NGINX Ingress Controller instances that are part of your fleet.
+
diff --git a/content/nginx-one/nap-integration/_index.md b/content/nginx-one/nap-integration/_index.md
new file mode 100644
index 000000000..b21ffdf45
--- /dev/null
+++ b/content/nginx-one/nap-integration/_index.md
@@ -0,0 +1,6 @@
+---
+title: Secure with NGINX App Protect
+description:
+weight: 400
+url: /nginx-one/nap-integration
+---
diff --git a/content/nginx-one/nap-integration/configure-policy.md b/content/nginx-one/nap-integration/configure-policy.md
new file mode 100644
index 000000000..da58de0c8
--- /dev/null
+++ b/content/nginx-one/nap-integration/configure-policy.md
@@ -0,0 +1,48 @@
+---
+# We use sentence case and present imperative tone
+title: "Add and configure a policy"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 200
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+This document describes how you can configure a security policy in the F5 NGINX One Console. When you add a policy, NGINX One Console includes several UI-based options and presets, based on NGINX App Protect WAF.
+
+
+If you already know NGINX App Protect WAF, you can go beyond the options available in the UI. 
+
+## Add a policy
+
+From NGINX One Console, select App Protect > Policies. In the screen that appears, select **Add Policy**. That action opens a screen where you can:
+
+- In General Settings, name and describe the policy.
+  - You can also set one of the following enforcement modes:
+    - Transparent
+    - Blocking
+
+For details, see the [Glossary]({{< ref "/nginx-one/glossary.md#nginx-app-protect-waf-terminology" >}}), specifically the entry: **Enforcement mode**. You'll see this in the associated configuration file,
+with the `enforcementMode` property.
+
+You can also set a character encoding. The default encoding is `Unicode (utf-8)`. To set a different character encoding, select **Show Advanced Fields** and select the **Application Language** of your choice.
+
+## Configure a policy
+
+With NGINX One Console User Interface, you get a default policy. You can also select **NGINX Strict** for a more rigorous policy:
+
+### Basic Configuration and the Default Policy
+
+{{< include "/nap-waf/concept/basic-config-default-policy.md" >}}
+
+## Save your policy
+
+NGINX One Console includes a Policy JSON section which displays your policy in JSON format. What you configure here is written to your instance of NGINX App Protect WAF. 
+
+With the **Edit** option, you can customize this policy. It opens the JSON file in a local editor. When you select **Save Policy**, it saves the latest version of what you've configured. You'll see your new policy under the name you used.
+
+From NGINX One Console, you can review the policies that you've saved, along with their versions. Select **App Protect** > **Policies**. Select the policy that you want to review or modify.
diff --git a/content/nginx-one/nap-integration/deploy-policy.md b/content/nginx-one/nap-integration/deploy-policy.md
new file mode 100644
index 000000000..884c1a86f
--- /dev/null
+++ b/content/nginx-one/nap-integration/deploy-policy.md
@@ -0,0 +1,28 @@
+---
+# We use sentence case and present imperative tone
+title: "Deploy policy"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 400
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+After you've set up a policy, it won't do anything, until you deploy it to one or more instances and Config Sync Groups.
+
+This page assumes you've created a policy in NGINX One Console that you're ready to deploy.
+
+## Deploy a policy
+
+To deploy a policy from NGINX One Console, take the following steps:
+
+1. Select **App Protect** > **Policies**.
+1. Select the policy that you're ready to deploy.
+1. Select the **Details** tab.
+1. In the **Deploy Policy** window that appears, you can confirm the name of the current policy and the version to deploy. NGINX One Console defaults to the selected policy and latest version.
+1. In the **Target** section, select Instance or Config Sync Group.
+1. In the drop-down menu that appears, select the instance or Config Sync Group available in the current NGINX One Console.
diff --git a/content/nginx-one/nap-integration/overview.md b/content/nginx-one/nap-integration/overview.md
new file mode 100644
index 000000000..f3c628333
--- /dev/null
+++ b/content/nginx-one/nap-integration/overview.md
@@ -0,0 +1,56 @@
+---
+# We use sentence case and present imperative tone
+title: "NGINX App Protect integration overview"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: concept
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+You can now integrate the features of F5 NGINX App Protect WAF v4 and v5 in F5 NGINX One Console. NGINX App Protect offers advanced Web Application Firewall (WAF) capabilities.
+Through the NGINX One Console UI, you can now set up the [NGINX App Protect WAF]({{< ref "/nap-waf/" >}}) firewall. This solution provides robust security and scalability.
+
+## Features
+
+Once you've connected to the NGINX One Console, select **App Protect > Policies**. You can add new policies or edit existing policies, as defined in the [NGINX App Protect WAF Administration Guide]({{< ref "/nap-waf/v5/admin-guide/overview.md" >}})
+
+Through the NGINX One Console UI, you can:
+
+- [Add and configure a policy]({{< ref "/nginx-one/nap-integration/configure-policy.md/" >}})
+- [Review existing policies]({{< ref "/nginx-one/nap-integration/review-policy.md/" >}})
+- [Deploy policies]({{< ref "/nginx-one/nap-integration/deploy-policy.md/" >}}) on instances and Config Sync Groups
+
+You can also set up policies through the [NGINX One Console API]({{< ref "/nginx-one/nap-integration/security-policy-api.md/" >}}).
+
+## Set up NGINX App Protect
+
+You can install and upgrade NGINX App Protect:
+
+Version 4:
+
+- [Install]({{< ref "/nap-waf/v4/admin-guide/install.md" >}})
+- [Upgrade]({{< ref "/nap-waf/v4/admin-guide/upgrade-nap-waf.md" >}})
+
+Version 5:
+
+- [Install]({{< ref "/nap-waf/v5/admin-guide/install.md" >}})
+- [Upgrade]({{< ref "/nap-waf/v5/admin-guide/upgrade-nap-waf.md" >}})
+
+### Container-related configuration requirements
+
+NGINX App Protect WAF Version 5 has specific requirements for the configuration with Docker containers:
+
+- Directory associated with the volume, which you may configure in a `docker-compose.yaml` file.
+  - You may set it up with the `volumes` directive with a directory like `/etc/nginx/app_protect_policies`.
+  - You need to set up the container volume. So when the policy bundle is referenced in the `nginx` directive, the file path is what the container sees.
+  - You need to also include an `app_protect_policy_file`, as described in [App Protect Specific Directives]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#app-protect-specific-directives" >}})
+
+  - You'll need to set a policy bundle (in compressed tar format) in a configured `volume`.
+  - Make sure the directory for [NGINX Agent]({{< ref "/agent/configuration/" >}}) includes `/etc/nginx/app_protect_policies`.
+
+When  you deploy NAP policy through NGINX One Console, do not also use plain JSON policy in the same NGINX instance.
diff --git a/content/nginx-one/nap-integration/review-policy.md b/content/nginx-one/nap-integration/review-policy.md
new file mode 100644
index 000000000..f5e5c0e91
--- /dev/null
+++ b/content/nginx-one/nap-integration/review-policy.md
@@ -0,0 +1,40 @@
+---
+# We use sentence case and present imperative tone
+title: "Review policy"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 300
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+Before you implement a policy on an NGINX instance or Config Sync Group, you may want to review it. F5 NGINX One Console creates a policy for your NGINX App Protect WAF system.
+
+## Review NGINX App Protect policies
+
+From NGINX One Console, select **App Protect** > **Policies**. Select the name of the policy that you want to review. You'll see the following tabs:
+
+- Details, which includes:
+  - Policy Details: Descriptions, status, enforcement type, latest version, and last deployed time.
+  - Deployments: List of instances and Config Sync Groups where the NGINX App Protect policy is deployed.
+- Policy JSON: The policy, in JSON format. With the **Edit** button, you can modify this policy.
+- Versions: Policy versions that you've written. You can apply an older policy to your deployments.
+
+## Modify existing policies
+
+From the NGINX One Console, you can also manage existing policies. In the Policies screen, identify a policy, and select **Actions**. From the menu that appears, you can:
+
+- **Edit** an existing policy.
+- **Save As** to save an existing policy with a new name. You can use an existing policy as a baseline for further customization.
+- **Deploy Latest Version** to apply the latest revision of an existing policy to the configured instances and Config Sync Groups.
+- **Export** the policy in JSON format.
+- **Delete** the policy. Once confirmed, you'll lose all work you've done on that policy.
+
+{{< call-out "note" >}}
+If you use **Save As** to create a new policy, include the `app_protect_cookie_seed` [directive]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#directives" >}}).
+{{< /call-out >}}
+
diff --git a/content/nginx-one/nap-integration/security-policy-api.md b/content/nginx-one/nap-integration/security-policy-api.md
new file mode 100644
index 000000000..3a9b91d36
--- /dev/null
+++ b/content/nginx-one/nap-integration/security-policy-api.md
@@ -0,0 +1,26 @@
+---
+title: "Set security policies through the API"
+weight: 700
+toc: true
+type: reference
+product: NGINX One
+docs: DOCS-000
+---
+
+You can use F5 NGINX One Console API to manage security policies. With our API, you can:
+
+- [List existing policies]({{< ref "/nginx-one/api/api-reference-guide/#operation/listNapPolicies" >}})
+  - You can set parameters to sort policies by type.
+- [Create a new policy]({{< ref "/nginx-one/api/api-reference-guide/#operation/createNapPolicy" >}})
+  - You need to translate the desired policy.json file to base64 format.
+- [Get policy details]({{< ref "/nginx-one/api/api-reference-guide/#operation/getNapPolicy" >}})
+  - Returns details of the policy you identified with the policy `object_id`.
+- [List NGINX App Protect Deployments]({{< ref "/nginx-one/api/api-reference-guide/#operation/listNapPolicyDeployments" >}})
+  - The output includes:
+    - Target of the deployment
+    - Time of deployment
+    - Enforcement mode
+    - Policy version
+    - Threat campaign
+    - Attack signature
+    - Bot signature
diff --git a/content/nginx-one/nginx-configs/certificates/manage-certificates.md b/content/nginx-one/nginx-configs/certificates/manage-certificates.md
index cf6409c8b..b5a34e2c4 100644
--- a/content/nginx-one/nginx-configs/certificates/manage-certificates.md
+++ b/content/nginx-one/nginx-configs/certificates/manage-certificates.md
@@ -38,11 +38,11 @@ You can manage the certificates for:
 - For all instances that are members of a [Config Sync Group]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups/#configuration-management" >}})
 
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 If you are managing the certificate from NGINX One Console, we recommend that you avoid directly manipulating the files on the data plane.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Before you start
 
@@ -170,7 +170,7 @@ To delete a certificate, find the name in the **Certificates** screen. Find the
 
 If that certificate is managed and is part of a Config Sync Group, that change affects all instances in that group.
 
-{{< warning >}} Be cautious if you want to delete certificates that are being used by an instance or a Config Sync Group. Deleting such certificates leads to failure in affected NGINX deployments. {{< /warning >}}
+{{< call-out "warning" >}} Be cautious if you want to delete certificates that are being used by an instance or a Config Sync Group. Deleting such certificates leads to failure in affected NGINX deployments. {{< /call-out >}}
 
 ## Managed and unmanaged certificates
 
diff --git a/content/nginx-one/nginx-configs/config-sync-groups/_index.md b/content/nginx-one/nginx-configs/config-sync-groups/_index.md
index eaefeaea3..96d90f3e3 100644
--- a/content/nginx-one/nginx-configs/config-sync-groups/_index.md
+++ b/content/nginx-one/nginx-configs/config-sync-groups/_index.md
@@ -2,5 +2,5 @@
 description:
 title: Change multiple instances with one push
 weight: 400
-url: /nginx-one/config-sync-groups
+url: /nginx-one/nginx-configs/config-sync-groups
 ---
diff --git a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md
index 823c4d7f2..794b727ce 100644
--- a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md
+++ b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md
@@ -29,11 +29,11 @@ You can use the NGINX One Console to add a file to a specific Config Sync Group.
 1. Select the Config Sync Group to manage.
 1. Select the **Configuration** tab.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
 
    {{< include "nginx-one/add-file/edit-config-tip.md" >}}
 
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. Select **Edit Configuration**.
 1. In the **Edit Configuration** window that appears, select **Add File**.
@@ -48,20 +48,21 @@ Enter the name of the desired configuration file, such as `abc.conf` and select
 
 {{< include "nginx-one/add-file/new-ssl-bundle.md" >}}
 
-  {{< tip >}}
+  {{< call-out "tip" >}}
 
   Make sure to specify the path to your certificate in your NGINX configuration,
   with the `ssl_certificate` and `ssl_certificate_key` directives.
 
-  {{< /tip >}}
+  {{< /call-out >}}
 
 ### Existing SSL Certificate or CA Bundle
 
 {{< include "nginx-one/add-file/existing-ssl-bundle.md" >}}
+
 With this option, you can incorporate [Managed certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}).
 
 ## See also
 
 - [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
 - [Add an NGINX instance]({{< ref "/nginx-one/connect-instances/add-instance.md" >}})
-- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}})
\ No newline at end of file
+- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}})
diff --git a/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md b/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md
index 5db71008b..f40929adb 100644
--- a/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md
+++ b/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md
@@ -37,13 +37,13 @@ Config Sync Groups support configuration inheritance and persistance. If you've
 
 On the other hand, if you remove all instances from a Config Sync Group, the original configuration persists. In other words, the group retains the configuration from that first instance (or the original configuration). Any new instance that you add later still inherits that configuration.
 
-{{< tip >}}You can use _unmanaged_ certificates. Your actions can affect the [Config Sync Group status](#config-sync-group-status). For future instances on the data plane, if it:
+{{< call-out "tip" >}}You can use _unmanaged_ certificates. Your actions can affect the [Config Sync Group status](#config-sync-group-status). For future instances on the data plane, if it:
 
 - Has unmanaged certificates in the same file paths as defined by the NGINX configuration as the Config Sync Group, that instance will be [**In Sync**](#config-sync-group-status).
 - Will be [**Out of Sync**](#config-sync-group-status) if the instance:
    - Does not have unmanaged certificates in the same file paths
    - Has unmanaged certificates in a different directory from the Config Sync Group
-{{< /tip >}}
+{{< /call-out >}}
 
 ### Risk when adding multiple instances to a Config Sync Group
 
@@ -81,7 +81,7 @@ When you plan Config Sync Groups, consider the following factors:
 
 - **Single Config Sync Group membership**: You can add an instance to only one Config Sync Group.
 
-- **NGINX Agent configuration file location**: When you run the NGINX Agent installation script to register an instance with NGINX One, the script creates the `agent-dynamic.conf` file, which contains settings for the NGINX Agent, including the specified Config Sync Group. This file is typically located in `/var/lib/nginx-agent/` on most systems; however, on FreeBSD, it's located at `/var/db/nginx-agent/`.
+- **NGINX Agent configuration file location**: When you run the NGINX Agent installation script to register an instance with NGINX One, the script creates the `nginx-agent.conf` (or `agent-dynamic.conf` if you are using NGINX Agent 2.x) file, which contains settings for the NGINX Agent, including the specified Config Sync Group. This file is typically located in `/etc/nginx-agent/` on most systems.
 
 - **Mixing NGINX Open Source and NGINX Plus instances**: You can add both NGINX Open Source and NGINX Plus instances to the same Config Sync Group, but there are limitations. If your configuration includes features exclusive to NGINX Plus, synchronization will fail on NGINX Open Source instances because they don't support these features. NGINX One allows you to mix NGINX instance types for flexibility, but it’s important to ensure that the configurations you're applying are compatible with all instances in the group.
 
@@ -104,6 +104,28 @@ Any instance that joins the group afterwards inherits that configuration.
 
 You can add existing NGINX instances that are already registered with NGINX One to a Config Sync Group.
 
+{{< tabs name="Add existing instance to Config Sync Group" >}}
+
+{{%tab name="NGINX Agent 3.x"%}}
+
+1. Open a command-line terminal on the NGINX instance.
+2. Open the `/etc/nginx-agent/nginx-agent.conf` file in a text editor.
+3. Find or create the `labels` section and change the `config_sync_group` label to the name of the new Config Sync Group.
+
+   ``` text
+   labels:
+      config-sync-group: <config_sync_group>
+   ```
+
+4. Restart NGINX Agent:
+
+   ``` shell
+   sudo systemctl restart nginx-agent
+   ```
+
+{{%/tab%}}
+{{%tab name="NGINX Agent 2.x"%}}
+
 1. Open a command-line terminal on the NGINX instance.
 2. Open the `/var/lib/nginx-agent/agent-dynamic.conf` file in a text editor.
 3. At the end of the file, add a new line beginning with `instance_group:`, followed by the Config Sync Group name.
@@ -118,6 +140,9 @@ You can add existing NGINX instances that are already registered with NGINX One
    sudo systemctl restart nginx-agent
    ```
 
+{{%/tab%}}
+{{< /tabs >}}
+
 ### Add a new instance to a Config Sync Group {#add-a-new-instance-to-a-config-sync-group}
 
 When adding a new NGINX instance that is not yet registered with NGINX One, you need a data plane key to securely connect the instance. You can generate a new data plane key during the process or use an existing one if you already have it.
@@ -185,6 +210,29 @@ For more details on creating and managing data plane keys, see [Create and manag
 
 If you need to move an NGINX instance to a different Config Sync Group, follow these steps:
 
+{{< tabs name="Move instance to Config Sync Group" >}}
+
+{{%tab name="NGINX Agent 3.x"%}}
+
+1. Open a command-line terminal on the NGINX instance.
+2. Open the `/etc/nginx-agent/nginx-agent.conf` file in a text editor.
+3. Find the `labels` section and change the `config_sync_group` label to the name of the new Config Sync Group.
+
+   ``` text
+   labels:
+      config-sync-group: <new_config_sync_group>
+   ```
+
+4. Restart NGINX Agent by running the following command:
+
+   ```shell
+   sudo systemctl restart nginx-agent
+   ```
+
+{{%/tab%}}
+{{%tab name="NGINX Agent 2.x"%}}
+
+
 1. Open a command-line terminal on the NGINX instance.
 2. Open the `/var/lib/nginx-agent/agent-dynamic.conf` file in a text editor.
 3. Locate the line that begins with `instance_group:` and change it to the name of the new Config Sync Group.
@@ -199,12 +247,39 @@ If you need to move an NGINX instance to a different Config Sync Group, follow t
    sudo systemctl restart nginx-agent
    ```
 
+{{%/tab%}}
+{{< /tabs >}}
+
+
 If you move an instance with certificates from one Config Sync Group to another, NGINX One adds or removes those certificates from the data plane, to synchronize with the deployed certificates of the group.
 
 ### Remove an instance from a Config Sync Group
 
 If you need to remove an NGINX instance from a Config Sync Group without adding it to another group, follow these steps:
 
+
+{{< tabs name="Remove instance from Config Sync Group" >}}
+
+{{%tab name="NGINX Agent 3.x"%}}
+
+1. Open a command-line terminal on the NGINX instance.
+2. Open the `/etc/nginx-agent/nginx-agent.conf` file in a text editor.
+3. Locate the line that begins with `labels:` section and either remove the `config-sync-group` line or comment it out by adding a `#` at the beginning of the line.
+
+   ```text
+   labels:
+      # config-sync-group: <new_config_sync_group>
+   ```
+
+4. Restart NGINX Agent:
+
+   ```shell
+   sudo systemctl restart nginx-agent
+   ```
+
+{{%/tab%}}
+{{%tab name="NGINX Agent 2.x"%}}
+
 1. Open a command-line terminal on the NGINX instance.
 2. Open the `/var/lib/nginx-agent/agent-dynamic.conf` file in a text editor.
 3. Locate the line that begins with `instance_group:` and either remove it or comment it out by adding a `#` at the beginning of the line.
@@ -219,6 +294,10 @@ If you need to remove an NGINX instance from a Config Sync Group without adding
    sudo systemctl restart nginx-agent
    ```
 
+{{%/tab%}}
+{{< /tabs >}}
+
+
 By removing or commenting out this line, the instance will no longer be associated with any Config Sync Group.
 
 ## Publish the Config Sync Group configuration {#publish-the-config-sync-group-configuration}
diff --git a/content/nginx-one/nginx-configs/metrics/enable-metrics.md b/content/nginx-one/nginx-configs/metrics/enable-metrics.md
index 0e677a78c..02894c2c1 100644
--- a/content/nginx-one/nginx-configs/metrics/enable-metrics.md
+++ b/content/nginx-one/nginx-configs/metrics/enable-metrics.md
@@ -14,10 +14,16 @@ nd-product: NGINX-One
 
 The NGINX One Console dashboard relies on APIs for NGINX Plus and NGINX Open Source Stub Status to report traffic and system metrics. The following sections show you how to enable those metrics.
 
-### Enable NGINX Plus API
+## Enable NGINX Plus API and dashboard
 
 {{< include "/use-cases/monitoring/enable-nginx-plus-api.md" >}}
 
-### Enable NGINX Open Source Stub Status API 
+## Enable NGINX Plus API and dashboard with Config Sync Groups
+
+To enable the NGINX Plus API and dashboard with [Config Sync Groups]({{< ref "nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}), add a file named `/etc/nginx/conf.d/dashboard.conf` to your shared group config. Any instance you add to that group automatically uses those settings.
+
+{{< include "use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md" >}}
+
+## Enable NGINX Open Source Stub Status API 
 
 {{< include "/use-cases/monitoring/enable-nginx-oss-stub-status.md" >}}
diff --git a/content/nginx-one/nginx-configs/one-instance/add-file.md b/content/nginx-one/nginx-configs/one-instance/add-file.md
index 72b1d7d45..4d31375f3 100644
--- a/content/nginx-one/nginx-configs/one-instance/add-file.md
+++ b/content/nginx-one/nginx-configs/one-instance/add-file.md
@@ -30,11 +30,11 @@ You can use the NGINX One Console to add a file to a specific instance. To do so
 1. Select the instance to manage.
 1. Select the **Configuration** tab.
 
-   {{< tip >}}
+   {{< call-out "tip" >}}
 
    {{< include "nginx-one/add-file/edit-config-tip.md" >}}
 
-   {{< /tip >}}
+   {{< /call-out >}}
 
 1. Select **Edit Configuration**.
 1. In the **Edit Configuration** window that appears, select **Add File**.
@@ -49,12 +49,12 @@ Enter the name of the desired configuration file, such as `abc.conf` and select
 
 {{< include "nginx-one/add-file/new-ssl-bundle.md" >}}
 
-  {{< tip >}}
+  {{< call-out "tip" >}}
 
   Make sure to specify the path to your certificate in your NGINX configuration,
   with the `ssl_certificate` and `ssl_certificate_key` directives.
 
-  {{< /tip >}}
+  {{< /call-out >}}
 
 ### Existing SSL Certificate or CA Bundle
 
diff --git a/content/nginx-one/nginx-configs/staged-configs/_index.md b/content/nginx-one/nginx-configs/staged-configs/_index.md
index 1305546f1..ddb5f35fb 100644
--- a/content/nginx-one/nginx-configs/staged-configs/_index.md
+++ b/content/nginx-one/nginx-configs/staged-configs/_index.md
@@ -2,5 +2,5 @@
 description:
 title: Draft new configurations
 weight: 400
-url: /nginx-one/staged-configs
+url: /nginx-one/nginx-configs/staged-configs
 ---
diff --git a/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md b/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md
index 7dee6a257..de713dc21 100644
--- a/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md
+++ b/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md
@@ -40,12 +40,12 @@ When you work with such archives, consider the following:
   - If you import or export such files in archives, NGINX One Console does not include those files.
 - The size of the archive is limited to 5 MB.  The size of all uncompressed files in the archive is limited to 10 MB.
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 Before you unpack an archive, run the `tar -tvzf <archive-name>.tar.gz` command. It displays the files and directories in that archive, without overwriting anything.
 You'll then know where files are written when you extract an archive with a command like `tar -xvzf <archive-name>.tar.gz`.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 ## Import a Staged Configuration
 
diff --git a/content/nginx-one/rbac/rbac-api.md b/content/nginx-one/rbac/rbac-api.md
index 4cf387018..97187bec2 100644
--- a/content/nginx-one/rbac/rbac-api.md
+++ b/content/nginx-one/rbac/rbac-api.md
@@ -17,7 +17,7 @@ For this use-case, we include a list of API groups that you can use to specify p
 
 The following table lists the available API groups that you can use to construct a Role. These are narrowly scoped API groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
 
-{{< note >}}If you create custom roles using these API groups, users may not have access to all capabilities of the browser web portal.{{< /note >}}
+{{< call-out "note" >}}If you create custom roles using these API groups, users may not have access to all capabilities of the browser web portal.{{< /call-out >}}
 
 | API Group Name                          | Level of Access | Description                                                                                                                   |
 |-----------------------------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------|
diff --git a/content/nginx-one/secure-your-fleet/_index.md b/content/nginx-one/secure-your-fleet/_index.md
new file mode 100644
index 000000000..d9fea82ff
--- /dev/null
+++ b/content/nginx-one/secure-your-fleet/_index.md
@@ -0,0 +1,6 @@
+---
+title: Secure your fleet
+description:
+weight: 450
+url: /nginx-one/secure-your-fleet
+---
diff --git a/content/nginx-one/secure-your-fleet/set-up-security-alerts.md b/content/nginx-one/secure-your-fleet/set-up-security-alerts.md
new file mode 100644
index 000000000..ee3d3c6c2
--- /dev/null
+++ b/content/nginx-one/secure-your-fleet/set-up-security-alerts.md
@@ -0,0 +1,163 @@
+---
+title: "Set up security alerts"
+weight: 500
+toc: true
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+With this page, you'll learn how to set up alerts in F5 Distributed Cloud. Once configured, you'll see the CVEs and insecure configurations associated with your NGINX fleet. These instructions are intended for those responsible for keeping their NGINX infrastructure and application traffic secure. It assumes you know how to:
+
+- Install Linux programs or run Docker containers
+
+By the end of this tutorial, you'll be able to:
+
+- Access the NGINX One Console in F5 Distributed Cloud
+- Connect NGINX instances to the NGINX One Console
+- Review Security Risks associated with your NGINX fleet
+- Configure Alert Policies in F5 Distributed Cloud
+
+## Background
+
+NGINX One Console is a service to monitor and manage NGINX. It's a part of the F5 Distributed Cloud and is included with all NGINX and F5 Distributed Cloud subscriptions. While NGINX is built to be secure and stable, critical vulnerabilities can occasionally emerge – and misconfigurations may leave your applications or APIs exposed to attacks. 
+
+## Before you begin
+
+If you already have accessed F5 Distributed Cloud and have NGINX instances available, you can skip these steps and start to connect instances to the NGINX One Console.
+
+### Confirm access to the F5 Distributed Cloud
+
+{{< include "/nginx-one/cloud-access.md" >}}
+
+### Confirm access to NGINX One Console in the F5 Distributed Cloud
+
+Once you've logged in with your password, you should be able to see and select the NGINX One tile. 
+
+1. Select the **NGINX One** tile
+1. Select **Visit Service**
+
+### Install an instance of NGINX
+
+Ensure you have an instance of [NGINX Open Source or NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/" >}}) installed and available. This guide provides instructions for connecting an instance installed in a Linux environment (VM or bare metal hardware) where you have command line access.
+Alternatively, we also have instructions for [Deploying NGINX and NGINX Plus with Docker]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md" >}}) with NGINX and the NGINX Agent installed. That deployment can connect with environment variables.
+
+## Connect at least one NGINX instance to the NGINX One Console
+
+If you already have connected instances to the NGINX One Console, you can start to [Configure an active alert policy]({{< ref "/nginx-one/secure-your-fleet/set-up-security-alerts.md#configure-an-active-alert-policy" >}}).
+Otherwise, you need to add an instance, generate a data plane key, and install NGINX Agent. We assume this is the first time you are connecting an instance.
+
+### Add an instance
+
+{{< include "/nginx-one/how-to/add-instance.md" >}}
+
+### Generate a data plane key
+
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
+
+### Install NGINX Agent
+
+{{< include "/nginx-one/how-to/install-nginx-agent.md" >}}
+
+You can also install NGINX Agent from our repositories and configure it manually. Alternatively you can use our official NGINX Docker images, pre-configured with NGINX Agent.
+
+## Configure an active alert policy
+
+The NGINX One Console monitors all connected NGINX instances for CVEs and insecure configurations. Using the F5 Distributed Cloud's Alert Policies, you can receive alerts for these risks in a manner of your choosing; for the purposes of this guide, we show you how to configure email alerts.
+
+The F5 Distributed Cloud generates alerts from all its services including NGINX One Console. You can configure rules to send those alerts to a receiver of your choice. These instructions walk you through how to configure an email notification when we see new CVEs or detect security issues with your NGINX instances.
+
+This page describes basic steps to set up an email alert. For authoritative documentation, see
+[Alerts - Email & SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms).
+
+## Configure alerts to be sent to your email
+
+To configure security-related alerts, follow these steps:
+
+1. Go to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. 
+1. Select **Audit Logs & Alerts**
+1. Select **Alerts Management > Alert Receivers**
+1. Select **Add Alert Receiver**
+   1. Enter the name of your choice.
+   1. (Optional) Specify a label and description.
+1. Under **Receiver**, select **Email** and enter your email address.
+1. Select **Add Alert Receiver**
+   Your alert receiver should now appear on the list of Alert Receivers.
+1. Select the **Actions** ellipsis (...) for your receiver. Select **Verify Email**.
+1. Select **Send email** to confirm.
+1. You should receive a verification code in the email provided. Copy that code.
+1. Under the **Actions** column, select **Enter verification code**.
+1. Paste the code and select **Verify receiver**.
+
+## Configure Alert Policy
+
+Next, configure the policy that identifies when you'll get an alert. You'll need to reference available alerts in our [NGINX One Console Glossary]({{< ref "/nginx-one/glossary.md#nginx-alerts/" >}}). Relevant security alerts include:
+
+- SecurityRecommendationNGINX
+- HighCVENGINX
+- MediumCVENGINX
+- LowCVENGINX
+
+1. Go to **Alerts Management > Alert Policies**.
+1. Select **Add Alert Policy**.
+   1. Enter the name of your choice. You're limited to lower-case characters, numbers, and dashes.
+   1. (Optional) Specify a label and description.
+1. Under **Alert Reciever Configuration > Alert Receivers,** select the **Alert Receiver** you just created.
+1. Under **Policy Rules** select **Configure**.
+1. In the **Policy Rules** screen that appears, select **Add Item**.
+1. In the **Route** window that appears, review the **Select Alerts** drop-down.
+1. Under **Select Alerts** select a filter. Now select **Matching Custom Criteria > Alertname > Configure**. In the screen that appears, use **Exact Match** and copy/paste an alert name from the [NGINX One Console Glossary]({{< ref "/nginx-one/glossary.md#nginx-alerts" >}}).
+1. Select **Apply** to exit the **Alertname** window.
+1. Select **Apply** to exit the **Route** window.
+1. Select **Apply** to exit the **Policy Rules** window.
+1. You can now select the **Add Alert policy** button.
+1. Set the **Action as Send** and select **Apply**.
+
+## Create more alert policies  
+
+Repeat the process described in [Configure Alert Policy](#configure-alert-policy) section. Repeat again if and as needed for all of the alerts in the 
+[NGINX One Console Glossary]({{< ref "/nginx-one/glossary.md#nginx-alerts/" >}}).
+
+## Activate the alert policy
+
+Now to make sure your new policy works, add your new policies to the list of **Active Alert Policies**. To do so:
+
+1. Select **Alerts Management > Active Alert Policies**
+1. Select **Select Active Alert Policies**. 
+1. In the **Select Active Alert Policies** window, select **Add Item**
+1. In the drop-down box that appears, select the Alert Policy that you created. 
+1. Select the **Add Select Active Alert Policies** button.	
+1. Select **Add Item**
+
+You've now set up F5 Distributed Cloud to send you alerts from NGINX One Console, to your email address. When the alert policy identifies an alert, it sends you an email from **alerts@cloud.f5.com**.
+
+## Known issues
+
+When you set up an email alert for a problem, you'll see the alert in:
+
+- The F5 Distributed Cloud Console, under **Notifications > Alerts** in **Audit Logs & Alerts**
+- An email with a subject like **<number> Alert Requires Action**
+
+You may also get a follow-up email with the subject **Alert Resolved**.
+
+> **Important:** Sometimes an **Alert Resolved** email is sent even though the issue is still active.
+To check the current status, go to the NGINX One Console.
+
+For CVEs, the trusted source is:
+- **NGINX One Console > Manage > Instances > `Instance hostname`**
+
+Open the instance dashboard to see the latest list of CVEs. Use the Console, not email, to confirm whether an issue is resolved.
+
+## Summary
+
+In this tutorial, you learned how to:
+
+- Access the NGINX One Console
+- Connect an NGINX instance
+- Configure and activate an alert
+
+You will now receive an email any time the F5 Distributed Cloud sees one or more of the alerts that you configued. 
+
+## Next steps
+
+Now that you have NGINX instances connected to the NGINX One Console, consider reviewing our [use cases]({{< ref "/nginx-one/" >}}) to see how you can easily manage your NGINX instances, draft new configurations, and more.
+Additionally, you can review how to add additional Alert Receivers such as [SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms), [Slack](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-slack), [PagerDuty](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-pagerduty), or with a [webhook](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-webhook).
diff --git a/content/nginx-one/workshops/_index.md b/content/nginx-one/workshops/_index.md
new file mode 100644
index 000000000..944f2b055
--- /dev/null
+++ b/content/nginx-one/workshops/_index.md
@@ -0,0 +1,40 @@
+---
+title: Workshops
+description:
+weight: 710
+url: /nginx-one/workshops
+nd-landing-page: true
+nd-content-type: landing-page
+nd-product: NGINX One
+---
+
+Welcome to the NGINX One Console workshops.
+
+These labs give you hands-on experience using NGINX One Console to connect, manage, and scale your NGINX fleets.
+
+We recommend starting with Lab 1 and Lab 2. Lab 2 sets up the workshop environment with Docker, which you’ll need for the later labs.
+
+
+{{<card-section showAsCards="true">}}
+
+  {{<card title="Lab 1: Get started with NGINX One Console" titleUrl="/nginx-one/workshops/lab1/getting-started-with-nginx-one-console/" icon="flask-conical" >}}
+    Register instances. Learn about managing your NGINX fleet.
+  {{</card>}}
+
+  {{<card title="Lab 2: Run workshop components with Docker" titleUrl="/nginx-one/workshops/lab2/run-workshop-components-with-docker/" icon="flask-conical" >}}
+    Use Docker to spin up the full workshop locally.
+  {{</card>}}
+
+  {{<card title="Lab 3: Explore NGINX One Console and features" titleUrl="/nginx-one/workshops/lab3/explore-nginx-one-console-features/" icon="flask-conical" >}}
+    Take a guided tour of NGINX One Console. Explore dashboards, alerts, and insights while trying out key features.
+  {{</card>}}
+
+  {{<card title="Lab 4: Config Sync Groups" titleUrl="/nginx-one/workshops/lab4/config-sync-groups/" icon="flask-conical" >}}
+    Create and manage Config Sync Groups to apply consistent changes across all your NGINX instances.
+  {{</card>}}
+
+  {{<card title="Lab 5: Upgrade NGINX Plus to the latest version" titleUrl="/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version/" icon="flask-conical" >}}
+    Plan and upgrade NGINX Plus with NGINX One Console workflows, keeping downtime to a minimum.
+  {{</card>}}
+
+{{</card-section>}}
diff --git a/content/nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md b/content/nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md
new file mode 100644
index 000000000..b7a1cf2a7
--- /dev/null
+++ b/content/nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md
@@ -0,0 +1,122 @@
+---
+title: "Lab 1: Get started with NGINX One Console"
+weight: 100
+toc: true
+nd-content-type: tutorial
+nd-product: NGINX-ONE
+---
+
+## Introduction
+
+In this lab, you’ll log in to NGINX One Console, explore its features, and create a data plane key to register NGINX instances.
+
+NGINX One Console is a cloud service in the F5 Distributed Cloud platform. You can use it to:
+
+- Manage all NGINX instances in one place
+- Monitor performance and health metrics
+- Detect security risks, such as expired SSL certificates or known vulnerabilities
+- Track software versions
+- Get performance tips
+
+Instead of switching between tools, you get one dashboard with real-time data and alerts.
+
+---
+
+## What you’ll learn
+
+By the end of this tutorial, you can:
+
+- Open and use NGINX One Console
+- Describe how NGINX One Console works
+- Create, copy, and store a data plane key
+- Revoke or delete a data plane key
+
+---
+
+## Before you begin
+
+You need:
+
+- An F5 Distributed Cloud (XC) account
+- NGINX One service enabled
+- Basic Linux and NGINX knowledge
+
+{{< include "/nginx-one/cloud-access.md" >}}
+
+---
+
+## How NGINX One Console works
+
+NGINX One Console connects to each NGINX instance through **NGINX Agent**, a lightweight process that runs alongside NGINX.  
+
+NGINX Agent enables secure communication with NGINX One Console. It lets you manage configurations remotely, collect and report real-time performance and system metrics, and receive event notifications from your NGINX instance.
+
+You can install NGINX Agent in several ways:
+
+- Use public Docker images of NGINX Open Source with NGINX Agent preinstalled
+- Use public Docker images of NGINX Plus with NGINX Agent preinstalled
+- Install manually with `apt` or `yum`
+- Run the one-line `curl` command provided during registration
+
+When you register a new instance, NGINX One Console gives you a `curl` command to download and install NGINX Agent on your system.
+
+A data plane key is required to connect an instance to NGINX One Console. Once connected, you can monitor and manage the instance from the dashboard.
+
+For more about NGINX Agent, see the [NGINX Agent overview]({{< ref "/nginx-one/agent/overview/about.md" >}}).
+
+---
+
+## Open NGINX One Console
+
+{{< include "/nginx-one/cloud-access-nginx.md" >}}
+
+Until you connect NGINX instances, the NGINX One Console dashboard is empty. After you add instances, the dashboard shows metrics such as availability, version, and usage trends.
+
+---
+
+## Create a data plane key
+
+1. In NGINX One Console, go to **Manage > Data Plane Keys**.
+2. Select **Add Data Plane Key**.
+3. Enter a name for the key.
+4. Set an expiration date, or keep the one-year default.
+5. Select **Generate**.
+6. Copy the key — **you can’t view it again**.
+7. Store the key in a safe place.
+
+You can use the same key to register multiple instances. If you lose it, create a new one.
+
+---
+
+## Revoke a data plane key
+
+1. In NGINX One Console, go to **Manage > Data Plane Keys**.
+2. Find the key you want to revoke.
+3. Select the key.
+4. Choose **Revoke**, and confirm.
+
+---
+
+## Delete a revoked data plane key
+
+You can delete a data plane key only after you revoke it.
+
+1. In NGINX One Console, go to the **Revoked Keys** tab.
+2. Find the key you want to delete.
+3. Select the key.
+4. Choose **Delete Selected**, and confirm.
+
+---
+
+## Next steps
+
+You’re ready to connect your first NGINX instance to NGINX One Console.
+
+Go to [Lab 2: Run workshop components with Docker]({{< ref "nginx-one/workshops/lab2/run-workshop-components-with-docker.md" >}}).
+
+---
+
+## References
+
+- [Create and manage data plane keys]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
+- [NGINX Agent overview]({{< ref "/nginx-one/agent/overview/about.md" >}})
\ No newline at end of file
diff --git a/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md b/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md
new file mode 100644
index 000000000..418ac2087
--- /dev/null
+++ b/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md
@@ -0,0 +1,160 @@
+---
+title: "Lab 2: Run workshop components with Docker"
+weight: 200
+toc: true
+nd-content-type: tutorial
+nd-product: nginx-one
+---
+
+## Introduction
+
+In this lab, you’ll run a demo backend application and several NGINX Open Source and NGINX Plus containers with Docker. The backend application runs in three `nginxinc/ingress-demo` containers, each serving a simple web page. You’ll also connect each NGINX container to the NGINX One Console for management and monitoring.
+
+---
+
+## What you’ll learn
+
+By the end of this tutorial, you can:
+
+- Set environment variables for your data plane key and license
+- Log in to the NGINX private registry
+- Generate self-signed certificates
+- Run Docker Compose to start nine containers
+- Verify your containers in Docker and in NGINX One Console
+
+---
+
+## Before you begin
+
+
+
+Make sure you have:
+
+- {{< include "nginx-one/workshops/xc-account.md" >}}
+- Docker and Docker Compose installed and running
+- An active data plane key from [Lab 1: Get started with NGINX One Console]({{< ref "nginx-one/workshops/lab1/getting-started-with-nginx-one-console.md" >}})
+- A trial or paid NGINX One JWT license (saved as `nginx-repo.jwt`) from [MyF5](https://my.f5.com/manage/s/)
+- Basic Linux and NGINX knowledge
+- Git installed and an SSH key set up for GitHub access
+
+---
+
+## Clone the NGINX documentation repo
+
+1. **Clone the repo via SSH**
+
+   ```shell
+   git clone git@github.com:nginx/documentation.git
+   ```
+
+2. **Change to the Lab 2 directory**
+
+   ```shell
+   cd static/workshops/nginx-one/lab2
+   ```
+
+   This folder contains `compose.yaml` and `generate_certs.sh`.
+
+   {{<icon "download">}} {{<link "/workshops/nginx-one/lab2/compose.yaml" "Download compose.yaml">}}
+
+   {{<icon "download">}} {{<link "/workshops/nginx-one/lab2/generate_certs.sh" "Download generate_certs.sh">}}
+
+---
+
+## Set environment variables
+
+1. **Set your data plane key**
+
+   ```shell
+   export TOKEN="paste-your-data-plane-key-here"
+   echo "$TOKEN"
+   ```
+
+2. **Set your NGINX Plus JWT**
+
+   ```shell
+   export JWT=$(cat path/to/nginx-repo.jwt)
+   echo "$JWT"
+   ```
+
+3. **Give your setup a unique name**
+
+   Replace `your.initials` with something that identifies you (for example, `s.jobs`).
+
+   ```shell
+   export NAME="your.initials"
+   echo "$NAME"
+   ```
+
+---
+
+## Log in to the private registry
+
+Pipe your JWT into Docker login:
+
+```shell
+echo "$JWT" | docker login private-registry.nginx.com \
+--username "$JWT" --password-stdin
+```
+
+You should see **Login Succeeded**.
+
+---
+
+## Generate certificates
+
+Run the script to create self-signed certificates:
+
+```shell
+chmod +x generate_certs.sh
+./generate_certs.sh
+```
+
+This creates `1-day.key`, `1-day.crt`, `30-day.key`, and `30-day.crt` in the `nginx-oss/etc/ssl/nginx` subfolder.
+
+---
+
+## Run Docker Compose
+
+Start all nine containers in detached mode:
+
+```shell
+docker compose up --force-recreate -d
+```
+
+Wait until you see **Started** for each container.
+
+---
+
+## Verify containers
+
+1. **Check Docker**
+
+   ```shell
+   docker ps | grep "$NAME"
+   ```
+
+   You should see nine containers listed.
+
+2. **Check NGINX One Console**
+
+   - Go to the **Instances** page in NGINX One Console
+   - Refresh and search by your `$NAME` (for example, `s.jobs`)
+   - Confirm each instance shows a green **Online** icon
+
+   If you don’t see them, check your `$TOKEN` or generate a new data plane key.
+
+---
+
+## Next steps
+
+Your containers are now up and registered with NGINX One Console.
+
+Go to [Lab 3: Explore NGINX One Console features]({{< ref "nginx-one/workshops/lab3/explore-nginx-one-console-features.md" >}}).
+
+---
+
+## References
+
+- [NGINX One Console docs]({{< ref "/nginx-one/" >}})
+- [NGINX Agent overview]({{< ref "/nginx-one/agent/overview/about.md" >}})
diff --git a/content/nginx-one/workshops/lab3/explore-nginx-one-console-features.md b/content/nginx-one/workshops/lab3/explore-nginx-one-console-features.md
new file mode 100644
index 000000000..15a50a92c
--- /dev/null
+++ b/content/nginx-one/workshops/lab3/explore-nginx-one-console-features.md
@@ -0,0 +1,192 @@
+---
+title: "Lab 3: Explore NGINX One Console features"
+weight: 300
+toc: true
+nd-content-type: tutorial
+nd-product: nginx-one
+---
+
+## Introduction
+
+In this lab, you'll explore and use key NGINX One Console features:
+
+- Overview dashboard  
+- TLS certificate management  
+- Configuration recommendations  
+- CVE scanning  
+- AI Assistant for configuration insights  
+
+You'll see how each feature helps you monitor and secure your NGINX fleet without writing custom scripts.
+
+---
+
+## What you'll learn
+
+By the end of this tutorial, you can:
+
+- Navigate the Overview Dashboard panels  
+- View and filter certificate status  
+- Review and apply configuration recommendations  
+- Investigate CVEs and open details  
+- Use the AI Assistant to explain directives and variables  
+
+---
+
+## Before you begin
+
+Make sure you have:
+
+- {{< include "nginx-one/workshops/xc-account.md" >}}
+- All containers from [Lab 2: Run workshop components with Docker]({{< ref "nginx-one/workshops/lab2/run-workshop-components-with-docker.md" >}}) running and registered  
+- {{< include "workshops/nginx-one-env-variables.md" >}}  
+- Basic NGINX and Linux knowledge  
+
+---
+
+## 1. Overview Dashboard panels
+
+Open NGINX One Console and select **Overview**. Here are the key metrics and what they mean:
+
+<span style="display: inline-block;">
+{{< img src="nginx-one/images/nginx-one-dashboard.png"
+    alt="Overview dashboard showing panels for instance availability, NGINX versions, operating systems, certificates status, configuration recommendations, CVE severity, CPU and memory utilization, disk space usage, unsuccessful response codes, and network usage." >}}
+</span>
+
+- **Instance availability**  
+  - **Online**: NGINX Agent and NGINX are connected and working  
+  - **Offline**: NGINX Agent is running, but NGINX isn't installed, isn't running, or can't connect  
+  - **Unavailable**: NGINX Agent lost connection or instance was removed  
+  - **Unknown**: Current state can't be determined  
+
+- **NGINX versions by instance**  
+  See which NGINX Open Source or NGINX Plus versions your instances are running.  
+
+- **Operating systems**  
+  View the Linux distributions in use.  
+
+- **Certificates**  
+  Monitor SSL certificates, including expiring soon or still valid.  
+
+- **Configuration recommendations**  
+  Get suggestions to improve security, performance, and best practices.  
+
+- **CVEs (Common Vulnerabilities and Exposures)**  
+  Review threats by severity: 
+  
+  - **Major**: fix immediately
+  - **Medium**: play to fix soon
+  - **Low/Minor**: monitor
+  - **Other**: any non-standard categories
+
+- **CPU utilization**  
+  Track which instances use the most CPU over time.  
+
+- **Memory utilization**  
+  Monitor which instances consume the most RAM.  
+
+- **Disk space utilization**  
+  See which instances are nearing full disk capacity.  
+
+- **Unsuccessful response codes**  
+  Spot instances with high counts of HTTP 4xx or 5xx errors.  
+
+- **Top network usage**  
+  Review inbound and outbound network traffic trends.  
+
+---
+
+## 2. Investigate CVEs
+
+Use the **CVEs** panel to investigate vulnerabilities:
+
+1. In the **CVEs** panel, select **High** to list instances with high-severity issues.  
+2. Select your `$NAME-plus1` instance to view CVE details, including ID, severity, and description.  
+3. Select any CVE ID (for example, `CVE-2024-39792`) to open its official page with remediation guidance.  
+4. Switch to the **Security** tab to see every CVE NGINX One tracks, with the number of affected instances.  
+5. Select **View More** next to a CVE name for a direct link to the CVE database.  
+
+---
+
+## 3. Investigate certificates
+
+The **Certificates** panel shows the total number of certificates and their status across all instances.
+
+**Note:** NGINX One only scans certificates that are part of a running NGINX configuration.
+
+Statuses include:
+
+- **Expired**: The certificate expiration date has passed  
+- **Expiring**: The certificate expires within 30 days  
+- **Valid**: The certificate is not near expiration  
+- **Not Ready**: NGINX One can't determine the status  
+
+Steps:
+
+1. In the **Certificates** panel, select **Expiring** to list certificates that will expire soon.  
+2. Select your `$NAME-oss1` instance and switch to the **Unmanaged** tab to see certificate name, status, expiration date, and subject.  
+3. Select a certificate name (for example, `30-day.crt`) to open its details page.  
+4. Scroll to **Placements** to view all instances that use that certificate.  
+
+---
+
+## 4. Configuration recommendations
+
+The **Configuration Recommendations** panel provides suggestions:
+
+- **Orange** = Security  
+- **Green** = Optimization  
+- **Blue** = Best practices  
+
+1. In NGINX One Console, go to **Overview > Dashboard**.  
+2. In the **Configuration Recommendations** panel, select **Security** to view security-related suggestions.  
+3. Select an instance hostname.  
+4. Switch to the **Configuration** tab.  
+5. Select a config file (for example, `cafe.example.com.conf`) to see recommendations by line number.  
+6. Select **Edit Configuration** (pencil icon) to enter edit mode.  
+7. Update the configuration to address each recommendation.  
+8. Select **Next** to preview your changes, then select **Save and Publish** to apply them.  
+
+<span style="display: inline-block;">
+{{< img src="nginx-one/images/config-recommendation.png"
+    alt="Configuration recommendation panel showing a Best Practice warning: 'log should not be set to off on line 34', with a pencil icon to edit." >}}
+</span>
+
+---
+
+## 5. AI Assistant
+
+Highlight any configuration text, such as a directive, variable, or phrase, in a configuration preview and select **Explain with AI**.  
+
+The AI Assistant shows:
+
+- A concise definition of the selected element  
+- Best-practice tips  
+- Guidance on common use cases  
+
+Try it on:
+
+- `stub_status`  
+- `proxy_buffering off`  
+- `$upstream_response_time`  
+
+<span style="display: inline-block;">
+{{< img src="nginx-one/images/ai-assistant.png"
+    alt="AI Assistant panel showing a highlighted $upstream_response_time snippet alongside the assistant's response with Purpose and Guidance headings." >}}
+</span>
+
+{{< call-out "note" "Pro tip:" >}}You can learn about NGINX directives and variables without leaving the Console.{{< /call-out >}}
+
+---
+
+## Next steps
+
+You're ready to apply configuration changes across your fleet using sync groups.
+
+Go to [Lab 4: Config Sync Groups]({{< ref "nginx-one/workshops/lab4/config-sync-groups.md" >}}).
+
+---
+
+## References
+
+- [NGINX One Console docs]({{< ref "nginx-one/" >}})  
+- [CVE.org](https://www.cve.org/)
\ No newline at end of file
diff --git a/content/nginx-one/workshops/lab4/config-sync-groups.md b/content/nginx-one/workshops/lab4/config-sync-groups.md
new file mode 100644
index 000000000..f8eab21a3
--- /dev/null
+++ b/content/nginx-one/workshops/lab4/config-sync-groups.md
@@ -0,0 +1,201 @@
+---
+title: "Lab 4: Config Sync Groups"
+weight: 400
+toc: true
+nd-content-type: tutorial
+nd-product: nginx-one
+---
+
+## Introduction
+
+In this lab, you'll create and manage Config Sync Groups in NGINX One Console. Config Sync Groups keep your NGINX instances in sync with a shared configuration. You'll create a group, add instances, apply a shared config, and fix sync errors.
+
+---
+
+## What you'll learn
+
+By the end of this lab, you can:
+
+- Create a Config Sync Group  
+- Add instances to a Config Sync Group  
+- Update the shared configuration for a Config Sync Group  
+
+---
+
+## Before you begin
+
+Make sure you have:
+
+- {{< include "nginx-one/workshops/xc-account.md" >}}
+- Completed [Lab 2: Run workshop components with Docker]({{< ref "nginx-one/workshops/lab2/run-workshop-components-with-docker.md" >}})  
+- Docker and Docker Compose installed and running  
+- {{< include "workshops/nginx-one-env-variables.md" >}}  
+- Basic familiarity with Linux command line and NGINX concepts  
+
+---
+
+## Exercise 1: Create a Config Sync Group
+
+A Config Sync Group lets you apply one configuration to multiple NGINX instances and keep them in sync.
+
+1. In NGINX One Console, select **Manage > Config Sync Groups**.  
+2. In the **Config Sync Groups** pane, select **Add Config Sync Group**.  
+3. In the form, enter `$NAME-sync-group` in the **Name** field (for example, `s.jobs-sync-group`).  
+4. Select **Create**. The new group appears with **Details** and **Configuration** tabs.  
+   - The **Details** tab shows:
+     - Object ID  
+     - Last publication status and config version ID  
+     - Config Sync Status (for example, Unknown)  
+     - Instance status counts (In Sync, Out of Sync, Offline, Unavailable)  
+5. Switch to the **Configuration** tab to view your group's configuration files. It's empty for now. You'll add one in Exercise 2.
+
+---
+
+## Exercise 2: Add instances to the Config Sync Group
+
+{{< call-out "note" "Note" "" >}}  
+You can mix NGINX Open Source and NGINX Plus instances in one group. Any config feature you use must work on every instance. If you need NGINX Plus-only features, create a separate group.  
+{{</ call-out >}}
+
+When you create a Config Sync Group, it has no shared config. You can add one in two ways:
+
+- **Define config manually**: Select your group, go to the **Configuration** tab, then select **Edit Configuration**. Add or paste your NGINX config, select **Next**, review the diff, and select **Save and Publish**.  
+- **Populate from first instance**: Add one NGINX instance. The console uses that instance's existing config as the group's shared config.  
+
+### Populate group config from first instance
+
+1. Select **Manage > Config Sync Groups**.
+2. Select your `$NAME-sync-group` (for example, `s.jobs-sync-group`).  
+3. On the **Details** tab, in the **Instances** pane, select **Add Instance to Config Sync Group**.  
+4. Select **Register a new instance with NGINX One then add to config sync group**, then select **Next**.  
+5. Select **Use existing key** and paste `$TOKEN` (or your actual data plane key) into the **Data Plane Key** box.  
+6. Select the **Docker Container** tab. The tab shows sample commands. Copy them and modify as follows.  
+
+7. **Log in to the private registry:**
+
+   ```shell
+   echo "$JWT" \
+     | docker login private-registry.nginx.com \
+       --username "$JWT" --password-stdin
+   ```
+
+8. **Pull a Docker image** (replace version as needed). You can select a specific NGINX Plus version, OS type, and OS version. Here, use the R31 Alpine image:
+
+   ```shell
+   docker pull private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522
+   ```
+
+   See [Pulling the image]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pull-the-image" >}}) for details.
+
+9. **Run the container**. Copy the `docker run` command from the user interface and modify it:
+
+   - Replace `YOUR_JWT_HERE` in `--env NGINX_LICENSE_JWT` with `$JWT`  
+   - Replace `YOUR_DATA_PLANE_KEY` in `--env NGINX_AGENT_SERVER_TOKEN` with `$TOKEN`  
+   - Add `--hostname "$NAME-one-manual"` and `--name "$NAME-one-manual"`  
+   - Ensure `--env NGINX_AGENT_INSTANCE_GROUP="$NAME-sync-group"` is set  
+
+   ```shell
+   docker run \
+   --hostname "$NAME-one-manual" \
+   --name "$NAME-one-manual" \
+   --env NGINX_LICENSE_JWT="$JWT" \
+   --env NGINX_AGENT_SERVER_GRPCPORT=443 \
+   --env NGINX_AGENT_SERVER_HOST=agent.connect.nginx.com \
+   --env NGINX_AGENT_SERVER_TOKEN="$TOKEN" \
+   --env NGINX_AGENT_INSTANCE_GROUP="$NAME-sync-group" \
+   --env NGINX_AGENT_TLS_ENABLE=true \
+   --restart always \
+   --runtime runc \
+   -d private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522
+   ```
+
+10. In the **Config Sync Groups** pane, select **Refresh**. The new instance appears and the shared config populates. The first instance added becomes the default config source.  
+11. Select the **Configuration** tab to view the shared config.  
+
+### Add instances using Docker Compose
+
+Instead of registering containers manually, you can set the sync group in your Compose file and restart all containers.
+
+1. Stop the running containers:
+
+   ```shell
+   docker compose down
+   ```
+
+2. Open `compose.yaml` in a text editor.  
+3. Uncomment the lines beginning with:
+
+   ```yaml
+   NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+   ```
+
+4. Restart all containers:
+
+   ```shell
+   docker compose up --force-recreate -d
+   ```
+
+5. In NGINX One Console, select **Refresh**. Instances with `NGINX_AGENT_INSTANCE_GROUP` set appear in the Config Sync Group.  
+6. Instances automatically sync the existing NGINX config. When sync finishes, the **Config Sync Status** shows `In Sync`.  
+
+<span style="display: inline-block;">
+{{< img src="nginx-one/images/config-sync-status.png"
+    alt="Table showing hostnames, NGINX versions, operating systems, availability status, and green In Sync indicators for each instance in the config sync group." >}}
+</span>
+
+---
+
+## Exercise 3: Edit the group config and sync changes
+
+Modify the shared configuration and apply the changes to all group members.
+
+1. Select **Manage > Config Sync Groups**, then choose `$NAME-sync-group` (for example, `s.jobs-sync-group`).  
+2. Select the **Configuration** tab.  
+3. Select **Edit Configuration** (pencil icon).  
+4. In the file list, select `default.conf`.  
+5. In the editor pane, add these lines at 21–24:  
+
+   ```yaml
+   location /test_header {
+       add_header X-Test-App true;
+       return 200 'HTTP/1.1 200 OK\nContent-Type: text/html\n\n<html><body>Welcome to Lab 4 of the NGINX One Console Workshop!</body></html>';
+   }
+   ```
+
+   <span style="display: inline-block;">
+   {{< img src="nginx-one/images/config-sync-edits.png" alt="Editor showing modifications to default.conf with validator status 'NGINX Config OK'." >}}
+   </span>
+
+   The file is marked **modified** and the validator shows **NGINX Config OK**.  
+
+6. Select **Next**, review the diff, then select **Save and Publish**.  
+7. Select the **Details** tab and confirm **Last Publication Status** shows **Succeeded**.  
+8. In the **Instances** table, confirm each host shows **Config Sync Status = In Sync**.  
+9. Test your change by curling any instance's HTTP endpoint. Replace `<HOST>` and `<PORT>` with the values from the Instances table (for example, `localhost:80`):  
+
+   ```shell
+   curl http://localhost:80/test_header
+   ```
+
+   You should see:
+
+   ```text
+   HTTP/1.1 200 OK
+   Content-Type: text/html
+
+   <html><body>Welcome to Lab 4 of the NGINX One Console Workshop!</body></html>
+   ```
+
+---
+
+## Next steps
+
+You're ready to install your NGINX Plus license (JWT) on each instance. This will let you upgrade them to NGINX R34.  
+
+Go to [Lab 5: Upgrade NGINX Plus to the latest version]({{< ref "/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md" >}}).
+
+---
+
+## References
+
+- [NGINX One Console docs]({{< ref "/nginx-one/" >}})
diff --git a/content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md b/content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md
new file mode 100644
index 000000000..5fc03bbc0
--- /dev/null
+++ b/content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md
@@ -0,0 +1,208 @@
+---
+title: "Lab 5: Upgrade NGINX Plus to the latest version"
+weight: 500
+toc: true
+nd-content-type: tutorial
+nd-product: 
+- nginx-one
+- nginx-plus
+---
+
+## Introduction
+
+In this lab, you'll upgrade NGINX Plus from R32 (or earlier) to the latest version.  
+
+There are two scenarios:
+
+- **Docker**: Deploy a new container running the latest NGINX Plus image, add it to your Config Sync Group, then shift traffic and retire older containers.  
+- **VM**: Push your JWT license to an existing VM instance, install the new NGINX Plus package, and restart the service.
+
+Pick the scenario that matches your setup.
+
+---
+
+## What you'll learn
+
+By the end of this lab, you can:
+
+- Deploy a Docker container running the latest NGINX Plus with NGINX Agent installed  
+- Add a VM to a Config Sync Group and push your JWT license  
+- Install or upgrade to the latest NGINX Plus on a VM  
+- Check version and sync status in NGINX One Console  
+- Clean up unavailable instances in NGINX One Console  
+
+---
+
+## Before you begin
+
+Make sure you have:
+
+- {{< include "nginx-one/workshops/xc-account.md" >}}
+- Completed [Lab 4: Config Sync Groups]({{< ref "nginx-one/workshops/lab4/config-sync-groups.md" >}})  
+- Docker and Docker Compose installed and running (for Docker scenario)  
+- A trial or paid NGINX One JWT license (saved as `nginx-repo.jwt`) from [MyF5](https://my.f5.com/manage/s/)  
+- A VM with NGINX Plus R32 (or earlier), SSH access, and NGINX Agent installed (for VM scenario)  
+- {{< include "workshops/nginx-one-env-variables.md" >}}  
+- Basic familiarity with Linux and NGINX  
+
+---
+
+## Scenario A: Upgrade NGINX Plus in Docker
+
+### Exercise A1: Pull and run the latest NGINX Plus image
+
+1. Log in to the private registry:
+
+   ```shell
+   echo "$JWT" | docker login private-registry.nginx.com \
+     --username "$JWT" --password-stdin
+   ```
+
+2. Open `compose.yaml` in a text editor. Uncomment the **plus4** service block (lines 74–95). This block pulls the latest Debian NGINX Plus image with NGINX Agent, and sets your data plane key, JWT, and Config Sync Group.
+
+   ```yaml
+   plus4: # Debian latest NGINX Plus Web / Load Balancer
+       environment:
+         NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+         NGINX_AGENT_SERVER_GRPCPORT: '443'
+         NGINX_AGENT_TLS_ENABLE: 'true'
+         NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+         NGINX_LICENSE_JWT: $JWT
+         NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+       hostname: $NAME-plus4
+       container_name: $NAME-plus4
+       image: private-registry.nginx.com/nginx-plus/agent:debian
+       volumes:
+         - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+         - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+         - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+         - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+       ports:
+         - '80'
+         - '443'
+         - '9000'
+         - '9113'
+       restart: always
+   ```
+
+   {{< call-out "note" "VS Code tip" "" >}}  
+   In VS Code, highlight lines 74–95 and press `Ctrl` + `/` to uncomment.  
+   {{< /call-out >}}
+
+3. Restart your containers:
+
+   ```shell
+   docker compose down && docker compose up --force-recreate -d
+   ```
+
+4. In NGINX One Console, go to **Instances**.  
+5. You should see your new instance (`$NAME-plus4`) in the list (for example, `s.jobs-plus4`).  
+6. Select the instance and confirm it runs the latest versions of NGINX Plus and NGINX Agent.  
+7. The `$NAME-plus4` container joins the `$NAME-sync-group` and inherits the shared config.  
+
+   {{< call-out "note" "Tip" "" >}}  
+   Because new containers in a sync group automatically pick up the shared config, you get a consistent setup across versions. This makes upgrades safer and avoids manual copy-paste steps.  
+   {{< /call-out >}}
+
+### Exercise A2: Delete unavailable containers
+
+When you recreate containers, old entries remain in NGINX One Console. Clean them up:
+
+1. In NGINX One Console, go to **Instances**.  
+2. Select **Add filter > Availability > Unavailable**.  
+3. Select the checkboxes for the unavailable hosts.  
+4. Select **Delete selected**, then confirm.  
+5. Remove the filter by selecting the **X** next to the filter tag.  
+
+<span style="display: inline-block;">
+{{< img src="nginx-one/images/unavailable-instances.png"
+    alt="Table of three NGINX One Console instances filtered to 'Availability = Unavailable.' Shows hostnames, NGINX versions, grey Unavailable icons, and the Delete selected button." >}}
+</span>
+
+---
+
+## Scenario B: Upgrade NGINX Plus on a VM with Config Sync Groups
+
+{{< call-out "note" "Note" >}}  
+These steps cover RHEL, Amazon Linux, CentOS, Oracle Linux, AlmaLinux, Rocky Linux, Debian, and Ubuntu only.  
+{{</ call-out >}}
+
+### Exercise B1: Create a Config Sync Group for VMs
+
+1. In NGINX One Console, go to **Manage > Config Sync Groups**.  
+2. Select **Add Config Sync Group**.  
+3. In the **Name** field, enter `$NAME-sync-group-vm` (for example, `s.jobs-sync-group-vm`), then select **Create**.  
+
+### Exercise B2: Add your VM to the Config Sync Group
+
+1. Select **Manage > Config Sync Groups**, then pick your group's name.  
+2. On the **Details** tab, in the **Instances** pane, select **Add Instance to Config Sync Group**.  
+3. Select **Register a new instance with NGINX One then add to config sync group**, then select **Next**.  
+4. Select **Use existing key**, paste `<your-key>` into the **Data Plane Key** box.  
+5. Copy the pre-filled `curl` command and run it on your VM:
+
+    **Example**:
+
+    ```shell
+    curl https://agent.connect.nginx.com/nginx-agent/install | \
+    DATA_PLANE_KEY="<your-key>" \
+    sh -s -- -y -c "<config-sync-group-name>"
+    ```
+
+6. Back in NGINX One Console, select **Refresh**. Your VM appears in the list with **Config Sync Status = In Sync**.  
+
+### Exercise B3: Enable the NGINX Plus API and dashboard
+
+Add a new configuration file (`/etc/nginx/conf.d/dashboard.conf`) in your group config to enable the NGINX Plus API and dashboard.  
+
+{{< include "use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md" >}}
+
+### Exercise B4: Add your JWT license file
+
+Each instance needs a JWT license before upgrading. Add it in your Config Sync Group so all members inherit it.
+
+1. In NGINX One Console, select **Manage > Config Sync Groups**, then pick your group's name.  
+2. Select the **Configuration** tab, then **Edit Configuration**.  
+3. Select **Add File**, then **New Configuration File**.  
+4. In **File name**, enter `/etc/nginx/license.jwt`.  
+5. Select **Add**.  
+6. Paste the contents of your JWT file into the editor.  
+7. Select **Next**, review the diff, then select **Save and Publish**.  
+
+See [About subscription licenses]({{< ref "solutions/about-subscription-licenses.md" >}}) for details.
+
+### Exercise B5: Upgrade NGINX Plus on your VM
+
+1. Upgrade the NGINX Plus package:
+
+   - **RHEL, Amazon Linux, CentOS, Oracle Linux, AlmaLinux, Rocky Linux**  
+
+     ```shell
+     sudo yum upgrade nginx-plus
+     ```
+
+   - **Debian, Ubuntu**  
+
+     ```shell
+     sudo apt update && sudo apt install nginx-plus
+     ```
+
+2. In NGINX One Console, go to **Manage > Instances**.  
+3. Select your VM instance.  
+4. In the **Instance Details** pane, confirm the NGINX Plus version has been updated.  
+5. If the version doesn’t update right away, refresh the page after a few seconds.  
+
+---
+
+## Next steps
+
+You have upgraded your instances to the latest NGINX Plus.
+
+Go to the [NGINX One documentation]({{< ref "nginx-one/" >}}) for more advanced guides and use cases.  
+
+---
+
+## References
+
+- [NGINX One Console docs]({{< ref "/nginx-one/" >}})  
+- [About subscription licenses]({{< ref "solutions/about-subscription-licenses.md" >}})
diff --git a/content/nginx/_index.md b/content/nginx/_index.md
index b4a62f27c..ef928d074 100644
--- a/content/nginx/_index.md
+++ b/content/nginx/_index.md
@@ -2,8 +2,60 @@
 description: "Documentation for NGINX Open Source and F5 NGINX Plus."
 title: F5 NGINX Plus
 weight: 100
+nd-subtitle: Optimize, secure, and scale your modern apps
+url: /nginx/
+nd-landing-page: true
 cascade:
-  logo: NGINX-Plus-product-icon-RGB.svg
+  logo: NGINX-Plus-product-icon.svg
+nd-content-type: landing-page
+nd-product: NGINX Plus
 ---
+Request your [free 30‑day trial](https://www.nginx.com/free-trial-request) today.
+
+## About
+[//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."
+[//]: # "Use underscores for _italics_, and double asterisks for **bold**."
+[//]: # "Backticks are for `monospace`, used sparingly and reserved mostly for executable names - they can cause formatting problems. Avoid them in tables: use italics instead."
+
+NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.
+
+NGINX Plus adds a range of premium features to address enterprise needs.
+
+## Featured content
+[//]: # "You can add a maximum of three cards: any extra will not display."
+[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
+[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Install NGINX Plus" titleUrl="/nginx/admin-guide/installing-nginx/installing-nginx-plus/" icon="unplug" isFullSize="true">}}
+    Install NGINX Plus on different operating systems.
+  {{</card >}}
+{{</card-section>}}
+
+
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Install NGINX Open Source" titleUrl="/nginx/admin-guide/installing-nginx/installing-nginx-open-source/" >}}
+    Install NGINX Open Source. Compile from source.
+  {{</card>}}
+  {{<card title="Set up HTTP load balancing" titleUrl="/nginx/admin-guide/load-balancer/http-load-balancer/" >}}
+    Keep your servers running.
+  {{</ card >}}
+  {{<card title="Set up a web server" titleUrl="/nginx/admin-guide/web-server/web-server/" >}}
+    Configure NGINX as a web server.
+  {{</card>}}
+  {{<card title="Secure with Single Sign-On" titleUrl="/nginx/admin-guide/security-controls/configuring-oidc/">}}
+    Set up Open ID connect with identity providers.
+  {{</ card >}}
+{{</card-section>}}
+
+
+### More information
+
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="View release notes and updates" titleUrl="/nginx/releases/" icon="clock-alert">}}
+    Get details on new features, bug fixes, and known issues.
+  {{</card>}}
+{{</card-section>}}
 
-Request your [free 30‑day trial](https://www.nginx.com/free-trial-request) today.
\ No newline at end of file
diff --git a/content/nginx/admin-guide/content-cache/content-caching.md b/content/nginx/admin-guide/content-cache/content-caching.md
index 7ebd880a9..dd32adb83 100644
--- a/content/nginx/admin-guide/content-cache/content-caching.md
+++ b/content/nginx/admin-guide/content-cache/content-caching.md
@@ -243,9 +243,9 @@ The initial cache fill operation sometimes takes quite a long time, especially f
 
 NGINX makes it possible to cache such range requests and gradually fill the cache with the [Cache Slice](https://nginx.org/en/docs/http/ngx_http_slice_module.html) module, which divides files into smaller “slices”. Each range request chooses particular slices that cover the requested range and, if this range is still not cached, put it into the cache. All other requests for these slices take the data from the cache.
 
-{{<note>}}
+{{< call-out "note" >}}
 Currently, slicing does not work with [background cache update](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_background_update) as in this case a request will be constructed without byte-range support.
-{{</note>}}
+{{< /call-out >}}
 
 To enable byte‑range caching:
 
diff --git a/content/nginx/admin-guide/dynamic-modules/acme.md b/content/nginx/admin-guide/dynamic-modules/acme.md
new file mode 100644
index 000000000..df8afe2c8
--- /dev/null
+++ b/content/nginx/admin-guide/dynamic-modules/acme.md
@@ -0,0 +1,307 @@
+---
+description: Automates SSL/TLS certificate lifecycle management by enabling direct communication between clients and certificate authorities.
+title: ACME
+toc: true
+weight: 100
+type:
+- how-to
+---
+
+The ACME protocol automates SSL/TLS certificate lifecycle management by enabling direct communication between clients and certificate authorities for issuance, installation, revocation, and replacement of SSL certificates. 
+
+The `nginx-plus-module-acme` module is an [NGINX-authored]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#nginx-authored-dynamic-modules" >}}) dynamic module that implements the automatic certificate management ([ACMEv2](https://www.rfc-editor.org/rfc/rfc8555.html)) protocol.
+
+The source code for the module is available in the official [GitHub repository](https://github.com/nginx/nginx-acme). The official documentation, including module reference and usage examples, is available on the [nginx.org](https://nginx.org/en/docs/http/ngx_http_acme_module.html) website.
+
+
+## Installation
+
+The installation process closely follows the [NGINX Plus installation procedure]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). The module is available as the prebuilt `nginx-plus-module-acme` package for various Linux distributions and can be installed directly from the official NGINX Plus repository. Prior to installation, you need to add the NGINX Plus package repository for your distribution and update the repository metadata.
+
+1.  Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system.
+
+2.  Make sure you have the latest version of NGINX Plus. In Terminal, run the command:
+
+    ```shell
+    nginx -v
+    ```
+
+    Expected output of the command:
+
+    ```shell
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
+    ```
+
+3.  Ensure you have the **nginx-repo.crt** and **nginx-repo.key** files from [MyF5 Customer Portal](https://account.f5.com/myf5) in the **/etc/ssl/nginx/** directory. These files are required for accessing the NGINX Plus repository.
+
+    ```shell
+    sudo cp <downloaded-file-name>.crt /etc/ssl/nginx/nginx-repo.crt && \
+    sudo cp <downloaded-file-name>.key /etc/ssl/nginx/nginx-repo.key
+    ```
+
+    For Alpine, the **nginx-repo.crt** to **/etc/apk/cert.pem** and **nginx-repo.key** files should be added to **/etc/apk/cert.key**. Ensure these files contain only the specific key and certificate as Alpine Linux does not support mixing client certificates for multiple repositories.
+
+    For FreeBSD, the path to these files should also be added to the `/usr/local/etc/pkg.conf` file:
+
+    ```shell
+    PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
+    SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
+    SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
+    ```
+
+4.  Ensure that all required dependencies for your operating system are installed.
+
+    For Amazon Linux 2023, AlmaLinux, CentOS, Oracle Linux, RHEL, and Rocky Linux:
+
+    ```shell
+    sudo dnf update && \
+    sudo dnf install ca-certificates
+    ```
+
+    For Debian:
+
+    ```shell
+    sudo apt update && \
+    sudo apt install apt-transport-https \
+                     lsb-release \
+                     ca-certificates \
+                     wget \
+                     gnupg2 \
+                     debian-archive-keyring
+    ```
+
+    For Ubuntu:
+
+    ```shell
+    sudo apt update  && \
+    sudo apt install apt-transport-https \
+                     lsb-release \
+                     ca-certificates \
+                     wget \
+                     gnupg2 \
+                     ubuntu-keyring
+    ```
+
+    For FreeBSD:
+
+    ```shell
+    sudo pkg update  && \
+    sudo pkg install ca_root_nss
+    ```
+
+5.  Ensure that the NGINX signing key has been added, if required by your operating system.
+
+    For Debian:
+
+    ```shell
+    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \
+    | gpg --dearmor \
+    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+    ```
+
+    For Ubuntu:
+
+    ```shell
+    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+    https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" \
+    | sudo tee /etc/apt/sources.list.d/nginx-plus.list
+    ```
+
+    For Alpine:
+
+    ```shell
+    sudo wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub
+    ```
+
+6.  Ensure that your package management system is configured to pull packages from the NGINX Plus repository. See [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) for details.
+
+7.  Update the repository information and install the `nginx-plus-module-acme` package. In a terminal, run the appropriate command for your operating system.
+
+    For CentOS, Oracle Linux, and RHEL:
+
+    ```shell
+    sudo yum update  && \
+    sudo yum install nginx-plus-module-acme
+    ```
+
+    For Amazon Linux 2023, AlmaLinux, Rocky Linux:
+
+    ```shell
+    sudo dnf update  && \
+    sudo dnf install nginx-plus-module-acme
+    ```
+
+    For Debian and Ubuntu:
+
+    ```shell
+    sudo apt update  && \
+    sudo apt install nginx-plus-module-acme
+    ```
+
+    For Alpine:
+
+    ```shell
+    sudo apk update  && \
+    sudo apk add nginx-plus-module-acme
+    ```
+
+    For FreeBSD:
+
+    ```shell
+    sudo pkg update  && \
+    sudo pkg install nginx-plus-module-acme
+    ```
+
+    The resulting `ngx_http_acme_module.so`  dynamic module will be written to the following directory, depending on your operating system:
+
+   - `/usr/lib64/nginx/modules/` for most Linux distributions
+   - `/usr/lib/nginx/modules` for Debian, Ubuntu, Alpine
+   - `/usr/local/etc/nginx/modules` for FreeBSD
+
+8.  Enable dynamic loading of the module.
+
+    - In a text editor, open the NGINX Plus configuration file (`/etc/nginx/nginx.conf` for Linux or `/usr/local/etc/nginx/nginx.conf` for FreeBSD).
+
+    -  On the top-level (or “`main`”) context, specify the path to the dynamic module with the [`load_module`](https://nginx.org/en/docs/ngx_core_module.html#load_module) directive:
+
+    ```nginx
+    load_module modules/ngx_http_acme_module.so;
+
+    http {
+    #...
+    }
+    ```
+    - Save the configuration file.
+
+9.  Test the NGINX Plus configuration. In a terminal, type-in the command:
+
+    ```shell
+    nginx -t
+    ```
+
+    Expected output of the command:
+
+    ```shell
+    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+    nginx: configuration file /etc/nginx/nginx.conf is successful
+    ```
+
+10. Reload the NGINX Plus configuration to enable the module:
+
+    ```shell
+    nginx -s reload
+    ```
+
+## Configuration
+
+In a text editor, open the NGINX Plus configuration file:
+  - `/etc/nginx/nginx.conf` for Linux
+  - `/usr/local/etc/nginx/nginx.conf` for FreeBSD
+
+
+For a complete list of directives and variables refer to the `ngx_http_acme_module` [official documentation](https://nginx.org/en/docs/http/ngx_http_acme_module.html) and [NGINX ACME module GitHub project](https://github.com/nginx/nginx-acme).
+
+1. To enable ACME functionality, specify the directory URL of the ACME server with the [`uri`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#uri) directive.
+
+   Additionally, you can provide information regarding how to contact the client in case of certificate-related issues or where to store module data with the [`contact`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#contact) and [`state_path`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#state_path) directives.
+
+   ```nginx
+   acme_issuer letsencrypt {
+       uri         https://acme-v02.api.letsencrypt.org/directory;
+       # contact   admin@example.test;
+       state_path  /var/cache/nginx/acme-letsencrypt;
+
+       accept_terms_of_service;
+   }
+   ```
+
+2. If necessary, you can increase the default shared memory zone that stores certificates, private keys, and challenge data for all the configured certificate issuers with the [`acme_shared_zone`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#acme_shared_zone) directive. The default  zone size is `256k`.
+
+   ```nginx
+   acme_shared_zone zone=acme_shared:1M;
+   ```
+
+3. Configure Challenges by defining a listener on port 80 in the nginx configuration to process ACME HTTP-01 challenges:
+
+   ```nginx
+   server {
+       # listener on port 80 is required to process ACME HTTP-01 challenges
+       listen 80;
+
+       location / {
+           #Serve a basic 404 response while listening for challenges
+           return 404;
+        }
+   }
+   ```
+
+4. Automate the issuance or renewal of TLS certificates with the [`acme_certificate`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#acme_certificate) directive in the respective [`server`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) block. The directive requires the list of identifiers (domains) for which the certificates need to be dynamically issued that can be defined with the [`server_name`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive. The [`$acme_certificate`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_acme_certificate_key) and [`$acme_certificate_key`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_acme_certificate_key) variables are used to pass the SSL certificate and key information for the associated domain:
+
+   ```nginx
+   server {
+
+       listen 443 ssl;
+
+       server_name  .example.com;
+
+       acme_certificate letsencrypt;
+
+       ssl_certificate       $acme_certificate;
+       ssl_certificate_key   $acme_certificate_key;
+       ssl_certificate_cache max=2;
+   }
+   ```
+
+   Note that not all values accepted by the [`server_name`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive are valid identifiers. Wildcards and regular expressions are not supported.
+
+
+## Full example
+
+```nginx
+resolver 127.0.0.1:53;
+
+acme_issuer example {
+    uri         https://acme.example.com/directory;
+    # contact   admin@example.test;
+    state_path  /var/cache/nginx/acme-example;
+    accept_terms_of_service;
+}
+
+acme_shared_zone zone=ngx_acme_shared:1M;
+
+server {
+    listen 443 ssl;
+    server_name  .example.test;
+
+    acme_certificate example;
+
+    ssl_certificate       $acme_certificate;
+    ssl_certificate_key   $acme_certificate_key;
+
+    # do not parse the certificate on each request
+    ssl_certificate_cache max=2;
+}
+
+server {
+    # listener on port 80 is required to process ACME HTTP-01 challenges
+    listen 80;
+
+    location / {
+        return 404;
+    }
+}
+```
+
+## More info
+
+- [Native support for ACME blog post](https://blog.nginx.org/blog/native-support-for-acme-protocol)
+
+- [NGINX ACME module GitHub project](https://github.com/nginx/nginx-acme)
+
+- [Official documentation for the NGINX ACME module](https://nginx.org/en/docs/http/ngx_http_acme_module.html)
+
+- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}})
+
+- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}})
+
+- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}})
diff --git a/content/nginx/admin-guide/dynamic-modules/cookie-flag.md b/content/nginx/admin-guide/dynamic-modules/cookie-flag.md
index 7068d1449..96a2ca0f1 100644
--- a/content/nginx/admin-guide/dynamic-modules/cookie-flag.md
+++ b/content/nginx/admin-guide/dynamic-modules/cookie-flag.md
@@ -10,7 +10,7 @@ type:
 - how-to
 ---
 
-{{< note >}} The `nginx-plus-module-cookie-flag` package is no longer available in the NGINX Plus repository.{{< /note >}}
+{{< call-out "note" >}} The `nginx-plus-module-cookie-flag` package is no longer available in the NGINX Plus repository.{{< /call-out >}}
 
 The module was deprecated in [NGINX Plus Release 23]({{< ref "/nginx/releases.md#r23" >}}) and removed in [NGINX Plus Release 26]({{< ref "/nginx/releases.md#r26" >}}). Its functionality has been replaced with natively supported [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive.
 
diff --git a/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md b/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md
index aa75944a8..b8a72b471 100644
--- a/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md
+++ b/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md
@@ -25,6 +25,7 @@ For module‑specific installation and usage instructions, select the correspond
 {{< bootstrap-table "table table-striped table-bordered" >}}
 | Name                            | Description                       | Package name     |
 |---------------------------------|-----------------------------------|--------------------|
+| [ACME](https://github.com/nginx/nginx-acme) | Automatic certificate management ([ACMEv2](https://www.rfc-editor.org/rfc/rfc8555.html)) protocol support. | [`nginx-plus-module-acme`]({{< ref "/nginx/admin-guide/dynamic-modules/acme.md" >}}) |
 | [Brotli](https://github.com/google/ngx_brotli) | Brotli compression support with modules for dynamic compression and for serving pre-compressed `.br` files. | [`nginx-plus-module-brotli`]({{< ref "/nginx/admin-guide/dynamic-modules/brotli.md" >}}) |
 | [Encrypted-Session](https://github.com/openresty/encrypted-session-nginx-module) | AES-256 based encryption/decryption of NGINX variables. | [`nginx-plus-module-encrypted-session`]({{< ref "/nginx/admin-guide/dynamic-modules/encrypted-session.md" >}}) |
 | [FIPS Status Check](https://github.com/ogarrett/nginx-fips-check-module) | Verifies if OpenSSL is operating in FIPS mode. | [`nginx-plus-module-fips-check`]({{< ref "/nginx/admin-guide/dynamic-modules/fips.md" >}})|
@@ -74,6 +75,9 @@ apt-cache search nginx-plus-module
 The output of the command:
 
 ```shell
+nginx-plus-module-acme/stable
+  NGINX Plus ACME dynamic module
+
 nginx-plus-module-auth-spnego/stable
   NGINX Plus 3rd-party kerberos authentication dynamic module
 
diff --git a/content/nginx/admin-guide/dynamic-modules/encrypted-session.md b/content/nginx/admin-guide/dynamic-modules/encrypted-session.md
index a3a90e94a..13abd0e1d 100644
--- a/content/nginx/admin-guide/dynamic-modules/encrypted-session.md
+++ b/content/nginx/admin-guide/dynamic-modules/encrypted-session.md
@@ -78,7 +78,7 @@ After installation you will need to enable and configure the module in F5 NGINX
    }
    ```
 
-   {{< note >}} The directives must be in this order. {{< /note >}}
+   {{< call-out "note" >}} The directives must be in this order. {{< /call-out >}}
 
 2. Perform additional configuration as required by the [module](https://github.com/openresty/encrypted-session-nginx-module).
 
diff --git a/content/nginx/admin-guide/dynamic-modules/geoip.md b/content/nginx/admin-guide/dynamic-modules/geoip.md
index ea44055a9..0685b7e33 100644
--- a/content/nginx/admin-guide/dynamic-modules/geoip.md
+++ b/content/nginx/admin-guide/dynamic-modules/geoip.md
@@ -11,7 +11,7 @@ type:
 
 The GeoIP dynamic module captures information from the client IP address in variables using the MaxMind GeoLite databases.
 
-{{< note >}} MaxMind GeoLite Legacy databases are currently [discontinued](https://blog.maxmind.com/2018/01/discontinuation-of-the-geolite-legacy-databases), MaxMind GeoIP2 or Geolite2 databases and F5 NGINX Plus [GeoIP2 module]({{< ref "geoip2.md" >}}) should be used instead. {{< /note >}}
+{{< call-out "note" >}} MaxMind GeoLite Legacy databases are currently [discontinued](https://blog.maxmind.com/2018/01/discontinuation-of-the-geolite-legacy-databases), MaxMind GeoIP2 or Geolite2 databases and F5 NGINX Plus [GeoIP2 module]({{< ref "geoip2.md" >}}) should be used instead. {{< /call-out >}}
 
 ## Installation
 
@@ -28,7 +28,7 @@ The GeoIP dynamic module captures information from the client IP address in vari
    sudo yum install nginx-plus-module-geoip
    ```
 
-   {{< note >}} Only 7.x version of CentOS, Oracle Linux, and RHEL is supported. {{< /note >}}
+   {{< call-out "note" >}} Only 7.x version of CentOS, Oracle Linux, and RHEL is supported. {{< /call-out >}}
 
 
    For Debian and Ubuntu:
diff --git a/content/nginx/admin-guide/dynamic-modules/geoip2.md b/content/nginx/admin-guide/dynamic-modules/geoip2.md
index 500527fd8..3762411af 100644
--- a/content/nginx/admin-guide/dynamic-modules/geoip2.md
+++ b/content/nginx/admin-guide/dynamic-modules/geoip2.md
@@ -28,7 +28,7 @@ type:
    sudo yum install nginx-plus-module-geoip2
    ```
 
-   {{< note >}} the GeoIP2 module cannot be installed on ppc64le version of CentOS, Oracle Linux, and RHEL. {{< /note >}}
+   {{< call-out "note" >}} the GeoIP2 module cannot be installed on ppc64le version of CentOS, Oracle Linux, and RHEL. {{< /call-out >}}
 
    For Amazon Linux 2023, AlmaLinux, Rocky Linux:
 
diff --git a/content/nginx/admin-guide/dynamic-modules/lua.md b/content/nginx/admin-guide/dynamic-modules/lua.md
index 8f0b237f1..88f2af834 100644
--- a/content/nginx/admin-guide/dynamic-modules/lua.md
+++ b/content/nginx/admin-guide/dynamic-modules/lua.md
@@ -83,7 +83,7 @@ After installation, enable and configure the modules in NGINX Plus configuration
    }
    ```
 
-   {{< note >}} The `ndk_http_module.so` module must be placed first. {{< /note >}}
+   {{< call-out "note" >}} The `ndk_http_module.so` module must be placed first. {{< /call-out >}}
 
 2. Configure additional settings as needed for the modules. For details, see the [`lua-nginx-module`](https://github.com/openresty/lua-nginx-module) and [`stream-lua-nginx-module`](https://github.com/openresty/stream-lua-nginx-module) documentation.
 
diff --git a/content/nginx/admin-guide/dynamic-modules/nginx-waf.md b/content/nginx/admin-guide/dynamic-modules/nginx-waf.md
index 4564ebfb6..ca5c15255 100644
--- a/content/nginx/admin-guide/dynamic-modules/nginx-waf.md
+++ b/content/nginx/admin-guide/dynamic-modules/nginx-waf.md
@@ -9,9 +9,11 @@ type:
 - how-to
 ---
 
-{{< note >}} The `nginx-plus-module-modsecurity` package is no longer available in the NGINX Plus repository.{{< /note >}}
+{{< call-out "note" >}} The `nginx-plus-module-modsecurity` package is no longer available in the NGINX Plus repository.{{< /call-out >}}
 
-The ModSecurity WAF module was deprecated since [NGINX Plus Release 29]({{< ref "/nginx/releases.md#r29" >}}), and is no longer available since [NGINX Plus Release 32]({{< ref "/nginx/releases.md#r32" >}}).
+NGINX ModSecurity WAF officially reached End-of-Sale status on April 1, 2022 ([NGINX Plus Release 29]({{< ref "/nginx/releases.md#r29" >}})), and End-of-Life status on March 31, 2024 ([NGINX Plus Release 32]({{< ref "/nginx/releases.md#r32" >}})).
+
+For more details, [see this blog](https://www.f5.com/company/blog/nginx/f5-nginx-modsecurity-waf-transitioning-to-eol) announcement.
 
 To remove the module, follow the [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) instructions.
 
diff --git a/content/nginx/admin-guide/dynamic-modules/opentelemetry.md b/content/nginx/admin-guide/dynamic-modules/opentelemetry.md
index e3adfbf0f..4b0d5b6fd 100644
--- a/content/nginx/admin-guide/dynamic-modules/opentelemetry.md
+++ b/content/nginx/admin-guide/dynamic-modules/opentelemetry.md
@@ -32,7 +32,7 @@ The installation process closely follows the [NGINX Plus installation procedure]
 
 1.  Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system.
 
-    {{< note >}} The OpenTelemetry module cannot be installed on Amazon Linux 2 LTS and SLES 15 SP5+. {{< /note >}}
+    {{< call-out "note" >}} The OpenTelemetry module cannot be installed on Amazon Linux 2 LTS and SLES 15 SP5+. {{< /call-out >}}
 
 2.  Make sure you have the latest version of NGINX Plus. In Terminal, run the command:
 
@@ -43,7 +43,7 @@ The installation process closely follows the [NGINX Plus installation procedure]
     Expected output of the command:
 
     ```shell
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 3.  Ensure you have the **nginx-repo.crt** and **nginx-repo.key** files from [MyF5 Customer Portal](https://account.f5.com/myf5) in the **/etc/ssl/nginx/** directory. These files are required for accessing the NGINX Plus repository.
diff --git a/content/nginx/admin-guide/dynamic-modules/opentracing.md b/content/nginx/admin-guide/dynamic-modules/opentracing.md
index 967086de3..6e2f9dc14 100644
--- a/content/nginx/admin-guide/dynamic-modules/opentracing.md
+++ b/content/nginx/admin-guide/dynamic-modules/opentracing.md
@@ -12,7 +12,7 @@ type:
 - how-to
 ---
 
-{{< note >}} The `nginx-plus-module-opentracing` package is no longer available in the NGINX Plus repository.{{< /note >}}
+{{< call-out "note" >}} The `nginx-plus-module-opentracing` package is no longer available in the NGINX Plus repository.{{< /call-out >}}
 
 The module was deprecated in [NGINX Plus Release 31]({{< ref "/nginx/releases.md#r31" >}}) and removed in [NGINX Plus Release 34]({{< ref "/nginx/releases.md#r34" >}}). Its functionality has been replaced with the [OpenTelemetry]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module.
 
diff --git a/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md b/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md
index 2dd3a26de..5a159fc04 100644
--- a/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md
+++ b/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md
@@ -36,7 +36,7 @@ The following NGINX Plus status metrics are exported to Prometheus:
 - [Stream Upstreams](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream): `/stream/upstreams/`
 - [Stream Limit Conn](http://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_limit_conn_zone): `/stream/limit_conns/`
 
-{{< note >}} The `state` metric values in [`/http/upstreams/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and [`/stream/upstreams/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream) are converted using the following rule:
+{{< call-out "note" >}} The `state` metric values in [`/http/upstreams/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and [`/stream/upstreams/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream) are converted using the following rule:
 
 
 {{<bootstrap-table "table table-bordered table-striped table-responsive table-sm">}}
@@ -51,7 +51,7 @@ The following NGINX Plus status metrics are exported to Prometheus:
 |"unhealthy" | `6` |
 
 {{</bootstrap-table>}}
-{{< /note >}}
+{{< /call-out >}}
 
 ## Installation {#install}
 
@@ -97,7 +97,7 @@ The following NGINX Plus status metrics are exported to Prometheus:
      sudo pkg install nginx-plus-module-prometheus
      ```
 
-   {{< note >}} The [`nginx-plus-module-njs`]({{< ref "nginscript.md" >}}) module will also be installed together with the module. {{< /note >}}
+   {{< call-out "note" >}} The [`nginx-plus-module-njs`]({{< ref "nginscript.md" >}}) module will also be installed together with the module. {{< /call-out >}}
 
 
 ## Configuration {#conf}
diff --git a/content/nginx/admin-guide/dynamic-modules/set-misc.md b/content/nginx/admin-guide/dynamic-modules/set-misc.md
index 6d681f1d3..d6ff70561 100644
--- a/content/nginx/admin-guide/dynamic-modules/set-misc.md
+++ b/content/nginx/admin-guide/dynamic-modules/set-misc.md
@@ -79,7 +79,7 @@ After installation you will need to enable and configure the module in F5 NGINX
    }
    ```
 
-   {{< note >}} The directives must be in this order. {{< /note >}}
+   {{< call-out "note" >}} The directives must be in this order. {{< /call-out >}}
 
 2. Perform additional configuration as required by the [module](https://github.com/openresty/set-misc-nginx-module).
 
diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
index b47f900e3..a2e6f7a60 100644
--- a/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
+++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
@@ -88,61 +88,13 @@ where:
 
 - the `jq` command is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
 
+### Download your subscription credential files
 
+{{< include "use-cases/credential-download-instructions.md" >}}
 
-### Download the JSON Web Token or NGINX Plus certificate and key {#myf5-download}
+### Set up Docker for the F5 Container Registry
 
-Before you get a container image, you should provide the JSON Web Token file or SSL certificate and private key files provided with your NGINX Plus subscription. These files grant access to the package repository from which the script will download the NGINX Plus package:
-
-{{<tabs name="product_keys">}}
-
-{{%tab name="JSON Web Token"%}}
-{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
-{{% /tab %}}
-
-{{%tab name="SSL"%}}
-1. Log in to the [MyF5](https://my.f5.com) customer portal.
-2. Go to **My Products and Plans** > **Subscriptions**.
-3. Select the product subscription.
-4. Download the **SSL Certificate** and **Private Key** files.
-{{% /tab %}}
-
-{{% /tabs %}}
-
-### Set up Docker for NGINX Plus container registry
-
-Set up Docker to communicate with the NGINX Container Registry located at `private-registry.nginx.com`.
-
-{{<tabs name="docker_login">}}
-
-{{%tab name="JSON Web Token"%}}
-Open the JSON Web Token file previously downloaded from [MyF5](https://my.f5.com) customer portal (for example, `nginx-repo-12345abc.jwt`) and copy its contents.
-
-Log in to the docker registry using the contents of the JSON Web Token file:
-
-```shell
-docker login private-registry.nginx.com --username=<output_of_jwt_token> --password=none
-```
-{{% /tab %}}
-
-{{%tab name="SSL"%}}
-Create a directory and copy your certificate and key to this directory:
-
-```shell
-mkdir -p /etc/docker/certs.d/private-registry.nginx.com
-cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
-cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
-```
-The steps provided are for Linux. For Mac or Windows, see the [Docker for Mac](https://docs.docker.com/docker-for-mac/#add-client-certificates) or [Docker for Windows](https://docs.docker.com/docker-for-windows/#how-do-i-add-client-certificates) documentation. For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/).
-
-Log in to the docker registry:
-
-```shell
-docker login private-registry.nginx.com
-```
-{{% /tab %}}
-
-{{% /tabs %}}
+{{< include "use-cases/docker-registry-instructions.md" >}}
 
 ### Pull the image
 
@@ -192,7 +144,6 @@ For NGINX modules, run:<!-- Is this enough info?-->
 docker pull private-registry.nginx.com/nginx-plus/modules:<version-tag>
 ```
 
-
 {{< include "security/jwt-password-note.md" >}}
 
 ### Push the image to your private registry
@@ -219,7 +170,7 @@ docker push <my-docker-registry>/nginx-plus/base:<version-tag>
 
 ### Run the NGINX Plus container
 
-{{< note >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), the JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /note >}}
+{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), the JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}}
 
 To start the Docker container with NGINX Plus, you will need to pass your JWT license file named `license.jwt` as the `NGINX_LICENSE_JWT` environment variable. If the license file needs to be located in a non-default directory, specify its full path using the `NGINX_LICENSE_PATH` variable (default path: `/etc/nginx/license.jwt`).
 
@@ -335,14 +286,14 @@ To generate a custom NGINX Plus image:
 
     - no files are copied from the Docker host as a container is created: you can add `COPY` definitions to each Dockerfile, or the image you create can be used as the basis for another image
 
-3. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5) and download your *nginx-repo.crt* and *nginx-repo.key* files. For a trial of NGINX Plus, the files are provided with your trial package.
+3. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5). As noted in the [Prerequisites](#prerequisites], download your *nginx-repo.crt*, *nginx-repo.key*, and **JSON Web Token** files. For a trial of NGINX Plus, the files are provided with your trial package.
 
 4. Copy the files to the directory where the Dockerfile is located.
 
 5. Create a Docker image, for example, `nginxplus` (note the final period in the command).
 
     ```shell
-    docker build  --no-cache --secret id=nginx-key,src=nginx-repo.key --secret id=nginx-crt,src=nginx-repo.crt -t nginxplus .
+    docker build --no-cache --secret id=nginx-key,src=nginx-repo.key --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-jwt,src=license.jwt -t nginxplus .
     ```
 
     The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses the version of NGINX Plus from the previously built image from the Docker cache.
diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md
index a56510b8f..c602f874d 100644
--- a/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md
+++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md
@@ -241,7 +241,7 @@ Before installing, check if your operating system and architecture are supported
    Expected output:
     ```shell
     HTTP/1.1 200 OK
-    Server: nginx/1.27.5
+    Server: nginx/1.29.0
     ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -352,7 +352,7 @@ Before installing, check if your operating system and architecture are supported
 
    ```shell
    HTTP/1.1 200 OK
-   Server: nginx/1.27.5
+   Server: nginx/1.29.0
    ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -459,7 +459,7 @@ Before installing, check if your operating system and architecture are supported
 
    ```shell
    HTTP/1.1 200 OK
-   Server: nginx/1.27.5
+   Server: nginx/1.29.0
    ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -553,7 +553,7 @@ Before installing, check if your operating system and architecture are supported
    Expected output:
     ```shell
     HTTP/1.1 200 OK
-    Server: nginx/1.27.5
+    Server: nginx/1.29.0
     ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -671,7 +671,7 @@ Before installing, check if your operating system and architecture are supported
 
     ```shell
     HTTP/1.1 200 OK
-    Server: nginx/1.27.5
+    Server: nginx/1.29.0
     ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -764,7 +764,7 @@ Before installing, check if your operating system and architecture are supported
    Expected output:
     ```shell
     HTTP/1.1 200 OK
-    Server: nginx/1.27.5
+    Server: nginx/1.29.0
     ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -841,7 +841,7 @@ Before installing, check if your operating system and architecture are supported
    Expected output:
     ```shell
     HTTP/1.1 200 OK
-    Server: nginx/1.27.5
+    Server: nginx/1.29.0
     ```
 
    After installation, the following files are available for configuration and troubleshooting:
@@ -1017,9 +1017,9 @@ Download the source files for both the stable and mainline versions from [**ngin
 To download and unpack the source for the latest _mainline_ version, run:
 
 ```shell
-wget https://nginx.org/download/nginx-1.27.5.tar.gz && \
-tar zxf nginx-1.27.5.tar.gz && \
-cd nginx-1.27.5
+wget https://nginx.org/download/nginx-1.29.0.tar.gz && \
+tar zxf nginx-1.29.0.tar.gz && \
+cd nginx-1.29.0
 ```
 
 To download and unpack source files for the latest _stable_ version, run:
diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md
index 497ab477d..a16e00a16 100644
--- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md
+++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md
@@ -38,7 +38,7 @@ To quickly set up an NGINX Plus environment on AWS:
 	/etc/init.d/nginx status
 	```
 
-See [NGINX Plus on the AWS Cloud Quick Start](https://aws.amazon.com/quickstart/architecture/nginx-plus/) deployment guide for details.
+See [NGINX Plus on the AWS Cloud Quick Start](https://aws.amazon.com/blogs/apn/introducing-a-new-aws-quick-start-nginx-plus-on-the-aws-cloud-in-15-minutes/) deployment guide for details.
 
 ## What If I Need Help?
 
diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
index bf36ca1fb..f487fc305 100644
--- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
+++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
@@ -422,6 +422,7 @@ NGINX-authored dynamic modules are developed and officially maintained by the F5
 {{< bootstrap-table "table table-striped table-bordered" >}}
 | Name                            | Description                       | Package name       |
 |---------------------------------|-----------------------------------|--------------------|
+| [ACME](https://github.com/nginx/nginx-acme) | Automatic certificate management ([ACMEv2](https://www.rfc-editor.org/rfc/rfc8555.html)) protocol support. | [`nginx-plus-module-acme`]({{< ref "nginx/admin-guide/dynamic-modules/acme.md" >}}) |
 | [GeoIP](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) | Enables IP-based geolocation using the precompiled MaxMind databases. | [`nginx-plus-module-geoip`]({{< ref "nginx/admin-guide/dynamic-modules/geoip.md" >}}) |
 | [Image-Filter](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html) | Adds on-the-fly support for JPEG, GIF, PNG, and WebP image resizing and cropping. | [`nginx-plus-module-image-filter`]({{< ref "nginx/admin-guide/dynamic-modules/image-filter.md" >}})                   |
 | [njs Scripting Language](https://nginx.org/en/docs/njs/) | Adds JavaScript-like scripting for advanced server-side logic in NGINX configuration file. | [`nginx-plus-module-njs`]({{< ref "nginx/admin-guide/dynamic-modules/nginscript.md" >}}) |
@@ -605,7 +606,7 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
    Expected output of the command:
 
    ```shell
-   nginx version: nginx/1.27.4 (nginx-plus-r34)
+   nginx version: nginx/1.29.0 (nginx-plus-r35)
    ```
 
 1. Prepare the build environment.
@@ -638,10 +639,10 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
 
    - Identify the NGINX Open Source version that corresponds to your version of NGINX Plus. See [NGINX Plus Releases]({{< ref "nginx/releases.md" >}}).
 
-   - Download the sources for the appropriate NGINX Open Source mainline version, in this case 1.27.4:
+   - Download the sources for the appropriate NGINX Open Source mainline version, in this case 1.29.0:
 
      ```shell
-     wget -qO - https://nginx.org/download/nginx-1.27.4.tar.gz | tar zxfv -
+     wget -qO - https://nginx.org/download/nginx-1.29.0.tar.gz | tar zxfv -
      ```
 
 1. Obtain the source for the dynamic module.
@@ -657,7 +658,7 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
    First, establish binary compatibility by running the `configure` script with the `‑‑with‑compat` option. Then compile the module with `make modules`.
 
    ```shell
-   cd nginx-1.27.4/ && \
+   cd nginx-1.29.0/ && \
    ./configure --with-compat --add-dynamic-module=../<MODULE-SOURCES> && \
    make modules
    ```
@@ -676,7 +677,7 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
 1. Make a copy of the module file and include the NGINX Open Source version in the filename. This makes it simpler to manage multiple versions of a dynamic module in the production environment.
 
    ```shell
-   cp objs/ngx_http_hello_world_module.so ./ngx_http_hello_world_module_1.27.4.so
+   cp objs/ngx_http_hello_world_module.so ./ngx_http_hello_world_module_1.29.0.so
    ```
 
 1. Transfer the resulting `.so` file from your build environment to the production environment.
@@ -688,7 +689,7 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
    - `/usr/local/etc/nginx/modules` for FreeBSD
 
    ```shell
-   sudo cp ngx_http_hello_world_module_1.27.4.so /usr/local/nginx/modules/ngx_http_hello_world_module_1.27.4.so
+   sudo cp ngx_http_hello_world_module_1.29.0.so /usr/local/nginx/modules/ngx_http_hello_world_module_1.29.0.so
    ```
 
 After installing the module, you need to enable it in the NGINX Plus configuration file. For more information, see [Enabling Dynamic Modules](#enable_dynamic).
@@ -863,7 +864,7 @@ To install NGINX Plus offline, you will need a machine connected to the Internet
 
 ## Upgrade NGINX Plus {#upgrade}
 
-{{< note >}} Starting from [Release 24]({{< ref "nginx/releases.md#r24" >}}) (R24), NGINX Plus repositories have been separated into individual repositories based on operating system distribution and license subscription. Before upgrading from previous NGINX Plus versions, you must first reconfigure your repositories to point to the correct location. To reconfigure your repository, follow the installation instructions above for your operating system. {{< /note >}}
+{{< call-out "note" >}} Starting from [Release 24]({{< ref "nginx/releases.md#r24" >}}) (R24), NGINX Plus repositories have been separated into individual repositories based on operating system distribution and license subscription. Before upgrading from previous NGINX Plus versions, you must first reconfigure your repositories to point to the correct location. To reconfigure your repository, follow the installation instructions above for your operating system. {{< /call-out >}}
 
 To upgrade your NGINX Plus installation to the newest version:
 
@@ -887,7 +888,7 @@ To upgrade your NGINX Plus installation to the newest version:
 
    {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
 
-   {{< note >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /note >}}
+   {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}}
 
 1. Create the **/etc/nginx/** directory for Linux or the **/usr/local/etc/nginx** directory for FreeBSD:
 
@@ -978,7 +979,7 @@ To upgrade your NGINX Plus installation to the newest version:
    The output of the command:
 
    ```shell
-   nginx version: nginx/1.27.4 (nginx-plus-r34)
+   nginx version: nginx/1.29.0 (nginx-plus-r35)
    ```
 
 ## Upgrade NGINX Plus Modules {#upgrade_modules}
@@ -987,7 +988,7 @@ The upgrade procedure depends on how the module was supplied and installed.
 
 - [NGINX‑authored](#nginx-authored-dynamic-modules) and [NGINX‑certified community](#nginx-certified-community-dynamic-modules) dynamic modules are updated automatically together with NGINX Plus.
 
-  {{< note >}} For FreeBSD, each NGINX‑authored and NGINX‑certified module must be updated separately using FreeBSD package management tool. {{< /note >}}
+  {{< call-out "note" >}} For FreeBSD, each NGINX‑authored and NGINX‑certified module must be updated separately using FreeBSD package management tool. {{< /call-out >}}
 
 - [Community](#community-dynamic-modules) dynamic modules must be recompiled against the corresponding NGINX Open Source  version. See [Installing NGINX Community Modules](#install_modules_oss).
 
diff --git a/content/nginx/admin-guide/monitoring/diagnostic-package.md b/content/nginx/admin-guide/monitoring/diagnostic-package.md
index a58e77b3c..f70d6e9fb 100644
--- a/content/nginx/admin-guide/monitoring/diagnostic-package.md
+++ b/content/nginx/admin-guide/monitoring/diagnostic-package.md
@@ -34,9 +34,9 @@ The script does not collect or create:
 - Lua scripts
 - Core dumps
 
-{{< note >}}
+{{< call-out "note" >}}
 It is highly recommended that you review the script and the created resources and verify that they conform with your organization's data sharing policies.
-{{< /note >}}
+{{< /call-out >}}
 
 
 <span id="oses"></span>
diff --git a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
index 55474230f..7bb5a27b7 100644
--- a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
+++ b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
@@ -27,7 +27,7 @@ NGINX Plus provides various monitoring tools for your server infrastructure:
 
 * * *
 
-[![live activity monitoring](/nginx/images/nginx-plus-dashboard-r34-overview.png)](https://demo.nginx.com/dashboard.html "Live status metrics from NGINX Plus")
+[![live activity monitoring](/nginx/images/nginx-plus-dashboard-r35-overview.png)](https://demo.nginx.com/dashboard.html "Live status metrics from NGINX Plus")
 
 * * *
 
@@ -264,7 +264,7 @@ In the address bar of your browser, type-in the address that corresponds to your
 
 There is also a live demo page from NGINX available at [demo.nginx.com/dashboard.html](https://demo.nginx.com/dashboard.html):
 
-[![live activity monitor](/nginx/images/nginx-plus-dashboard-r34-overview.png)](https://demo.nginx.com/dashboard.html "Live load-balancing status from NGINX Plus")
+[![live activity monitor](/nginx/images/nginx-plus-dashboard-r35-overview.png)](https://demo.nginx.com/dashboard.html "Live load-balancing status from NGINX Plus")
 
 <span id="dashboard_tabs"></span>
 ### Tabs Overview
@@ -398,12 +398,12 @@ The JSON data returned:
 
 ```json
 {
-   "version" : "1.27.4",
-   "build" : "nginx-plus-r34",
+   "version" : "1.29.0",
+   "build" : "nginx-plus-r35",
    "address" : "206.251.255.64",
    "generation" : 14,
-   "load_timestamp" : "2025-04-01T10:00:00.114Z",
-   "timestamp" : "2025-04-01T14:06:36.475Z",
+   "load_timestamp" : "2025-08-01T10:00:00.114Z",
+   "timestamp" : "2025-08-01T14:06:36.475Z",
    "pid" : 2201,
    "ppid" : 92033
 }
@@ -419,8 +419,8 @@ The JSON data returned:
 
 ```json
 {
-   "version" : "1.27.4",
-   "build" : "nginx-plus-r34"
+   "version" : "1.29.0",
+   "build" : "nginx-plus-r35"
 }
 ```
 
@@ -521,16 +521,16 @@ To enable the Swagger UI:
 
 |OpenAPI YAML File/API Version | NGINX Plus Version | Changes |
 | ---| --- | --- |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [33]({{< ref "/nginx/releases.md#r33" >}}), [34]({{< ref "nginx/releases.md#r34" >}})| The [`/license`](https://nginx.org/en/docs/http/ngx_http_api_module.html#license) data were added|
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [30]({{< ref "nginx/releases.md#r30" >}}), [31]({{< ref "nginx/releases.md#r31" >}}), [32]({{< ref "nginx/releases.md#r32" >}}) | The [`/workers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#workers_) data were added|
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v8/nginx_api.yaml) for API version 8 | NGINX Plus Releases [27]({{< ref "nginx/releases.md#r27" >}}), [28]({{< ref "nginx/releases.md#r28" >}}), [29]({{< ref "nginx/releases.md#r29" >}}) | SSL statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object) endpoint|
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v7/nginx_api.yaml) for API version 7 | NGINX Plus Releases [25]({{< ref "nginx/releases.md#r25" >}}), [26]({{< ref "nginx/releases.md#r26" >}}),| The `codes` data in `responses` for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone) were added|
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v6/nginx_api.yaml) for API version 6 | NGINX Plus Releases [20]({{< ref "nginx/releases.md#r20" >}}), [21]({{< ref "nginx/releases.md#r21" >}}), [22]({{< ref "nginx/releases.md#r22" >}}), [23]({{< ref "nginx/releases.md#r23" >}}), [24]({{< ref "nginx/releases.md#r24" >}}) | The [`/stream/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_),  [`/http/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_), and  [`/http/limit_reqs/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) data were added |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v5/nginx_api.yaml) for API version 5 | NGINX Plus Release [19]({{< ref "nginx/releases.md#r19" >}}) | The `expire` parameter of a [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pair can be [set](https://nginx.org/en/docs/http/ngx_http_api_module.html#postHttpKeyvalZoneData) or [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue), the [`/resolvers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) and  [`/http/location_zones/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_location_zones_) data were added |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v4/nginx_api.yaml) for API version 4 | NGINX Plus Release [18]({{< ref "nginx/releases.md#r18" >}}) | The `path` and `method` fields of [nginx error object](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error) were removed. These fields continue to exist in earlier api versions, but show an empty value |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v3/nginx_api.yaml) for API version 3 | NGINX Plus Releases [15]({{< ref "nginx/releases.md#r15" >}}), [16]({{< ref "nginx/releases.md#r16" >}}), [17]({{< ref "nginx/releases.md#r17" >}}) | The [`/stream/zone_sync/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) data were added |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v2/nginx_api.yaml) for API version 2 | NGINX Plus Release [14]({{< ref "nginx/releases.md#r14" >}}) | The [`drain`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server) parameter was added |
-|[{{<fa "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v1/nginx_api.yaml) for API version 1 | NGINX Plus Release [13]({{< ref "nginx/releases.md#r13" >}})| The [`/stream/keyvals/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_) data were added |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [33]({{< ref "/nginx/releases.md#r33" >}}), [34]({{< ref "nginx/releases.md#r34" >}})| The [`/license`](https://nginx.org/en/docs/http/ngx_http_api_module.html#license) data were added|
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [30]({{< ref "nginx/releases.md#r30" >}}), [31]({{< ref "nginx/releases.md#r31" >}}), [32]({{< ref "nginx/releases.md#r32" >}}) | The [`/workers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#workers_) data were added|
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v8/nginx_api.yaml) for API version 8 | NGINX Plus Releases [27]({{< ref "nginx/releases.md#r27" >}}), [28]({{< ref "nginx/releases.md#r28" >}}), [29]({{< ref "nginx/releases.md#r29" >}}) | SSL statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object) endpoint|
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v7/nginx_api.yaml) for API version 7 | NGINX Plus Releases [25]({{< ref "nginx/releases.md#r25" >}}), [26]({{< ref "nginx/releases.md#r26" >}}),| The `codes` data in `responses` for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone) were added|
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v6/nginx_api.yaml) for API version 6 | NGINX Plus Releases [20]({{< ref "nginx/releases.md#r20" >}}), [21]({{< ref "nginx/releases.md#r21" >}}), [22]({{< ref "nginx/releases.md#r22" >}}), [23]({{< ref "nginx/releases.md#r23" >}}), [24]({{< ref "nginx/releases.md#r24" >}}) | The [`/stream/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_),  [`/http/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_), and  [`/http/limit_reqs/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) data were added |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v5/nginx_api.yaml) for API version 5 | NGINX Plus Release [19]({{< ref "nginx/releases.md#r19" >}}) | The `expire` parameter of a [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pair can be [set](https://nginx.org/en/docs/http/ngx_http_api_module.html#postHttpKeyvalZoneData) or [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue), the [`/resolvers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) and  [`/http/location_zones/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_location_zones_) data were added |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v4/nginx_api.yaml) for API version 4 | NGINX Plus Release [18]({{< ref "nginx/releases.md#r18" >}}) | The `path` and `method` fields of [nginx error object](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error) were removed. These fields continue to exist in earlier api versions, but show an empty value |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v3/nginx_api.yaml) for API version 3 | NGINX Plus Releases [15]({{< ref "nginx/releases.md#r15" >}}), [16]({{< ref "nginx/releases.md#r16" >}}), [17]({{< ref "nginx/releases.md#r17" >}}) | The [`/stream/zone_sync/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) data were added |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v2/nginx_api.yaml) for API version 2 | NGINX Plus Release [14]({{< ref "nginx/releases.md#r14" >}}) | The [`drain`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server) parameter was added |
+|[{{<icon "download">}}OpenAPI v2](/nginx/admin-guide/yaml/v1/nginx_api.yaml) for API version 1 | NGINX Plus Release [13]({{< ref "nginx/releases.md#r13" >}})| The [`/stream/keyvals/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_) data were added |
 
 {{</bootstrap-table>}}
 
diff --git a/content/nginx/admin-guide/security-controls/configuring-oidc.md b/content/nginx/admin-guide/security-controls/configuring-oidc.md
index b9281f3e7..ef586336e 100644
--- a/content/nginx/admin-guide/security-controls/configuring-oidc.md
+++ b/content/nginx/admin-guide/security-controls/configuring-oidc.md
@@ -98,6 +98,10 @@ The setup steps are similar for most identity providers, but some details may di
 
    - the `.well-known/openid-configuration` is the default address for IdPs for the `.well-known` document
 
+   - the `userinfo_endpoint` is URI that a user visits to start an RP‑initiated logout flow.
+
+   - the `end_session_endpoint` is the URL where your IdP should redirect the user after a successful logout.
+
    The IdP configuration metadata is returned in the JSON format, for example:
 
    ```json
@@ -107,12 +111,16 @@ The setup steps are similar for most identity providers, but some details may di
        "authorization_endpoint": "https://your-idp-domain/idp/oauth2/authorize/",
        "token_endpoint": "https://your-idp-domain/idp/oauth2/token/",
        "jwks_uri": "https://your-idp-domain/idp/discovery/keys",
+       "userinfo_endpoint": "https://your-idp-domain/idp/userinfo",
+       "end_session_endpoint": "https://your-idp-domain/idp/oauth2/logout",
        ...
    }
    ```
 
   Copy the **issuer** value. You will need it later when [configuring NGINX Plus as the Relying Party](#setup-oidc-provider2).
 
+5. Configure a logout URI - a URI that a user visits to initiate an RP‑initiated logout flow, for example, `https://demo.example.com/post_logout/`. (Optional, supported since [NGINX Plus R35](({{< ref "nginx/releases.md#r35" >}}))).
+
 
 ## Configure the Relying Party (NGINX Plus) {#rp-setup}
 
@@ -123,10 +131,10 @@ With your IdP configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained from your IdP Provider.
@@ -289,6 +297,14 @@ http {
         client_id <client_id>;
         client_secret <client_secret>;
 
+        # RP‑initiated logout
+        logout_uri        /logout;
+        post_logout_uri   https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
+
         # If the .well-known endpoint cannot be derived automatically,
         # specify config_url:
         # config_url https://<idp-server>/auth/realms/main/.well-known/openid-configuration;
@@ -297,7 +313,7 @@ http {
     server {
         listen 443 ssl;
         server_name demo.example.com;
-x
+
         ssl_certificate     /etc/ssl/certs/fullchain.pem;
         ssl_certificate_key /etc/ssl/private/key.pem;
 
@@ -312,6 +328,11 @@ x
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+            location /post_logout/ {
+                return 200 "You have been logged out.\n";
+                default_type text/plain;
+            }
     }
 
     server {
@@ -352,6 +373,8 @@ Upon successful sign-in, the IdP redirects you back to NGINX Plus, and you will
 
 ## See Also {#see-also}
 
+- [Simplifying OIDC and SSO with the New NGINX Plus R34 OIDC Module blog post](https://community.f5.com/kb/technicalarticles/simplifying-oidc-and-sso-with-the-new-nginx-plus-r34-oidc-module/340552)
+
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
 - [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
diff --git a/content/nginx/admin-guide/yaml/v9/nginx_api.yaml b/content/nginx/admin-guide/yaml/v9/nginx_api.yaml
index b47c2fced..63d71b8c9 100644
--- a/content/nginx/admin-guide/yaml/v9/nginx_api.yaml
+++ b/content/nginx/admin-guide/yaml/v9/nginx_api.yaml
@@ -4776,6 +4776,10 @@ definitions:
             type: integer
             description: The number of seconds before traffic processing is stopped after unsuccessful report attempt.
             readOnly: true
+          uuid:
+            type: string
+            description: The ID of NGINX Plus instance in the UUID format.
+            readOnly: true
     example:
       eval: false
       active_till: 1749268757
@@ -4783,6 +4787,7 @@ definitions:
         healthy: true
         fails: 2
         grace: 15551961
+        uuid: 13754cba-29fb-53e5-c32e-a6cf57c84b01
   NginxWorker:
     title: Worker process
     description: |
diff --git a/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md b/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md
index d20aa3c6a..a0f0bce52 100644
--- a/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md
+++ b/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md
@@ -36,12 +36,12 @@ To complete this guide, you need the following:
 
 1. In the **Instance Type** section, choose an appropriate instance type. The screenshot shows the **t2.micro** instance type selected by default. This type is sufficient for demo purposes.
 
-   {{<note >}}At the time of publication, AWS offered 750 hours of free usage each month for this instance type. This applies during your first year with an AWS account. Keep in mind, though, that several NGINX instances running all day will use the free 750 hours up quickly. For example, 6 instances will use them in just over 5 days. If you use 8 instances, you'll hit the limit in under 4 days.{{</note>}}
+   {{< call-out "note" >}}At the time of publication, AWS offered 750 hours of free usage each month for this instance type. This applies during your first year with an AWS account. Keep in mind, though, that several NGINX instances running all day will use the free 750 hours up quickly. For example, 6 instances will use them in just over 5 days. If you use 8 instances, you'll hit the limit in under 4 days.{{< /call-out >}}
 
    {{< img src="/img/aws/aws-nlb-instance-choose-type.png" alt="Screenshot of Instance Type on the EC2 Launch Instance page">}}
 
 1. In the **Key pair (login)** section, select an existing key pair or create a new one. If you choose **Create new key pair**, a window appears, allowing you to download the key pair.
-   {{<note>}} It's best practice — and necessary in production — to create a separate key for each EC2 instance. This way, if a key is compromised, only that one instance is at risk.{{</note>}}
+   {{< call-out "note" >}} It's best practice — and necessary in production — to create a separate key for each EC2 instance. This way, if a key is compromised, only that one instance is at risk.{{< /call-out >}}
 
 1. Scroll to the **Network settings** section. You can keep the default **VPC** and **Subnet** settings. Under **Firewall (Security Groups),** either create a new security group or use an existing one.
    - If this is your first setup, keep **Create security group** selected.
diff --git a/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md b/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md
index 9929a6858..c8ec870c7 100644
--- a/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md
+++ b/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md
@@ -56,7 +56,7 @@ Together, these provide an HA, all-active NGINX and NGINX Plus solution.
 
 AWS NLB uses a flow hash routing algorithm to balance traffic and handle Layer 4 TCP connections. AWS NLB listens for incoming connections as defined by its listeners. Each listener forwards a new connection to one of the available instances in a target group. AWS NLB uses the flow hash routing algorithm to chose an available instance.
 
-{{< note >}} By default, an AWS NLB uses a DNS name with a dynamic IP address. As an option, you can attach an Elastic IP address to the AWS NLB. This ensures that the AWS NLB is always reachable at the same IP address.  {{< /note >}}
+{{< call-out "note" >}} By default, an AWS NLB uses a DNS name with a dynamic IP address. As an option, you can attach an Elastic IP address to the AWS NLB. This ensures that the AWS NLB is always reachable at the same IP address.  {{< /call-out >}}
 
 These instructions assume a target group consists of two NGINX Plus load balancer instances. You can register an unlimited number of instances in the target group. Or, you can use an [AWS Auto Scaling group](https://aws.amazon.com/autoscaling/) to dynamically adjust the number of NGINX Plus instances.
 
@@ -248,7 +248,7 @@ The deployed solution in these instructions uses six EC2 instances. Two instance
 
 *Step‑by‑step* instructions for creating EC2 instances and installing NGINX Open Source and NGINX Plus are available. Refer to our deployment guide, [Creating Amazon EC2 Instances for NGINX Open Source and NGINX Plus]({{< ref "/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md" >}}).
 
-{{< note >}} When installing NGINX Open Source or NGINX Plus, you connect to each instance over SSH. To save time, leave the SSH connection to each instance open after installing the software. This way, you can reuse the connection when configuring the instance. {{< /note >}}
+{{< call-out "note" >}} When installing NGINX Open Source or NGINX Plus, you connect to each instance over SSH. To save time, leave the SSH connection to each instance open after installing the software. This way, you can reuse the connection when configuring the instance. {{< /call-out >}}
 
 Assign the following names to the instances, then install the indicated NGINX software. The screenshot below shows the resulting **Instances** table.
 
@@ -303,7 +303,7 @@ You can automate set up of the six instances described in these instructions. Au
 
 These scripts also create a new set of networking rules and security group settings. These rules and settings help avoid conflicts with any pre‑existing network settings. After you run the scripts, continue to the [instructions for creating an AWS NLB](#nlb-configure). No further setup is required.
 
-{{< note >}} These scripts also create a new VPC. They do not use the default VPC described in the [instructions in our Deployment Guide]({{< ref "/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md" >}}).  {{< /note >}}
+{{< call-out "note" >}} These scripts also create a new VPC. They do not use the default VPC described in the [instructions in our Deployment Guide]({{< ref "/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md" >}}).  {{< /call-out >}}
 
 To run the scripts, follow these instructions:
 
diff --git a/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md b/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md
index 8f710bad2..e1ff4f6b3 100644
--- a/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md
+++ b/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md
@@ -12,7 +12,7 @@ type:
 
 This guide explains how to use NGINX Open Source or F5 NGINX Plus with NGINX Ingress Controller for Amazon Elastic Kubernetes Services (EKS).
 
-{{< note >}} These instructions apply to NGINX Ingress Controller with NGINX Open Source or NGINX Plus. For ease of reading, the document refers to NGINX Plus only. {{< /note >}}
+{{< call-out "note" >}} These instructions apply to NGINX Ingress Controller with NGINX Open Source or NGINX Plus. For ease of reading, the document refers to NGINX Plus only. {{< /call-out >}}
 
 
 <span id="prereqs"></span>
@@ -23,7 +23,7 @@ This guide explains how to use NGINX Open Source or F5 NGINX Plus with NGINX Ing
   - For NGINX Open Source you can use the pre-built image [on DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/). You can also build your own image.
   - For NGINX Plus, you must [build an image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/).
 
-{{< note >}}  Never upload your NGINX Plus Ingress Controller images to a public repository such as Docker Hub. Doing so violates your license agreement.  Run the `make container` command below. {{< /note >}}
+{{< call-out "note" >}}  Never upload your NGINX Plus Ingress Controller images to a public repository such as Docker Hub. Doing so violates your license agreement.  Run the `make container` command below. {{< /call-out >}}
 
 ```shell
 make container DOCKERFILE=DockerfileForPlus PREFIX=nginx/nginx-plus-ingress
diff --git a/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md b/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md
index efa454958..aff3f6646 100644
--- a/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md
+++ b/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md
@@ -11,14 +11,14 @@ nd-docs: DOCS-1683
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Microsoft Active Directory Federation Services](https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services) (AD FS) as the Identity Provider (IdP) and NGINX Plus as the Relying Party (RP), or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
 
 - A Microsoft AD FS instance, either on-premises or in [Azure](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs), with administrator privileges.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -57,6 +57,18 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
    - Select **Next** to complete the steps for adding the application group.
 
+### Configure Logout URLs
+
+After creating the application group, you need to configure the logout URLs to support RP-initiated logout:
+
+1. In **AD FS Management**, navigate to **Application Groups** and select your application group.
+
+2. Right-click on the application group and select **Properties**.
+
+3. In the **Properties** dialog, add the post logout redirect URI to the application configuration:
+
+   - Add the post logout URL, for example: `https://demo.example.com/post_logout/`.
+
 ### Get the OpenID Connect Discovery URL
 
 Check the OpenID Connect endpoint URL. By default, AD FS publishes the `.well-known/openid-configuration` document at the following address:
@@ -86,6 +98,8 @@ Check the OpenID Connect endpoint URL. By default, AD FS publishes the `.well-kn
        "authorization_endpoint": "https://adfs-server-address/adfs/oauth2/authorize/",
        "token_endpoint": "https://adfs-server-address/adfs/oauth2/token/",
        "jwks_uri": "https://adfs-server-address/adfs/discovery/keys",
+       "userinfo_endpoint": "https://adfs-server-address/adfs/userinfo",
+       "end_session_endpoint": "https://adfs-server-address/adfs/oauth2/logout",
        ...
    }
    ```
@@ -96,12 +110,12 @@ Check the OpenID Connect endpoint URL. By default, AD FS publishes the `.well-kn
    `https://adfs-server-address/adfs`.
 
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 
 ## Set up NGINX Plus {#nginx-plus-setup}
 
-With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as the Rely Party (RP) application &mdash; a client service that verifies user identity.
+With AD FS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as the Rely Party (RP) application &mdash; a client service that verifies user identity.
 
 
 1.  Ensure that you are using the latest version of NGINX Plus by running the `nginx -v` command in a terminal:
@@ -109,10 +123,10 @@ With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [AD FS Configuration](#adfs-setup).
@@ -154,16 +168,29 @@ With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
 
       The `issuer` is typically your AD FS OIDC URL. By default, NGINX forms the provider metadata endpoint by appending `.well-known/openid-configuration` to the issuer. For AD FS, this often resolves to `https://adfs-server-address/adfs/.well-known/openid-configuration`. If your AD FS issuer differs from `https://adfs-server-address/adfs` (for example, a custom path), you can explicitly specify the metadata document with the [`config_url`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#config_url) directive.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where AD FS should redirect the user after a successful logout. This value **must also be configured** in the AD FS application properties.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to AD FS.
+      This directive is **optional**, however, if it is omitted the AD FS may display an extra confirmation page asking the user to approve the logout request.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/userinfo` from the AD FS and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider adfs {
-            issuer        https://adfs.example.com/adfs;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://adfs.example.com/adfs;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -195,7 +222,7 @@ With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     }
     ```
 
-8.  Protect this [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) with AD FS OIDC by specifying the [`auth_oidc`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#auth_oidc) directive that will point to the `afds` configuration specified in the [`oidc_provider {}`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#oidc_provider) context in [Step 5](#adfs-setup-oidc-provider):
+8.  Protect this [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) with AD FS OIDC by specifying the [`auth_oidc`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#auth_oidc) directive that will point to the `adfs` configuration specified in the [`oidc_provider {}`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#oidc_provider) context in [Step 5](#adfs-setup-oidc-provider):
 
     ```nginx
     # ...
@@ -237,7 +264,18 @@ With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -250,7 +288,7 @@ With AF DS configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -273,6 +311,14 @@ http {
         # Replace with your actual AD FS Client ID and Secret
         client_id     <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -293,9 +339,15 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
+        # Simple test upstream server
         listen 8080;
 
         location / {
@@ -310,7 +362,11 @@ http {
 
 1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the AD FS sign-in page.
 
-2. Enter valid AD FS credentials of a user who has access the application. Upon successful sign-in, AD FS redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+2. Enter valid AD FS credentials of a user who has access the application. Upon successful sign-in, AD FS redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; AD FS ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to AD FS for a fresh sign‑in, proving the session has been terminated.
 
 
 ## Legacy njs-based AD FS Solution {#legacy-njs-guide}
@@ -322,9 +378,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
+- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
\ No newline at end of file
diff --git a/content/nginx/deployment-guides/single-sign-on/auth0.md b/content/nginx/deployment-guides/single-sign-on/auth0.md
index 316596ed5..ca4070a20 100644
--- a/content/nginx/deployment-guides/single-sign-on/auth0.md
+++ b/content/nginx/deployment-guides/single-sign-on/auth0.md
@@ -11,14 +11,14 @@ nd-docs: DOCS-1686
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Auth0](https://auth0.com/features/single-sign-on) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
 
 - An [Auth0](https://auth0.com/) tenant with administrator privileges.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -45,10 +45,14 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
 6. On the **Application URIs** section of your application:
 
-   - Add the URI NGINX Plus callback URI in the **Allowed Callback URLs** field, for example:
+   - Add the NGINX Plus callback URI in the **Allowed Callback URLs** field, for example:
 
      `https://demo.example.com/oidc_callback`.
 
+   - Add the post logout URL in the **Allowed Logout URLs** field, for example:
+
+     `https://demo.example.com/post_logout/`.
+
 ### Get the OpenID Connect Discovery URL
 
 Check the OpenID Connect Discovery URL. By default, Auth0 publishes the `.well-known/openid-configuration` document at the following address:
@@ -80,6 +84,8 @@ Check the OpenID Connect Discovery URL. By default, Auth0 publishes the `.well-k
        "authorization_endpoint": "https://{yourTenantId}.us.auth0.com/oauth/token",
        "token_endpoint": "https://{yourTenantId}.us.auth0.com/oauth/token",
        "jwks_uri": "https://{yourTenantId}.us.auth0.com/.well-known/jwks.json",
+       "userinfo_endpoint": "https://{yourTenantId}.us.auth0.com/userinfo",
+       "end_session_endpoint": "https://{yourTenantId}.us.auth0.com/oidc/logout",
        ...
    }
    ```
@@ -87,7 +93,7 @@ Check the OpenID Connect Discovery URL. By default, Auth0 publishes the `.well-k
    <span id="auth0-setup-issuer"></span>
 2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for Auth0 is `https://yourTenantId.us.auth0.com/` (including the trailing slash). To verify the accuracy of the endpoints, refer to the [Auth0 official documentation](https://auth0.com/docs/get-started/applications/configure-applications-with-oidc-discovery).
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 
 ## Set up NGINX Plus {#nginx-plus-setup}
@@ -99,10 +105,10 @@ With Auth0 configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [Auth0 Configuration](#auth0-setup).
@@ -144,8 +150,17 @@ With Auth0 configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     - The **Issuer** URL obtained in [Auth0 Configuration](#auth0-create) with the [`issuer`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive
 
       The `issuer` is typically your Auth0 OIDC URL. For Auth0, a trailing slash is included, for example: `https://yourTenantId.us.auth0.com/`.
+    
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Auth0 should redirect the user after a successful logout. This value **must also be whitelisted** in **Allowed Logout URLs** on the Auth0 side.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user’s ID token as a *hint* to Auth0.
+      This directive is **optional**, however, if it is omitted the Auth0 may display an extra confirmation page asking the user to approve the logout request.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/userinfo` from the Auth0 and append the claims from userinfo to the `$oidc_claims_` variables.
 
-     - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
 
 
     ```nginx
@@ -153,9 +168,13 @@ With Auth0 configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider auth0 {
-            issuer        https://yourTenantId.us.auth0.com/;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://yourTenantId.us.auth0.com/;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -224,7 +243,17 @@ With Auth0 configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -237,7 +266,7 @@ With Auth0 configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as t
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -258,6 +287,14 @@ http {
         # Replace with your actual Client ID and Secret from Auth0
         client_id <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -277,6 +314,11 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
@@ -297,6 +339,9 @@ http {
 
 2. Enter valid Auth0 credentials of a user who has access the application. Upon successful sign-in, Auth0 redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
 
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Auth0 ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to Auth0 for a fresh sign‑in, proving the session has been terminated.
 
 ## Legacy njs-based Auth0 Solution {#legacy-njs-guide}
 
@@ -307,9 +352,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
 - Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
diff --git a/content/nginx/deployment-guides/single-sign-on/cognito.md b/content/nginx/deployment-guides/single-sign-on/cognito.md
index 1ea0a7994..eef6a5633 100644
--- a/content/nginx/deployment-guides/single-sign-on/cognito.md
+++ b/content/nginx/deployment-guides/single-sign-on/cognito.md
@@ -11,7 +11,7 @@ nd-docs: DOCS-1685
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Amazon Cognito](https://aws.amazon.com/cognito/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
@@ -20,7 +20,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
 - A Cognito **User Pool**
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -31,7 +31,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
 2. In the Cognito dashboard, select **Create or open a User Pool**.
 
-3. **Create an App Client** (for example, “nginx-demo-app”) and **enable the “Generate client secret”** option.
+3. **Create an App Client** (for example, "nginx-demo-app") and **enable the "Generate client secret"** option.
 
 4. In the App client settings, select **Enable Cognito User Pool** as an **Identity Provider**:
 
@@ -41,9 +41,13 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
     - In the **OAuth scopes**, check the values of **openid**, **profile**, and **email**.
 
-5. Copy the following values &mdash; you will need them later when configuring NGINX Plus.
+5. Configure logout URLs to support RP-initiated logout:
 
-   - **User Pool ID**, for example, `us-east-2_abCdEfGhI`
+    - Add a **Sign out URL**: `https://demo.example.com/post_logout/`.
+
+6. Copy the following values &mdash; you will need them later when configuring NGINX Plus.
+
+   - **User Pool ID**, for example, `us-east-2_abCdEfGhI`
 
    - **App client id** and **App client secret**
 
@@ -51,7 +55,46 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
    - **Issuer**, for example, `https://cognito-idp.<region>.amazonaws.com/<User Pool ID>`
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+### Get the OpenID Connect Discovery URL
+
+Check the OpenID Connect Discovery URL. By default, Amazon Cognito publishes the `.well-known/openid-configuration` document at the following address:
+
+`https://cognito-idp.<region>.amazonaws.com/<User Pool ID>/.well-known/openid-configuration`.
+
+1. Run the following `curl` command in a terminal:
+
+   ```shell
+   curl https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI/.well-known/openid-configuration | jq
+   ```
+   where:
+
+   - the `cognito-idp.us-east-2.amazonaws.com` is your Amazon Cognito server address
+
+   - the `us-east-2_abCdEfGhI` is your User Pool ID
+
+   - the `/.well-known/openid-configuration` is the default address for Amazon Cognito for document location
+
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
+
+
+   The configuration metadata is returned in the JSON format:
+
+   ```json
+   {
+       ...
+       "issuer": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI",
+       "authorization_endpoint": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI/oauth2/authorize",
+       "token_endpoint": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI/oauth2/token",
+       "jwks_uri": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI/.well-known/jwks.json",
+       "userinfo_endpoint": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI/oauth2/userInfo",
+       "end_session_endpoint": "https://your-cognito-domain.auth.us-east-2.amazoncognito.com/logout",
+       ...
+   }
+   ```
+
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for Amazon Cognito is `https://cognito-idp.<region>.amazonaws.com/<User Pool ID>`.
+
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 
 ## Set up NGINX Plus {#nginx-plus-setup}
@@ -63,10 +106,10 @@ With Cognito configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [Cognito Configuration](#cognito-setup).
@@ -113,16 +156,25 @@ With Cognito configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as
 
         By default, NGINX Plus creates the metadata URL by appending the `/.well-known/openid-configuration` part to the Issuer URL. If your Issuer is different, you can explicitly specify the metadata document with the [`config_url`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#config_url) directive.
 
-     - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Amazon Cognito should redirect the user after a successful logout. This value **must also be configured** in the Cognito App client sign out URLs.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/oauth2/userInfo` from the Amazon Cognito and append the claims from userinfo to the `$oidc_claims_` variables.
+
+     - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider cognito {
-            issuer        https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://cognito-idp.us-east-2.amazonaws.com/us-east-2_abCdEfGhI;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            userinfo          on;
         }
 
         # ...
@@ -193,7 +245,18 @@ With Cognito configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -201,12 +264,12 @@ With Cognito configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nCognito sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -228,6 +291,13 @@ http {
         # Your Cognito "App client id" and "App client secret"
         client_id <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -248,13 +318,19 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nCognito sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -265,7 +341,11 @@ http {
 
 1. Open https://demo.example.com/ in a browser. You will be automatically redirected to Amazon Cognito login page for your realm.
 
-2. Enter valid Cognito user credentials (those in the assigned user pool). Upon successful sign-in, Cognito redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+2. Enter valid Cognito user credentials (those in the assigned user pool). Upon successful sign-in, Cognito redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Amazon Cognito ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to Amazon Cognito for a fresh sign‑in, proving the session has been terminated.
 
 
 ## Legacy njs-based Amazon Cognito Solution {#legacy-njs-guide}
@@ -277,9 +357,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
+- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
\ No newline at end of file
diff --git a/content/nginx/deployment-guides/single-sign-on/entra-id.md b/content/nginx/deployment-guides/single-sign-on/entra-id.md
index 3b360f1d7..48f4ddfef 100644
--- a/content/nginx/deployment-guides/single-sign-on/entra-id.md
+++ b/content/nginx/deployment-guides/single-sign-on/entra-id.md
@@ -11,7 +11,7 @@ nd-docs: DOCS-1688
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
@@ -20,7 +20,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
 - Azure CLI. For installation instructions, see [How to install the Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli).
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -62,7 +62,56 @@ Register a new application in Microsoft Entra ID that will represent NGINX Plus
 
     - From the same command output, copy the the `tenant` value which represents your **Tenant ID**. You will need it later when configuring NGINX Plus.
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Tenant ID** in the next steps. {{< /note >}}
+4. Configure logout URLs to support RP-initiated logout:
+
+   - Add a logout URL for your application by running:
+
+     ```bash
+     az ad app update --id <appId> --web-logout-urls "https://demo.example.com/post_logout/"
+     ```
+
+   - Replace the `<appId>` with the value obtained in step 2.
+
+### Get the OpenID Connect Discovery URL
+
+Check the OpenID Connect Discovery URL. By default, Microsoft Entra ID publishes the `.well-known/openid-configuration` document at the following address:
+
+`https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration`.
+
+1. Run the following `curl` command in a terminal:
+
+   ```shell
+   curl https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration | jq
+   ```
+   where:
+
+   - the `<tenant_id>` is your Microsoft Entra Tenant ID
+
+   - the `login.microsoftonline.com` is your Microsoft Entra server address
+
+   - the `/v2.0/.well-known/openid-configuration` is the default address for Microsoft Entra ID for document location
+
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
+
+
+   The configuration metadata is returned in the JSON format:
+
+   ```json
+   {
+       ...
+       "issuer": "https://login.microsoftonline.com/{tenant_id}/v2.0",
+       "authorization_endpoint": "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize",
+       "token_endpoint": "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
+       "jwks_uri": "https://login.microsoftonline.com/{tenant_id}/discovery/v2.0/keys",
+       "userinfo_endpoint": "https://graph.microsoft.com/oidc/userinfo",
+       "end_session_endpoint": "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/logout",
+       ...
+   }
+   ```
+
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for Microsoft Entra ID is `https://login.microsoftonline.com/<tenant_id>/v2.0`.
+
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Tenant ID** in the next steps. {{< /call-out >}}
 
 ## Set up NGINX Plus {#nginx-plus}
 
@@ -73,10 +122,10 @@ With Microsoft Entra ID configured, you can enable OIDC on NGINX Plus. NGINX Plu
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Tenant ID** obtained during [Microsoft Entra ID Configuration](#entra-setup).
@@ -123,16 +172,30 @@ With Microsoft Entra ID configured, you can enable OIDC on NGINX Plus. NGINX Plu
 
         By default, NGINX Plus creates the metadata URL by appending the `/.well-known/openid-configuration` part to the Issuer URL. If your metadata URL is different, you can explicitly specify it with the [`config_url`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#config_url) directive.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Microsoft Entra ID should redirect the user after a successful logout. This value **must also be configured** in the Entra ID application logout URLs.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to Microsoft Entra ID.
+      This directive is **optional**, however, if it is omitted the Microsoft Entra ID may display an extra confirmation page asking the user to approve the logout request.
+      If the “Require ID token in logout requests” option is enabled in your tenant (commonly the case in Azure AD B2C), then the token hint becomes **mandatory**.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch userinfo from Microsoft Graph API and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider entra {
-            issuer        https://login.microsoftonline.com/<tenant_id>/v2.0;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://login.microsoftonline.com/<tenant_id>/v2.0;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
 
             ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
         }
@@ -209,7 +272,18 @@ With Microsoft Entra ID configured, you can enable OIDC on NGINX Plus. NGINX Plu
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -217,12 +291,12 @@ With Microsoft Entra ID configured, you can enable OIDC on NGINX Plus. NGINX Plu
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nEntra ID sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -244,6 +318,14 @@ http {
         # Replace with your actual Entra client_id and client_secret
         client_id <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -264,13 +346,19 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_username!\n Your email is $http_email\n Your unique id is $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nEntra ID sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -279,11 +367,15 @@ http {
 
 ### Testing
 
-1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the Enra ID sign-in page.
+1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the Entra ID sign-in page.
+
+2. Enter valid Entra ID credentials of a user who has access the application. Upon successful sign-in, Entra ID redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
 
-2. Enter valid Entra ID credentials of a user who has access the application. Upon successful sign-in, Entra ID redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Microsoft Entra ID ends the session and redirects back to `https://demo.example.com/post_logout/`.
 
-{{<note>}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{</note>}}
+4. Refresh `https://demo.example.com/` again. You should be redirected to Microsoft Entra ID for a fresh sign‑in, proving the session has been terminated.
+
+{{< call-out "note" >}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{< /call-out >}}
 
 
 ## See Also
@@ -292,8 +384,10 @@ http {
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 ## Revision History
 
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
 - Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
diff --git a/content/nginx/deployment-guides/single-sign-on/keycloak.md b/content/nginx/deployment-guides/single-sign-on/keycloak.md
index b44ce3f6b..5315506e6 100644
--- a/content/nginx/deployment-guides/single-sign-on/keycloak.md
+++ b/content/nginx/deployment-guides/single-sign-on/keycloak.md
@@ -11,24 +11,20 @@ nd-docs: DOCS-1682
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Keycloak](https://www.keycloak.org/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
 
 - A running [Keycloak](https://www.keycloak.org/) server version compatible with OIDC.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
 
 ## Configure Keycloak {#keycloak-setup}
 
-{{<tabs name="configure-keycloak">}}
-
-{{%tab name="Standard OIDC"%}}
-
 1. Log in to your Keycloak admin console, for example, `https://<keycloak-server>/admin/master/console/`.
 
 2. In the left navigation, go to **Clients**, then
@@ -53,61 +49,66 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
      ```
      https://demo.example.com/oidc_callback
      ```
+
+    - Add a **Post Logout Redirect URI** to support RP-initiated logout, for example:
+     ```
+     https://demo.example.com/post_logout/
+     ```
+
    - Select **Save**.
 
 6. In the **Credentials** tab, make note of the **Client Secret**. You will need it later when configuring NGINX Plus.
 
-{{%/tab%}}
-
-{{%tab name="Using PKCE"%}}
+### Assign Users or Groups
 
-1. Log in to your Keycloak admin console, for example, `https://<keycloak-server>/auth/admin/`.
+This step is optional, and is necessary if you need to restrict or organize user permissions.
 
-2. In the left navigation, go to **Clients**, then
+1. In the **Roles** tab, add a **Client Role**, for example, `nginx-keycloak-role`.
 
-3. Select **Create client** and provide the following details:
+2. Under **Users**, create a new user or select a user.
 
-    - Set **Client type** to **OpenID Connect**.
+3. In **Role Mappings**, assign a role to the user within the `nginx-demo-app` client.
 
-    - Enter a **Client ID**, for example, `nginx-demo-app`. You will need it later when configuring NGINX Plus.
+### Get the OpenID Connect Discovery URL
 
-    - Select **Next**.
+Check the OpenID Connect Discovery URL. By default, Keycloak publishes the `.well-known/openid-configuration` document at the following address:
 
-4. In the **Capability Config** section:
+`https://<keycloak-server>/realms/<realm_name>/.well-known/openid-configuration`.
 
-    - Set **Client Authentication** to **Off**. This sets the client type to **public**.
+1. Run the following `curl` command in a terminal:
 
-    - Unselect the **Direct access grants** in the **Authentication Flow** section.
+   ```shell
+   curl https://<keycloak-server>/realms/<realm_name>/.well-known/openid-configuration | jq
+   ```
+   where:
 
-    - Select **Next**
+   - the `<keycloak-server>` is your Keycloak server address
 
-5. In the **Login Settings** section:
+   - the `<realm_name>` is your Keycloak realm name
 
-    - Add a **Redirect URI**, for example:
-     ```
-     https://demo.example.com/oidc_callback
-     ```
-    - Select **Save**.
+   - the `/.well-known/openid-configuration` is the default address for Keycloak for document location
 
-6. In the **Advanced** tab, under the **Advanced Settings** section set the **Proof Key for Code Exchange Code Challenge Method** to **S256**.
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
 
-7. Note that as opposed to standard OIDC flow, PKCE does not use Client Secrets, so there is no Credentials tab. This is expected.
 
-{{%/tab%}}
+   The configuration metadata is returned in the JSON format:
 
-{{</tabs>}}
+   ```json
+   {
+       ...
+       "issuer": "https://<keycloak-server>/realms/<realm_name>",
+       "authorization_endpoint": "https://<keycloak-server>/realms/<realm_name>/protocol/openid-connect/auth",
+       "token_endpoint": "https://<keycloak-server>/realms/<realm_name>/protocol/openid-connect/token",
+       "jwks_uri": "https://<keycloak-server>/realms/<realm_name>/protocol/openid-connect/certs",
+       "userinfo_endpoint": "https://<keycloak-server>/realms/<realm_name>/protocol/openid-connect/userinfo",
+       "end_session_endpoint": "https://<keycloak-server>/realms/<realm_name>/protocol/openid-connect/logout",
+       ...
+   }
+   ```
 
-### Assign Users or Groups
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for Keycloak is `https://<keycloak-server>/realms/<realm_name>`.
 
-This step is optional, and is necessary if you need to restrict or organize user permissions.
-
-1. In the **Roles** tab, add a **Client Role**, for example, `nginx-keycloak-role`.
-
-2. Under **Users**, create a new user or select a user.
-
-3. In **Role Mappings**, assign a role to the user within the `nginx-demo-app` client.
-
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 
 ## Set up NGINX Plus {#nginx-plus-setup}
@@ -119,10 +120,10 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during
@@ -171,16 +172,29 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
 
         By default, NGINX Plus creates the metadata URL by appending the `/.well-known/openid-configuration` part to the Issuer URL. If your metadata URL is different, you can explicitly specify it with the [`config_url`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#config_url) directive.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Keycloak should redirect the user after a successful logout. This value **must also be configured** in the Keycloak client's Post Logout Redirect URIs.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to Keycloak.
+      This directive is **optional**, however, if it is omitted the Keycloak may display an extra confirmation page asking the user to approve the logout request.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/protocol/openid-connect/userinfo` from the Keycloak and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider keycloak {
-            issuer        https://<keycloak-server>/realms/<realm_name>;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://<keycloak-server>/realms/<realm_name>;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -251,7 +265,18 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -259,12 +284,12 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nKeycloak sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -287,7 +312,15 @@ http {
         client_id <client_id>;
         client_secret <client_secret>;
 
-        # If the .well-known endpoint can’t be derived automatically,
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
+
+        # If the .well-known endpoint can't be derived automatically,
         # specify config_url:
         # config_url https://<keycloak-server>/realms/master/.well-known/openid-configuration;
     }
@@ -310,14 +343,19 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
-        # Simple test backend
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nKeycloak sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -326,10 +364,14 @@ http {
 
 ### Testing
 
-1. Open https://demo.example.com/ in a browser. You should be redirected to Keycloak’s login page for your realm.
+1. Open https://demo.example.com/ in a browser. You should be redirected to Keycloak's login page for your realm.
 
 2. Enter valid Keycloak credentials for a user assigned to the `nginx-demo-app` client.
-Upon successful sign-in, Keycloak redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+Upon successful sign-in, Keycloak redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Keycloak ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to Keycloak for a fresh sign‑in, proving the session has been terminated.
 
 
 ## Legacy njs-based Keycloak Solution {#legacy-njs-guide}
@@ -341,9 +383,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
+- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
\ No newline at end of file
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md
index d014bc302..c30bc1f39 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Microsoft AD FS]({{< ref "nginx/deployment-guides/single-sign-on/active-directory-federation-services.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Microsoft AD FS]({{< ref "nginx/deployment-guides/single-sign-on/active-directory-federation-services.md" >}}) for details.{{< /call-out >}}
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Microsoft Active Directory Federation Services](https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services) (AD FS) as the identity provider (IdP) and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 <span id="prereqs"></span>
 ## Prerequisites
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md
index b789fb2f8..b631ee882 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Auth0]({{< ref "nginx/deployment-guides/single-sign-on/auth0.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Auth0]({{< ref "nginx/deployment-guides/single-sign-on/auth0.md" >}}) for details.{{< /call-out >}}
 
 You can use F5 NGINX Plus with [Auth0](https://auth0.com/) and OpenID Connect to enable single sign-on (SSO) for your proxied applications. By following the steps in this guide, you will learn how to set up SSO using OpenID Connect as the authentication mechanism, with Auth0 as the identity provider (IdP), and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 ## Prerequisites
 
@@ -40,7 +40,7 @@ To complete the steps in this guide, you need the following:
 
 Take the steps in this section to create a new application for NGINX Plus.
 
-{{< note >}} This section contains images that reflect the state of the Auth0 web interface at the time of publication. The actual Auth0 GUI may differ from the examples shown here. Use this guide as a reference and adapt the instructions to suit the current Auth0 GUI as necessary.{{< /note >}}
+{{< call-out "note" >}} This section contains images that reflect the state of the Auth0 web interface at the time of publication. The actual Auth0 GUI may differ from the examples shown here. Use this guide as a reference and adapt the instructions to suit the current Auth0 GUI as necessary.{{< /call-out >}}
 
 ### Create a new Auth0 Application {#create-auth0-app}
 
@@ -81,9 +81,9 @@ In this section, you'll set up a web application that follows the Auth0 [Authori
 
 ### Set up Authentication {#authn-setup}
 
-{{< note >}}For the purposes of this guide, we will add a new Auth0 user database and user account to use for testing.
+{{< call-out "note" >}}For the purposes of this guide, we will add a new Auth0 user database and user account to use for testing.
 
-You can set up authentication using any of the available [Auth0 identity providers](https://auth0.com/docs/authenticate/identity-providers). {{< /note >}}
+You can set up authentication using any of the available [Auth0 identity providers](https://auth0.com/docs/authenticate/identity-providers). {{< /call-out >}}
 
 To set up a new user database and add a user account to it, take the steps below.
 
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md
index 6a1d3fa91..7d864c7f8 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Amazon Cognito]({{< ref "nginx/deployment-guides/single-sign-on/cognito.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Amazon Cognito]({{< ref "nginx/deployment-guides/single-sign-on/cognito.md" >}}) for details.{{< /call-out >}}
 
 This guide explains how to enable single sign‑on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Amazon Cognito](https://aws.amazon.com/cognito/) as the identity provider (IdP), and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 
 <span id="prereqs"></span>
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md
index 9bfd26e66..d4a1c4415 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Keycloak]({{< ref "nginx/deployment-guides/single-sign-on/keycloak.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Keycloak]({{< ref "nginx/deployment-guides/single-sign-on/keycloak.md" >}}) for details.{{< /call-out >}}
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Keycloak](https://www.keycloak.org/) as the identity provider (IdP), and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 
 <span id="prereqs"></span>
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md
index 6b83eb437..4d852719c 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Okta]({{< ref "nginx/deployment-guides/single-sign-on/okta.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Okta]({{< ref "nginx/deployment-guides/single-sign-on/okta.md" >}}) for details.{{< /call-out >}}
 
 You can use NGINX Plus with Okta and OpenID Connect to enable single sign-on (SSO) for your proxied applications. By following the steps in this guide, you will learn how to set up SSO using OpenID Connect as the authentication mechanism, with Okta as the identity provider (IdP), and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 ## Prerequisites
 
@@ -41,7 +41,7 @@ To complete the steps in this guide, you need the following:
 
 Take the steps in this section to create a new application for NGINX Plus.
 
-{{< note >}} This section contains images that reflect the state of the Okta web interface at the time of publication. The actual Okta GUI may differ from the examples shown here. Use this guide as a reference and adapt the instructions to suit the current Okta GUI as necessary.{{< /note >}}
+{{< call-out "note" >}} This section contains images that reflect the state of the Okta web interface at the time of publication. The actual Okta GUI may differ from the examples shown here. Use this guide as a reference and adapt the instructions to suit the current Okta GUI as necessary.{{< /call-out >}}
 
 This section describes the Okta Workforce Identity SSO product. You will need administrator access to your organization in Okta to complete this task. Your experience may differ somewhat if you're using the Okta Customer Identity product.
 
@@ -83,7 +83,7 @@ After you finish creating your application, the Okta Application page should dis
 
 {{< img src="/img/sso/okta/Okta-Client-Credentials.png" alt="Image showing the application landing page in Okta, which contains the Client Credentials for the application." width="65%" >}}
 
-{{< tip >}}If you need to find this information later, log in to your Okta admin account as [described above](#okta-login), select **Applications** in the left-hand menu, then select your application.{{< /tip >}}
+{{< call-out "tip" >}}If you need to find this information later, log in to your Okta admin account as [described above](#okta-login), select **Applications** in the left-hand menu, then select your application.{{< /call-out >}}
 
 Make note of the **Client ID** and **Client secret** values for your application. You will need these when you [configure NGINX Plus](#nginx-plus).
 
@@ -119,7 +119,7 @@ Take the steps in this section to set up NGINX Plus as the OpenID Connect relyi
 1. Get the URLs for the authorization endpoint, token endpoint, and JSON Web Key (JWK) file from the Okta configuration.
 
    Run the following `curl` command in a terminal.
-   {{< tip>}}We recommend piping the output to `jq` to output the entire configuration in an easily readable format.{{< /tip >}}
+   {{< call-out "tip" >}}We recommend piping the output to `jq` to output the entire configuration in an easily readable format.{{< /call-out >}}
    The output in the example below is abridged to show only the relevant fields.
 
    ```shell
@@ -149,9 +149,9 @@ Take the steps in this section to set up NGINX Plus as the OpenID Connect relyi
 
 NGINX Plus can read the JWK file directly from the URL reported as `jwks_uri` in the output of the `curl` command you ran in the [previous section](#nginx-plus-oidc-config).
 
-{{< note >}}
+{{< call-out "note" >}}
 If you are using NGINX Plus R16 or earlier, refer to [Set up JWK Authorization using a local file](#nginx-plus-jwk-auth-local).
-{{< /note >}}
+{{< /call-out >}}
 
 Take the following steps to set up NGINX Plus to access the JWK file by using a URI.
 
@@ -176,7 +176,7 @@ Take the steps below to set up JWK authorization using a local file:
    {{< img src="img/sso/okta/Okta-login-window.png" >}}
 1. Try to log in using the credentials of a user who is part of your organization.
 
-{{<note>}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{</note>}}
+{{< call-out "note" >}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{< /call-out >}}
 
 ## Troubleshooting
 
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md
index e5560f8d5..c481ce55a 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md
@@ -10,13 +10,13 @@ weight: 100
 product: NGINX-PLUS
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With OneLogin]({{< ref "nginx/deployment-guides/single-sign-on/onelogin.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With OneLogin]({{< ref "nginx/deployment-guides/single-sign-on/onelogin.md" >}}) for details.{{< /call-out >}}
 
 You can use NGINX Plus with [OneLogin](https://www.onelogin.com/) and the OpenID Connect protocol to enable single sign-on (SSO) for your proxied applications. By following the steps in this guide, you will learn how to set up SSO using OpenID Connect as the authentication mechanism, with OneLogin as the identity provider (IdP) and NGINX Plus as the relying party.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 ## Prerequisites
 
diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md
index 3332bb3fb..784ef5587 100644
--- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md
+++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md
@@ -10,15 +10,15 @@ toc: false
 weight: 100
 ---
 
-{{< note >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
+{{< call-out "note" >}} This guide applies to NGINX Plus [Release 15]({{< ref "nginx/releases.md#r15" >}}) and later, based on the [`nginx-openid-connect`](https://github.com/nginxinc/nginx-openid-connect) GitHub repo. Starting with NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}), use the simpler solution with the [native OpenID connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html).
 
-See [Single Sign-On With Ping Identity]({{< ref "nginx/deployment-guides/single-sign-on/ping-identity.md" >}}) for details.{{< /note >}}
+See [Single Sign-On With Ping Identity]({{< ref "nginx/deployment-guides/single-sign-on/ping-identity.md" >}}) for details.{{< /call-out >}}
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with Ping Identity as the identity provider (IdP) and NGINX Plus as the relying party.
 
 The instructions in this document apply to both Ping Identity's on‑premises and cloud products, PingFederate and PingOne for Enterprise.
 
-{{< see-also >}}{{< readfile file="includes/nginx-openid-repo-note.txt" markdown="true" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{<include "nginx-plus/nginx-openid-repo-note">}}{{< /call-out>}}
 
 <span id="prereqs"></span>
 ## Prerequisites
diff --git a/content/nginx/deployment-guides/single-sign-on/okta.md b/content/nginx/deployment-guides/single-sign-on/okta.md
index 933c60a16..bcd67a91b 100644
--- a/content/nginx/deployment-guides/single-sign-on/okta.md
+++ b/content/nginx/deployment-guides/single-sign-on/okta.md
@@ -11,13 +11,14 @@ nd-docs: DOCS-1689
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Okta](https://www.okta.com/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
+
 
 ## Prerequisites
 
 - An [Okta](https://www.okta.com/) administrator account with privileges to create and manage applications.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -46,6 +47,8 @@ In Okta, register a new application for NGINX Plus as the OIDC client to obtain
 
    -  Add a URI for the OIDC callback in **Sign-in redirect URIs**, for example,   `https://demo.example.com/oidc_callback`.
 
+   - Add a URI for post logout redirect in **Sign-out redirect URIs**, for example, `https://demo.example.com/post_logout/`.
+
    - Select **Save**.
 
 6. In **Applications**, select **Nginx Demo App**.
@@ -64,7 +67,46 @@ In Okta, register a new application for NGINX Plus as the OIDC client to obtain
 
      You will need it later when configuring NGINX Plus.
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+### Get the OpenID Connect Discovery URL
+
+Check the OpenID Connect Discovery URL. By default, Okta publishes the `.well-known/openid-configuration` document at the following address:
+
+`https://<okta-domain>/oauth2/default/.well-known/openid-configuration`.
+
+1. Run the following `curl` command in a terminal:
+
+   ```shell
+   curl https://dev-123456.okta.com/oauth2/default/.well-known/openid-configuration | jq
+   ```
+   where:
+
+   - the `dev-123456.okta.com` is your Okta domain
+
+   - the `/oauth2/default` is the default authorization server
+
+   - the `/.well-known/openid-configuration` is the default address for Okta for document location
+
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
+
+
+   The configuration metadata is returned in the JSON format:
+
+   ```json
+   {
+       ...
+       "issuer": "https://dev-123456.okta.com/oauth2/default",
+       "authorization_endpoint": "https://dev-123456.okta.com/oauth2/default/v1/authorize",
+       "token_endpoint": "https://dev-123456.okta.com/oauth2/default/v1/token",
+       "jwks_uri": "https://dev-123456.okta.com/oauth2/default/v1/keys",
+       "userinfo_endpoint": "https://dev-123456.okta.com/oauth2/default/v1/userinfo",
+       "end_session_endpoint": "https://dev-123456.okta.com/oauth2/default/v1/logout",
+       ...
+   }
+   ```
+
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for Okta is `https://<okta-domain>/oauth2/default`.
+
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 ### Assign Users or Groups
 
@@ -88,10 +130,10 @@ With Okta configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as th
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [Okta Configuration](#okta-setup).
@@ -136,16 +178,29 @@ With Okta configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as th
 
         `https://dev-123456.okta.com/oauth2/default`.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Okta should redirect the user after a successful logout. This value **must also be configured** in the Okta application's Sign-out redirect URIs.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to Okta.
+      This directive is **optional**, however, if it is omitted the Okta may display an extra confirmation page asking the user to approve the logout request.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/oauth2/default/v1/userinfo` from the Okta and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider okta {
-            issuer        https://dev-123456.okta.com/oauth2/default;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://dev-123456.okta.com/oauth2/default;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -214,7 +269,18 @@ With Okta configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as th
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -222,12 +288,12 @@ With Okta configured, you can enable OIDC on NGINX Plus. NGINX Plus serves as th
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nOkta sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -247,11 +313,19 @@ http {
         # For okta dev it looks like: https://dev-123456.okta.com/oauth2/default
         issuer https://dev-123456.okta.com/oauth2/default;
 
-        # Your Okta “Client ID” from the application settings
+        # Your Okta "Client ID" from the application settings
         client_id <your_client_id>;
 
-        # Your Okta “Client Secret” from the application settings
+        # Your Okta "Client Secret" from the application settings
         client_secret <your_client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -272,14 +346,19 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
-        # Simple backend listening on 8080
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nOkta sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -290,9 +369,13 @@ http {
 
 1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the Okta sign-in page.
 
-2. Enter valid Okta credentials of a user who has access the application. Upon successful sign-in, Okta redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+2. Enter valid Okta credentials of a user who has access the application. Upon successful sign-in, Okta redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Okta ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to Okta for a fresh sign‑in, proving the session has been terminated.
 
-{{<note>}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{</note>}}
+{{< call-out "note" >}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{< /call-out >}}
 
 
 ## Legacy njs-based Okta Solution {#legacy-njs-guide}
@@ -304,10 +387,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
 
+- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
\ No newline at end of file
diff --git a/content/nginx/deployment-guides/single-sign-on/onelogin.md b/content/nginx/deployment-guides/single-sign-on/onelogin.md
index c241a8fea..377d1d7ff 100644
--- a/content/nginx/deployment-guides/single-sign-on/onelogin.md
+++ b/content/nginx/deployment-guides/single-sign-on/onelogin.md
@@ -11,14 +11,14 @@ nd-docs: DOCS-1687
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [OneLogin](https://www.onelogin.com/) as the Identity Provider (IdP) and NGINX Plus as the Relying Party (RP), or OIDC client application that verifies user identity.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
 
 - An [OneLogin](https://www.onelogin.com/) account with administrator privileges.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
@@ -43,6 +43,8 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
    - In **Redirect URIs**, add the callback URI for your NGINX Plus instance, for example, `https://demo.example.com/oidc_callback`.
 
+   - In **Logout URL**, add the post logout redirect URI, for example, `https://demo.example.com/post_logout/`.
+
    - Select **Save**.
 
 5. In the app navigation, select **SSO**.
@@ -57,7 +59,46 @@ This guide explains how to enable single sign-on (SSO) for applications being pr
 
         See [Provider Configuration](https://developers.onelogin.com/openid-connect/api/provider-config) for details.
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+### Get the OpenID Connect Discovery URL
+
+Check the OpenID Connect Discovery URL. By default, OneLogin publishes the `.well-known/openid-configuration` document at the following address:
+
+`https://<subdomain>.onelogin.com/oidc/2/.well-known/openid-configuration`.
+
+1. Run the following `curl` command in a terminal:
+
+   ```shell
+   curl https://<subdomain>.onelogin.com/oidc/2/.well-known/openid-configuration | jq
+   ```
+   where:
+
+   - the `<subdomain>.onelogin.com` is your OneLogin subdomain
+
+   - the `/oidc/2` is the OneLogin OIDC endpoint version
+
+   - the `/.well-known/openid-configuration` is the default address for OneLogin for document location
+
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
+
+
+   The configuration metadata is returned in the JSON format:
+
+   ```json
+   {
+       ...
+       "issuer": "https://<subdomain>.onelogin.com/oidc/2",
+       "authorization_endpoint": "https://<subdomain>.onelogin.com/oidc/2/auth",
+       "token_endpoint": "https://<subdomain>.onelogin.com/oidc/2/token",
+       "jwks_uri": "https://<subdomain>.onelogin.com/oidc/2/certs",
+       "userinfo_endpoint": "https://<subdomain>.onelogin.com/oidc/2/me",
+       "end_session_endpoint": "https://<subdomain>.onelogin.com/oidc/2/logout",
+       ...
+   }
+   ```
+
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for OneLogin is `https://<subdomain>.onelogin.com/oidc/2`.
+
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 ### Assign Users and Groups
 
@@ -75,10 +116,10 @@ With Onelogin configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
 2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [Onelogin Configuration](#onelogin-setup).
@@ -113,26 +154,39 @@ With Onelogin configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
 
 6.  In the [`oidc_provider {}`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#oidc_provider) context, specify:
 
-    - your actual OneLogin **Client ID** obtained in [OneLogin Configuration](#onelogin-create) with the [`client_id`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_id) directive
+    - your actual OneLogin **Client ID** obtained in [OneLogin Configuration](#onelogin-setup) with the [`client_id`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_id) directive
 
-    - your **Client Secret** obtained in [OneLogin Configuration](#onelogin-create) with the [`client_secret`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive
+    - your **Client Secret** obtained in [OneLogin Configuration](#onelogin-setup) with the [`client_secret`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive
 
-    - the **Issuer** URL obtained in [OneLogin Configuration](#onelogin-create) with the [`issuer`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive
+    - the **Issuer** URL obtained in [OneLogin Configuration](#onelogin-setup) with the [`issuer`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive
 
         The `issuer` is typically your OneLogin OIDC URL:
 
         `https://<subdomain>.onelogin.com/oidc/2`.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where OneLogin should redirect the user after a successful logout. This value **must also be configured** in the OneLogin application's Logout URL setting.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to OneLogin.
+      This directive is **required** by OneLogin when `post_logout_redirect_uri` is used.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch `/oidc/2/me` from the OneLogin and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
     ```nginx
     http {
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider onelogin {
-            issuer        https://<subdomain>.onelogin.com/oidc/2;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://<subdomain>.onelogin.com/oidc/2;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -202,7 +256,18 @@ With Onelogin configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -210,12 +275,12 @@ With Onelogin configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nOneLogin sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -237,6 +302,14 @@ http {
         # Replace with your actual OneLogin Client ID and Secret
         client_id <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -256,13 +329,19 @@ http {
             proxy_set_header name $oidc_claim_name;
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nYour email is $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nOneLogin sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -273,9 +352,13 @@ http {
 
 1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the OneLogin sign-in page.
 
-2. Enter valid OneLogin credentials of a user who has access the application. Upon successful sign-in, OneLogin redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+2. Enter valid OneLogin credentials of a user who has access the application. Upon successful sign-in, OneLogin redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; OneLogin ends the session and redirects back to `https://demo.example.com/post_logout/`.
 
-{{<note>}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{</note>}}
+4. Refresh `https://demo.example.com/` again. You should be redirected to OneLogin for a fresh sign‑in, proving the session has been terminated.
+
+{{< call-out "note" >}}If you restricted access to a group of users, be sure to select a user who has access to the application.{{< /call-out >}}
 
 
 ## Legacy njs-based OneLogin Solution {#legacy-njs-guide}
@@ -287,9 +370,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
+- Version 1 (March 2025) – Initial version (NGINX Plus Release 34)
\ No newline at end of file
diff --git a/content/nginx/deployment-guides/single-sign-on/ping-identity.md b/content/nginx/deployment-guides/single-sign-on/ping-identity.md
index 733847966..126cdccda 100644
--- a/content/nginx/deployment-guides/single-sign-on/ping-identity.md
+++ b/content/nginx/deployment-guides/single-sign-on/ping-identity.md
@@ -11,21 +11,21 @@ nd-docs: DOCS-1684
 
 This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Ping Identity](https://www.pingidentity.com/en.html) (PingFederate or PingOne) as the Identity Provider (IdP), and NGINX Plus as the Relying Party.
 
-{{< note >}} This guide applies to [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /note >}}
+{{< call-out "note" >}} This guide applies to [NGINX Plus Release 35]({{< ref "nginx/releases.md#r35" >}}) and later. In earlier versions, NGINX Plus relied on an [njs-based solution](#legacy-njs-guide), which required NGINX JavaScript files, key-value stores, and advanced OpenID Connect logic. In the latest NGINX Plus version, the new [OpenID Connect module](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) simplifies this process to just a few directives.{{< /call-out >}}
 
 
 ## Prerequisites
 
 - [PingFederate](https://docs.pingidentity.com/pingfederate/latest/pf_pf_landing_page.html) Enterprise Federation Server or [PingOne](https://docs.pingidentity.com/pingone/p1_cloud__platform_main_landing_page.html) Cloud deployment with a Ping Identity account.
 
-- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
+- An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 35](({{< ref "nginx/releases.md#r35" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/).
 
 - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`.
 
 
 ## Configure PingFederate or PingOne for Enterprise {#ping-create}
 
-{{< note >}} These steps outline an example with the cloud offering of **PingOne**. If you are using the on‑premises PingFederate, the user interface might slightly differ. {{< /note >}}
+{{< call-out "note" >}} These steps outline an example with the cloud offering of **PingOne**. If you are using the on‑premises PingFederate, the user interface might slightly differ. {{< /call-out >}}
 
 Create a new application for NGINX Plus:
 
@@ -59,11 +59,58 @@ Create a new application for NGINX Plus:
 
     `https://demo.example.com/oidc_callback`.
 
+   - In the **Post Logout Redirect URIs** field, add the post logout redirect URI, for example:
+
+    `https://demo.example.com/post_logout/`.
+
    - Select **Save**.
 
 7. Assign the application to the appropriate **Groups** or **Users** who will be allowed to log in.
 
-{{< note >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /note >}}
+### Get the OpenID Connect Discovery URL
+
+Check the OpenID Connect Discovery URL. By default, Ping Identity publishes the `.well-known/openid-configuration` document at the following address:
+
+For PingOne: `https://auth.pingone.com/<environment_id>/as/.well-known/openid-configuration`
+
+For PingFederate: `https://pingfederate.example.com:9031/<realm_path>/.well-known/openid-configuration`
+
+1. Run the following `curl` command in a terminal:
+
+   ```shell
+   curl https://auth.pingone.com/<environment_id>/as/.well-known/openid-configuration | jq
+   ```
+   where:
+
+   - the `auth.pingone.com` is your PingOne server address (or your PingFederate server for on-premises)
+
+   - the `<environment_id>` is your PingOne environment ID
+
+   - the `/as` is the authorization server path
+
+   - the `/.well-known/openid-configuration` is the default address for Ping Identity for document location
+
+   - the `jq` command (optional) is used to format the JSON output for easier reading and requires the [jq](https://jqlang.github.io/jq/) JSON processor to be installed.
+
+
+   The configuration metadata is returned in the JSON format:
+
+   ```json
+   {
+       ...
+       "issuer": "https://auth.pingone.com/<environment_id>/as",
+       "authorization_endpoint": "https://auth.pingone.com/<environment_id>/as/authorize",
+       "token_endpoint": "https://auth.pingone.com/<environment_id>/as/token",
+       "jwks_uri": "https://auth.pingone.com/<environment_id>/as/jwks",
+       "userinfo_endpoint": "https://auth.pingone.com/<environment_id>/as/userinfo",
+       "end_session_endpoint": "https://auth.pingone.com/<environment_id>/as/signoff",
+       ...
+   }
+   ```
+
+2. Copy the **issuer** value, you will need it later when configuring NGINX Plus. Typically, the OpenID Connect Issuer for PingOne is `https://auth.pingone.com/<environment_id>/as`.
+
+{{< call-out "note" >}} You will need the values of **Client ID**, **Client Secret**, and **Issuer** in the next steps. {{< /call-out >}}
 
 
 ## Set up NGINX Plus {#nginx-plus-setup}
@@ -75,13 +122,13 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
     ```shell
     nginx -v
     ```
-    The output should match NGINX Plus Release 34 or later:
+    The output should match NGINX Plus Release 35 or later:
 
     ```none
-    nginx version: nginx/1.27.4 (nginx-plus-r34)
+    nginx version: nginx/1.29.0 (nginx-plus-r35)
     ```
 
-2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [PingOne or PingFederate Configuration](#ping-setup).
+2.  Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [PingOne or PingFederate Configuration](#ping-create).
 
 3.  In your preferred text editor, open the NGINX configuration file (`/etc/nginx/nginx.conf` for Linux or `/usr/local/etc/nginx/nginx.conf` for FreeBSD).
 
@@ -122,11 +169,20 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
 
         For PingOne Cloud, the URL is `https://auth.pingone.com/<environment_id>/as`.
 
-        For PingFederate, the URL is `https://pingfederate.example.com:9031` followed by your environment’s realm path.
+        For PingFederate, the URL is `https://pingfederate.example.com:9031` followed by your environment's realm path.
 
         By default, NGINX Plus creates the OpenID metadata URL by appending the `/.well-known/openid-configuration` part to the Issuer URL. If your metadata URL is different, you can explicitly specify the metadata document with the [`config_url`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#config_url) directive.
 
-    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system’s CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP’s certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP’s certificate.
+    - The **logout_uri** is URI that a user visits to start an RP‑initiated logout flow.
+
+    - The **post_logout_uri** is absolute HTTPS URL where Ping Identity should redirect the user after a successful logout. This value **must also be configured** in the Ping Identity application's Post Logout Redirect URIs.
+
+    - If the **logout_token_hint** directive set to `on`, NGINX Plus sends the user's ID token as a *hint* to Ping Identity.
+      This directive is **required** by PingOne.
+
+    - If the **userinfo** directive is set to `on`, NGINX Plus will fetch userinfo from Ping Identity and append the claims from userinfo to the `$oidc_claims_` variables.
+
+    - **Important:** All interaction with the IdP is secured exclusively over SSL/TLS, so NGINX must trust the certificate presented by the IdP. By default, this trust is validated against your system's CA bundle (the default CA store for your Linux or FreeBSD distribution). If the IdP's certificate is not included in the system CA bundle, you can explicitly specify a trusted certificate or chain with the [`ssl_trusted_certificate`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#ssl_trusted_certificate) directive so that NGINX can validate and trust the IdP's certificate.
 
 
     ```nginx
@@ -134,9 +190,13 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
         resolver 10.0.0.1 ipv4=on valid=300s;
 
         oidc_provider ping {
-            issuer        https://auth.pingone.com/<environment_id>/as;
-            client_id     <client_id>;
-            client_secret <client_secret>;
+            issuer            https://auth.pingone.com/<environment_id>/as;
+            client_id         <client_id>;
+            client_secret     <client_secret>;
+            logout_uri        /logout;
+            post_logout_uri   https://demo.example.com/post_logout/;
+            logout_token_hint on;
+            userinfo          on;
         }
 
         # ...
@@ -191,7 +251,7 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
 
     - any other OIDC claim using the [`$oidc_claim_ `](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#var_oidc_claim_) variable
 
-    {{< note >}} Ensure the `openid`, `profile`, `email` Scopes are enabled in Ping Identity.{{< /note >}}
+    {{< call-out "note" >}} Ensure the `openid`, `profile`, `email` Scopes are enabled in Ping Identity.{{< /call-out >}}
 
     ```nginx
     # ...
@@ -208,7 +268,18 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
     ```
 
     <span id="oidc_app"></span>
-10. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
+10. Provide endpoint for completing logout:
+
+    ```nginx
+    # ...
+    location /post_logout/ {
+         return 200 "You have been logged out.\n";
+         default_type text/plain;
+    }
+    # ...
+    ```
+
+11. Create a simple test application referenced by the `proxy_pass` directive which returns the authenticated user's full name and email upon successful authentication:
 
     ```nginx
     # ...
@@ -216,12 +287,12 @@ With PingOne or PingFederate configured, you can enable OIDC on NGINX Plus. NGIN
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nPing Identity sub: $http_sub\n";
             default_type text/plain;
         }
     }
     ```
-11. Save the NGINX configuration file and reload the configuration:
+12. Save the NGINX configuration file and reload the configuration:
     ```nginx
     nginx -s reload
     ```
@@ -243,6 +314,14 @@ http {
         # Your Ping Identity Client ID and Secret
         client_id <client_id>;
         client_secret <client_secret>;
+
+        # RP‑initiated logout
+        logout_uri /logout;
+        post_logout_uri https://demo.example.com/post_logout/;
+        logout_token_hint on;
+
+        # Fetch userinfo claims
+        userinfo on;
     }
 
     server {
@@ -263,14 +342,19 @@ http {
 
             proxy_pass http://127.0.0.1:8080;
         }
+
+        location /post_logout/ {
+            return 200 "You have been logged out.\n";
+            default_type text/plain;
+        }
     }
 
     server {
-        # Simple backend application for demonstration
+        # Simple test upstream server
         listen 8080;
 
         location / {
-            return 200 "Hello, $http_name!\nEmail: $http_email\nSub: $http_sub\n";
+            return 200 "Hello, $http_name!\nEmail: $http_email\nPing Identity sub: $http_sub\n";
             default_type text/plain;
         }
     }
@@ -281,7 +365,11 @@ http {
 
 1. Open `https://demo.example.com/` in a browser. You will be automatically redirected to the PingOne sign-in page.
 
-2. Enter valid Ping Identity credentials of a user who has access the application. Upon successful sign-in, PingOne redirects you back to NGINX Plus, and you will see the proxied application content (for example, “Hello, Jane Doe!”).
+2. Enter valid Ping Identity credentials of a user who has access the application. Upon successful sign-in, PingOne redirects you back to NGINX Plus, and you will see the proxied application content (for example, "Hello, Jane Doe!").
+
+3. Navigate to `https://demo.example.com/logout`. NGINX Plus initiates an RP‑initiated logout; Ping Identity ends the session and redirects back to `https://demo.example.com/post_logout/`.
+
+4. Refresh `https://demo.example.com/` again. You should be redirected to Ping Identity for a fresh sign‑in, proving the session has been terminated.
 
 
 ## Legacy njs-based Ping Identity Solution {#legacy-njs-guide}
@@ -293,9 +381,11 @@ If you are running NGINX Plus R33 and earlier or if you still need the njs-based
 
 - [NGINX Plus Native OIDC Module Reference documentation](https://nginx.org/en/docs/http/ngx_http_oidc_module.html)
 
-- [Release Notes for NGINX Plus R34]({{< ref "nginx/releases.md#r34" >}})
+- [Release Notes for NGINX Plus R35]({{< ref "nginx/releases.md#r35" >}})
 
 
 ## Revision History
 
-- Version 1 (March 2025) – Initial version for NGINX Plus Release 34
+- Version 2 (August 2025) – Added RP‑initiated logout (logout_uri, post_logout_uri, logout_token_hint) and userinfo support.
+
+- Version 1 (March 2025) – Initial version for NGINX Plus Release 34
\ No newline at end of file
diff --git a/content/nginx/open-source-components.md b/content/nginx/open-source-components.md
index 7b80cb289..c023fe4c2 100644
--- a/content/nginx/open-source-components.md
+++ b/content/nginx/open-source-components.md
@@ -12,7 +12,7 @@ type:
 Open source components included in the F5 NGINX Plus (package name is `nginx-plus`) are:
 
 
-- nginx/OSS 1.27.4, distributed under 2-clause BSD license.
+- nginx/OSS 1.29.0, distributed under 2-clause BSD license.
 
   Homepage: <https://nginx.org>
 
diff --git a/content/nginx/releases.md b/content/nginx/releases.md
index 764728ff0..749e8ff2b 100644
--- a/content/nginx/releases.md
+++ b/content/nginx/releases.md
@@ -17,8 +17,9 @@ Critical bug patches and security updates are applied to the two (2) most recent
 {{<bootstrap-table "table table-striped table-bordered table-sm">}}
 | NGINX Plus Release | Release Date | End of Software Development | End of Security Updates | End of Technical Support |
 |--------------------|--------------|-----------------------------|-------------------------|--------------------------|
-| [R34](#r34)        | Apr 1, 2025  | R35 release date            | R36 release date        | Mar 31, 2027             |
-| [R33](#r33)        | Nov 19, 2024 | Apr 1, 2025                 | R35 release date        | Nov 18, 2026             |
+| [R35](#r35)        | Aug 13 2025  | R36 release date            | R37 release date        | Aug 12, 2027             |
+| [R34](#r34)        | Apr 1, 2025  | Aug 13 2025                 | R36 release date        | Mar 31, 2027             |
+| [R33](#r33)        | Nov 19, 2024 | Apr 1, 2025                 | Aug 13 2025             | Nov 18, 2026             |
 | [R32](#r32)        | May 29, 2024 | Nov 19, 2024                | Apr 1, 2025             | May 28, 2026             |
 | [R31](#r31)        | Dec 19, 2023 | May 29, 2024                | Nov 18, 2024            | Dec 18, 2025             |
 | [R30](#r30)        | Aug 15, 2023 | Dec 19, 2023                | May 28, 2024            | Aug 14, 2025             |
@@ -29,9 +30,60 @@ We strongly recommend running the latest version of NGINX Plus in production to
 
 ### Technical Support Services
 
-F5 offers 24 months of technical support for each F5 NGINX Plus release. The 24-month support period begins on the initial release date for each version of NGINX Plus, as noted in the table. The release of a patch (for example, `NGINX Plus R34p1`) does not reset the 24-month technical support period for the impacted release.
+F5 offers 24 months of technical support for each F5 NGINX Plus release. The 24-month support period begins on the initial release date for each version of NGINX Plus, as noted in the table. The release of a patch (for example, `NGINX Plus R34 P2`) does not reset the 24-month technical support period for the impacted release.
 
 
+## NGINX Plus Release 35 (R35) {#r35}
+_August 13, 2025_<br/>
+_Based on NGINX Open Source 1.29.0_
+
+NGINX Plus R35 is a feature release:
+
+- [Automated Certificate Management Environment](https://blog.nginx.org/blog/native-support-for-acme-protocol) (ACME) protocol [support](https://nginx.org/en/docs/http/ngx_http_acme_module.html).
+
+- [Automatic renewal](https://docs.nginx.com/solutions/about-subscription-licenses/#update-jwt) of NGINX Plus license.
+
+- [Native OIDC enhancements](https://community.f5.com/kb/technicalarticles/we-heard-you-r35-brings-frictionless-oidc-logout-and-richer-claims-to-nginx-plus/342914): [Relying party (RP) initiated Logout](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#logout_uri) and [UserInfo](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#userinfo) endpoint.
+
+- The [`auth_require`](https://nginx.org/en/docs/http/ngx_http_auth_require_module.html) module that allows access decisions to be made based on any variable values available at the time of invocation, including [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pairs and [njs](https://nginx.org/en/docs/njs/) variables. The module is primarily designed for authentication, especially in conjunction with OIDC.
+
+- [CUBIC Congestion Control](https://blog.nginx.org/blog/congestion-control-enhancements-for-quic-in-nginx) in HTTP3/QUIC.
+
+- Support for [103 Early Hints](https://blog.nginx.org/blog/nginx-introduces-support-103-early-hints).
+
+- Security: SMTP Authentication process memory over-read. This vulnerability in the NGINX `ngx_mail_smtp_module` may allow an unauthenticated attacker to trigger buffer over-read, resulting in worker process memory disclosure to the authentication server ([CVE-2025-53859](https://www.cve.org/CVERecord?id=CVE-2025-53859)).
+
+{{< call-out "note" "Learn more" >}}For highlights of all new features and enhancements in this release, see the [NGINX Plus R35 release blog](https://community.f5.com/kb/technicalarticles/f5-nginx-plus-r35-release-now-available/342962).{{< /call-out >}}
+
+
+NGINX Plus R35 is supported on:
+
+{{<bootstrap-table "table table-striped table-bordered table-sm">}}
+| Distribution                     | Versions                          |
+|----------------------------------|-----------------------------------|
+| AlmaLinux                        | 8, 9, 10                          |
+| Alpine Linux                     | 3.19, 3.20, 3.21, 3.22            |
+| Amazon Linux                     | 2 LTS, 2023                       |
+| Debian                           | 11, 12                            |
+| FreeBSD                          | 13.5+, 14.3+                            |
+| Oracle Linux                     | 8.1+, 9                           |
+| RHEL                             | 8.1+, 9.0+, 10                    |
+| Rocky Linux                      | 8, 9                              |
+| SUSE Linux Enterprise Server     | 15 SP6+                           |
+| Ubuntu                           | 22.04 LTS, 24.04 LTS              |
+{{< /bootstrap-table >}}
+
+**Notes:**
+
+- Alpine Linux 3.18 is removed
+- Alpine Linux 3.19 is deprecated
+- Alpine Linux 3.22 is new in this release
+- AlmaLinux 10 is new in this release
+- RHEL 10 is new in this release
+- Ubuntu 20.04 is removed
+- SLES 15 SP6 is now required
+- the [ACME]({{< ref "/nginx/admin-guide/dynamic-modules/acme.md" >}}) dynamic module is new in this release.
+
 ## NGINX Plus Release 34 (R34) {#r34}
 _April 01, 2025_<br/>
 _Based on NGINX Open Source 1.27.4_
@@ -51,6 +103,7 @@ NGINX Plus R34 is a feature release:
 
 - Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification ([CVE-2025-23419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419)).
 
+{{< call-out "note" "Learn more" >}}For highlights of all new features and enhancements in this release, see the [NGINX Plus R34 release blog](https://community.f5.com/kb/technicalarticles/f5-nginx-plus-r34-release-now-available/340300).{{< /call-out >}}
 
 NGINX Plus R34 is supported on:
 
@@ -78,9 +131,6 @@ NGINX Plus R34 is supported on:
 - Ubuntu 20.04 is deprecated
 - the [OpenTracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentracing.md" >}}) dynamic module is no longer available. It is recommended to use the [OpenTelemetry Distributed Tracing]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module, which incorporates all the features of the OpenTracing module.
 
-More information: [Announcing NGINX Plus R34](https://community.f5.com/kb/technicalarticles/f5-nginx-plus-r34-release-now-available/340300)
-
-
 ### NGINX Plus R34 Update {#r34_p1}
 
 NGINX Plus R34 P1<br/>
@@ -91,6 +141,14 @@ This is a bugfix release for NGINX Plus R34.
 - Fixed license expiration warning issue in the NGINX Plus live activity monitoring dashboard specifically for deployments utilizing marketplace images of NGINX Plus.
 
 
+NGINX Plus R34 P2<br/>
+_August 13, 2025_
+
+This is a security release for NGINX Plus R34.
+
+- Security: SMTP Authentication process memory over-read. This vulnerability in the NGINX `ngx_mail_smtp_module` may allow an unauthenticated attacker to trigger buffer over-read, resulting in worker process memory disclosure to the authentication server ([CVE-2025-53859](https://www.cve.org/CVERecord?id=CVE-2025-53859)).
+
+
 ## NGINX Plus Release 33 (R33) {#r33}
 _November 19, 2024_<br/>
 _Based on NGINX Open Source 1.27.2_
@@ -125,6 +183,9 @@ The argument is a file name in the `SSLKEYLOGFILE` format compatible with Wiresh
 
 - Added initial support for Post Quantum Cryptography.
 
+{{< call-out "note" "Learn more" >}}For highlights of all new features and enhancements in this release, see the [NGINX Plus R33 release blog](https://community.f5.com/kb/technicalarticles/f5-nginx-plus-r33-release-now-available/336403).{{< /call-out >}}
+
+
 {{<bootstrap-table "table table-striped table-bordered table-sm">}}
 | Distribution                     | Versions                          |
 |----------------------------------|-----------------------------------|
@@ -153,9 +214,6 @@ The argument is a file name in the `SSLKEYLOGFILE` format compatible with Wiresh
 - support for s390x architecture removed
 - the [Lua]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}}) module is no longer available for SUSE Linux Enterprise Server 12
 
-More information: [Announcing NGINX Plus R33](https://community.f5.com/kb/technicalarticles/announcing-nginx-plus-r33-release/336403)
-
-
 ### NGINX Plus R33 Updates {#r33_p1}
 
 NGINX Plus R33 P1<br/>
@@ -174,6 +232,14 @@ This is a security release for NGINX Plus R33.
 - Security Fix [CVE-2025-23419](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419) in SNI that adds a restriction for TLSv1.3 cross-SNI session resumption.
 
 
+NGINX Plus R33 P3<br/>
+_August 13, 2025_
+
+This is a security release for NGINX Plus R33.
+
+- - Security: SMTP Authentication process memory over-read. This vulnerability in the NGINX `ngx_mail_smtp_module` may allow an unauthenticated attacker to trigger buffer over-read, resulting in worker process memory disclosure to the authentication server ([CVE-2025-53859](https://www.cve.org/CVERecord?id=CVE-2025-53859)).
+
+
 ## NGINX Plus Release 32 (R32) {#r32}
 _May 29, 2024_<br/>
 _Based on NGINX Open Source 1.25.5_
@@ -281,6 +347,14 @@ _February 5, 2025_
 - Regression issue fix in SSL Certificate Caching.
 
 
+NGINX Plus R32 P3<br/>
+_August 13, 2025_
+
+This is a security release for NGINX Plus R32.
+
+- Security: SMTP Authentication process memory over-read. This vulnerability in the NGINX `ngx_mail_smtp_module` may allow an unauthenticated attacker to trigger buffer over-read, resulting in worker process memory disclosure to the authentication server ([CVE-2025-53859](https://www.cve.org/CVERecord?id=CVE-2025-53859)).
+
+
 ## NGINX Plus Release 31 (R31) {#r31}
 _December 19, 2023_<br/>
 _Based on NGINX Open Source 1.25.3_
diff --git a/content/nginx/technical-specs.md b/content/nginx/technical-specs.md
index 41ba20307..cd51304f7 100644
--- a/content/nginx/technical-specs.md
+++ b/content/nginx/technical-specs.md
@@ -26,7 +26,7 @@ Dynamic modules are supported on the [same distributions as NGINX Plus](#support
 | Module           | Distribution and details                                                                                   |
 |-------------------|-----------------------------------------------------------------------------------------------------------|
 | [AppProtect]({{< ref "/nap-waf/v5/admin-guide/install.md" >}}) | AlmaLinux: **Not supported**<br>Alpine Linux 3.17 & 3.18: **Not supported**<br>Alpine Linux 3.19: **x86_64 only**<br>Amazon Linux 2: **Not supported**<br>Amazon Linux 2023: **x86_64 only**<br>Debian 11 & 12: **x86_64 only**<br>FreeBSD: **Not supported**<br>Oracle Linux 8: **x86_64 only**<br>RHEL 8 & 9: **x86_64 only**<br>Rocky Linux 8: **Not supported**<br>Rocky Linux 9: **x86_64 only**<br>SLES: **Not supported**<br>Ubuntu 20.04: **Not supported**<br>Ubuntu 22.04 & 24.04: **x86_64 only** |
-| [GeoIP]({{< ref "/nginx/admin-guide/dynamic-modules/geoip.md" >}}) | Amazon Linux 2023  **Not supported**<br>RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8.0+, 9: **Not supported**<br>FreeBSD: **Not supported**           |
+| [GeoIP]({{< ref "/nginx/admin-guide/dynamic-modules/geoip.md" >}}) | Amazon Linux 2023  **Not supported**<br>RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8.0+, 9, RHEL 10: **Not supported**<br>FreeBSD: **Not supported**           |
 | [GeoIP2]({{< ref "/nginx/admin-guide/dynamic-modules/geoip2.md" >}}) | Amazon Linux 2: **Not supported**                                            |
 | [HA-Keepalived]({{< ref "/nginx/admin-guide/high-availability/ha-keepalived-nodes.md#configuring-keepalived-for-an-additional-passive-node" >}}) | FreeBSD: **Not supported**<br>Alpine Linux: **Not supported**<br>Amazon Linux 2: **Not supported**<br>Amazon Linux 2023: **Not supported** |
 | [NGINX sync]({{< ref "/nginx/admin-guide/high-availability/configuration-sharing.md#installing-nginx-sync-on-the-primary-machine" >}}) | FreeBSD: **Not supported**<br>Alpine Linux: **Not supported**                                              |
@@ -58,14 +58,14 @@ TLSv1.2 and TLSv1.3 are the default SSL protocols starting from NGINX Plus R34 (
 ## Supported Deployment Environments
 
 - Bare metal
-- Container
-- Public cloud: AWS, Google Cloud Platform, Microsoft Azure
-- Virtual machine
+- Containers and Kubernetes
+- Public clouds: AWS, Google Cloud Platform, Microsoft Azure
+- Virtual machines
 
 ---
 
 ## Recommended Hardware
-See [Sizing Guide for Deploying NGINX Plus on Bare Metal Servers](https://www.nginx.com/resources/datasheets/nginx-plus-sizing-guide/)
+See [Sizing Guide for Deploying NGINX Plus](https://www.f5.com/pdf/deployment-guide/Sizing-Guide-for-Deploying-NGINX-Plus-in-Virtualized-Environments-2021-06-03.pdf)
 
 ---
 
@@ -104,6 +104,7 @@ See [Sizing Guide for Deploying NGINX Plus on Bare Metal Servers](https://www.ng
 - [Auth Basic](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) – Implement HTTP Basic Authentication scheme
 - [Auth JWT](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) – Validate JSON Web Tokens
 - [Auth Request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html) – Determine client authorization using subrequests to external authentication server
+- [Auth Require](https://nginx.org/en/docs/http/ngx_http_auth_require_module.html) – Variable-based access control support
 - [OIDC](https://nginx.org/en/docs/http/ngx_http_oidc_module.html) – Implement authentication as a Relying Party in OpenID Connect solution
 - [Referer](https://nginx.org/en/docs/http/ngx_http_referer_module.html) – Control access based on `Referer` field in HTTP request header
 - [Secure Link](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html) – Process encrypted, time-limited links to content
@@ -179,7 +180,7 @@ See [Sizing Guide for Deploying NGINX Plus on Bare Metal Servers](https://www.ng
 - [Limit Conn](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html) – Limit concurrent connections by key
 - [Log](https://nginx.org/en/docs/stream/ngx_stream_log_module.html) – Log TCP and UDP transactions
 - [Map](https://nginx.org/en/docs/stream/ngx_stream_map_module.html) – Create variables based on other variables in requests
-- [MQTT Preread](https://nginx.org/en/docs/stream/ngx_stream_mqtt_preread_module.html) – Forward MQTT traffic without processing	 it
+- [MQTT Preread](https://nginx.org/en/docs/stream/ngx_stream_mqtt_preread_module.html) – Forward MQTT traffic without processing it
 - [MQTT Filter](https://nginx.org/en/docs/stream/ngx_stream_mqtt_filter_module.html) – Process Message Queuing Telemetry Transport protocol (MQTT) protocol
 - [Proxy](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html) – Proxy requests to TCP and UDP servers
 - [Pass](https://nginx.org/en/docs/stream/ngx_stream_pass_module.html) – Pass any accepted client connection to any configured listening socket in http, stream, mail, and other similar modules
diff --git a/content/nginxaas-azure/_index.md b/content/nginxaas-azure/_index.md
index 0d8c6a9a9..7d786a0ea 100644
--- a/content/nginxaas-azure/_index.md
+++ b/content/nginxaas-azure/_index.md
@@ -1,11 +1,58 @@
 ---
 title: NGINXaaS for Azure
-description: 'NGINX as a Service for Azure is an IaaS offering that is tightly integrated
-  into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient,
-  and reliable with full lifecycle management of advanced NGINX traffic services.
-
-  '
+nd-subtitle: Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack
 url: /nginxaas/azure/
+nd-landing-page: true
 cascade:
   logo: NGINX-for-Azure-icon.svg
+nd-content-type: landing-page
+nd-product: N4Azure
 ---
+
+
+## About
+
+NGINX as a Service for Azure is an IaaS offering that is tightly integrated
+into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient,
+and reliable with full lifecycle management of advanced NGINX traffic services.
+
+## Featured content
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Getting started" titleUrl="/nginxaas/azure/getting-started/" icon="power">}}
+    Deploy NGINX as a Service for Azure using the Azure portal, Azure CLI, or Terraform
+  {{</card>}}
+  {{<card title="Quickstart guides" titleUrl="/nginxaas/azure/quickstart/" icon="square-play">}}
+    Step-by-step guides for several common use cases, including scaling guidance, security controls, and more
+  {{</card>}}
+  {{<card title="Logging and monitoring" titleUrl="/nginxaas/azure/monitoring/" icon="eye">}}
+    Collect, correlate, and analyze metrics for a thorough understanding of your application's health and behavior
+  {{</card>}}
+{{</card-section>}}
+
+### Billing
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Marketplace billing" titleUrl="/nginxaas/azure/billing/overview/" icon="wallet">}}
+    See the pricing plans and learn about NGINX Capacity Units (NCUs)
+  {{</card>}}
+{{</card-section>}}
+
+### Certificates
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Add certificates using the Azure portal" titleUrl="/nginxaas/azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal/" icon="shield-check">}}
+    Learn to manage SSL/TSL certificates using the Azure portal
+  {{</card>}}
+{{</card-section>}}
+
+### More information
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Feature comparison" titleUrl="/nginxaas/azure/overview/feature-comparison/" icon="git-compare-arrows">}}
+    Learn about the differences between NGINX as a Service for Azure and NGINX Plus
+  {{</card>}}
+  {{<card title="Changelog" titleUrl="/nginxaas/azure/changelog/" icon="file-clock">}}
+    See the latest updates: New features, improvements, and bug fixes
+  {{</card>}}
+{{</card-section>}}
diff --git a/content/nginxaas-azure/app-protect/configure-waf.md b/content/nginxaas-azure/app-protect/configure-waf.md
index fdb827b2f..4aea0ca1c 100644
--- a/content/nginxaas-azure/app-protect/configure-waf.md
+++ b/content/nginxaas-azure/app-protect/configure-waf.md
@@ -27,7 +27,7 @@ load_module modules/ngx_http_app_protect_module.so;
 app_protect_enforcer_address 127.0.0.1:50000;
 ```
 
-{{<note>}} The app_protect_enforcer_address directive is a required directive for Nginx App Protect to work and must match 127.0.0.1:50000{{</note>}}
+{{< call-out "note" >}} The app_protect_enforcer_address directive is a required directive for Nginx App Protect to work and must match 127.0.0.1:50000{{< /call-out >}}
 
 
 3. Enable NGINX App Protect WAF with the `app_protect_enable` directives in the appropriate scope. The `app_protect_enable` directive may be set in the `http`, `server`, and `location` contexts.
@@ -114,13 +114,20 @@ To create a custom security policy in the Azure Portal:
 3. Select **Custom Policies**
 4. Select **Add Custom Security Policy** to open the policy editor
 
-In the policy editor, enter the **Name**, **File path**, your policy content, and then select **Save**. The **File path** is optional and will default to the path "/etc/app_protect/conf/" plus the policy **Name** with a ".json" extension. After your policy has been saved, you can then reference it in your NGINX configuration. For more information on policy configuration and syntax, refer to the NGINX App Protect [configuration guide](https://docs.nginx.com/nginx-app-protect-waf/v5/configuration-guide/configuration/).
+In the policy editor:
 
-{{<note>}}The **name** field within the security policy must be unique among the policies referenced in your NGINX configuration.{{</note>}}
+- Enter the policy **Name**, **File path**, your policy content, and then select **Save**.
 
-{{<warning>}}Referencing both custom and precompiled policies in your NGINX configuration is not supported at this time. 
+    - The **File path** must start with the prefix "/etc/app_protect/conf/".
+    - The **File path** extension must be ".json".
+
+After your policy has been saved, you can then reference it in your NGINX configuration. For more information on policy configuration and syntax, refer to the NGINX App Protect [configuration guide](https://docs.nginx.com/nginx-app-protect-waf/v5/configuration-guide/configuration/).
+
+{{< call-out "note" >}}The **name** field within the security policy must be unique among the policies referenced in your NGINX configuration.{{< /call-out >}}
+
+{{< call-out "warning" >}}Referencing both custom and precompiled policies in your NGINX configuration is not supported at this time. 
 As a workaround, make a copy of the default policy you want to use, then add it as a custom policy with a different name.
-{{</warning>}}
+{{< /call-out >}}
 
 The **Custom Policies** tab shows the status of your custom policies (Compilation and Application Status). Custom policies are automatically compiled when created or modified. Policies that are applied to the NGINX configuration cannot be deleted until they are first removed from the configuration. 
 
@@ -128,4 +135,4 @@ It is highly recommended to use logging to monitor the performance of NGINX App
 
 ## What's next
 
-[Enable App Protect WAF Logs]({{< ref "/nginxaas-azure/app-protect/enable-logging.md" >}})
+[Enable App Protect WAF Logs]({{< ref "/nginxaas-azure/app-protect/enable-logging.md" >}})
\ No newline at end of file
diff --git a/content/nginxaas-azure/app-protect/enable-logging.md b/content/nginxaas-azure/app-protect/enable-logging.md
index 8c4f80fe6..04b171b85 100644
--- a/content/nginxaas-azure/app-protect/enable-logging.md
+++ b/content/nginxaas-azure/app-protect/enable-logging.md
@@ -105,8 +105,8 @@ NGINXaaS for Azure supports a local syslog server running on port 5140. Syslogs
 app_protect_security_log "/etc/app_protect/conf/log_all.json" syslog:server=localhost:5140;
 ```
 
-{{<note>}} When using a NGINXaaS syslog destination, the syslog server destination needs to match localhost:5140. Configuring log directives to other syslog locations will result in an error in the NGINX config.
-{{</note>}}
+{{< call-out "note" >}} When using a NGINXaaS syslog destination, the syslog server destination needs to match localhost:5140. Configuring log directives to other syslog locations will result in an error in the NGINX config.
+{{< /call-out >}}
 
 2. File Logging
 
@@ -116,8 +116,8 @@ NGINXaaS for Azure supports logging to a file path. Any logs written under `/var
 app_protect_security_log "/etc/app_protect/conf/log_all.json" /var/log/app_protect/security.log;
 ```
 
-{{<note>}}When using a file destination, the configured path for nginx security logs has to be within `/var/log/app_protect`. Configuring log directives to other file locations will result in an error in the NGINX config.
-{{</note>}}
+{{< call-out "note" >}}When using a file destination, the configured path for nginx security logs has to be within `/var/log/app_protect`. Configuring log directives to other file locations will result in an error in the NGINX config.
+{{< /call-out >}}
 
 
 ## Analyzing NGINX security logs in Azure Log Analytics workspaces.
@@ -187,4 +187,4 @@ NGXSecurityLogs
 
 To add a visualization to a dashboard, select the **Pin to dashboard** icon in the top right of the log analytics workspace.
 
-{{<note>}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Logs Analytics Workspace.{{</note>}}
+{{< call-out "note" >}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Logs Analytics Workspace.{{< /call-out >}}
diff --git a/content/nginxaas-azure/billing/overview.md b/content/nginxaas-azure/billing/overview.md
index a1e26f75a..42c426eae 100644
--- a/content/nginxaas-azure/billing/overview.md
+++ b/content/nginxaas-azure/billing/overview.md
@@ -35,7 +35,7 @@ When using the Basic plan, each NGINXaaS deployment is billed at the rate specif
 
 The SKU for the Basic pricing plan is `basic_Monthly`.
 
-{{< note >}}The costs for your plan will appear on the Azure Portal Cost Analysis page and the Azure Consumption APIs. There may be a 24h delay before usage is visible.{{< /note >}}
+{{< call-out "note" >}}The costs for your plan will appear on the Azure Portal Cost Analysis page and the Azure Consumption APIs. There may be a 24h delay before usage is visible.{{< /call-out >}}
 
 
 ## NGINX Capacity Unit (NCU)
@@ -61,18 +61,18 @@ Each NCU provisioned (not consumed) is billed at the rate specified on the [Azur
 * Total NCU·hours: `100 NCU·hour`
 * Total:  `100 NCU·hours * 0.05$/NCU/hour = $5.00`.
 
-{{< note >}}Further guidance:
+{{< call-out "note" >}}Further guidance:
 * For how many NCUs should you provision and how to scale to match workload, see the [Scaling Guidance]({{< ref "/nginxaas-azure/quickstart/scaling.md" >}})
 * To learn more about metrics related to NCUs, see the [NGINXaaS Statistics namespace]({{< ref "/nginxaas-azure/monitoring/metrics-catalog.md#nginxaas-statistics" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 
 ## Bandwidth
 
 The standard Azure [networking](https://azure.microsoft.com/en-us/pricing/details/virtual-network/) and [bandwidth](https://azure.microsoft.com/en-us/pricing/details/bandwidth/) charges apply to NGINX deployments.
 
-{{< note >}}The management traffic for NGINX instances is billed as a `Virtual Network Peering - Intra-Region Egress` charge. This charge includes the data for shipping metrics and logs. The cost for shipping metrics data is approximately $0.03/month. If you enable NGINX logging the cost increases by roughly $0.005 per GB of logs NGINX generates. To estimate this, multiply the number of requests by the average log line size of the access_log format you have configured.
-{{< /note >}}
+{{< call-out "note" >}}The management traffic for NGINX instances is billed as a `Virtual Network Peering - Intra-Region Egress` charge. This charge includes the data for shipping metrics and logs. The cost for shipping metrics data is approximately $0.03/month. If you enable NGINX logging the cost increases by roughly $0.005 per GB of logs NGINX generates. To estimate this, multiply the number of requests by the average log line size of the access_log format you have configured.
+{{< /call-out >}}
 
 ## Review billing data
 
diff --git a/content/nginxaas-azure/changelog-archive/changelog-2024.md b/content/nginxaas-azure/changelog-archive/changelog-2024.md
index 6c05a33c1..2894053f8 100644
--- a/content/nginxaas-azure/changelog-archive/changelog-2024.md
+++ b/content/nginxaas-azure/changelog-archive/changelog-2024.md
@@ -77,7 +77,7 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi
 
 NGINXaaS for Azure now supports the [Standard V2](https://docs.nginx.com/nginxaas/azure/billing/overview) plan. We encourage you to use the Standard V2 plan for all new NGINXaaS deployments from now on to take advantage of additional features like NGINX App Protect WAF and a higher number of listen ports. The Standard V2 plan follows a similar pricing model as the Standard plan.
 
-{{<important>}}The Standard plan will be deprecated and will not be available for new deployments starting November 1, 2024.{{</important>}}
+{{< call-out "important" >}}The Standard plan will be deprecated and will not be available for new deployments starting November 1, 2024.{{< /call-out >}}
 
 Your current deployments on the Standard plan will continue to function but won't include any of the new features we've introduced in the Standard V2 plan. Additionally, we intend to phase out the Standard plan in the future. When this happens, we will offer a migration path to the Standard V2 plan for existing NGINXaaS deployments on the Standard plan.
 
diff --git a/content/nginxaas-azure/changelog.md b/content/nginxaas-azure/changelog.md
index 65f50437f..e9470ef8e 100644
--- a/content/nginxaas-azure/changelog.md
+++ b/content/nginxaas-azure/changelog.md
@@ -14,6 +14,25 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi
 To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/changelog-archive" >}}) section.
 
 
+## Aug 18, 2025
+
+- {{% icon-feature %}} **Updates to NGINXaaS for Azure GitHub Action**
+
+  - Users can now specify files in their configuration directory to be marked as protected using a new optional Action input called `protected-files`. This new input accepts comma-separated list of file paths relative to the NGINX configuration directory that should be marked as protected. For more information, please visit [NGINXaaS for Azure Deployment Action](https://github.com/marketplace/actions/nginx-configuration-sync) on GitHub actions marketplace. Example:
+      ```yaml
+      - name: Sync NGINX Config to Azure
+        uses: nginxinc/nginx-for-azure-deploy-action@v0.5.0
+        with:
+           nginx-config-directory-path: configs/
+           nginx-root-config-file: nginx.conf
+           transformed-nginx-config-directory-path: /etc/nginx/
+           protected-files: protected-1.conf,protected-2.conf
+      ```
+
+
+  - To enhance security, the service principal used for Azure login prior to running the NGINXaaS for Azure Deployment Action now only requires the Contributor role at the scope of the NGINXaaS for Azure deployment. It no longer needs the Contributor role at the resource group level containing the deployment.
+
+
 ## May 22, 2025
 
 - {{% icon-feature %}} **NGINXaaS for Azure now supports IPv6**
diff --git a/content/nginxaas-azure/disaster-recovery.md b/content/nginxaas-azure/disaster-recovery.md
index 45325efd2..0d0a150ae 100644
--- a/content/nginxaas-azure/disaster-recovery.md
+++ b/content/nginxaas-azure/disaster-recovery.md
@@ -30,11 +30,11 @@ This guide describes how to configure disaster recovery (DR) for F5 NGINX as a S
 - Unique, non-overlapping VNet and subnet address spaces for each region.
 - Terraform 1.3+ and AzureRM provider 4.23+.
 
-{{< note >}} Each NGINX deployment **must run on separate subnets and non-overlapping address spaces**. This is critical for [Virtual Network (VNet) peering](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-configure-subnet-peering) between the two regions. For example:
+{{< call-out "note" >}} Each NGINX deployment **must run on separate subnets and non-overlapping address spaces**. This is critical for [Virtual Network (VNet) peering](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-configure-subnet-peering) between the two regions. For example:
 
   - Primary Region Virtual Network Address Space: `10.0.0.0/16`
   - Secondary Region Virtual Network Address Space: `172.16.0.0/16`
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -263,7 +263,7 @@ resource "azurerm_virtual_network_peering" "secondary_vnet_to_primary_vnet" {
 - **Subnet Peering for Overlapping VNets:**
 If overlapping address spaces are unavoidable, use subnet-level peering to selectively peer only the required subnets.
 
-   {{< note >}}As of May 2025, subnet peering is not available by default for all subscriptions. To use this feature, you must have the subscription on which you want to configure subnet peering be registered with Azure. Please review the configuration details and limitations in this [document](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-configure-subnet-peering).{{< /note >}}
+   {{< call-out "note" >}}As of May 2025, subnet peering is not available by default for all subscriptions. To use this feature, you must have the subscription on which you want to configure subnet peering be registered with Azure. Please review the configuration details and limitations in this [document](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-configure-subnet-peering).{{< /call-out >}}
 
 ---
 
diff --git a/content/nginxaas-azure/get-help.md b/content/nginxaas-azure/get-help.md
index b418b008f..bd8e22aa1 100644
--- a/content/nginxaas-azure/get-help.md
+++ b/content/nginxaas-azure/get-help.md
@@ -22,7 +22,7 @@ To contact support about F5 NGINX as a Service for Azure (NGINXaaS):
 
 4. You will be redirected to **MyF5** to create a new case. Log in to MyF5 with your F5 account.
 
-{{< note >}}If you can't complete a deployment successfully, the "New support request" option won't be available on the left-hand navigation menu. To raise a support ticket, go to the [MyF5 portal](https://my.f5.com). {{< /note >}}
+{{< call-out "note" >}}If you can't complete a deployment successfully, the "New support request" option won't be available on the left-hand navigation menu. To raise a support ticket, go to the [MyF5 portal](https://my.f5.com). {{< /call-out >}}
 
 5. Go to the **Case Management** section and select **Create new case**.
 
diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md
index 786649422..3182aec32 100644
--- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md
+++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md
@@ -42,8 +42,8 @@ az nginx deployment create --deployment-name
    ```bash
    az nginx deployment create --name myDeployment --resource-group \
       myResourceGroup --location eastus2 --sku name="standardv2_Monthly" \
-      --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP}]}" \
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
 - Create a deployment with private IP:
@@ -53,7 +53,7 @@ az nginx deployment create --deployment-name
       myResourceGroup --location eastus2 --sku \
       name="standardv2_Monthly" --network-profile \
       front-end-ip-configuration="{private-ip-addresses:[{private-ip-allocation-method:Static,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:10.0.0.2}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
    ```bash
@@ -61,7 +61,7 @@ az nginx deployment create --deployment-name
       myResourceGroup --location eastus2 --sku \
       name="standardv2_Monthly" --network-profile \
       front-end-ip-configuration="{private-ip-addresses:[{private-ip-allocation-method:Dynamic,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:10.0.0.2}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
 - Create a dual-stack (IPv4 + IPv6) NGINXaaS deployment with public IPs:
@@ -70,7 +70,7 @@ az nginx deployment create --deployment-name
    az nginx deployment create --name myDeployment --resource-group \
       myResourceGroup --location eastus2 --sku name="standardv2_Monthly" \
       --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv4},{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv6}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
 - Create a dual-stack (IPv4 + IPv6) NGINXaaS deployment with private IPs:
@@ -80,7 +80,7 @@ az nginx deployment create --deployment-name
       myResourceGroup --location eastus2 --sku \
       name="standardv2_Monthly" --network-profile \
       front-end-ip-configuration="{private-ip-addresses:[{private-ip-allocation-method:Static,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:10.0.0.2},{private-ip-allocation-method:Static,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:2001:0db8:85a3:0000:0000:8a2e:0370:7334}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
 - Create a deployment with managed identity, storage account and scaling:
@@ -138,8 +138,8 @@ Update an NGINXaaS deployment to a dual-stack (IPv4 + IPv6) network configuratio
 
    ```bash
    az nginx deployment update --name myDeployment --resource-group myResourceGroup \
-      --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv4},{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv6}]}" \
-      network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
+      --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv4},{id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv6}]}" \
+      network-interface-configuration="{subnet-id:/subscriptions/mySubscriptionID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}"
    ```
 
 See the [Azure CLI Deployment Update Documentation](https://learn.microsoft.com/en-us/cli/azure/nginx/deployment#az-nginx-deployment-update) for more details on the required and optional parameters.
@@ -150,7 +150,7 @@ See the [Azure CLI Deployment Update Documentation](https://learn.microsoft.com/
 Use the `az nginx deployment delete` command to delete an NGINXaaS for Azure resource:
 
 ```bash
-az nginx deployment delete [--deployment-name]
+az nginx deployment delete [--name]
                            [--ids]
                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                            [--resource-group]
diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md
index 964a5ce8b..8a146eaa8 100644
--- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md
+++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md
@@ -109,11 +109,11 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS](
 
 1. To test your deployment, you can go to the IP address noted on the overview page. The default NGINX welcome screen should load.
 
-   {{<note>}}You will not see the default NGINX welcome screen if you unchecked "Apply default NGINX configuration" in the [Networking Tab screen]({{< ref "create-deployment.md#networking-tab" >}}) above. You can proceed with providing your own NGINX configuration as outlined in the [NGINX configuration]({{< ref "nginx-configuration.md#networking-tab" >}}) section.{{</note>}}
+   {{< call-out "note" >}}You will not see the default NGINX welcome screen if you unchecked "Apply default NGINX configuration" in the [Networking Tab screen]({{< ref "create-deployment.md#networking-tab" >}}) above. You can proceed with providing your own NGINX configuration as outlined in the [NGINX configuration]({{< ref "nginx-configuration.md#networking-tab" >}}) section.{{< /call-out >}}
 
    {{< img src="nginxaas-azure/test-deployment.png" alt="NGINXaaS Overview page showing the IP address of the deployment in the Essentials section." >}}
 
-{{< note >}}It's not possible to manually stop or start NGINXaaS. If necessary, you have the option to delete the deployment and re-deploy at a future date.{{< /note >}}
+{{< call-out "note" >}}It's not possible to manually stop or start NGINXaaS. If necessary, you have the option to delete the deployment and re-deploy at a future date.{{< /call-out >}}
 
 
 ## What's next
diff --git a/content/nginxaas-azure/getting-started/managed-identity-portal.md b/content/nginxaas-azure/getting-started/managed-identity-portal.md
index 4051d36dc..2d91fd063 100644
--- a/content/nginxaas-azure/getting-started/managed-identity-portal.md
+++ b/content/nginxaas-azure/getting-started/managed-identity-portal.md
@@ -33,7 +33,7 @@ F5 NGINX as a Service for Azure (NGINXaaS) leverages a user assigned and a syste
 3. Select the appropriate **subscription** and **user assigned managed identity**, then select **Add**.
 
 <br>
-   {{<note>}}NGINXaaS supports adding a system assigned managed identity and a user assigned managed identity. Adding more than one user assigned managed identity is not supported.{{</note>}}
+   {{< call-out "note" >}}NGINXaaS supports adding a system assigned managed identity and a user assigned managed identity. Adding more than one user assigned managed identity is not supported.{{< /call-out >}}
 
 4. The added user assigned managed identity will show up in the main table.
 
@@ -53,7 +53,7 @@ F5 NGINX as a Service for Azure (NGINXaaS) leverages a user assigned and a syste
 
 3. To confirm the operation, select **Yes** on the confirmation prompt.
 
-   {{<note>}}NGINXaaS supports using only one type of managed identity per deployment at a time. User assigned and system assigned identities cannot be present simultaneously.{{</note>}}
+   {{< call-out "note" >}}NGINXaaS supports using only one type of managed identity per deployment at a time. User assigned and system assigned identities cannot be present simultaneously.{{< /call-out >}}
 
 4. To provide the role assignments necessary for the deployment, Select **Azure Role Assignments** under Permissions.
 
@@ -71,13 +71,13 @@ F5 NGINX as a Service for Azure (NGINXaaS) leverages a user assigned and a syste
 
 3. Confirm the operation by selecting **Yes** on the confirmation prompt.
 
-{{<note>}}Removing a Managed Identity from an NGINX deployment has the following effects:
+{{< call-out "note" >}}Removing a Managed Identity from an NGINX deployment has the following effects:
 
 - If the NGINX deployment uses any SSL/TLS certificates, then any updates to the deployment (including deployment properties, certificates, and configuration) will result in a failure. If the configuration is updated not to use any certificates, then those requests will succeed.
 
 - If publishing metrics is enabled for the NGINX deployment, then the metrics will no longer be published to Azure Monitor for this deployment until a Managed Identity is added.
 
-- If logging is enabled for the NGINX deployment, then the logs will no longer be exported to the Azure Blob Storage Container for this deployment until a Managed Identity is added.{{</note>}}
+- If logging is enabled for the NGINX deployment, then the logs will no longer be exported to the Azure Blob Storage Container for this deployment until a Managed Identity is added.{{< /call-out >}}
 
 
 ## What's next
diff --git a/content/nginxaas-azure/getting-started/migrate-from-standard.md b/content/nginxaas-azure/getting-started/migrate-from-standard.md
index 8c0f82c85..f0922ddd3 100644
--- a/content/nginxaas-azure/getting-started/migrate-from-standard.md
+++ b/content/nginxaas-azure/getting-started/migrate-from-standard.md
@@ -13,7 +13,7 @@ F5 NGINX as a Service for Azure (NGINXaaS) now supports in-place migration from
 
 The Standard V2 plan maintains the same price as the Standard plan for existing capabilities. Enabling new capabilities such as NGINX App Protect WAF or additional listen ports that were added as part of Standard V2 will incur additional charges.
 
-{{< note >}} We currently only support in-place migration from Standard plan to the Standard V2 plan. Please avoid updating your Basic plan deployments to Standard V2 plan using this guide. {{< /note >}}
+{{< call-out "note" >}} We currently only support in-place migration from Standard plan to the Standard V2 plan. Please avoid updating your Basic plan deployments to Standard V2 plan using this guide. {{< /call-out >}}
 
 ## Migration Steps
 
diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md
index a880403a7..1c5015b2e 100644
--- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md
+++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md
@@ -214,7 +214,7 @@ az nginx deployment configuration update [--add]
 See the [Azure CLI Configuration Update Documentation](https://learn.microsoft.com/en-us/cli/azure/nginx/deployment/configuration?view=azure-cli-latest#az-nginx-deployment-configuration-update) for more details on the available parameters.
 
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 See the [NGINX connfiguration overview]({{< ref "overview.md" >}}) topic
 to learn more about:
@@ -225,4 +225,4 @@ to learn more about:
 - [Directives that cannot be overridden]({{< ref "overview.md#directives-that-cannot-be-overridden" >}})
 - [Configuration directives list]({{< ref "overview.md#configuration-directives-list" >}})
 
-{{< /tip >}}
+{{< /call-out >}}
diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
index 77a0b75ba..c3d4b769b 100644
--- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
+++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
@@ -15,8 +15,8 @@ An NGINX configuration can be applied to the deployment using the Azure portal i
 
 As part of applying your NGINX configuration, the service validates the configuration for syntax and compatibility with F5 NGINX as a Service for Azure (NGINXaaS). The use of certain directives and parameters is not allowed to ensure the NGINX configuration’s compatibility with IaaS deployment model in Azure. Validation errors are reported in the editor for you to correct. For more information, check the [NGINX Configuration Validation]({{< ref "nginx-configuration.md#nginx-configuration-validation" >}}) section.
 
-{{< note >}}
-NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers, refer to the server name in the server block within the HTTP context. To learn more, and see examples, follow the instructions in the [NGINX configuration validtion]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md#nginx-configuration-validation" >}}) section.{{< /note >}}
+{{< call-out "note" >}}
+NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers, refer to the server name in the server block within the HTTP context. To learn more, and see examples, follow the instructions in the [NGINX configuration validtion]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md#nginx-configuration-validation" >}}) section.{{< /call-out >}}
 
 ## Prerequisites
 
@@ -30,19 +30,19 @@ NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers
 
 1. Select **NGINX configuration** in the left menu and you will see the default configuration that NGINXaaS provides.
 
-   {{<note>}}If you don't see the default configuration, it's likely the deployment was created through a client tool other than the portal (For example, Terraform), or the "Apply default NGINX configuration" was unchecked during the deployment creation process in the portal. You can still proceed with the steps below to provide your own NGINX configuration for the deployment.{{</note>}}
+   {{< call-out "note" >}}If you don't see the default configuration, it's likely the deployment was created through a client tool other than the portal (For example, Terraform), or the "Apply default NGINX configuration" was unchecked during the deployment creation process in the portal. You can still proceed with the steps below to provide your own NGINX configuration for the deployment.{{< /call-out >}}
 
-1. Select {{< fa "fa fa-plus">}}**New File** to add a file path, then **Confirm**.
+1. Select {{< icon "fa fa-plus">}}**New File** to add a file path, then **Confirm**.
 
    {{<bootstrap-table "table table-striped table-bordered">}}
    | Property | Description |
    | -------- | ----------- |
    | File path | Each NGINX configuration file can be uniquely identified by a file path (for example, nginx.conf or /etc/nginx/nginx.conf) to align with the intended NGINX configuration file structure. |
    | Root file | The root file is the main NGINX configuration file.<ul><li>The first file created will be the root file by default. You can designate a different root file if you have more than a single configuration file in your deployment.</li><li>The root file is designated with a {{< golden-star >}} icon on the portal.</li></ul> |
-   | Protected File | Indicates that the file may contain sensitive data such as passwords or represent an ssl/tls certificate.<ul><li>To protect a file, enable the **Protected** {{<fa "solid fa-toggle-on">}} toggle button.</li><li>You cannot access the file contents of a protected file saved to the NGINX configuration, but you can view its metadata, such as the SHA-256 hash of the file contents.</li><li>You can provide new contents for an existing protected file using the <u>**Overwrite**</u> link or resubmit it without having to provide the file contents again.</li><li>To modify the file path of a protected file or convert it to a regular file, delete the original file and create a new one.</li><li>A protected file is designated with a {{<fa "solid fa-lock">}} icon on the portal.</li></ul> |
+   | Protected File | Indicates that the file may contain sensitive data such as passwords or represent an ssl/tls certificate.<ul><li>To protect a file, enable the **Protected** {{<icon "solid fa-toggle-on">}} toggle button.</li><li>You cannot access the file contents of a protected file saved to the NGINX configuration, but you can view its metadata, such as the SHA-256 hash of the file contents.</li><li>You can provide new contents for an existing protected file using the <u>**Overwrite**</u> link or resubmit it without having to provide the file contents again.</li><li>To modify the file path of a protected file or convert it to a regular file, delete the original file and create a new one.</li><li>A protected file is designated with a {{<icon "solid fa-lock">}} icon on the portal.</li></ul> |
    {{</bootstrap-table>}}
 
-   {{<note>}}If specifying an absolute file path, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{</note>}}
+   {{< call-out "note" >}}If specifying an absolute file path, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{< /call-out >}}
 
 1. Provide your NGINX configuration in the configuration file.
 
@@ -118,7 +118,7 @@ http {
 
 1. Specify the root file.
 
-   {{<warning>}}Uploading a new file will replace all existing NGINX configuration files in your deployment.  You must acknowledge this step before you proceed to upload.{{</warning>}}
+   {{< call-out "warning" >}}Uploading a new file will replace all existing NGINX configuration files in your deployment.  You must acknowledge this step before you proceed to upload.{{< /call-out >}}
 
 1. Select **Upload**.
 
@@ -146,13 +146,13 @@ http {
 
 1. Select the configuration file you want to delete from the File path list.
 
-1. Select the delete icon {{< fa "fa fa-trash">}}.
+1. Select the delete icon {{< icon "fa fa-trash">}}.
 
 1. Confirm your action to delete the configuration file.
 
-   {{<note>}}Only non-root configuration files can be deleted.{{</note>}}
+   {{< call-out "note" >}}Only non-root configuration files can be deleted.{{< /call-out >}}
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 See the [NGINX connfiguration overview]({{< ref "overview.md" >}}) topic
 to learn more about:
@@ -163,4 +163,4 @@ to learn more about:
 - [Directives that cannot be overridden]({{< ref "overview.md#directives-that-cannot-be-overridden" >}})
 - [Configuration directives list]({{< ref "overview.md#configuration-directives-list" >}})
 
-{{< /tip >}}
+{{< /call-out >}}
diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md
index e0d8fb643..03789d9d3 100644
--- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md
+++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md
@@ -70,7 +70,7 @@ Once the deployment is no longer needed, run the following to clean up the deplo
 
 {{< include "/nginxaas-azure/terraform-resources.md" >}}
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 See the [NGINX connfiguration overview]({{< ref "overview.md" >}}) topic
 to learn more about:
@@ -81,4 +81,4 @@ to learn more about:
 - [Directives that cannot be overridden]({{< ref "overview.md#directives-that-cannot-be-overridden" >}})
 - [Configuration directives list]({{< ref "overview.md#configuration-directives-list" >}})
 
-{{< /tip >}}
+{{< /call-out >}}
diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/overview.md b/content/nginxaas-azure/getting-started/nginx-configuration/overview.md
index 48ca51ef6..6d3f4910a 100644
--- a/content/nginxaas-azure/getting-started/nginx-configuration/overview.md
+++ b/content/nginxaas-azure/getting-started/nginx-configuration/overview.md
@@ -74,7 +74,9 @@ Some directives cannot be overridden by the user provided configuration.
 
 ## NGINX listen port restrictions
 
-- Due to port restrictions on Azure Load Balancer health probes, ports `19`, `21`, `70`, and `119` are not allowed. The NGINXaaS deployment can listen on all other ports.
+- Due to port restrictions on Azure Load Balancer health probes, certain ports are not allowed for the `listen` directive in NGINX configuration. The following ports are blocked:
+  - `19`, `21`, `70`, `119` - Azure health probe restricted ports
+  - `49151`, `49153`, `5140`, `50000`, `54141`, `54779` - reserved ports to support other NGINXaaS features
 
 - The [Basic]({{< ref "/nginxaas-azure/billing/overview.md#basic-plan" >}}) plan (and the deprecated Standard (v1) plan) supports a maximum of 5 listen ports in the NGINX configuration. Configurations that specify over 5 unique ports are rejected.
 
diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md
index 1a36daa0c..580baf1b4 100644
--- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md
+++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md
@@ -29,9 +29,9 @@ Add a certificate from an Azure Key Vault to your NGINXaaS deployment using your
 * [Add certificates using the Azure CLI]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md">}})
 * [Add certificates using Terraform]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md">}})
 
-{{< note >}}- You can overwrite the NGINX default protocol to configure the desired TLS/SSL policy. Read more about the procedure in the [Module ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) documentation.
+{{< call-out "note" >}}- You can overwrite the NGINX default protocol to configure the desired TLS/SSL policy. Read more about the procedure in the [Module ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) documentation.
 
-- You can associate multiple certificates for the same domain; the "ssl_certificate" directive can be specified multiple times to load certificates of different types. To learn more, see the [Module ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) documentation.{{</ note >}}
+- You can associate multiple certificates for the same domain; the "ssl_certificate" directive can be specified multiple times to load certificates of different types. To learn more, see the [Module ngx_http_ssl_module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) documentation.{{< /call-out >}}
 
 ### Add SSL/TLS certificates bundled with NGINXaaS configuration
 
@@ -56,7 +56,7 @@ NGINXaaS for Azure regularly polls the AKV to check if the certificate has been
 
 For Azure client tools, such as the Azure CLI or Azure Resource Manager, the certificate is referenced from AKV using its Key Vault secret identifier. If the secret identifier specifies a version, NGINXaaS will not rotate the certificate. To enable certificate rotation, ensure the secret id does not contain a version, for example, `https://myvault.vault.azure.net/secrets/mysecret`. Certificates added using the Azure Portal will automatically be rotated.
 
-{{<warning>}}If any of your SSL/TLS certificates or your NGINX configuration has issues, the certificates will not be rotated.{{</warning>}}
+{{< call-out "warning" >}}If any of your SSL/TLS certificates or your NGINX configuration has issues, the certificates will not be rotated.{{< /call-out >}}
 
 ## Monitor certificates
 
diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
index 0c27e8ff3..bb6c0fc65 100644
--- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
+++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
@@ -24,7 +24,7 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
 
 1. Select **NGINX certificates** in the left menu.
 
-1. Select {{< fa "plus">}}**Add certificate**.
+1. Select {{< icon "plus">}}**Add certificate**.
 
 1. Provide the required information:
 
@@ -47,9 +47,9 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
 
       If you need to create a new key vault or certificate, you can do so by selecting **Create new key vault** or **Create new** under the **Key Vault** and **Certificate** fields, respectively.
 
-      {{<note>}}If specifying an absolute file path as the `Certificate path` or `Key path`, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{</note>}}
+      {{< call-out "note" >}}If specifying an absolute file path as the `Certificate path` or `Key path`, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{< /call-out >}}
 
-      {{<note>}}A certificate added to an NGINXaaS for Azure deployment using the Azure Portal refers to an unversioned Azure Key Vault (AKV) secret identifier. To add a certificate with a versioned AKV secret identifier, follow the documented steps with alternative [Client tools]({{< ref "/nginxaas-azure/client-tools/_index.md" >}}) for NGINXaaS for Azure.{{</note>}}
+      {{< call-out "note" >}}A certificate added to an NGINXaaS for Azure deployment using the Azure Portal refers to an unversioned Azure Key Vault (AKV) secret identifier. To add a certificate with a versioned AKV secret identifier, follow the documented steps with alternative [Client tools]({{< ref "/nginxaas-azure/client-tools/_index.md" >}}) for NGINXaaS for Azure.{{< /call-out >}}
 
 1. Select **Add certificate**.
 
@@ -72,7 +72,7 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
 
 1. Select the checkbox next to the certificate you want to edit.
 
-1. Select {{< fa "pencil">}} **Edit**.
+1. Select {{< icon "pencil">}} **Edit**.
 
 1. Update the Name, Certificate path, Key path fields as needed.
 
@@ -86,11 +86,11 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
 
 1. Select the checkbox next to the certificate you want to delete.
 
-1. Select {{< fa "trash">}}**Delete**.
+1. Select {{< icon "trash">}}**Delete**.
 
 1. Confirm the delete action.
 
-{{<warning>}}Deleting a TLS/SSL certificate currently in-use by the NGINXaaS for Azure deployment will cause an error.{{</warning>}}
+{{< call-out "warning" >}}Deleting a TLS/SSL certificate currently in-use by the NGINXaaS for Azure deployment will cause an error.{{< /call-out >}}
 
 ## What's next
 
diff --git a/content/nginxaas-azure/loadbalancer-kubernetes.md b/content/nginxaas-azure/loadbalancer-kubernetes.md
index ef48fde68..9ea1a46d4 100644
--- a/content/nginxaas-azure/loadbalancer-kubernetes.md
+++ b/content/nginxaas-azure/loadbalancer-kubernetes.md
@@ -69,7 +69,7 @@ The steps in this section must be completed once for each new setup. We will ins
 
 #### Create an NGINXaaS data plane API key
 
-{{<note>}}
+{{< call-out "note" >}}
 The data plane API key has the following requirements:
 
 - The key should have an expiration date. The default expiration date is six months from the date of creation. The expiration date cannot be longer than two years from the date of creation.
@@ -82,7 +82,7 @@ The data plane API key has the following requirements:
 
 A good example of an API key that will satisfy the requirements is UUIDv4.
 
-{{</note>}}
+{{< /call-out >}}
 
 The data plane API key can be created using the Azure CLI or portal.
 
@@ -95,9 +95,9 @@ The data plane API key can be created using the Azure CLI or portal.
 1. Select the **Add API Key** button.
 1. Copy the value of the new API key.
 
-{{<note>}}
+{{< call-out "note" >}}
 Make sure to write down the key value in a safe location after creation, as you cannot retrieve it again. If you lose the generated value, delete the existing key and create a new one.
-{{</note>}}
+{{< /call-out >}}
 
 ##### Create an NGINXaaS data plane API key using the Azure CLI
 
@@ -211,9 +211,9 @@ You can also install the NLK controller AKS extension by navigating to [F5 NGINX
 - Select **Review + Create** to continue.
 - Azure will validate the extension settings. This page will provide a summary of the provided information. Select **Create**.
 
-{{<note>}}
+{{< call-out "note" >}}
 The NGINXaaS data plane API that NLK uses is mounted at `${dataplaneAPIEndpoint}nplus`. For example, if the data plane API endpoint is `https://mynginx-75b3bf22a555.eastus2.nginxaas.net/` then the value for `nlk.config.nginxHosts` should be `https://mynginx-75b3bf22a555.eastus2.nginxaas.net/nplus`.
-{{</note>}}
+{{< /call-out >}}
 
 ### Create an NGINX configuration with dynamic upstream
 
@@ -257,12 +257,12 @@ Expose a Kubernetes `Service` to route traffic to your workload.  The `Service`
   - If the upstream is in the `http` context and named `my-service` then the name is `http-my-service`
   - If the upstream is in the `stream` context and named `jet` then the port name is `stream-jet`
 
-{{< note >}}
+{{< call-out "note" >}}
 **NGINX Ingress Controller users**: with v5.0.0 and upwards, if you wish to route traffic from your NGINXaaS deployment to your NGINX Ingress Controller service, please make the following changes to your helm chart values:
 
 - Add `"nginx.com/nginxaas": "nginxaas"` to the NGINX Ingress Controller service annotations.
 - Modify the `service.httpPort.name` or `service.httpsPort.name` values to provide the expected port name format, as above.
-{{</ note >}}
+{{< /call-out >}}
 
 The following example uses a service of type `NodePort`:
 
@@ -345,10 +345,10 @@ flowchart TB
    accDescr:A diagram showing NGINXaaS directing separate user GET requests for `/tea` and `/coffee` to respective Kubernetes-based services "TeaSvc" and "CoffeeSvc" that are running in separate Azure Kubernetes Clusters. An NLK controller in each cluster is independently updating the NGINXaaS with dynamic upstream configuration.
 ```
 
-{{<note>}}
+{{< call-out "note" >}}
 
 - Configuring multiple NLK controllers to update the same upstream isn't supported and will result in unpredictable behavior.
-{{</note>}}
+{{< /call-out >}}
 
 ### Multiple NGINXaaS deployments
 
@@ -356,10 +356,10 @@ Multiple NLK controllers can be installed in the same AKS cluster to update sepa
 
 Each NLK needs a unique helm release name and needs a unique helm value for `nlk.config.serviceAnnotationMatch`. Each NLK will only watch services that have the matching annotation.
 
-{{<note>}}
+{{< call-out "note" >}}
 
 - Consider using `helm` to install multiple NLK controllers on an AKS cluster. Installing multiple copies of the controller on the same AKS cluster is not supported via the [AKS Extension](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/f5-networks.f5-nginx-for-azure-aks-extension?tab=overview).
-{{</note>}}
+{{< /call-out >}}
 
 ## Troubleshooting
 
diff --git a/content/nginxaas-azure/monitoring/configure-alerts.md b/content/nginxaas-azure/monitoring/configure-alerts.md
index 10a7d0a9f..85543bd35 100644
--- a/content/nginxaas-azure/monitoring/configure-alerts.md
+++ b/content/nginxaas-azure/monitoring/configure-alerts.md
@@ -11,7 +11,7 @@ type:
 
 ## Overview
 
-{{<note>}}F5 NGINX as a Service for Azure (NGINXaaS) publishes platform metrics to Azure Monitor. To learn more about how to create and manage metrics-based alert rules, refer to the [Alerts section in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric) documentation from Microsoft. {{</note>}}
+{{< call-out "note" >}}F5 NGINX as a Service for Azure (NGINXaaS) publishes platform metrics to Azure Monitor. To learn more about how to create and manage metrics-based alert rules, refer to the [Alerts section in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric) documentation from Microsoft. {{< /call-out >}}
 
 This guide explains how to create and configure metrics-based alerts for your NGINXaaS for Azure deployment using Azure Monitor.
 
@@ -24,7 +24,7 @@ This guide explains how to create and configure metrics-based alerts for your NG
 
 - To enable metrics, see [Enable Monitoring]({{< ref "/nginxaas-azure/monitoring/enable-monitoring.md" >}}).
 
-{{<note>}} See [Azure monitor overview](https://docs.microsoft.com/en-us/azure/azure-monitor/overview) documentation to familiarize with Azure Monitor. {{</note>}}
+{{< call-out "note" >}} See [Azure monitor overview](https://docs.microsoft.com/en-us/azure/azure-monitor/overview) documentation to familiarize with Azure Monitor. {{< /call-out >}}
 
 ## Create metrics-based alerts for proactive monitoring.
 
@@ -36,7 +36,7 @@ This guide explains how to create and configure metrics-based alerts for your NG
 
 4. Select the **Scope** tab, and choose NGINX deployment as the scope of the alert.
 
-{{<note>}} The scope is auto-selected as NGINX deployment. {{</note>}}
+{{< call-out "note" >}} The scope is auto-selected as NGINX deployment. {{< /call-out >}}
 
 5. In the **Conditions** tab, select a **Signal name**, for example, "nginx.http.request.count".
 
@@ -60,4 +60,4 @@ This guide explains how to create and configure metrics-based alerts for your NG
     - Specify the **severity** of the alert, and the name of the rule.
     - In the **advanced options** tab, you can turn on "Enable alert upon creation" and "Automatically resolve alerts".
 
-{{<note>}} [Standard Azure alert charges will apply](https://azure.microsoft.com/en-us/pricing/details/monitor/).{{</note>}}
\ No newline at end of file
+{{< call-out "note" >}} [Standard Azure alert charges will apply](https://azure.microsoft.com/en-us/pricing/details/monitor/).{{< /call-out >}}
\ No newline at end of file
diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md
index 4344f69bc..08b1362c4 100644
--- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md
+++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md
@@ -12,9 +12,9 @@ type:
 
 F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs.
 
-{{<caution>}}
+{{< call-out "caution"  >}}
 Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs.
-{{</caution>}}
+{{< /call-out >}}
 
 ## Configuring NGINX logs collection using diagnostic settings
 
@@ -23,8 +23,8 @@ Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now
 - A valid NGINX configuration with log directives enabled. NGINX logs can be configured using [error_log](#setting-up-error-logs) and [access_log](#setting-up-access-logs) directives.
 
 - A system-assigned managed identity.
-{{<note>}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
-{{</note>}}
+{{< call-out "note" >}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
+{{< /call-out >}}
 
 - User must be an owner or user access administrator for the NGINX deployment resource.
 
@@ -37,8 +37,8 @@ To add diagnostic settings to export NGINX logs to a storage account for an NGIN
  az monitor diagnostic-settings create --resource <nginxaas_resource_id> --logs "[{category:NginxLogs,enabled:true,retention-policy:{enabled:false,days:0}}]" --name <diagnostic_setting_name> --storage-account <storage_account_name>
 ```
 
-{{<note>}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
-{{</note>}}
+{{< call-out "note" >}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
+{{< /call-out >}}
 
 To use a logs analytics workspace as the export destination, use the following command:
 ```shell
diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md
index 70da26047..0f206a5b0 100644
--- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md
+++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md
@@ -12,9 +12,9 @@ type:
 
 F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs.
 
-{{<caution>}}
+{{< call-out "caution"  >}}
 Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs.
-{{</caution>}}
+{{< /call-out >}}
 
 ## Configuring NGINX logs collection using diagnostic settings
 
@@ -24,8 +24,8 @@ Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now
 
 - A system-assigned managed identity.
 
-{{<note>}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
-{{</note>}}
+{{< call-out "note" >}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
+{{< /call-out >}}
 
 - User must be an owner or user access administrator for the NGINX deployment resource.
 
@@ -39,8 +39,8 @@ Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now
 
 1. Choose the **NGINX Logs** option and complete the details on the form, including the **Diagnostic setting name**.
 
-{{<note>}}You will need to configure the system-assigned managed identity in order to see and select the **NGINX Logs** option.
-{{</note>}}
+{{< call-out "note" >}}You will need to configure the system-assigned managed identity in order to see and select the **NGINX Logs** option.
+{{< /call-out >}}
 
 1. Select preferred **Destination details**.
 
@@ -50,10 +50,10 @@ As NGINXaaS logs are stored in your storage, you can define the retention policy
 
 For more information about diagnostic settings destinations, please see the [Diagnostic Settings Destinations](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings#destinations) documentation.
 
-{{<note>}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
-{{</note>}}
+{{< call-out "note" >}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
+{{< /call-out >}}
 
-{{<note>}}If you are a Terraform user, please refer to [examples](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/terraform/deployments/with-diagnostic-setting-logging) provided to setup diagnostic settings for your NGINXaaS deployment{{</note>}}
+{{< call-out "note" >}}If you are a Terraform user, please refer to [examples](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/terraform/deployments/with-diagnostic-setting-logging) provided to setup diagnostic settings for your NGINXaaS deployment{{< /call-out >}}
 
 ### Analyzing NGINX logs in Azure Storage
 
@@ -73,7 +73,7 @@ For more information about diagnostic settings destinations, please see the [Dia
 
 1. Select **Delete**.
 
-{{<note>}}It can take up to 90 minutes after removing the diagnostic settings for logs to stop publishing to the diagnostic destinations.{{</note>}}
+{{< call-out "note" >}}It can take up to 90 minutes after removing the diagnostic settings for logs to stop publishing to the diagnostic destinations.{{< /call-out >}}
 
 ## Setting up error logs
 
diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md
index af167f562..8e544f5a2 100644
--- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md
+++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md
@@ -12,9 +12,9 @@ type:
 
 F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs.
 
-{{<caution>}}
+{{< call-out "caution"  >}}
 Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs.
-{{</caution>}}
+{{< /call-out >}}
 
 ## Configuring NGINX logs collection using diagnostic settings
 
@@ -23,8 +23,8 @@ Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now
 - A valid NGINX configuration with log directives enabled. NGINX logs can be configured using [error_log](#setting-up-error-logs) and [access_log](#setting-up-access-logs) directives.
 
 - A system-assigned managed identity.
-{{<note>}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
-{{</note>}}
+{{< call-out "note" >}}The system-assigned managed identity does not need any role assignments to enable the logging functionality described in this section. You will need to make sure that the managed identity has the appropriate role assignments to access other resources that it is attached to (for example, certificates stored in Azure Key Vault).
+{{< /call-out >}}
 
 - User must be an owner or user access administrator for the NGINX deployment resource.
 
@@ -42,8 +42,8 @@ terraform apply plan.cache
 
 As NGINXaaS logs are stored in your storage, you can define the retention policy most appropriate for your needs.
 
-{{<note>}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
-{{</note>}}
+{{< call-out "note" >}}Due to limitations imposed by Azure, if the destination chosen is an Azure Storage account, the resource has to be in the same region as the NGINXaaS deployment resource.
+{{< /call-out >}}
 
 ### Analyzing NGINX logs in Azure Storage
 
diff --git a/content/nginxaas-azure/monitoring/enable-monitoring.md b/content/nginxaas-azure/monitoring/enable-monitoring.md
index ebb97ce62..f37b706f7 100644
--- a/content/nginxaas-azure/monitoring/enable-monitoring.md
+++ b/content/nginxaas-azure/monitoring/enable-monitoring.md
@@ -16,7 +16,7 @@ Refer to the [Azure monitor overview](https://docs.microsoft.com/en-us/azure/azu
 
 - A system assigned managed identity with `Monitoring Metrics Publisher` role.
 
-{{<note>}} When a system assigned managed identity is added to the deployment through portal, this role is automatically added.{{</note>}}
+{{< call-out "note" >}} When a system assigned managed identity is added to the deployment through portal, this role is automatically added.{{< /call-out >}}
 
 ## Collection
 
@@ -27,7 +27,7 @@ You can export Azure Monitor metrics to other destinations like Log Analytics wo
 
 To configure diagnostic settings for a service, see [Create diagnostic settings in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/create-diagnostic-settings). You can export metrics by selecting the `AllMetrics` category in diagnostic settings.
 
-{{<note>}} Not all metrics are exportable via diagnostic settings, for a list of exportable metrics, see [NGINXaaS exportable metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/nginx-nginxplus-nginxdeployments-metrics).{{</note>}}
+{{< call-out "note" >}} Not all metrics are exportable via diagnostic settings, for a list of exportable metrics, see [NGINXaaS exportable metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/nginx-nginxplus-nginxdeployments-metrics).{{< /call-out >}}
 
 
 ## Cost and retention
@@ -38,13 +38,13 @@ Azure Monitor platform metrics are ingested and stored free of charge, with a st
 
 Once you have enabled monitoring, you can view the metrics using the Azure portal or the Azure Monitor API.
 
-{{< note >}} NGINX Agent periodically gathers connection and request statistics using an internal HTTP request. An Azure service health probe checks for status using a TCP connection for each listen port in the NGINX configuration, incrementing the connection count for each port.
+{{< call-out "note" >}} NGINX Agent periodically gathers connection and request statistics using an internal HTTP request. An Azure service health probe checks for status using a TCP connection for each listen port in the NGINX configuration, incrementing the connection count for each port.
 
-This contributes to minimal traffic and should not affect these metrics significantly, but you might see an unexpected number of connections and requests.{{</note>}}
+This contributes to minimal traffic and should not affect these metrics significantly, but you might see an unexpected number of connections and requests.{{< /call-out >}}
 
-{{< important >}}If some of your deployment's metrics are intermittently missing in Azure monitor, it may indicate that the underlying resources for your deployment are being exhausted.
+{{< call-out "important" >}}If some of your deployment's metrics are intermittently missing in Azure monitor, it may indicate that the underlying resources for your deployment are being exhausted.
 
-Monitor the `nginxaas.capacity.percentage` metric to see the deployment's resource utilization. If it's nearing 100%, consider increasing the deployment's NCU capacity. See the [Scaling Guidance]({{< ref "/nginxaas-azure/quickstart/scaling.md" >}}) documentation for more information.{{</important>}}
+Monitor the `nginxaas.capacity.percentage` metric to see the deployment's resource utilization. If it's nearing 100%, consider increasing the deployment's NCU capacity. See the [Scaling Guidance]({{< ref "/nginxaas-azure/quickstart/scaling.md" >}}) documentation for more information.{{< /call-out >}}
 
 ### View metrics with Azure Monitor metrics explorer
 
@@ -55,13 +55,13 @@ Access the [Microsoft Azure portal](https://portal.azure.com)
 
 Refer to the [Azure Monitor metrics explorer](https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-getting-started) documentation from Microsoft to learn how you can create queries.
 
-{{<note>}}Many of NGINX Plus's advanced statistics need to be enabled in the "nginx.conf" file before they will appear in the metrics explorer, for example "plus.http.request.bytes_*". Refer to [Gathering Data to Appear in Statistics](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#gathering-data-to-appear-in-statistics) to learn more.{{</note>}}
+{{< call-out "note" >}}Many of NGINX Plus's advanced statistics need to be enabled in the "nginx.conf" file before they will appear in the metrics explorer, for example "plus.http.request.bytes_*". Refer to [Gathering Data to Appear in Statistics](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#gathering-data-to-appear-in-statistics) to learn more.{{< /call-out >}}
 
 ### Retrieve metrics through Azure Monitor API
 
 This section shows you how to effectively discover, gather and analyze NGINXaaS metrics through the Azure Monitor REST API.
 
-{{<note>}}Refer to [Authenticate Azure Monitor requests](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/rest-api-walkthrough?tabs=portal#authenticate-azure-monitor-requests) for instructions on authenticating your API requests against the Azure Monitor API endpoint.{{</note>}}
+{{< call-out "note" >}}Refer to [Authenticate Azure Monitor requests](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/rest-api-walkthrough?tabs=portal#authenticate-azure-monitor-requests) for instructions on authenticating your API requests against the Azure Monitor API endpoint.{{< /call-out >}}
 
 
 1. **Retrieve metric definitions:** Metrics definitions give you insights into the various metrics available for NGINXaaS within a namespace and what they represent. The following `curl` example shows how to retrieve all metrics definitions within the `nginx connections statistics` namespace for your NGINXaaS deployment:
@@ -137,4 +137,4 @@ This section shows you how to effectively discover, gather and analyze NGINXaaS
    }
    ```
 
-{{<note>}} Refer to the [Metrics Catalog]({{< ref "/nginxaas-azure/monitoring/metrics-catalog.md" >}}) for a listing of available namespaces and metrics.{{</note>}}
+{{< call-out "note" >}} Refer to the [Metrics Catalog]({{< ref "/nginxaas-azure/monitoring/metrics-catalog.md" >}}) for a listing of available namespaces and metrics.{{< /call-out >}}
diff --git a/content/nginxaas-azure/monitoring/metrics-catalog.md b/content/nginxaas-azure/monitoring/metrics-catalog.md
index b31d887c9..0a6b06e0e 100644
--- a/content/nginxaas-azure/monitoring/metrics-catalog.md
+++ b/content/nginxaas-azure/monitoring/metrics-catalog.md
@@ -34,35 +34,35 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**            | **Dimensions** | **Type** | **Description**                                                                                                                                                                                                                                                                                                           | **Roll-up per** |
-| --------------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
-| ncu.provisioned       |                | count    | The number of successfully provisioned NCUs during the aggregation interval. During scaling events, this may lag behind `ncu.requested` as the system works to achieve the request. Available for Standard plan(s) only.                                                                                              | deployment      |
-| ncu.requested         |                | count    | The requested number of NCUs during the aggregation interval. Describes the goal state of the system. Available for Standard plans(s) only.                                                                                                                                                                            | deployment      |
-| nginxaas.capacity.percentage          |                | count    | The percentage of the deployment's total capacity being used. This can be used to guide scaling your workload. See [Scaling Guidance]({{< ref "/nginxaas-azure/quickstart/scaling.md#iterative-approach" >}}) for details. Available for Standard plan(s) only. | deployment      |
-| system.worker_connections | pid process_name | count | The number of nginx worker connections used on the dataplane. This metric is one of the factors which determines the deployment's consumed NCU value.  | deployment |
-| nginxaas.certificates | name status    | count    | The number of certificates added to the NGINXaaS deployment dimensioned by the name of the certificate and its status. Refer to [Certificate Health]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md#monitor-certificates" >}}) to learn more about the status dimension.             | deployment      |
-| nginxaas.maxmind      | status         | count    | The status of any MaxMind license in use for downloading geoip2 databases. Refer to [License Health]({{< ref "/nginxaas-azure/quickstart/geoip2.md#monitoring" >}}) to learn more about the status dimension.                                                                                                                 | deployment      |
-| waf.enabled      |          | count | Current status of Web Application Firewall on the deployment.  | deployment      |
-| ports.used      |          | count | The number of listen ports used by the deployment during the aggregation interval. | deployment      |
-| system.listener_backlog.max| listen_addr, file_desc | count | The fullness (expressed as a fraction) of the fullest backlog queue. | deployment |
-| system.listener_backlog.length| listen_address, file_desc | count | The number of items in a specific backlog queue, labelled by listen address. | deployment |
-| system.listener_backlog.queue_limit| listen_address, file_desc | count | The capacity of a specific backlog queue, labelled by listen address. | deployment |
+| **Metric**            | **Display Name**            | **Dimensions** | **Type** | **Description**                                                                                                                                                                                                                                                                                                           | **Roll-up per** |
+| --------------------- | --------------------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
+| ncu.provisioned       | NCU provisioned            |                | count    | The number of successfully provisioned NCUs during the aggregation interval. During scaling events, this may lag behind `ncu.requested` as the system works to achieve the request. Available for Standard plan(s) only.                                                                                              | deployment      |
+| ncu.requested         | NCU requested              |                | count    | The requested number of NCUs during the aggregation interval. Describes the goal state of the system. Available for Standard plans(s) only.                                                                                                                                                                            | deployment      |
+| nginxaas.capacity.percentage | NGINXaaS capacity percentage |                | count    | The percentage of the deployment's total capacity being used. This can be used to guide scaling your workload. See [Scaling Guidance]({{< ref "/nginxaas-azure/quickstart/scaling.md#iterative-approach" >}}) for details. Available for Standard plan(s) only. | deployment      |
+| system.worker_connections | Worker connections       | pid process_name | count | The number of nginx worker connections used on the dataplane. This metric is one of the factors which determines the deployment's consumed NCU value.  | deployment |
+| nginxaas.certificates | Certificates               | name status    | count    | The number of certificates added to the NGINXaaS deployment dimensioned by the name of the certificate and its status. Refer to [Certificate Health]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md#monitor-certificates" >}}) to learn more about the status dimension.             | deployment      |
+| nginxaas.maxmind      | Maxmind status             | status         | count    | The status of any MaxMind license in use for downloading geoip2 databases. Refer to [License Health]({{< ref "/nginxaas-azure/quickstart/geoip2.md#monitoring" >}}) to learn more about the status dimension.                                                                                                                 | deployment      |
+| waf.enabled           | Web application firewall enabled |          | count | Current status of Web Application Firewall on the deployment.  | deployment      |
+| ports.used            | Ports used                 |          | count | The number of listen ports used by the deployment during the aggregation interval. | deployment      |
+| system.listener_backlog.max | Max listener backlog    | listen_addr, file_desc | count | The fullness (expressed as a fraction) of the fullest backlog queue. | deployment |
+| system.listener_backlog.queue_limit | Listener backlog queue limit | listen_address, file_desc | count | The capacity of a specific backlog queue, labelled by listen address. | deployment |
+| system.listener_backlog.length | Listener backlog length | listen_address, file_desc | count | The number of items in a specific backlog queue, labelled by listen address. | deployment |
 
 {{</bootstrap-table>}}
 
-{{< warning >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /warning >}}
+{{< call-out "warning" >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /call-out >}}
 
 ### NGINX connections statistics
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|------------------------------|----------------|----------|---------------------------------------------------------------------------------------------------------------|-----------------|
-| nginx.conn.accepted          | build version  | count    | Accepted Connections The total number of accepted client connections during the aggregation interval.         | deployment      |
-| nginx.conn.dropped           | build version  | count    | Dropped Connections The total number of dropped client connections during the aggregation interval.           | deployment      |
-| nginx.conn.active            | build version  | count      | Active Connections The average number of active client connections during the aggregation interval.           | deployment      |
-| nginx.conn.idle              | build version  | count      | Idle Connections The average number of idle client connections during the aggregation interval.               | deployment      |
-| nginx.conn.current           | build version  | count      | Current Connections The average number of active and idle client connections during the aggregation interval. | deployment      |
+| **Metric**                   | **Display Name** | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|------------------------------|------------------|----------------|----------|---------------------------------------------------------------------------------------------------------------|-----------------|
+| nginx.conn.accepted          | Accepted connections | build version  | count    | Accepted Connections The total number of accepted client connections during the aggregation interval.         | deployment      |
+| nginx.conn.dropped           | Dropped connections | build version  | count    | Dropped Connections The total number of dropped client connections during the aggregation interval.           | deployment      |
+| nginx.conn.active            | Active connections | build version  | count      | Active Connections The average number of active client connections during the aggregation interval.           | deployment      |
+| nginx.conn.idle              | Idle connections | build version  | count      | Idle Connections The average number of idle client connections during the aggregation interval.               | deployment      |
+| nginx.conn.current           | Current connections | build version  | count      | Current Connections The average number of active and idle client connections during the aggregation interval. | deployment      |
 
 {{</bootstrap-table>}}
 
@@ -70,37 +70,37 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| nginx.http.request.count               | build version               | count | HTTP Requests The total number of HTTP requests during the aggregation interval.                                            | deployment    |
-| nginx.http.request.current             | build version               | count   | Current Requests The number of current requests during the aggregation interval.                                    | deployment    |
-| nginx.http.limit_conns.passed          | build version limit_conn_zone | count | Limit Conn Zone Passed HTTP Connections The total number of connections that were neither limited nor accounted as limited during the aggregation interval.                                             | limit conn zone    |
-| nginx.http.limit_conns.rejected        | build version limit_conn_zone | count | Limit Conn Zone Rejected HTTP Connections The total number of connections that were rejected during the aggregation interval.                                             | limit conn zone    |
-| nginx.http.limit_conns.rejected_dry_run| build version limit_conn_zone | count | Limit Conn Zone Rejected HTTP Connections In The Dry Run Mode The total number of connections accounted as rejected in the dry run mode during the aggregation interval.                                             | limit conn zone    |
-| nginx.http.limit_reqs.passed           | build version limit_req_zone  | count | Limit Req Zone Passed HTTP Requests Rate The total number of requests that were neither limited nor accounted as limited during the aggregation interval.                                             | limit req zone    |
-| nginx.http.limit_reqs.delayed          | build version limit_req_zone  | count | Limit Req Zone Delayed HTTP Requests Rate The total number of requests that were delayed during the aggregation interval.                                             | limit req zone    |
-| nginx.http.limit_reqs.rejected         | build version limit_req_zone  | count | Limit Req Zone Rejected HTTP Requests Rate The total number of requests that were rejected during the aggregation interval.                                             | limit req zone    |
-| nginx.http.limit_reqs.delayed_dry_run  | build version limit_req_zone  | count | Limit Req Zone Delayed  HTTP Requests Rate In The Dry Run Mode The total number of requests accounted as delayed in the dry run mode during the aggregation interval.                                             | limit req zone    |
-| nginx.http.limit_reqs.rejected_dry_run | build version limit_req_zone  | count | Limit Req Zone Rejected  HTTP Requests Rate In The Dry Run Mode The total number of requests accounted as rejected in the dry run mode during the aggregation interval.                                             | limit req zone    |
-| plus.http.request.count                | build version server_zone   | count | Server Zone HTTP Requests The total number of HTTP requests during the aggregation interval.                                | server zone   |
-| plus.http.response.count               | build version server_zone   | count | Server Zone HTTP Responses The total number of HTTP responses during the aggregation interval.                              | server zone   |
-| plus.http.status.1xx                   | build version server_zone   | count | Server Zone HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval.   | server zone   |
-| plus.http.status.2xx                   | build version server_zone   | count | Server Zone HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval.   | server zone   |
-| plus.http.status.3xx                   | build version server_zone   | count | Server Zone HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval.   | server zone   |
-| plus.http.status.4xx                   | build version server_zone   | count | Server Zone HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval.   | server zone   |
-| plus.http.status.5xx                   | build version server_zone   | count | Server Zone HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval.   | server zone   |
-| plus.http.status.processing            | build version server_zone   | avg   | Server Zone Status Processing The number of client requests that are currently being processed.                             | server zone   |
-| plus.http.request.bytes_rcvd           | build version server_zone   | count | Server Zone Bytes Received The total number of bytes received from clients during the aggregation interval.                 | server zone   |
-| plus.http.request.bytes_sent           | build version server_zone   | count | Server Zone Bytes Sent The total number of bytes sent to clients during the aggregation interval.                           | server zone   |
-| plus.http.request.count                | build version location_zone | count | Location Zone HTTP Requests The total number of HTTP requests during the aggregation interval.                              | location zone |
-| plus.http.response.count               | build version location_zone | count | Location Zone HTTP Responses The total number of HTTP responses in the aggregation interval.                                | location zone |
-| plus.http.status.1xx                   | build version location_zone | count | Location Zone HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval. | location zone  |
-| plus.http.status.2xx                   | build version location_zone | count | Location Zone HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval. | location zone   |
-| plus.http.status.3xx                   | build version location_zone | count | Location Zone HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval. | location zone   |
-| plus.http.status.4xx                   | build version location_zone | count | Location Zone HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval. | location zone   |
-| plus.http.status.5xx                   | build version location_zone | count | Location Zone HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval. | location zone   |
-| plus.http.request.bytes_rcvd           | build version location_zone | count | Location Zone Bytes Received The total number of bytes received from clients during the aggregation interval.               | location zone |
-| plus.http.request.bytes_sent           | build version location_zone | count | Location Zone Bytes Sent The total number of bytes sent to clients during the aggregation interval.                         | location zone |
+| **Metric**                   | **Display Name** | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| nginx.http.request.count               | Total HTTP requests | build version               | count | HTTP Requests The total number of HTTP requests during the aggregation interval.                                            | deployment    |
+| nginx.http.request.current             | Current HTTP requests | build version               | count   | Current Requests The number of current requests during the aggregation interval.                                    | deployment    |
+| nginx.http.limit_conns.passed          | HTTP limit conn passed | build version limit_conn_zone | count | Limit Conn Zone Passed HTTP Connections The total number of connections that were neither limited nor accounted as limited during the aggregation interval.                                             | limit conn zone    |
+| nginx.http.limit_conns.rejected        | HTTP limit conn rejected | build version limit_conn_zone | count | Limit Conn Zone Rejected HTTP Connections The total number of connections that were rejected during the aggregation interval.                                             | limit conn zone    |
+| nginx.http.limit_conns.rejected_dry_run| HTTP limit conn rejected dry-run | build version limit_conn_zone | count | Limit Conn Zone Rejected HTTP Connections In The Dry Run Mode The total number of connections accounted as rejected in the dry run mode during the aggregation interval.                                             | limit conn zone    |
+| nginx.http.limit_reqs.passed           | HTTP limit requests passed | build version limit_req_zone  | count | Limit Req Zone Passed HTTP Requests Rate The total number of requests that were neither limited nor accounted as limited during the aggregation interval.                                             | limit req zone    |
+| nginx.http.limit_reqs.delayed          | HTTP limit requests delayed | build version limit_req_zone  | count | Limit Req Zone Delayed HTTP Requests Rate The total number of requests that were delayed during the aggregation interval.                                             | limit req zone    |
+| nginx.http.limit_reqs.rejected         | HTTP limit requests rejected | build version limit_req_zone  | count | Limit Req Zone Rejected HTTP Requests Rate The total number of requests that were rejected during the aggregation interval.                                             | limit req zone    |
+| nginx.http.limit_reqs.delayed_dry_run  | HTTP limit requests delayed dry-run | build version limit_req_zone  | count | Limit Req Zone Delayed  HTTP Requests Rate In The Dry Run Mode The total number of requests accounted as delayed in the dry run mode during the aggregation interval.                                             | limit req zone    |
+| nginx.http.limit_reqs.rejected_dry_run | HTTP limit requests rejected dry-run | build version limit_req_zone  | count | Limit Req Zone Rejected  HTTP Requests Rate In The Dry Run Mode The total number of requests accounted as rejected in the dry run mode during the aggregation interval.                                             | limit req zone    |
+| plus.http.request.count                | Server zone HTTP requests | build version server_zone   | count | Server Zone HTTP Requests The total number of HTTP requests during the aggregation interval.                                | server zone   |
+| plus.http.response.count               | Server zone HTTP responses | build version server_zone   | count | Server Zone HTTP Responses The total number of HTTP responses during the aggregation interval.                              | server zone   |
+| plus.http.status.1xx                   | Server zone HTTP 1xx responses | build version server_zone   | count | Server Zone HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval.   | server zone   |
+| plus.http.status.2xx                   | Server zone HTTP 2xx responses | build version server_zone   | count | Server Zone HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval.   | server zone   |
+| plus.http.status.3xx                   | Server zone HTTP 3xx responses | build version server_zone   | count | Server Zone HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval.   | server zone   |
+| plus.http.status.4xx                   | Server zone HTTP 4xx responses | build version server_zone   | count | Server Zone HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval.   | server zone   |
+| plus.http.status.5xx                   | Server zone HTTP 5xx responses | build version server_zone   | count | Server Zone HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval.   | server zone   |
+| plus.http.status.processing            | Server zone HTTP status processing | build version server_zone   | avg   | Server Zone Status Processing The number of client requests that are currently being processed.                             | server zone   |
+| plus.http.request.bytes_rcvd           | Server zone HTTP bytes received | build version server_zone   | count | Server Zone Bytes Received The total number of bytes received from clients during the aggregation interval.                 | server zone   |
+| plus.http.request.bytes_sent           | Server zone HTTP bytes sent | build version server_zone   | count | Server Zone Bytes Sent The total number of bytes sent to clients during the aggregation interval.                           | server zone   |
+| plus.http.request.location_zone.count                | Location zone HTTP requests | build version location_zone | count | Location Zone HTTP Requests The total number of HTTP requests during the aggregation interval.                              | location zone |
+| plus.http.response.location_zone.count               | Location zone HTTP responses | build version location_zone | count | Location Zone HTTP Responses The total number of HTTP responses in the aggregation interval.                                | location zone |
+| plus.http.status.location_zone.1xx                   | Location zone HTTP 1xx responses | build version location_zone | count | Location Zone HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval. | location zone  |
+| plus.http.status.location_zone.2xx                   | Location zone HTTP 2xx responses | build version location_zone | count | Location Zone HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval. | location zone   |
+| plus.http.status.location_zone.3xx                   | Location zone HTTP 3xx responses | build version location_zone | count | Location Zone HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval. | location zone   |
+| plus.http.status.location_zone.4xx                   | Location zone HTTP 4xx responses | build version location_zone | count | Location Zone HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval. | location zone   |
+| plus.http.status.location_zone.5xx                   | Location zone HTTP 5xx responses | build version location_zone | count | Location Zone HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval. | location zone   |
+| plus.http.request.location_zone.bytes_rcvd           | Location zone HTTP bytes received | build version location_zone | count | Location Zone Bytes Received The total number of bytes received from clients during the aggregation interval.               | location zone |
+| plus.http.request.location_zone.bytes_sent           | Location zone HTTP bytes sent | build version location_zone | count | Location Zone Bytes Sent The total number of bytes sent to clients during the aggregation interval.                         | location zone |
 
 {{</bootstrap-table>}}
 
@@ -108,31 +108,31 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| plus.ssl.failed     | build version | count | The total number of failed SSL handshakes during the aggregation interval.         | deployment |
-| plus.ssl.handshakes | build version | count |The total number of successful SSL handshakes during the aggregation interval.            | deployment |
-| plus.ssl.reuses    | build version | count |The total number of session reuses during SSL handshakes in the aggregation interval. | deployment |
-| plus.ssl.no_common_protocol      | build version | count     |The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.no_common_cipher |  build version | count    |The number of SSL handshakes failed because of no shared cipher during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.handshake_timeout       |  build version | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.peer_rejected_cert  |  build version | count    |The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.verify_failures.no_cert  |  build version | count    | SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.verify_failures.expired_cert   |  build version | count    |SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.verify_failures.revoked_cert    |  build version | count     |SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.ssl.verify_failures.hostname_mismatch      |  build version | count     |SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval.                                                                                                                                                                                                    | deployment|
-| plus.ssl.verify_failures.other  |  build version | count    | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | deployment |
-| plus.http.ssl.handshakes | build version server_zone | count |The total number of successful SSL handshakes during the aggregation interval.            | server zone |
-| plus.http.ssl.handshakes.failed    | build version server_zone  | count | The total number of failed SSL handshakes during the aggregation interval.         | server zone  |
-| plus.http.ssl.session.reuses    | build version server_zone  | count |The total number of session reuses during SSL handshakes in the aggregation interval. | server zone  |
-| plus.http.ssl.no_common_protocol      | build version server_zone | count     |The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.no_common_cipher |  build version server_zone | count    |The number of SSL handshakes failed because of no shared cipher during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.handshake_timeout       |  build version server_zone | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.peer_rejected_cert  |  build version server_zone | count    |The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.verify_failures.no_cert  |  build version server_zone | count    | SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.verify_failures.expired_cert   |  build version server_zone | count    |SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.verify_failures.revoked_cert    |  build version server_zone | count     |SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.http.ssl.verify_failures.other  |  build version server_zone | count    | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| **Metric**                   | **Display Name** | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| plus.ssl.failed     | Failed SSL handshakes | build version | count | The total number of failed SSL handshakes during the aggregation interval.         | deployment |
+| plus.ssl.handshakes | Successful SSL handshakes | build version | count | The total number of successful SSL handshakes during the aggregation interval.            | deployment |
+| plus.ssl.reuses    | SSL session reuses | build version | count | The total number of session reuses during SSL handshakes in the aggregation interval. | deployment |
+| plus.ssl.no_common_protocol      | Handshakes failed - no common protocol | build version | count     | The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.no_common_cipher | Handshakes failed - no shared cipher | build version | count    | The number of SSL handshakes failed because of no shared cipher during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.handshake_timeout       | Handshakes failed - timeout | build version | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.peer_rejected_cert  | Handshakes failed - certificate rejected | build version | count    | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.verify_failures.no_cert  | Cert verify failures - no cert | build version | count    | SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.verify_failures.expired_cert   | Cert verify failures - expired cert | build version | count    | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.verify_failures.revoked_cert    | Cert verify failures - revoked cert | build version | count     | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.verify_failures.hostname_mismatch      | Cert verify failures - hostname mismatch | build version | count     | SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.ssl.verify_failures.other  | Cert verify failures - other | build version | count    | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | deployment |
+| plus.http.ssl.handshakes | HTTP successful SSL handshakes | build version server_zone | count | The total number of successful SSL handshakes during the aggregation interval.            | server zone |
+| plus.http.ssl.handshakes.failed    | HTTP failed SSL handshakes | build version server_zone  | count | The total number of failed SSL handshakes during the aggregation interval.         | server zone  |
+| plus.http.ssl.session.reuses    | HTTP SSL session reuses | build version server_zone  | count | The total number of session reuses during SSL handshakes in the aggregation interval. | server zone  |
+| plus.http.ssl.no_common_protocol      | Handshakes failed - no common protocol | build version server_zone | count     | The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.no_common_cipher | Handshakes failed - no shared cipher | build version server_zone | count    | The number of SSL handshakes failed because of no shared cipher during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.handshake_timeout       | Handshakes failed - timeout | build version server_zone | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.peer_rejected_cert  | Handshakes failed - certificate rejected | build version server_zone | count    | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.verify_failures.no_cert  | Verify failures - no certificate | build version server_zone | count    | SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.verify_failures.expired_cert   | Verify failures - expired cert | build version server_zone | count    | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.verify_failures.revoked_cert    | Verify failures - revoked cert | build version server_zone | count     | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | server zone |
+| plus.http.ssl.verify_failures.other  | Verify failures - other | build version server_zone | count    | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | server zone |
 
 {{</bootstrap-table>}}
 
@@ -140,29 +140,29 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| plus.cache.hit.ratio | build version cache_zone | avg | Cache Hit Ratio The average ratio of cache hits to misses during the aggregation interval. | cache zone |
-| plus.cache.size | build version cache_zone | avg | Cache Size The average size of the cache during the aggregation interval. | cache zone |
-| plus.cache.max_size | build version cache_zone | max | Cache Max Size The max size of the cache during the aggregation interval. | cache zone |
-| plus.cache.hit.responses | build version cache_zone | count | The total number of responses that were served from the cache during the aggregation interval. | cache zone |
-| plus.cache.hit.bytes | build version cache_zone | count | The total number of bytes served from the cache during the aggregation interval. | cache zone |
-| plus.cache.stale.responses | build version cache_zone | count | The total number of responses served from stale cache content during the aggregation interval. | cache zone |
-| plus.cache.stale.bytes | build version cache_zone | count | The total number of bytes served from stale cache content during the aggregation interval. | cache zone |
-| plus.cache.updating.responses | build version cache_zone | count | The total number of responses served from the cache while the cache is being updated during the aggregation interval. | cache zone |
-| plus.cache.updating.bytes | build version cache_zone | count | The total number of bytes served from the cache while the cache is being updated during the aggregation interval. | cache zone |
-| plus.cache.revalidated.responses | build version cache_zone | count | The total number of cache responses that were successfully revalidated with the origin server during the aggregation interval. | cache zone |
-| plus.cache.revalidated.bytes | build version cache_zone | count | The total number of bytes served from the cache after successful revalidation with the origin server during the aggregation interval. | cache zone |
-| plus.cache.miss.responses | build version cache_zone | count | The total number of responses that were not served from the cache (cache misses) during the aggregation interval. | cache zone |
-| plus.cache.miss.bytes | build version cache_zone | count | The total number of bytes served from the origin server due to cache misses during the aggregation interval. | cache zone |
-| plus.cache.expired.responses | build version cache_zone | count | The total number of cache responses that expired and had to be refreshed from the origin server during the aggregation interval. | cache zone |
-| plus.cache.expired.bytes | build version cache_zone | count | The total number of bytes served from the cache after expiration and refresh from the origin server during the aggregation interval. | cache zone |
-| plus.cache.expired.responses_written | build version cache_zone | count | The total number of expired cache responses that were refreshed and written back to the cache during the aggregation interval. | cache zone |
-| plus.cache.expired.bytes_written | build version cache_zone | count | The total number of bytes written back to the cache after expiration and refresh from the origin server during the aggregation interval. | cache zone |
-| plus.cache.bypass.responses | build version cache_zone | count | The total number of responses that bypassed the cache during the aggregation interval. | cache zone |
-| plus.cache.bypass.bytes | build version cache_zone | count | The total number of bytes served by bypassing the cache during the aggregation interval. | cache zone |
-| plus.cache.bypass.responses_written | build version cache_zone | count | The total number of responses that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone |
-| plus.cache.bypass.bytes_written | build version cache_zone | count | The total number of bytes that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone |
+| **Metric**                   | **Display Name** | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| plus.cache.hit.ratio | Cache hit ratio | build version cache_zone | avg | Cache Hit Ratio The average ratio of cache hits to misses during the aggregation interval. | cache zone |
+| plus.cache.size | Cache size | build version cache_zone | avg | Cache Size The average size of the cache during the aggregation interval. | cache zone |
+| plus.cache.max_size | Cache max size | build version cache_zone | max | Cache Max Size The max size of the cache during the aggregation interval. | cache zone |
+| plus.cache.hit.responses | Cache hit responses | build version cache_zone | count | The total number of responses that were served from the cache during the aggregation interval. | cache zone |
+| plus.cache.hit.bytes | Cache hit bytes | build version cache_zone | count | The total number of bytes served from the cache during the aggregation interval. | cache zone |
+| plus.cache.stale.responses | Cache stale responses | build version cache_zone | count | The total number of responses served from stale cache content during the aggregation interval. | cache zone |
+| plus.cache.stale.bytes | Cache stale bytes | build version cache_zone | count | The total number of bytes served from stale cache content during the aggregation interval. | cache zone |
+| plus.cache.updating.responses | Cache updating responses | build version cache_zone | count | The total number of responses served from the cache while the cache is being updated during the aggregation interval. | cache zone |
+| plus.cache.updating.bytes | Cache updating bytes | build version cache_zone | count | The total number of bytes served from the cache while the cache is being updated during the aggregation interval. | cache zone |
+| plus.cache.revalidated.responses | Cache revalidated responses | build version cache_zone | count | The total number of cache responses that were successfully revalidated with the origin server during the aggregation interval. | cache zone |
+| plus.cache.revalidated.bytes | Cache revalidated bytes | build version cache_zone | count | The total number of bytes served from the cache after successful revalidation with the origin server during the aggregation interval. | cache zone |
+| plus.cache.miss.responses | Cache miss responses | build version cache_zone | count | The total number of responses that were not served from the cache (cache misses) during the aggregation interval. | cache zone |
+| plus.cache.miss.bytes | Cache miss bytes | build version cache_zone | count | The total number of bytes served from the origin server due to cache misses during the aggregation interval. | cache zone |
+| plus.cache.expired.responses | Cache expired responses | build version cache_zone | count | The total number of cache responses that expired and had to be refreshed from the origin server during the aggregation interval. | cache zone |
+| plus.cache.expired.bytes | Cache expired bytes | build version cache_zone | count | The total number of bytes served from the cache after expiration and refresh from the origin server during the aggregation interval. | cache zone |
+| plus.cache.expired.responses_written | Cache expired responses written | build version cache_zone | count | The total number of expired cache responses that were refreshed and written back to the cache during the aggregation interval. | cache zone |
+| plus.cache.expired.bytes_written | Cache expired bytes written | build version cache_zone | count | The total number of bytes written back to the cache after expiration and refresh from the origin server during the aggregation interval. | cache zone |
+| plus.cache.bypass.responses | Cache bypass responses | build version cache_zone | count | The total number of responses that bypassed the cache during the aggregation interval. | cache zone |
+| plus.cache.bypass.bytes | Cache bypass bytes | build version cache_zone | count | The total number of bytes served by bypassing the cache during the aggregation interval. | cache zone |
+| plus.cache.bypass.responses_written | Cache bypass responses written | build version cache_zone | count | The total number of responses that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone |
+| plus.cache.bypass.bytes_written | Cache bypass bytes written | build version cache_zone | count | The total number of bytes that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone |
 
 {{</bootstrap-table>}}
 
@@ -170,14 +170,14 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| plus.worker.conn.accepted| build version worker_id | count |The total number of client connections accepted by the worker process during the aggregation interval. | worker |
-| plus.worker.conn.dropped| build version worker_id | count |The total number of client connections dropped by the worker process during the aggregation interval. | worker |
-| plus.worker.conn.active| build version worker_id | count | The current number of active client connections that are currently being handled by the worker process during the aggregation interval. | worker |
-| plus.worker.conn.idle| build version worker_id | count |The number of idle client connections that are currently being handled by the worker process during the aggregation interval. | worker |
-| plus.worker.http.request.total         | build version worker_id | count | The total number of client requests received by the worker process during the aggregation interval.                         | worker |
-| plus.worker.http.request.current       | build version worker_id | count | The current number of client requests that are currently being processed by the worker process during the aggregation interval.             | worker|
+| **Metric**                   | **Display Name**              | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| plus.worker.conn.accepted              | Worker connections accepted   | build version worker_id    | count | The total number of client connections accepted by the worker process during the aggregation interval.       | worker         |
+| plus.worker.conn.dropped               | Worker connections dropped    | build version worker_id    | count | The total number of client connections dropped by the worker process during the aggregation interval.        | worker         |
+| plus.worker.conn.active                | Active worker connections     | build version worker_id    | count | The current number of active client connections that are currently being handled by the worker process during the aggregation interval. | worker         |
+| plus.worker.conn.idle                  | Idle worker connections       | build version worker_id    | count | The number of idle client connections that are currently being handled by the worker process during the aggregation interval. | worker         |
+| plus.worker.http.request.total         | Total worker HTTP requests    | build version worker_id    | count | The total number of client requests received by the worker process during the aggregation interval.          | worker         |
+| plus.worker.http.request.current       | Current worker HTTP requests  | build version worker_id    | count | The current number of client requests that are currently being processed by the worker process during the aggregation interval. | worker         |
 
 {{</bootstrap-table>}}
 
@@ -185,58 +185,58 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**              | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|-----------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| plus.http.upstream.peers.conn.active               | build version upstream peer.address peer.name | count       | Upstream Server Active Connections The number of active client connections during the aggregation interval.                                                                                                                                                                                        | upstream server |
-| plus.http.upstream.peers.request.count             | build version upstream peer.address peer.name | count     | Upstream Server HTTP Requests The total number of HTTP requests during the aggregation interval.                                                                                                                                                                                                           | upstream server |
-| plus.http.upstream.peers.response.count            | build version upstream peer.address peer.name | count     | Upstream Server HTTP Responses The total number of HTTP responses during the aggregation interval.                                                                                                                                                                                                         | upstream server |
-| plus.http.upstream.peers.status.1xx                | build version upstream peer.address peer.name | count     | Upstream Server HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
-| plus.http.upstream.peers.status.2xx                | build version upstream peer.address peer.name | count     | Upstream Server HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
-| plus.http.upstream.peers.status.3xx                | build version upstream peer.address peer.name | count     | Upstream Server HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
-| plus.http.upstream.peers.status.4xx                | build version upstream peer.address peer.name | count     | Upstream Server HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
-| plus.http.upstream.peers.status.5xx                | build version upstream peer.address peer.name | count     | Upstream Server HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
-| plus.http.upstream.peers.request.bytes_sent        | build version upstream peer.address peer.name | count     |                                                                                                                                                                                                                                                                                                            | upstream server |
-| plus.http.upstream.peers.request.bytes_rcvd        | build version upstream peer.address peer.name | count     |                                                                                                                                                                                                                                                                                                            | upstream server |
-| plus.http.upstream.peers.state.up                  | build version upstream peer.address peer.name | boolean   | Upstream Server State Up Current state of upstream servers in deployment. If all upstream servers in the deployment are up, then the value will be 1. If any upstream server is not up, then the value will be 0.                                                                                          | upstream peer   |
-| plus.http.upstream.peers.state.draining            | build version upstream peer.address peer.name | boolean   | Upstream Server State Draining Current state of upstream servers in deployment. If any of the upstream servers in the deployment are draining, then the value will be 1. If no upstream server is draining, then the value will be 0.                                                                      | upstream peer   |
-| plus.http.upstream.peers.state.down                | build version upstream peer.address peer.name | boolean   | Upstream Server State Down Current state of upstream servers in deployment. If any of the upstream servers in the deployment are down, then the value will be 1. If no upstream server is down, then the value will be 0.                                                                                  | upstream peer   |
-| plus.http.upstream.peers.state.unavail             | build version upstream peer.address peer.name | boolean   | Upstream Server State Unavailable Current state of upstream servers in deployment. If any of the upstream servers in the deployment are unavailable, then the value will be 1. If no upstream server is unavailable, then the value will be 0.                                                             | upstream peer   |
-| plus.http.upstream.peers.state.checking            | build version upstream peer.address peer.name | boolean   | Upstream Server State Check Current state of upstream servers in deployment. If any of the upstream servers in the deployment is being checked then the value will be 1. If no upstream server is being checked then the value will be 0.                                                                  | upstream peer   |
-| plus.http.upstream.peers.state.unhealthy           | build version upstream peer.address peer.name | boolean   | Upstream Server State Unhealthy Current state of upstream servers in deployment. If any of the upstream servers in the deployment are unhealthy then the value will be 1. If no upstream server is unhealthy then the value will be 0.                                                                     | upstream peer   |
-| plus.http.upstream.peers.fails                     | build version upstream peer.address peer.name | count     | Upstream Server Fails The total number of unsuccessful attempts to communicate with the server during the aggregation interval.                                                                                                                                                                            | upstream peer   |
-| plus.http.upstream.peers.unavail                   | build version upstream peer.address peer.name | count     | Upstream Server Unavailable The number of times the server became unavailable for client requests (state “unavail”) due to the number of unsuccessful attempts reaching the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) threshold during the aggregation interval. | upstream peer   |
-| plus.http.upstream.peers.health_checks.checks      | build version upstream peer.address peer.name | count     | Upstream Server Health Checks The total number of [health check](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) requests made during the aggregation interval.                                                                                                              | upstream peer   |
-| plus.http.upstream.peers.health_checks.fails       | build version upstream peer.address peer.name | count     | Upstream Server Health Checks Fails The number of failed health checks during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.health_checks.unhealthy   | build version upstream peer.address peer.name | count     | Upstream Server Health Checks Unhealthy How many times the server became unhealthy (state “unhealthy”) during the aggregation interval.                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.health_checks.last_passed | build version upstream peer.address peer.name | boolean   | Upstream Server Health Checks Last Pass last_passed (boolean) indicating if the last health check request was successful and passed [tests](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#match).                                                                                        | upstream peer   |
-| plus.http.upstream.peers.downstart                 | build version upstream peer.address peer.name | timestamp | Upstream Server Downstart The time when the server became “unavail”, “checking”, or “unhealthy”, as a UTC timestamp.                                                                                                                                                                                       | upstream peer   |
-| plus.http.upstream.peers.response.time             | build version upstream peer.address peer.name | avg       | Upstream Server Response Time The average time to get the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) from the server during the aggregation interval.                                                                                        | upstream server |
-| plus.http.upstream.peers.header.time               | build version upstream peer.address peer.name | avg       | Upstream Server Header Time The average time to get the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) from the server                                                                                                                           | upstream server |
-| plus.http.upstream.zombies                         | build version                                 | avg       | Upstream Zombies The current number of servers removed from the group but still processing active client requests                                                                                                                                                                                          | deployment      |
-| plus.http.upstream.keepalives                      | build version                                 | count       | Upstream Keepalive Connections The current number of idle [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections                                                                                                                                                  | deployment      |
-| plus.http.upstream.queue.maxsize                   | build version                                 | avg       | Upstream Queue Max Size The maximum number of requests that can be in the queue at the same time                                                                                                                                                                                                           | deployment      |
-| plus.http.upstream.queue.overflows                 | build version                                 | sum       | Upstream Queue Overflows The total number of requests rejected due to the queue overflow                                                                                                                                                                                                                   | deployment      |
-| plus.http.upstream.queue.size                      | build version                                 | avg       | Upstream Queue Size The current number of requests in the queue                                                                                                                                                                                                                                            | deployment      |
-| plus.http.upstream.peers.ssl.handshakes     | build version upstream peer.address peer.name | count     | The total number of successful SSL handshakes during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.handshakes.failed     | build version upstream peer.address peer.name | count     |The total number of failed SSL handshakes during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.session.reuses     | build version upstream peer.address peer.name | count     |The total number of session reuses during SSL handshake in the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.no_common_protocol      | build version upstream peer.address peer.name | count     | The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.handshake_timeout       | build version upstream peer.address peer.name | count     |The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.peer_rejected_cert  | build version upstream peer.address peer.name | count    | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.verify_failures.expired_cert    | build version upstream peer.address peer.name | count    | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.verify_failures.revoked_cert     | build version upstream peer.address peer.name | count     | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.verify_failures.hostname_mismatch      | build version upstream peer.address peer.name | count     | SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.http.upstream.peers.ssl.verify_failures.other  | build version upstream peer.address peer.name | count    |SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.handshakes    | build version upstream peer.address peer.name | count     |The total number of successful SSL handshakes during the aggregation interval.                                                                                                                                                                                   | upstream peer   |
-| plus.stream.upstream.peers.ssl.handshakes.failed     | build version upstream peer.address peer.name | count     | The total number of failed SSL handshakes during the aggregation interval.                                                                                                                                                                                                                                       | upstream peer   |
-| plus.stream.upstream.peers.ssl.session.reuses      | build version upstream peer.address peer.name | count     | The total number of session reuses during SSL handshake in the aggregation interval.                                                                                                                                                                                   | upstream peer   |
-| plus.stream.upstream.peers.ssl.no_common_protocol    | build version upstream peer.address peer.name | count     | The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                           | upstream peer   |
-| plus.stream.upstream.peers.ssl.handshake_timeout     | build version upstream peer.address peer.name | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.peer_rejected_cert  | build version upstream peer.address peer.name | count     | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.verify_failures.expired_cert   | build version upstream peer.address peer.name | count    | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.verify_failures.revoked_cert    | build version upstream peer.address peer.name | count     | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.verify_failures.hostname_mismatch     | build version upstream peer.address peer.name | count    |  SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
-| plus.stream.upstream.peers.ssl.verify_failures.other     | build version upstream peer.address peer.name | count     | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| **Metric**              | **Display Name**                  | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|-----------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| plus.http.upstream.peers.conn.active               | Upstream active connections | build version upstream peer.address peer.name | count       | Upstream Server Active Connections The number of active client connections during the aggregation interval.                                                                                                                                                                                        | upstream server |
+| plus.http.upstream.peers.request.count             | Upstream HTTP requests | build version upstream peer.address peer.name | count     | Upstream Server HTTP Requests The total number of HTTP requests during the aggregation interval.                                                                                                                                                                                                           | upstream server |
+| plus.http.upstream.peers.response.count            | Upstream server HTTP responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP Responses The total number of HTTP responses during the aggregation interval.                                                                                                                                                                                                         | upstream server |
+| plus.http.upstream.peers.status.1xx                | Upstream server HTTP 1xx responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP 1xx Responses The total number of HTTP responses with a 1xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
+| plus.http.upstream.peers.status.2xx                | Upstream server HTTP 2xx responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP 2xx Responses The total number of HTTP responses with a 2xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
+| plus.http.upstream.peers.status.3xx                | Upstream server HTTP 3xx responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP 3xx Responses The total number of HTTP responses with a 3xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
+| plus.http.upstream.peers.status.4xx                | Upstream server HTTP 4xx responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP 4xx Responses The total number of HTTP responses with a 4xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
+| plus.http.upstream.peers.status.5xx                | Upstream server HTTP 5xx responses | build version upstream peer.address peer.name | count     | Upstream Server HTTP 5xx Responses The total number of HTTP responses with a 5xx status code during the aggregation interval.                                                                                                                                                                              | upstream server |
+| plus.http.upstream.peers.request.bytes_sent        | Upstream server request bytes sent | build version upstream peer.address peer.name | count     | The total number of bytes sent in HTTP requests during the aggregation interval.                                                                                                                                                                                        | upstream server |
+| plus.http.upstream.peers.request.bytes_rcvd        | Upstream server request bytes received | build version upstream peer.address peer.name | count     | The total number of bytes received in HTTP requests during the aggregation interval.                                                                                                                                                                                | upstream server |
+| plus.http.upstream.peers.state.up                  | Upstream server state up | build version upstream peer.address peer.name | boolean   | Upstream Server State Up Current state of upstream servers in deployment. If all upstream servers in the deployment are up, then the value will be 1. If any upstream server is not up, then the value will be 0.                                                                                          | upstream peer   |
+| plus.http.upstream.peers.state.draining            | Upstream server state draining | build version upstream peer.address peer.name | boolean   | Upstream Server State Draining Current state of upstream servers in deployment. If any of the upstream servers in the deployment are draining, then the value will be 1. If no upstream server is draining, then the value will be 0.                                                                      | upstream peer   |
+| plus.http.upstream.peers.state.down                | Upstream server state down | build version upstream peer.address peer.name | boolean   | Upstream Server State Down Current state of upstream servers in deployment. If any of the upstream servers in the deployment are down, then the value will be 1. If no upstream server is down, then the value will be 0.                                                                                  | upstream peer   |
+| plus.http.upstream.peers.state.unavail             | Upstream server state unavailable | build version upstream peer.address peer.name | boolean   | Upstream Server State Unavailable Current state of upstream servers in deployment. If any of the upstream servers in the deployment are unavailable, then the value will be 1. If no upstream server is unavailable, then the value will be 0.                                                             | upstream peer   |
+| plus.http.upstream.peers.state.checking            | Upstream server state checking | build version upstream peer.address peer.name | boolean   | Upstream Server State Check Current state of upstream servers in deployment. If any of the upstream servers in the deployment is being checked then the value will be 1. If no upstream server is being checked then the value will be 0.                                                                  | upstream peer   |
+| plus.http.upstream.peers.state.unhealthy           | Upstream server state unhealthy | build version upstream peer.address peer.name | boolean   | Upstream Server State Unhealthy Current state of upstream servers in deployment. If any of the upstream servers in the deployment are unhealthy then the value will be 1. If no upstream server is unhealthy then the value will be 0.                                                                     | upstream peer   |
+| plus.http.upstream.peers.fails                     | Upstream server fails | build version upstream peer.address peer.name | count     | Upstream Server Fails The total number of unsuccessful attempts to communicate with the server during the aggregation interval.                                                                                                                                                                            | upstream peer   |
+| plus.http.upstream.peers.unavail                   | Upstream server unavailable | build version upstream peer.address peer.name | count     | Upstream Server Unavailable The number of times the server became unavailable for client requests (state “unavail”) due to the number of unsuccessful attempts reaching the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) threshold during the aggregation interval. | upstream peer   |
+| plus.http.upstream.peers.health_checks.checks      | Upstream server health checks | build version upstream peer.address peer.name | count     | Upstream Server Health Checks The total number of [health check](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) requests made during the aggregation interval.                                                                                                              | upstream peer   |
+| plus.http.upstream.peers.health_checks.fails       | Upstream server health checks fails | build version upstream peer.address peer.name | count     | Upstream Server Health Checks Fails The number of failed health checks during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.health_checks.unhealthy   | Upstream server health checks unhealthy | build version upstream peer.address peer.name | count     | Upstream Server Health Checks Unhealthy How many times the server became unhealthy (state “unhealthy”) during the aggregation interval.                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.health_checks.last_passed | Upstream server health checks last pass | build version upstream peer.address peer.name | boolean   | Upstream Server Health Checks Last Pass last_passed (boolean) indicating if the last health check request was successful and passed [tests](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#match).                                                                                        | upstream peer   |
+| plus.http.upstream.peers.downstart                 | Upstream server downstart | build version upstream peer.address peer.name | timestamp | Upstream Server Downstart The time when the server became “unavail”, “checking”, or “unhealthy”, as a UTC timestamp.                                                                                                                                                                                       | upstream peer   |
+| plus.http.upstream.peers.response.time             | Upstream server response time | build version upstream peer.address peer.name | avg       | Upstream Server Response Time The average time to get the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) from the server during the aggregation interval.                                                                                        | upstream server |
+| plus.http.upstream.peers.header.time               | Upstream server header time | build version upstream peer.address peer.name | avg       | Upstream Server Header Time The average time to get the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) from the server                                                                                                                           | upstream server |
+| plus.http.upstream.zombies                         | Upstream zombies | build version                                 | avg       | Upstream Zombies The current number of servers removed from the group but still processing active client requests                                                                                                                                                                                          | deployment      |
+| plus.http.upstream.keepalives                      | Upstream keepalive connections | build version                                 | count       | Upstream Keepalive Connections The current number of idle [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections                                                                                                                                                  | deployment      |
+| plus.http.upstream.queue.maxsize                   | Upstream queue max size | build version                                 | avg       | Upstream Queue Max Size The maximum number of requests that can be in the queue at the same time                                                                                                                                                                                                           | deployment      |
+| plus.http.upstream.queue.overflows                 | Upstream queue overflows | build version                                 | sum       | Upstream Queue Overflows The total number of requests rejected due to the queue overflow                                                                                                                                                                                                                   | deployment      |
+| plus.http.upstream.queue.size                      | Upstream queue size | build version                                 | avg       | Upstream Queue Size The current number of requests in the queue                                                                                                                                                                                                                                            | deployment      |
+| plus.http.upstream.peers.ssl.handshakes     | Upstream SSL handshakes           | build version upstream peer.address peer.name | count     | The total number of successful SSL handshakes during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.handshakes.failed     | Upstream SSL handshakes failed    | build version upstream peer.address peer.name | count     | The total number of failed SSL handshakes during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.session.reuses     | Upstream SSL session reuses       | build version upstream peer.address peer.name | count     | The total number of session reuses during SSL handshake in the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.no_common_protocol      | Upstream SSL no common protocol   | build version upstream peer.address peer.name | count     | The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.handshake_timeout       | Upstream SSL handshake timeout    | build version upstream peer.address peer.name | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.peer_rejected_cert  | SSL handshake failed - rejected cert | build version upstream peer.address peer.name | count    | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.verify_failures.expired_cert    | SSL verify failures - expired cert | build version upstream peer.address peer.name | count    | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.verify_failures.revoked_cert     | SSL verify failures - revoked cert | build version upstream peer.address peer.name | count     | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.verify_failures.hostname_mismatch      | SSL verify failures - hostname mismatch | build version upstream peer.address peer.name | count     | SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.http.upstream.peers.ssl.verify_failures.other  | SSL verify failures - other       | build version upstream peer.address peer.name | count    | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                    | upstream peer   |
+| plus.stream.upstream.peers.ssl.handshakes | Stream SSL handshakes total             | build version upstream peer.address peer.name | count | The total number of successful SSL handshakes during the aggregation interval.             | upstream peer   |
+| plus.stream.upstream.peers.ssl.handshakes.failed | Stream SSL handshakes failed            | build version upstream peer.address peer.name | count | The total number of failed SSL handshakes during the aggregation interval.                 | upstream peer   |
+| plus.stream.upstream.peers.ssl.session.reuses | Stream SSL session reuses               | build version upstream peer.address peer.name | count | The total number of session reuses during SSL handshake in the aggregation interval.       | upstream peer   |
+| plus.stream.upstream.peers.ssl.no_common_protocol | Stream HS failed - no common protocol   | build version upstream peer.address peer.name | count | The number of SSL handshakes failed because of no common protocol during the aggregation interval. | upstream peer   |
+| plus.stream.upstream.peers.ssl.handshake_timeout | Stream SSL handshake timeout            | build version upstream peer.address peer.name | count | The number of SSL handshakes failed because of a timeout during the aggregation interval.  | upstream peer   |
+| plus.stream.upstream.peers.ssl.peer_rejected_cert | Stream verify failure - rejected cert   | build version upstream peer.address peer.name | count | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval. | upstream peer   |
+| plus.stream.upstream.peers.ssl.verify_failures.expired_cert | Stream verify failure - expired cert    | build version upstream peer.address peer.name | count | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval. | upstream peer   |
+| plus.stream.upstream.peers.ssl.verify_failures.revoked_cert | Stream verify failure - revoked cert    | build version upstream peer.address peer.name | count | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval. | upstream peer   |
+| plus.stream.upstream.peers.ssl.verify_failures.hostname_mismatch | Stream verify failure - hostname mismatch | build version upstream peer.address peer.name | count | SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval. | upstream peer   |
+| plus.stream.upstream.peers.ssl.verify_failures.other | Stream SSL verify failure - other       | build version upstream peer.address peer.name | count | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval. | upstream peer   |
 
 {{</bootstrap-table>}}
 
@@ -244,15 +244,15 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| system.cpu| | count | System CPU Utilization. | deployment |
-| system.interface.bytes_rcvd| interface | count | System Interface Bytes Received. | deployment |
-| system.interface.bytes_sent| interface | count | System Interface Bytes Sent. | deployment |
-| system.interface.packets_rcvd| interface | count | System Interface Packets Received. | deployment |
-| system.interface.packets_sent| interface | count | System Interface Packets Sent. | deployment |
-| system.interface.total_bytes| interface | count | System Interface Total Bytes,  sum of bytes_sent and bytes_rcvd. | deployment |
-| system.interface.egress_throughput| interface | count | System Interface Egress Throughput, i.e. bytes sent per second| deployment |
+| **Metric**                   | **Display Name** | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| system.cpu| CPU utilization | | count | System CPU Utilization. | deployment |
+| system.interface.bytes_rcvd| Interface bytes received | interface | count | System Interface Bytes Received. | deployment |
+| system.interface.bytes_sent| Interface bytes sent | interface | count | System Interface Bytes Sent. | deployment |
+| system.interface.packets_rcvd| Interface packets received | interface | count | System Interface Packets Received. | deployment |
+| system.interface.packets_sent| Interface packets sent | interface | count | System Interface Packets Sent. | deployment |
+| system.interface.total_bytes| Interface total bytes | interface | count | System Interface Total Bytes, sum of bytes_sent and bytes_rcvd. | deployment |
+| system.interface.egress_throughput| Interface egress throughput | interface | count | System Interface Egress Throughput, i.e. bytes sent per second| deployment |
 
 {{</bootstrap-table>}}
 
@@ -260,55 +260,55 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                   | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
-|----------------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
-| plus.stream.limit_conns.passed                       | build, version, limit_conn_zone                       | count     | The total number of connections that were neither limited nor accounted as limited. | limit conn zone   |
-| plus.stream.limit_conns.rejected                     | build, version, limit_conn_zone                       | count     | The total number of connections that were rejected.                                 | limit conn zone   |
-| plus.stream.limit_conns.rejected_dry_run             | build, version, limit_conn_zone                       | count     | The total number of connections accounted as rejected in the dry run mode.          | limit conn zone   |
-| plus.stream.request.bytes_rcvd                       | build, version, server_zone                           | count     | The total number of bytes received from clients.                                    | server zone       |
-| plus.stream.request.bytes_sent                       | build, version, server_zone                           | count     | The total number of bytes sent to clients.                                          | server zone       |
-| plus.stream.status.2xx                               | build, version, server_zone                           | count     | The total number of sessions completed with status codes “2xx”.                     | server zone       |
-| plus.stream.status.4xx                               | build, version, server_zone                           | count     | The total number of sessions completed with status codes “4xx”.                     | server zone       |
-| plus.stream.status.5xx                               | build, version, server_zone                           | count     | The total number of sessions completed with status codes “5xx”.                     | server zone       |
-| plus.stream.status.connections                       | build, version, server_zone                           | avg       | The averge number of connections accepted from clients.                              | server zone       |
-| plus.stream.status.discarded                         | build, version, server_zone                           | avg       | The average number of connections completed without creating a session.               | server zone       |
-| plus.stream.status.processing                        | build, version, server_zone                           | avg       | The average of client connections that are currently being processed.                | server zone       |
-| plus.stream.upstream.peers.conn.active               | build, version, upstream, peer.address, peer.name     | count       | The current number of connections.                                                  | upstream peer     |
-| plus.stream.upstream.peers.downstart                 | build, version, upstream, peer.address, peer.name     | timestamp | The time when the server became “unavail”, “checking”, or “unhealthy”, in the ISO 8601 format with millisecond resolution. | upstream peer     |
-| plus.stream.upstream.peers.downtime                  | build, version, upstream, peer.address, peer.name     | count     | Total time the server was in the “unavail”, “checking”, and “unhealthy” states.     | upstream peer     |
-| plus.stream.upstream.peers.fails                     | build, version, upstream, peer.address, peer.name     | count     | The total number of unsuccessful attempts to communicate with the server.           | upstream peer     |
-| plus.stream.upstream.peers.health_checks.checks      | build, version, upstream, peer.address, peer.name     | count     | The total number of health check requests made.                                     | upstream peer     |
-| plus.stream.upstream.peers.health_checks.fails       | build, version, upstream, peer.address, peer.name     | count     | The number of failed health checks.                                                 | upstream peer     |
-| plus.stream.upstream.peers.health_checks.last_passed | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating whether the last health check request was successful and passed tests. | upstream peer     |
-| plus.stream.upstream.peers.health_checks.unhealthy   | build, version, upstream, peer.address, peer.name     | count     | How many times the server became unhealthy (state “unhealthy”).                           | upstream peer     |
-| plus.stream.upstream.peers.request.bytes_rcvd        | build, version, upstream, peer.address, peer.name     | count     | The total number of bytes received from this server.                                | upstream peer     |
-| plus.stream.upstream.peers.request.bytes_sent        | build, version, upstream, peer.address, peer.name     | count     | The total number of bytes sent to this server.                                      | upstream peer     |
-| plus.stream.upstream.peers.response.time             | build, version, upstream, peer.address, peer.name     | avg       | The average time to receive the last byte of data.                                  | upstream peer     |
-| plus.stream.upstream.peers.state.checking            | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if any of the upstream servers are being checked.                | upstream peer     |
-| plus.stream.upstream.peers.state.down                | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if any of the upstream servers are down.                         | upstream peer     |
-| plus.stream.upstream.peers.state.draining            | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if any of the upstream servers are draining.                     | upstream peer     |
-| plus.stream.upstream.peers.state.unavail             | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if any of the upstream servers are unavailable.                  | upstream peer     |
-| plus.stream.upstream.peers.state.unhealthy           | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if any of the upstream servers are unhealthy.                    | upstream peer     |
-| plus.stream.upstream.peers.state.up                  | build, version, upstream, peer.address, peer.name     | boolean   | Boolean indicating if all upstream servers are up.                                  | upstream peer     |
-| plus.stream.upstream.peers.unavail                   | build, version, upstream, peer.address, peer.name     | count     | How many times the server became unavailable for client connections (state “unavail”) due to the number of unsuccessful attempts reaching the max_fails threshold. | upstream peer     |
-| plus.stream.upstream.zombies                         | build, version                                        | avg       | The current number of servers removed from the group but still processing active client connections. | deployment        |
-| plus.stream.ssl.handshakes| build version server_zone| count | The total number of successful SSL handshakes during the aggregation interval.            | server zone|
-| plus.stream.ssl.handshakes.failed   | build version server_zone | count | SSL Handshakes Failed The total number of failed SSL handshakes during the aggregation interval.         | server zone  |
-| plus.stream.ssl.session.reuses    | build version server_zone | count | The total number of session reuses during SSL handshakes in the aggregation interval. | server zone  |
-| plus.stream.ssl.no_common_protocol      | build version server_zone| count     |The number of SSL handshakes failed because of no common protocol during the aggregation interval.                                                                                                                                                                                                    |server zone |
-| plus.stream.ssl.no_common_cipher|  build version server_zone  | count    | The number of SSL handshakes failed because of no shared cipher during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.stream.ssl.handshake_timeout      |  build version server_zone  | count     | The number of SSL handshakes failed because of a timeout during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.stream.ssl.peer_rejected_cert |  build version server_zone  | count    | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval.                                                                                                                                                                                                    | server zone |
-| plus.stream.ssl.verify_failures.no_cert |  build version server_zone  | count    |SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval.                                                                                                                                                                                                    |server zone |
-| plus.stream.ssl.verify_failures.expired_cert  |  build version server_zone  | count    |SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    |server zone |
-| plus.stream.ssl.verify_failures.revoked_cert  |  build version server_zone  | count     |SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval.                                                                                                                                                                                                    |server zone |
-| plus.stream.ssl.verify_failures.other |  build version server_zone  | count    |SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval.                                                                                                                                                                                                 | server zone |
-| plus.stream.zone_sync.status.bytes_in                | build, version                                        | count     | The number of bytes received by all nodes during the aggregation interval.          | deployment     |
-| plus.stream.zone_sync.status.bytes_out               | build, version                                        | count     | The number of bytes sent by all nodes during the aggregation interval.              | deployment     |
-| plus.stream.zone_sync.status.msgs_in                 | build, version                                        | count     | The number of messages received by all nodes during the aggregation interval.       | deployment     |
-| plus.stream.zone_sync.status.msgs_out                | build, version                                        | count     | The number of messages sent by all nodes during the aggregation interval.           | deployment     |
-| plus.stream.zone_sync.zones.records_pending          | build, version, shared_memory_zone                    | avg       | The average number of records that need to be sent to the cluster during the aggregation interval.   | shared memory zone |
-| plus.stream.zone_sync.zones.records_total            | build, version, shared_memory_zone                    | avg       | The average number of records stored in the shared memory zone by all nodes during the aggregation interval.  | shared memory zone |
+| **Metric**                   | **Display Name**                  | **Dimensions** | **Type** | **Description**                                                                                               | **Roll-up per** |
+|----------------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------|
+| plus.stream.limit_conns.passed         | Connections passed            | build, version, limit_conn_zone | count | The total number of connections that were neither limited nor accounted as limited. | limit conn zone   |
+| plus.stream.limit_conns.rejected       | Connections rejected          | build, version, limit_conn_zone | count | The total number of connections that were rejected.                                 | limit conn zone   |
+| plus.stream.limit_conns.rejected_dry_run | Connections rejected dry run | build, version, limit_conn_zone | count | The total number of connections accounted as rejected in the dry run mode.          | limit conn zone   |
+| plus.stream.request.bytes_rcvd         | Request bytes received        | build, version, server_zone       | count | The total number of bytes received from clients.                                    | server zone       |
+| plus.stream.request.bytes_sent         | Request bytes sent            | build, version, server_zone       | count | The total number of bytes sent to clients.                                          | server zone       |
+| plus.stream.status.2xx                 | Status 2xx                    | build, version, server_zone       | count | The total number of sessions completed with status codes '2xx'.                     | server zone       |
+| plus.stream.status.4xx                 | Status 4xx                    | build, version, server_zone       | count | The total number of sessions completed with status codes '4xx'.                     | server zone       |
+| plus.stream.status.5xx                 | Status 5xx                    | build, version, server_zone       | count | The total number of sessions completed with status codes '5xx'.                     | server zone       |
+| plus.stream.status.connections         | Accepted connections          | build, version, server_zone       | avg   | The average number of connections accepted from clients.                              | server zone       |
+| plus.stream.status.discarded           | Connections discarded          | build, version, server_zone       | avg   | The average number of connections completed without creating a session.               | server zone       |
+| plus.stream.status.processing          | Connections processing         | build, version, server_zone       | avg   | The average number of client connections that are currently being processed.          | server zone       |
+| plus.stream.upstream.peers.conn.active | Upstream active connections    | build, version, upstream, peer.address, peer.name | count | The current number of connections.                                                  | upstream peer     |
+| plus.stream.upstream.peers.downstart   | Upstream downstart             | build, version, upstream, peer.address, peer.name | timestamp | The time when the server became 'unavail', 'checking', or 'unhealthy', in the ISO 8601 format with millisecond resolution. | upstream peer     |
+| plus.stream.upstream.peers.downtime    | Upstream downtime              | build, version, upstream, peer.address, peer.name | count | Total time the server was in the 'unavail', 'checking', and 'unhealthy' states.     | upstream peer     |
+| plus.stream.upstream.peers.fails       | Upstream fails                 | build, version, upstream, peer.address, peer.name | count | The total number of unsuccessful attempts to communicate with the server.           | upstream peer     |
+| plus.stream.upstream.peers.health_checks.checks | Upstream health checks | build, version, upstream, peer.address, peer.name | count | The total number of health check requests made.                                     | upstream peer     |
+| plus.stream.upstream.peers.health_checks.fails | Upstream health checks fails | build, version, upstream, peer.address, peer.name | count | The number of failed health checks.                                                 | upstream peer     |
+| plus.stream.upstream.peers.health_checks.last_passed | Upstream last health check pass | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating whether the last health check request was successful and passed tests. | upstream peer     |
+| plus.stream.upstream.peers.health_checks.unhealthy | Upstream health checks unhealthy | build, version, upstream, peer.address, peer.name | count | How many times the server became unhealthy (state 'unhealthy').                     | upstream peer     |
+| plus.stream.upstream.peers.request.bytes_rcvd | Upstream request bytes received | build, version, upstream, peer.address, peer.name | count | The total number of bytes received from this server.                                | upstream peer     |
+| plus.stream.upstream.peers.request.bytes_sent | Upstream request bytes sent | build, version, upstream, peer.address, peer.name | count | The total number of bytes sent to this server.                                      | upstream peer     |
+| plus.stream.upstream.peers.response.time | Upstream response time         | build, version, upstream, peer.address, peer.name | avg   | The average time to receive the last byte of data.                                  | upstream peer     |
+| plus.stream.upstream.peers.state.checking | Upstream state checking       | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if any of the upstream servers are being checked.                | upstream peer     |
+| plus.stream.upstream.peers.state.down | Upstream state down            | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if any of the upstream servers are down.                         | upstream peer     |
+| plus.stream.upstream.peers.state.draining | Upstream state draining       | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if any of the upstream servers are draining.                     | upstream peer     |
+| plus.stream.upstream.peers.state.unavail | Upstream state unavailable    | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if any of the upstream servers are unavailable.                  | upstream peer     |
+| plus.stream.upstream.peers.state.unhealthy | Upstream state unhealthy     | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if any of the upstream servers are unhealthy.                    | upstream peer     |
+| plus.stream.upstream.peers.state.up | Upstream state up               | build, version, upstream, peer.address, peer.name | boolean | Boolean indicating if all upstream servers are up.                                  | upstream peer     |
+| plus.stream.upstream.peers.unavail | Upstream unavailable            | build, version, upstream, peer.address, peer.name | count | How many times the server became unavailable for client connections (state 'unavail') due to the number of unsuccessful attempts reaching the max_fails threshold. | upstream peer     |
+| plus.stream.upstream.zombies | Upstream zombies                    | build, version                                        | avg   | The current number of servers removed from the group but still processing active client connections. | deployment        |
+| plus.stream.ssl.handshakes | Stream SSL handshakes total           | build version server_zone                            | count | The total number of successful SSL handshakes during the aggregation interval.       | server zone       |
+| plus.stream.ssl.handshakes.failed | Stream SSL handshakes failed    | build version server_zone                            | count | The total number of failed SSL handshakes during the aggregation interval.           | server zone       |
+| plus.stream.ssl.session.reuses | Stream SSL session reuses         | build version server_zone                            | count | The total number of session reuses during SSL handshakes in the aggregation interval. | server zone       |
+| plus.stream.ssl.no_common_protocol | Stream HS failed - no common protocol | build version server_zone                            | count | The number of SSL handshakes failed because of no common protocol during the aggregation interval. | server zone       |
+| plus.stream.ssl.no_common_cipher | Stream HS failed - no shared cipher | build version server_zone                            | count | The number of SSL handshakes failed because of no shared cipher during the aggregation interval. | server zone       |
+| plus.stream.ssl.handshake_timeout | Stream SSL handshake timeout    | build version server_zone                            | count | The number of SSL handshakes failed because of a timeout during the aggregation interval. | server zone       |
+| plus.stream.ssl.peer_rejected_cert | Stream verify failure - rejected cert | build version server_zone                            | count | The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message during the aggregation interval. | server zone       |
+| plus.stream.ssl.verify_failures.no_cert | Stream verify failure - no cert | build version server_zone                            | count | SSL certificate verification errors - a client did not provide the required certificate during the aggregation interval. | server zone       |
+| plus.stream.ssl.verify_failures.expired_cert | Stream verify failure - expired cert | build version server_zone                            | count | SSL certificate verification errors - an expired or not yet valid certificate was presented by a client during the aggregation interval. | server zone       |
+| plus.stream.ssl.verify_failures.revoked_cert | Stream verify failure - revoked cert | build version server_zone                            | count | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval. | server zone       |
+| plus.stream.ssl.verify_failures.other | Stream SSL verify failure - other | build version server_zone                            | count | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval. | server zone       |
+| plus.stream.zone_sync.status.bytes_in | Zone sync bytes in             | build, version                                        | count | The number of bytes received by all nodes during the aggregation interval.          | deployment        |
+| plus.stream.zone_sync.status.bytes_out | Zone sync bytes out           | build, version                                        | count | The number of bytes sent by all nodes during the aggregation interval.              | deployment        |
+| plus.stream.zone_sync.status.msgs_in | Zone sync messages in          | build, version                                        | count | The number of messages received by all nodes during the aggregation interval.       | deployment        |
+| plus.stream.zone_sync.status.msgs_out | Zone sync messages out         | build, version                                        | count | The number of messages sent by all nodes during the aggregation interval.           | deployment        |
+| plus.stream.zone_sync.zones.records_pending | Zone sync records pending    | build, version, shared_memory_zone                    | avg   | The average number of records that need to be sent to the cluster during the aggregation interval. | shared memory zone |
+| plus.stream.zone_sync.zones.records_total | Zone sync records total      | build, version, shared_memory_zone                    | avg   | The average number of records stored in the shared memory zone by all nodes during the aggregation interval. | shared memory zone |
 
 {{</bootstrap-table>}}
 
@@ -316,18 +316,18 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
-| **Metric**                            | **Dimensions**                 | **Type** | **Description**                                                                            | **Roll-up per** |
-|---------------------------------------|--------------------------------|----------|--------------------------------------------------------------------------------------------|-----------------|
-| plus.resolvers.requests.name          | build, version, resolver_zone  | count    | The number of requests to resolve names to addresses during the aggregation interval.      | resolver zone   |
-| plus.resolvers.requests.srv           | build, version, resolver_zone  | count    | The number of requests to resolve SRV records during the aggregation interval.             | resolver zone   |
-| plus.resolvers.requests.addr          | build, version, resolver_zone  | count    | The number of requests to resolve addresses to names during the aggregation interval.      | resolver zone   |
-| plus.resolvers.responses.noerror      | build, version, resolver_zone  | count    | The number of successful responses during the aggregation interval.                        | resolver zone   |
-| plus.resolvers.responses.formerr      | build, version, resolver_zone  | count    | The number of FORMERR (Format error) responses during the aggregation interval.            | resolver zone   |
-| plus.resolvers.responses.servfail     | build, version, resolver_zone  | count    | The number of SERVFAIL (Server failure) responses during the aggregation interval.         | resolver zone   |
-| plus.resolvers.responses.nxdomain     | build, version, resolver_zone  | count    | The number of NXDOMAIN (Host not found) responses during the aggregation interval.         | resolver zone   |
-| plus.resolvers.responses.notimp       | build, version, resolver_zone  | count    | The number of NOTIMP (Unimplemented) responses during the aggregation interval.            | resolver zone   |
-| plus.resolvers.responses.refused      | build, version, resolver_zone  | count    | The number of REFUSED (Operation refused) responses during the aggregation interval.       | resolver zone   |
-| plus.resolvers.responses.timedout     | build, version, resolver_zone  | count    | The number of timed out requests during the aggregation interval.                          | resolver zone   |
-| plus.resolvers.responses.unknown      | build, version, resolver_zone  | count    | The number of requests completed with an unknown error during the aggregation interval.    | resolver zone   |
+| **Metric**                            | **Display Name**             | **Dimensions**                 | **Type** | **Description**                                                                            | **Roll-up per** |
+|---------------------------------------|------------------------------|--------------------------------|----------|--------------------------------------------------------------------------------------------|-----------------|
+| plus.resolvers.requests.name          | Resolve name requests    | build, version, resolver_zone  | count    | The number of requests to resolve names to addresses during the aggregation interval.      | resolver zone   |
+| plus.resolvers.requests.srv           | Resolve SRV requests      | build, version, resolver_zone  | count    | The number of requests to resolve SRV records during the aggregation interval.             | resolver zone   |
+| plus.resolvers.requests.addr          | Resolve address requests  | build, version, resolver_zone  | count    | The number of requests to resolve addresses to names during the aggregation interval.      | resolver zone   |
+| plus.resolvers.responses.noerror      | Successful responses         | build, version, resolver_zone  | count    | The number of successful responses during the aggregation interval.                        | resolver zone   |
+| plus.resolvers.responses.formerr      | FORMERR responses            | build, version, resolver_zone  | count    | The number of FORMERR (Format error) responses during the aggregation interval.            | resolver zone   |
+| plus.resolvers.responses.servfail     | SERVFAIL responses           | build, version, resolver_zone  | count    | The number of SERVFAIL (Server failure) responses during the aggregation interval.         | resolver zone   |
+| plus.resolvers.responses.nxdomain     | NXDOMAIN responses           | build, version, resolver_zone  | count    | The number of NXDOMAIN (Host not found) responses during the aggregation interval.         | resolver zone   |
+| plus.resolvers.responses.notimp       | NOTIMP responses             | build, version, resolver_zone  | count    | The number of NOTIMP (Unimplemented) responses during the aggregation interval.            | resolver zone   |
+| plus.resolvers.responses.refused      | REFUSED responses            | build, version, resolver_zone  | count    | The number of REFUSED (Operation refused) responses during the aggregation interval.       | resolver zone   |
+| plus.resolvers.responses.timedout     | Timed out requests           | build, version, resolver_zone  | count    | The number of timed out requests during the aggregation interval.                          | resolver zone   |
+| plus.resolvers.responses.unknown      | Unknown error responses      | build, version, resolver_zone  | count    | The number of requests completed with an unknown error during the aggregation interval.    | resolver zone   |
 
 {{</bootstrap-table>}}
diff --git a/content/nginxaas-azure/monitoring/migrate-to-platform-metrics.md b/content/nginxaas-azure/monitoring/migrate-to-platform-metrics.md
index c33b781c7..70de8a906 100644
--- a/content/nginxaas-azure/monitoring/migrate-to-platform-metrics.md
+++ b/content/nginxaas-azure/monitoring/migrate-to-platform-metrics.md
@@ -2,14 +2,14 @@
 title: Migrate from Custom metrics to Platform metrics
 weight: 1000
 toc: true
-url: /nginxaas/azure/getting-started/migrate-to-platform-metrics/
+url: /nginxaas/azure/monitoring/migrate-to-platform-metrics/
 type:
 - how-to
 ---
 
 ## Overview
 
-F5 NGINXaaS for Azure previously supported monitoring through [Custom Metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/metrics/metrics-custom-overview), which is a preview feature in Azure. As a preview feature, support for Custom Metrics will be removed in the future. We've added support for Platform Metrics, which is the recommended way to monitor resources in Azure. We strongly recommend switching your deployment's monitoring to Platform Metrics to take advantage of lower latency and better reliability.
+F5 NGINXaaS for Azure previously supported monitoring through [Custom Metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/metrics/metrics-custom-overview), which is a preview feature in Azure. Support for Custom Metrics will be removed in the future. We've added support for Platform Metrics, which is the recommended way to monitor resources in Azure. We strongly recommend switching your deployment's monitoring to Platform Metrics to take advantage of lower latency and better reliability.
 
 ## Migration steps
 
diff --git a/content/nginxaas-azure/overview/overview.md b/content/nginxaas-azure/overview/overview.md
index 3126bdad2..01c6b65d2 100644
--- a/content/nginxaas-azure/overview/overview.md
+++ b/content/nginxaas-azure/overview/overview.md
@@ -70,7 +70,7 @@ With the Standard V2 Plan, NGINXaaS uses the following redundancy features to ke
 - We use [Azure Availability  Zones](https://learn.microsoft.com/en-us/azure/availability-zones/az-overview)
   to protect your deployment from local failures within an Azure region. We balance NGINX instances across the possible availability zones in [supported regions](https://learn.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones)
 
-{{< note >}} If you are creating a public IP for your deployment, be sure to make them [zone redundant](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) to get the best uptime. {{</ note >}}
+{{< call-out "note" >}} If you are creating a public IP for your deployment, be sure to make them [zone redundant](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) to get the best uptime. {{< /call-out >}}
 
 ### Data plane traffic
 
diff --git a/content/nginxaas-azure/quickstart/geoip2.md b/content/nginxaas-azure/quickstart/geoip2.md
index 227b79d1c..184f6530a 100644
--- a/content/nginxaas-azure/quickstart/geoip2.md
+++ b/content/nginxaas-azure/quickstart/geoip2.md
@@ -18,11 +18,11 @@ NGINXaaS uses your MaxMind license to download GeoIP2 databases, puts them in th
 To enable GeoIP2 you [update your NGINX configuration]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview.md">}}) to include your MaxMind license and the relevant NGINX directives.
 
 1. Log into MaxMind and [generate a `GeoIP.conf`](https://dev.maxmind.com/geoip/updating-databases/#2-obtain-geoipconf-with-account-information) file.
-2. Add the `GeoIP.conf` file to your NGINX configuration, using the exact path `/etc/nginx/GeoIP.conf`. The `GeoIP.conf` will be validated, and must include `AccountID`, `LicenseKey`, and `EditionIDs`. Other configuration options in `GeoIP.conf` are ignored.  We recommend you enable the **Protected** {{<fa "solid fa-toggle-on">}} toggle button to mark `GeoIP.conf` as a protected file, which will prevent the contents from being read via any Azure client tools.
+2. Add the `GeoIP.conf` file to your NGINX configuration, using the exact path `/etc/nginx/GeoIP.conf`. The `GeoIP.conf` will be validated, and must include `AccountID`, `LicenseKey`, and `EditionIDs`. Other configuration options in `GeoIP.conf` are ignored.  We recommend you enable the **Protected** {{<icon "solid fa-toggle-on">}} toggle button to mark `GeoIP.conf` as a protected file, which will prevent the contents from being read via any Azure client tools.
 3. Add the `load_module` directive - the modules are available at `modules/ngx_http_geoip2_module.so` or `modules/ngx_stream_geoip2_module.so`.
 4. Add `geoip2` directives to your NGINX configuration as desired. The `EditionIDs` from your `GeoIP.conf` are available at `/usr/local/share/GeoIP`
 
-{{<note>}}NGINXaaS for Azure currently only supports the database directory at the path `/usr/local/share/GeoIP`.{{</note>}}
+{{< call-out "note" >}}NGINXaaS for Azure currently only supports the database directory at the path `/usr/local/share/GeoIP`.{{< /call-out >}}
 
 There are many different ways to use the `geoip2` directives; For example:
 
diff --git a/content/nginxaas-azure/quickstart/hosting-static-content.md b/content/nginxaas-azure/quickstart/hosting-static-content.md
index 05706b3b9..e72669cf7 100644
--- a/content/nginxaas-azure/quickstart/hosting-static-content.md
+++ b/content/nginxaas-azure/quickstart/hosting-static-content.md
@@ -42,7 +42,7 @@ test-static-files $ tree .
 2 directories, 2 files
 ```
 
-{{<note>}}`index.html` is placed under the `srv` directory. When using `tar` to upload static content, the static content has to be placed under one of the allowed paths listed in the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}).{{</note>}}
+{{< call-out "note" >}}`index.html` is placed under the `srv` directory. When using `tar` to upload static content, the static content has to be placed under one of the allowed paths listed in the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}).{{< /call-out >}}
 
 3. Create the tarball.
 
diff --git a/content/nginxaas-azure/quickstart/njs-support.md b/content/nginxaas-azure/quickstart/njs-support.md
index 344bafc2e..d3948e7a1 100644
--- a/content/nginxaas-azure/quickstart/njs-support.md
+++ b/content/nginxaas-azure/quickstart/njs-support.md
@@ -14,7 +14,7 @@ F5 NGINX as a Service for Azure (NGINXaaS) supports the open-source [njs module]
 
 Create an njs script file by uploading a gzipped tar file or create the script file in the editor. See [NGINX Configuration]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md" >}}) for a step-by-step guide.
 
-{{<note>}}If specifying an absolute file path as your njs script's `File path`, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{</note>}}
+{{< call-out "note" >}}If specifying an absolute file path as your njs script's `File path`, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{< /call-out >}}
 
 Switch between the language options to see syntax highlighting for NGINX configs or JavaScript.
 
diff --git a/content/nginxaas-azure/quickstart/rate-limiting.md b/content/nginxaas-azure/quickstart/rate-limiting.md
index 8dff3c692..59101ceb9 100644
--- a/content/nginxaas-azure/quickstart/rate-limiting.md
+++ b/content/nginxaas-azure/quickstart/rate-limiting.md
@@ -28,4 +28,4 @@ http {
 }
 ```
 
-{{<note>}}As a prerequisite to using the `sync` parameter with `limit_req_zone` directive for rate limiting, enable [Runtime State Sharing with NGINXaaS for Azure]({{< ref "/nginxaas-azure/quickstart/runtime-state-sharing.md" >}}).{{</note>}}
+{{< call-out "note" >}}As a prerequisite to using the `sync` parameter with `limit_req_zone` directive for rate limiting, enable [Runtime State Sharing with NGINXaaS for Azure]({{< ref "/nginxaas-azure/quickstart/runtime-state-sharing.md" >}}).{{< /call-out >}}
diff --git a/content/nginxaas-azure/quickstart/runtime-state-sharing.md b/content/nginxaas-azure/quickstart/runtime-state-sharing.md
index 0f86569b4..4a0f3df87 100644
--- a/content/nginxaas-azure/quickstart/runtime-state-sharing.md
+++ b/content/nginxaas-azure/quickstart/runtime-state-sharing.md
@@ -16,7 +16,7 @@ With runtime state sharing, NGINXaaS instances can share some state data between
 - [Rate limiting](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone)
 - [Key‑value store](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone)
 
-{{<note>}} Can not add the `sync` parameter with a directive describing shared memory zones to an existing memory zone that was not configured to sync. It also cannot be removed from an existing memory zone configured to sync. To switch, remove the directive before reapplying it with the desired parameters.{{</note>}}
+{{< call-out "note" >}} Can not add the `sync` parameter with a directive describing shared memory zones to an existing memory zone that was not configured to sync. It also cannot be removed from an existing memory zone configured to sync. To switch, remove the directive before reapplying it with the desired parameters.{{< /call-out >}}
 
 For information on enabling synchronization for rate limiting with NGINXaaS for Azure, please visit the [Rate Limiting]({{< ref "/nginxaas-azure/quickstart/rate-limiting.md" >}}) documentation.
 
@@ -37,7 +37,7 @@ stream {
 }
 ```
 
-{{<note>}}To enhance security, set up security rules for both incoming and outgoing traffic in the virtual network linked to the NSG of the subnet hosting NGINXaaS for Azure deployment. These rules should limit TCP traffic to the `zone_sync_server` port.{{</note>}}
+{{< call-out "note" >}}To enhance security, set up security rules for both incoming and outgoing traffic in the virtual network linked to the NSG of the subnet hosting NGINXaaS for Azure deployment. These rules should limit TCP traffic to the `zone_sync_server` port.{{< /call-out >}}
 
 ## Enable the SSL/TLS protocol for connections to another cluster instance of the NGINXaaS for Azure deployment
 
diff --git a/content/nginxaas-azure/quickstart/scaling.md b/content/nginxaas-azure/quickstart/scaling.md
index 7fb1777ea..cf98d9656 100644
--- a/content/nginxaas-azure/quickstart/scaling.md
+++ b/content/nginxaas-azure/quickstart/scaling.md
@@ -10,7 +10,7 @@ type:
 
 F5 NGINX as a Service for Azure (NGINXaaS) supports manual and automatic scaling of your deployment, allowing you to adapt to application traffic demands while controlling cost.
 
-{{<note>}}This feature is only available for Standard plan(s).{{</note>}}
+{{< call-out "note" >}}This feature is only available for Standard plan(s).{{< /call-out >}}
 
 An NGINXaaS deployment can be scaled out to increase the capacity (increasing the cost) or scaled in to decrease the capacity (reducing the cost). Capacity is measured in [NGINX Capacity Units (NCU)](#nginx-capacity-unit-ncu).
 
@@ -36,7 +36,7 @@ To update the capacity of your deploymentv using the Azure Portal,
  1. Set the desired number of NCUs. Scale increases in 10 NCU intervals (10, 20, 30, and so on).
  1. Select **Submit** to update your deployment.
 
-  {{< note >}}There's no downtime while an NGINXaaS deployment changes capacity.{{< /note >}}
+  {{< call-out "note" >}}There's no downtime while an NGINXaaS deployment changes capacity.{{< /call-out >}}
 
 ## Autoscaling
 
@@ -72,7 +72,7 @@ The following table outlines constraints on the specified capacity based on the
 | Standard plan(s)                  | 10                          | 500                         | 10                         |
 {{</bootstrap-table>}}
 
-{{< note >}}If you need a higher maximum capacity, please [open a request](https://my.f5.com/manage/s/) and specify the Resource ID of your NGINXaaS deployment, the region, and the desired maximum capacity you wish to scale to.{{< /note >}}
+{{< call-out "note" >}}If you need a higher maximum capacity, please [open a request](https://my.f5.com/manage/s/) and specify the Resource ID of your NGINXaaS deployment, the region, and the desired maximum capacity you wish to scale to.{{< /call-out >}}
 
 ## Connection processing methods restrictions
 
@@ -91,8 +91,8 @@ NGINXaaS provides metrics for visibility of the current and historical capacity
 
 See the [Metrics Catalog]({{< ref "/nginxaas-azure/monitoring/metrics-catalog.md" >}}) for a reference of all metrics.
 
-{{< note >}}These metrics aren't visible unless enabled, see how to [Enable Monitoring]({{< ref "/nginxaas-azure/monitoring/enable-monitoring.md" >}}) for details.{{< /note >}}
-{{< warning >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /warning >}}
+{{< call-out "note" >}}These metrics aren't visible unless enabled, see how to [Enable Monitoring]({{< ref "/nginxaas-azure/monitoring/enable-monitoring.md" >}}) for details.{{< /call-out >}}
+{{< call-out "warning" >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /call-out >}}
 
 ## Estimating how many NCUs to provision
 
diff --git a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md
index 9e147ec1a..fad9f819a 100644
--- a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md
+++ b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md
@@ -31,7 +31,7 @@ location /protected {
 
 Submit the NGINX configuration to apply it. You should be prompted to log in when you access the protected location or server.
 
-{{<note>}}The NGINX worker processes will open the password file. You must place the password file in a [directory the worker processes are allowed to read]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md#nginx-filesystem-restrictions" >}}) or else all authenticated requests will fail.{{</note>}}
+{{< call-out "note" >}}The NGINX worker processes will open the password file. You must place the password file in a [directory the worker processes are allowed to read]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md#nginx-filesystem-restrictions" >}}) or else all authenticated requests will fail.{{< /call-out >}}
 
 - `/opt`
 - `/srv`
diff --git a/content/nginxaas-azure/quickstart/security-controls/certificates.md b/content/nginxaas-azure/quickstart/security-controls/certificates.md
index 651f76c5c..089347888 100644
--- a/content/nginxaas-azure/quickstart/security-controls/certificates.md
+++ b/content/nginxaas-azure/quickstart/security-controls/certificates.md
@@ -36,7 +36,7 @@ NGINXaaS enables customers to securely store SSL/TLS certificates in Azure Key V
 
 If you do not have an NGINXaaS deployment, follow the steps in [Deploy using the Azure portal]({{< ref "/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md" >}}).
 
-{{<note>}} Your NGINXaaS deployment and your key vault must be in the same subscription. {{</note>}}
+{{< call-out "note" >}} Your NGINXaaS deployment and your key vault must be in the same subscription. {{< /call-out >}}
 
 ## Add an SSL/TLS certificate to your key vault
 
@@ -44,7 +44,7 @@ Next, you can add an SSL/TLS certificate to your key vault by following [Azure's
 
 1. Go to your key vault, `nginxaas-kv`.
 1. Select **Certificates** in the left menu.
-1. Select {{< fa "plus">}}**Generate/Import** and provide the following information:
+1. Select {{< icon "plus">}}**Generate/Import** and provide the following information:
 
    {{<bootstrap-table "table table-striped table-bordered">}}
   | Field                       | Description                |
@@ -66,9 +66,9 @@ In order for your NGINXaaS deployment to access your key vault, it must have an
 1. Go to your NGINXaaS deployment.
 1. Select **Identity** in the left menu.
 1. Under **System assigned**, ensure the status is set to "On".
-  {{<note>}} When you create a deployment through the Azure portal, a system-assigned managed identity is automatically enabled for your deployment. {{</note>}}
+  {{< call-out "note" >}} When you create a deployment through the Azure portal, a system-assigned managed identity is automatically enabled for your deployment. {{< /call-out >}}
 1. Under **System assigned**, select **Azure role assignments**.
-1. Select {{< fa "plus">}}**Add role assignment** and provide the following information:
+1. Select {{< icon "plus">}}**Add role assignment** and provide the following information:
 
    {{<bootstrap-table "table table-striped table-bordered">}}
   | Field                       | Description                |
@@ -87,7 +87,7 @@ Now, you can add your SSL/TLS certificate from your key vault to your NGINXaaS d
 
 1. Go to your NGINXaaS deployment.
 1. Select **NGINX certificates** in the left menu.
-1. Select {{< fa "plus">}}**Add certificate** and provide the following information:
+1. Select {{< icon "plus">}}**Add certificate** and provide the following information:
    {{<bootstrap-table "table table-striped table-bordered">}}
    | Field                       | Description                |
    |---------------------------- | ---------------------------- |
@@ -164,11 +164,9 @@ For more information on using NGINX to secure traffic to upstream servers, refer
 
 If you want to disable public access to your key vault, you can configure a [Network Security Perimeter (NSP)](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts). This will allow you to configure access rules to allow NGINXaaS to fetch certificates from your key vault while ensuring all other public access is denied.
 
-{{<note>}} Network Security Perimeter is currently in public preview. Refer to [Azure's NSP documentation](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts) for details on its current capabilities. {{</note>}}
-
 1. Follow [Azure's documentation on prerequisites](https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-portal#prerequisites) to ensure you are registed to create an NSP.
 1. In the Search box, enter **Network Security Perimeters** and select **Network Security Perimeters** from the search results.
-1. Select {{< fa "plus">}}**Create**.
+1. Select {{< icon "plus">}}**Create**.
 1. In the **Basics** tab, provide the following information:
    {{<bootstrap-table "table table-striped table-bordered">}}
   | Field                       | Description                |
@@ -179,9 +177,9 @@ If you want to disable public access to your key vault, you can configure a [Net
   | Region                      | Select the region you want to deploy to. Refer to any [regional limitations](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts#regional-limitations) NSP has while in public preview. |
   | Profile name | Leave the profile name as the default `defaultProfile`. |
    {{</bootstrap-table>}}
-1. In the **Resources** tab, select {{< fa "plus">}}**Add**.
+1. In the **Resources** tab, select {{< icon "plus">}}**Add**.
 1. Search for your key vault, `nginxaas-kv`, select it, and click **Select**.
-1. In the **Inbound access rules** tab, select {{< fa "plus">}}**Add** and provide the following information:
+1. In the **Inbound access rules** tab, select {{< icon "plus">}}**Add** and provide the following information:
    {{<bootstrap-table "table table-striped table-bordered">}}
   | Field                       | Description                |
   |---------------------------- | ---------------------------- |
@@ -198,4 +196,4 @@ By default, the key vault will be associated to the NSP in [Learning mode](https
 1. Select the `nginxaas-kv` resource association.
 1. Select **Change access mode**, set to **Enforced**, and select **Apply**.
 
-{{<note>}} If you are using the Azure portal to add certificates, you will also need to add an inbound access rule to allow your IP address, so the portal can list the certificates in your key vault. {{</note>}}
\ No newline at end of file
+{{< call-out "note" >}} If you are using the Azure portal to add certificates, you will also need to add an inbound access rule to allow your IP address, so the portal can list the certificates in your key vault. {{< /call-out >}}
diff --git a/content/nginxaas-azure/quickstart/security-controls/jwt.md b/content/nginxaas-azure/quickstart/security-controls/jwt.md
index f403eef0e..0d176ebcf 100644
--- a/content/nginxaas-azure/quickstart/security-controls/jwt.md
+++ b/content/nginxaas-azure/quickstart/security-controls/jwt.md
@@ -40,9 +40,9 @@ server {
 }
 ```
 
-{{<warning>}}
+{{< call-out "warning" >}}
 When using the common Microsoft Entra signing keys you will need to increase the size of the subrequest output buffer as the key file will not fit in the default buffer.
-If the buffer is not sized properly, requests will result in empty responses. If [error logging is enabled]({{< ref "/nginxaas-azure/monitoring/enable-logging/" >}}), you will see an error in the error log.{{</warning>}}
+If the buffer is not sized properly, requests will result in empty responses. If [error logging is enabled]({{< ref "/nginxaas-azure/monitoring/enable-logging/" >}}), you will see an error in the error log.{{< /call-out >}}
 
 Enabling JWT key caching is recommended to achieve optimal performance. This can be done with the [auth_jwt_key_cache](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_cache) directive. Note that caching of keys obtained from variables is not supported. If you are using Microsoft Entra as an identity provider for JWT authentication, please be aware that [keys are rotated frequently](https://learn.microsoft.com/en-us/entra/identity-platform/signing-key-rollover), and it is recommended to take that into consideration before using it as a static file or caching the response from the subrequest.
 
diff --git a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md
index 45fd0366a..39b285b1a 100644
--- a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md
+++ b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md
@@ -9,7 +9,7 @@ type:
 
 [Azure Private Link](https://learn.microsoft.com/en-us/azure/private-link/private-link-overview) eliminates exposure to the public internet by handling traffic over Microsoft's backbone network. This is especially useful if your NGINXaaS deployment and your upstreams are in different virtual networks.
 
-{{<note>}}Depending on your use-case, we recommend using [virtual network peering](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview) instead of a Private Link service to maintain NGINX's load balancing capabilities.{{</note>}}
+{{< call-out "note" >}}Depending on your use-case, we recommend using [virtual network peering](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview) instead of a Private Link service to maintain NGINX's load balancing capabilities.{{< /call-out >}}
 
 To set up a Private Link between your NGINXaaS deployment and your upstreams, you'll need two resources:
 
diff --git a/content/nginxaas-azure/quickstart/upgrade-channels.md b/content/nginxaas-azure/quickstart/upgrade-channels.md
index 5c5360047..f4f5db09b 100644
--- a/content/nginxaas-azure/quickstart/upgrade-channels.md
+++ b/content/nginxaas-azure/quickstart/upgrade-channels.md
@@ -15,12 +15,12 @@ Maintaining the latest version NGINX Plus, operating system (OS), and other soft
 {{<bootstrap-table "table table-striped table-bordered">}}
 | Channel     | Description               |
 |-------------|---------------------------|
-| preview     | Selecting this channel automatically upgrades your deployment to the latest supported version of NGINX Plus and its dependencies soon after they become available. We recommend using this setting to try out new capabilities in deployments running in your development, testing, and staging environments. |
+| preview     | Selecting this channel automatically upgrades your deployment to the latest supported version of NGINX Plus and its dependencies soon after they become available. We recommend using this setting to try out new capabilities in deployments running in your development, testing, and staging environments. Do not use the **Preview** channel in your production environment. |
 | stable      | A deployment running on this channel will receive updates on NGINX Plus and its dependencies at a slower rate than the **Preview** channel. We recommend using this setting for production deployments where you might want stable features instead of the latest ones. This is the **default channel** if you do not specify one for your deployment. |
 {{</bootstrap-table>}}
 
-{{<note>}} All channels will receive continuous updates related to OS patches, and security fixes.
-{{</note>}}
+{{< call-out "note" >}} All channels will receive continuous updates related to OS patches, and security fixes.
+{{< /call-out >}}
 
 ## Availability of new features
 
diff --git a/content/nic/_index.md b/content/nic/_index.md
index 0ab007f88..d6187bf7a 100644
--- a/content/nic/_index.md
+++ b/content/nic/_index.md
@@ -1,6 +1,39 @@
 ---
+# The title is the product name
 title: NGINX Ingress Controller
+# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
 url: /nginx-ingress-controller/
+# The cascade directive applies its nested parameters down the page tree until overwritten
 cascade:
-  logo: NGINX-Ingress-Controller-product-icon.png
+  # The logo file is resolved from the theme, in the folder /static/images/icons/
+  logo: NGINX-Ingress-Controller-product-icon.svg
+# The subtitle displays directly underneath the heading of a given page
+nd-subtitle: 
+# Indicates that this is a custom landing page
+nd-landing-page: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: landing-page
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NIC
 ---
+
+## About
+
+NGINX Ingress Controller is an [Ingress Controller]({{< ref "/nic/glossary.md#ingress-controller">}}) implementation for NGINX that can load balance Websocket, gRPC, TCP and UDP applications. 
+
+It supports standard [Ingress]({{< ref "/nic/glossary.md#ingress">}}) features such as content-based routing and TLS/SSL termination. Several NGINX and NGINX Plus features are available as extensions to Ingress resources through [Annotations]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations">}}) and the [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource">}}) resource.
+
+## Featured content
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Install NGINX Ingress Controller with Helm" titleUrl="/nginx-ingress-controller/installation/installing-nic/installation-with-helm">}}
+    Use Helm to deploy and configure a NGINX Ingress Controller cluster
+  {{</card>}}
+  {{<card title="Migrate from Ingress-NGINX Controller" titleUrl="/nginx-ingress-controller/installation/ingress-nginx">}}
+    Replace an Ingress-NGINX cluster with NGINX Ingress Controller
+  {{</card>}}
+  {{<card title="Releases" titleUrl="/nginx-ingress-controller/releases">}}
+    Review the changes from the latest NGINX Ingress Controller releases
+  {{</card>}}
+{{</card-section>}}
\ No newline at end of file
diff --git a/content/nic/configuration/global-configuration/command-line-arguments.md b/content/nic/configuration/global-configuration/command-line-arguments.md
index e1fb02134..f59e990fc 100644
--- a/content/nic/configuration/global-configuration/command-line-arguments.md
+++ b/content/nic/configuration/global-configuration/command-line-arguments.md
@@ -299,7 +299,7 @@ Format: `[1024 - 65535]` (default `8080`)
 
 ### -proxy `<string>`
 
-{{< warning >}} This argument is intended for testing purposes only. {{< /warning >}}
+{{< call-out "warning" >}} This argument is intended for testing purposes only. {{< /call-out >}}
 
 Use a proxy server to connect to Kubernetes API started with `kubectl proxy`.
 
diff --git a/content/nic/configuration/global-configuration/configmap-resource.md b/content/nic/configuration/global-configuration/configmap-resource.md
index 715861b6b..16386248f 100644
--- a/content/nic/configuration/global-configuration/configmap-resource.md
+++ b/content/nic/configuration/global-configuration/configmap-resource.md
@@ -60,17 +60,12 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
 
 ### Ingress Controller (Unrelated to NGINX Configuration)
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*external-status-address* | Sets the address to be reported in the status of Ingress resources. Requires the *-report-status* command-line argument. Overrides the *-external-service* argument. | N/A | [Reporting resource status]({{< ref "/nic/configuration/global-configuration/reporting-resources-status" >}}) |
-{{</bootstrap-table>}}
-
----
 
 ### General customization
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* |  |
@@ -104,13 +99,10 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
 |*keepalive-requests* | Sets the value of the [keepalive_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) directive. | *1000* |  |
 |*variables-hash-bucket-size* | Sets the value of the [variables_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_bucket_size) directive. | *256* |  |
 |*variables-hash-max-size* | Sets the value of the [variables-hash-max-size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_max_size) directive. | *1024* |  |
-{{</bootstrap-table>}}
 
----
 
 ### Logging
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*error-log-level* | Sets the global [error log level](https://nginx.org/en/docs/ngx_core_module.html#error_log) for NGINX. | *notice* |  |
@@ -122,64 +114,46 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
 |*log-format-escaping* | Sets the characters escaping for the variables of the log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* |  |
 |*stream-log-format* | Sets the custom [log format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | See the [template file](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx.tmpl). |  |
 |*stream-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* |  |
-{{</bootstrap-table>}}
-
----
 
 ### Request URI/Header manipulation
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*proxy-hide-headers* | Sets the value of one or more  [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: *"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A |  |
-|*proxy-pass-headers* | Sets the value of one or more   [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: *"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A |  |
-{{</bootstrap-table>}}
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*proxy-hide-headers* | Sets the value of one or more  [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: *"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A |
+|*proxy-pass-headers* | Sets the value of one or more   [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: *"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A |
 
----
 
 ### Auth and SSL/TLS
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*redirect-to-https* | Sets the 301 redirect rule based on the value of the *http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* |  |
-|*ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* |  |
-|*hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/) : the HSTS header is added to the responses from backends. The *preload* directive is included in the header. | *False* |  |
-|*hsts-max-age* | Sets the value of the *max-age* directive of the HSTS header. | *2592000* (1 month) |  |
-|*hsts-include-subdomains* | Adds the *includeSubDomains* directive to the HSTS header. | *False* |  |
-|*hsts-behind-proxy* | Enables HSTS based on the value of the *http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the *nginx.org/redirect-to-https* annotation. | *False* |  |
-|*ssl-protocols* | Sets the value of the [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) directive. | *TLSv1 TLSv1.1 TLSv1.2* |  |
-|*ssl-prefer-server-ciphers* | Enables or disables the [ssl_prefer_server_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers) directive. | *False* |  |
-|*ssl-ciphers* | Sets the value of the [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) directive. | *HIGH:!aNULL:!MD5* |  |
-|*ssl-dhparam-file* | Sets the content of the dhparam file. The controller will create the file and set the value of the [ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) directive with the path of the file. | N/A |  |
-{{</bootstrap-table>}}
-
----
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*redirect-to-https* | Sets the 301 redirect rule based on the value of the *http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* |
+|*ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* |
+|*hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/) : the HSTS header is added to the responses from backends. The *preload* directive is included in the header. | *False* |
+|*hsts-max-age* | Sets the value of the *max-age* directive of the HSTS header. | *2592000* (1 month) |
+|*hsts-include-subdomains* | Adds the *includeSubDomains* directive to the HSTS header. | *False* | 
+|*hsts-behind-proxy* | Enables HSTS based on the value of the *http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the *nginx.org/redirect-to-https* annotation. | *False* |
+|*ssl-protocols* | Sets the value of the [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) directive. | *TLSv1 TLSv1.1 TLSv1.2* | 
+|*ssl-prefer-server-ciphers* | Enables or disables the [ssl_prefer_server_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers) directive. | *False* |
+|*ssl-ciphers* | Sets the value of the [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) directive. | *HIGH:!aNULL:!MD5* |
+|*ssl-dhparam-file* | Sets the content of the dhparam file. The controller will create the file and set the value of the [ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) directive with the path of the file. | N/A |  
 
 ### Listeners
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*http2* | Enables HTTP/2 in servers with SSL enabled. | *False* |  |
 |*proxy-protocol* | Enables PROXY Protocol for incoming connections. | *False* | [Proxy Protocol](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/shared-examples/proxy-protocol). |
-{{</bootstrap-table>}}
-
----
 
 ### Backend services (Upstreams)
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify *"round_robin"*. | *"random two least_conn"* |  |
-|*max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the *server* directive. | *1* |  |
-|*upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256k* for NGINX, *512k* for NGINX Plus  |  |
-|*fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the *server* directive. | *10s* |  |
-|*keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that *proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* |  |
-{{</bootstrap-table>}}
-
----
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify *"round_robin"*. | *"random two least_conn"* |
+|*max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the *server* directive. | *1* |
+|*upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256k* for NGINX, *512k* for NGINX Plus  |
+|*fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the *server* directive. | *10s* |
+|*keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that *proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* |
 
 ### Zone Sync
 
@@ -189,28 +163,24 @@ Zone synchronization with TLS for NGINX Ingress Controller is not yet available
 
 You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml).
 
-{{< caution >}}
+{{< call-out "caution"  >}}
 If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`.
 
 If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC.
-{{< /caution >}}
+{{< /call-out >}}
 
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*zone-sync* | Enables zone synchronization between NGINX Ingress Controller Pods. This autogenerates a [zone_sync_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) and a headless service using the `ReplicaSet` or `DaemonSet` name. Please note that this headless service will be automatically cleaned up when uninstalling via Helm or by removing the value from the ConfigMap. The headless service will need to be manually removed if the `controller.customConfigMap` value is set via Helm or the deployment is uninstalled via Manifests. Each Ingress Controller manages its own headless service.  NGINX Plus Required. | *False* |  |
-|*zone-sync-port* | Specifies the optional port on which NGINX Ingress Controller listens for zone sync traffic. NGINX Plus & `zone-sync` Required. | *12345* |  |
-|*zone-sync-resolver-addresses* | Configures optional addresses used in the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync. This field takes a comma separated list of addresses. NGINX Plus & `zone-sync` Required | `kube-dns.kube-system.svc.cluster.local` |  |
-|*zone-sync-resolver-ipv6* | Configures whether the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will look up IPv6 addresses. NGINX Plus & `zone-sync` Required | `true` |  |
-|*zone-sync-resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will override the TTL value of responses from nameservers with. NGINX Plus & `zone-sync` Required | `5s` |  |
-{{</bootstrap-table>}}
+|ConfigMap Key | Description | Default |
+| ---| ---| ---| 
+|*zone-sync* | Enables zone synchronization between NGINX Ingress Controller Pods. This autogenerates a [zone_sync_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) and a headless service using the `ReplicaSet` or `DaemonSet` name. Please note that this headless service will be automatically cleaned up when uninstalling via Helm or by removing the value from the ConfigMap. The headless service will need to be manually removed if the `controller.customConfigMap` value is set via Helm or the deployment is uninstalled via Manifests. Each Ingress Controller manages its own headless service.  NGINX Plus Required. | *False* |
+|*zone-sync-port* | Specifies the optional port on which NGINX Ingress Controller listens for zone sync traffic. NGINX Plus & `zone-sync` Required. | *12345* |
+|*zone-sync-resolver-addresses* | Configures optional addresses used in the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync. This field takes a comma separated list of addresses. NGINX Plus & `zone-sync` Required | `kube-dns.kube-system.svc.cluster.local` |
+|*zone-sync-resolver-ipv6* | Configures whether the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will look up IPv6 addresses. NGINX Plus & `zone-sync` Required | `true` |
+|*zone-sync-resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will override the TTL value of responses from nameservers with. NGINX Plus & `zone-sync` Required | `5s` |
 
----
 
 ### Snippets and custom templates
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*main-snippets* | Sets a custom snippet in main context. | N/A |  |
@@ -222,13 +192,10 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
 |*ingress-template* | Sets the NGINX configuration template for an Ingress resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}). |
 |*virtualserver-template* | Sets the NGINX configuration template for an VirtualServer resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}). |
 |*transportserver-template* | Sets the NGINX configuration template for a TransportServer resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}) |
-{{</bootstrap-table>}}
-
----
 
 ### Modules
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| --- |
 |*otel-exporter-endpoint* | OTLP/gRPC endpoint that will accept [OpenTelemetry](https://opentelemetry.io) data. Set `otel-trace-in-http` to *"true"* to enable OpenTelemetry at the global level. | N/A | *"https://otel-collector:4317"* |
@@ -236,7 +203,7 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
 |*otel-exporter-header-value* | The value of a custom HTTP header to add to telemetry export request. `otel-exporter-endpoint` and `otel-exporter-header-name` required. | N/A | *"custom-value"* |
 |*otel-service-name* | Sets the `service.name` attribute of the OTel resource. `otel-exporter-endpoint` required. | N/A | *"nginx-ingress-controller:nginx"* |
 | *otel-trace-in-http* | Enables [OpenTelemetry](https://opentelemetry.io) globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Set this to *"false"* to enable OpenTelemetry for individual routes with snippets. `otel-exporter-endpoint` required. | *"false"* | *"true"* |
-|*opentracing* | Removed in v5.0.0.  Enables [OpenTracing](https://opentracing.io) globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the [docs]({{< ref "/nic/installation/integrations/opentracing.md" >}}) for more information. | *False* |  |
+|*opentracing* | Removed in v5.0.0.  Enables [OpenTracing](https://opentracing.io) globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the [docs]({{< ref "/nic/logging-and-monitoring/opentracing.md" >}}) for more information. | *False* |  |
 |*opentracing-tracer* | Removed in v5.0.0.  Sets the path to the vendor tracer binary plugin. | N/A |  |
 |*opentracing-tracer-config* | Removed in v5.0.0.  Sets the tracer configuration in JSON format. | N/A |  |
 |*app-protect-compressed-requests-action* | Sets the *app_protect_compressed_requests_action* [global directive](/nginx-app-protect/configuration/#global-directives). | *drop* |  |
@@ -248,4 +215,4 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
 |*app-protect-dos-log-format* | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for Dos Access log traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | `, vs_name_al=$app_protect_dos_vs_name, ip=$remote_addr, tls_fp=$app_protect_dos_tls_fp, outcome=$app_protect_dos_outcome, reason=$app_protect_dos_outcome_reason, policy_name=$app_protect_dos_policy_name, dos_version=$app_protect_dos_version, ip_tls=$remote_addr:$app_protect_dos_tls_fp,` | |
 |*app-protect-dos-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* |  |
 |*app-protect-dos-arb-fqdn* | Sets the *app-protect-dos-arb-fqdn* [directive](/nginx-app-protect-dos/directives-and-policy/learn-about-directives-and-policy/#arbitrator-fqdn-directive-app_protect_dos_arb_fqdn). | *svc-appprotect-dos-arb* |  |
-{{</bootstrap-table>}}
+{{< /table >}}
diff --git a/content/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/nic/configuration/global-configuration/globalconfiguration-resource.md
index 16fd90edc..e7ba17b59 100644
--- a/content/nic/configuration/global-configuration/globalconfiguration-resource.md
+++ b/content/nic/configuration/global-configuration/globalconfiguration-resource.md
@@ -13,14 +13,10 @@ The resource supports configuring listeners for TCP and UDP load balancing, and
 
 Listeners are required by [TransportServer resources]({{< ref "/nic/configuration/transportserver-resource.md" >}}) and can be used to [configure custom listeners for VirtualServers]({{< ref "/nic/tutorials/virtual-server-with-custom-listener-ports.md" >}}).
 
----
-
 ## Prerequisites
 
 When [installing NGINX Ingress Controller using Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}), you need to reference a GlobalConfiguration resource in the [`-global-configuration`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-global-configuration" >}}) command-line argument. NGINX Ingress Controller only needs one GlobalConfiguration resource.
 
----
-
 ## GlobalConfiguration specification
 
 The GlobalConfiguration resource defines the global configuration parameters of the Ingress Controller. Below is an example:
@@ -48,11 +44,9 @@ spec:
     ssl: true
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 | *listeners* | A list of listeners. | [listener](#listener) | No |
-{{</bootstrap-table>}}
 
 ### Listener
 
@@ -67,7 +61,6 @@ The `listeners:` key defines a listener (a combination of a protocol and a port)
   protocol: HTTP
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 | *name* | The name of the listener. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``listener-123`` are valid. The name must be unique among all listeners. The name ``tls-passthrough`` is reserved for the built-in TLS Passthrough listener and cannot be used. | *string* | Yes |
@@ -77,10 +70,6 @@ The `listeners:` key defines a listener (a combination of a protocol and a port)
 | *ipv4* | Specifies the IPv4 address to listen on. | *string* | No |
 | *ipv6* | Specifies the IPv6 address to listen on. | *string* | No |
 
-{{</bootstrap-table>}}
-
----
-
 ## Using GlobalConfiguration
 
 You can use the usual `kubectl` commands to work with a GlobalConfiguration resource.
diff --git a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
index f7eb66aea..7691152b7 100644
--- a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
+++ b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
@@ -30,10 +30,9 @@ that make sense for your setup:
     ```
 
     The [NGINX Management](https://nginx.org/en/docs/ngx_mgmt_module.html) block configuration will be updated.
----
+
 ## Management ConfigMap keys
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |ConfigMap Key | Description | Default |
 | ---| ---| ---|
 |*license-token-secret-name* | Configures the secret used in the [license_token](https://nginx.org/en/docs/ngx_mgmt_module.html#license_token) directive. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.com/license` with the base64 encoded JWT in the `license.jwt` key.  | N/A |
@@ -47,4 +46,3 @@ that make sense for your setup:
 |*resolver-addresses* | Configures addresses used in the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive. This field takes a comma separated list of addresses. | N/A |
 |*resolver-ipv6* | Configures whether the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will look up IPv6 addresses. | `true` |
 |*resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will override the TTL value of responses from nameservers with. | N/A |
-{{</bootstrap-table>}}
diff --git a/content/nic/configuration/global-configuration/reporting-resources-status.md b/content/nic/configuration/global-configuration/reporting-resources-status.md
index dc79ea3b2..4da8b5123 100644
--- a/content/nic/configuration/global-configuration/reporting-resources-status.md
+++ b/content/nic/configuration/global-configuration/reporting-resources-status.md
@@ -32,7 +32,7 @@ NGINX Ingress Controller must be configured to report an Ingress status:
 
 View the [ConfigMap keys]({{< ref "/nic/configuration/global-configuration/configmap-resource.md" >}}) and [Command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md" >}}) topics for more information.
 
-{{< note >}} NGINX Ingress Controller does not clear the status of Ingress resources when it is being shut down. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of Ingress resources when it is being shut down. {{< /call-out >}}
 
 ## VirtualServer and VirtualServerRoute resources
 
@@ -58,7 +58,7 @@ kubectl get virtualservers -o wide
   cafe   Valid   cafe.example.com         ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com   [80,443]   106s
 ```
 
-{{< note >}} If there are multiple addresses, only the first one is shown. {{< /note >}}
+{{< call-out "note" >}} If there are multiple addresses, only the first one is shown. {{< /call-out >}}
 
 In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
 
@@ -80,32 +80,26 @@ Status:
 
 The following fields are reported in both VirtualServer and VirtualServerRoute status:
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type |
 | ---| ---| --- |
 |*State* | Current state of the resource. Can be ``Valid``, ``Warning`` an ``Invalid``. For more information, refer to the ``message`` field. | *string* |
 |*Reason* | The reason of the last update. | *string* |
 |*Message* | Additional information about the state. | *string* |
 |*ExternalEndpoints* | A list of external endpoints for which the hosts of the resource are publicly accessible. | *[externalEndpoint](#externalendpoint)* |
-{{</bootstrap-table>}}
 
 The *ReferencedBy* field is reported for the VirtualServerRoute status only:
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type |
 | ---| ---| --- |
 | *ReferencedBy* | The VirtualServer that references this VirtualServerRoute. Format as ``namespace/name`` | *string* |
-{{</bootstrap-table>}}
 
 ### externalEndpoint
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type |
 | ---| ---| --- |
 |``IP`` | The external IP address. | ``string`` |
 |``Hostname`` | The external LoadBalancer Hostname address. | ``string`` |
 |``Ports`` | A list of external ports. | ``string`` |
-{{</bootstrap-table>}}
 
 NGINX Ingress Controller must be configured to report a VirtualServer or VirtualServerRoute status:
 
@@ -115,7 +109,7 @@ NGINX Ingress Controller must be configured to report a VirtualServer or Virtual
 
 View the [ConfigMap keys]({{< ref "/nic/configuration/global-configuration/configmap-resource.md" >}}) and [Command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md" >}}) topics for more information.
 
-{{< note >}} NGINX Ingress Controller does not clear the status of VirtualServer and VirtualServerRoute resources when it is being shut down. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of VirtualServer and VirtualServerRoute resources when it is being shut down. {{< /call-out >}}
 
 ## Policy resources
 
@@ -148,13 +142,11 @@ Status:
 
 The following fields are reported in Policy status:
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type |
 | ---| ---| --- |
 |``State`` | Current state of the resource. Can be ``Valid`` or ``Invalid``. For more information, refer to the ``message`` field. | ``string`` |
 |``Reason`` | The reason of the last update. | ``string`` |
 |``Message`` | Additional information about the state. | ``string`` |
-{{</bootstrap-table>}}
 
 ## TransportServer resources
 
@@ -186,10 +178,8 @@ Status:
 
 The following fields are reported in TransportServer status:
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type |
 | ---| ---| --- |
 | *State* | Current state of the resource. Can be ``Valid``, ``Warning`` or ``Invalid``. For more information, refer to the ``message`` field. | *string* |
 | *Reason* | The reason of the last update. | *string* |
-| *Message* | Additional information about the state. | *string* |
-{{</bootstrap-table>}}
+| *Message* | Additional information about the state. | *string* |
\ No newline at end of file
diff --git a/content/nic/configuration/host-and-listener-collisions.md b/content/nic/configuration/host-and-listener-collisions.md
index 3336bb21e..bfa284664 100644
--- a/content/nic/configuration/host-and-listener-collisions.md
+++ b/content/nic/configuration/host-and-listener-collisions.md
@@ -13,7 +13,7 @@ This document explains how F5 NGINX Ingress Controller handles host and listener
 
 If multiple resources contend for the same host or listener, NGINX Ingress Controller will pick the winner based on the `creationTimestamp` of the resources: the oldest resource will win. In case there are more than one oldest resource (their `creationTimestamp` is the same),  NGINX Ingress Controller will choose the resource with the lexicographically smallest `uid`.
 
-{{< note >}} The `creationTimestamp` and `uid` fields are part of the [ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/) resource. {{< /note >}}
+{{< call-out "note" >}} The `creationTimestamp` and `uid` fields are part of the [ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/) resource. {{< /call-out >}}
 
 ---
 
@@ -88,9 +88,9 @@ Events:
 
 Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` and NGINX Ingress Controller will reject `cafe-virtual-server`.
 
-{{< note >}} You can configure multiple hosts for Ingress resources, and its possible that an Ingress resource can be the winner for some of its hosts and a loser for the others.
+{{< call-out "note" >}} You can configure multiple hosts for Ingress resources, and its possible that an Ingress resource can be the winner for some of its hosts and a loser for the others.
 
-For example, if `cafe-ingress` had an additional rule host rule for `pub.example.com`, NGINX Ingress Controller would not reject the Ingress. Instead, it would allow `cafe-ingress` to handle `pub.example.com`. {{< /note >}}
+For example, if `cafe-ingress` had an additional rule host rule for `pub.example.com`, NGINX Ingress Controller would not reject the Ingress. Instead, it would allow `cafe-ingress` to handle `pub.example.com`. {{< /call-out >}}
 
 ---
 
diff --git a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
index 3769c4e52..f378fdddf 100644
--- a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
+++ b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -86,7 +86,7 @@ Events:
 
 Note how the events section includes a Warning event with the Rejected reason.
 
-{{< note >}} If you make an existing Ingress invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. {{< /note >}}
+{{< call-out "note" >}} If you make an existing Ingress invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. {{< /call-out >}}
 
 The `nginx.com/jwt-token` Ingress annotation has limited validation.
 
@@ -94,11 +94,11 @@ The `nginx.com/jwt-token` Ingress annotation has limited validation.
 
 The table below summarizes the available annotations.
 
-{{< note >}} Annotations that start with `nginx.com` are only supported with NGINX Plus. {{< /note >}}
+{{< call-out "note" >}} Annotations that start with `nginx.com` are only supported with NGINX Plus. {{< /call-out >}}
 
 ### General customization
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *nginx.org/proxy-connect-timeout* | *proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* |  |
@@ -112,22 +112,23 @@ The table below summarizes the available annotations.
 | *nginx.org/proxy-max-temp-file-size* | *proxy-max-temp-file-size* | Sets the value of the  [proxy_max_temp_file_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) directive. | *1024m* |  |
 | *nginx.org/server-tokens* | *server-tokens* | Enables or disables the [server_tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. | *True* |  |
 | *nginx.org/path-regex* | N/A | Enables regular expression modifiers for Ingress path parameter. This translates to the NGINX [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive. You can specify one of these values: "case_sensitive", "case_insensitive", or "exact". The annotation is applied to the entire Ingress resource and its paths. While using Master and Minion Ingresses i.e. Mergeable Ingresses, this annotation can be specified on Minion types. The `path-regex` annotation specified on Master is ignored, and has no effect on paths defined on Minions.   | N/A |  [path-regex](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/path-regex) |
-{{</bootstrap-table>}}
+{{< /table >}}
+
 
 ### Request URI/Header Manipulation
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *nginx.org/proxy-hide-headers* | *proxy-hide-headers* | Sets the value of one or more  [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A |  |
 | *nginx.org/proxy-pass-headers* | *proxy-pass-headers* | Sets the value of one or more   [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A |  |
 | *nginx.org/rewrites* | N/A | Configures URI rewriting using [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive. | N/A | [rewrites](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/rewrites) |
 |*nginx.org/proxy-set-headers* | N/A | Enables customization of proxy headers and values using the [proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive. Example: ``"nginx.org/proxy-set-headers": "header-a: valueA,header-b: valueB,header-c: valueC"`` | N/A | [Proxy Set Headers](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/proxy-set-headers). |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Auth and SSL/TLS
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *nginx.org/redirect-to-https* | *redirect-to-https* | Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of NGINX Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* |  |
@@ -142,20 +143,18 @@ The table below summarizes the available annotations.
 | *nginx.com/jwt-realm* | N/A | Specifies a realm. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
 | *nginx.com/jwt-token* | N/A | Specifies a variable that contains a JSON Web Token. | By default, a JWT is expected in the ``Authorization* header as a Bearer Token. | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
 | *nginx.com/jwt-login-url* | N/A | Specifies a URL to which a client is redirected in case of an invalid or missing JWT. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Listeners
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|Annotation | ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| ---| --- |
-| *nginx.org/listen-ports* | N/A | Configures HTTP ports that NGINX will listen on. | *[80]* |  |
-| *nginx.org/listen-ports-ssl* | N/A | Configures HTTPS ports that NGINX will listen on. | *[443]* |  |
-{{</bootstrap-table>}}
+|Annotation | ConfigMap Key | Description | Default |
+| ---| ---| ---| ---|
+| *nginx.org/listen-ports* | N/A | Configures HTTP ports that NGINX will listen on. | *[80]* |
+| *nginx.org/listen-ports-ssl* | N/A | Configures HTTPS ports that NGINX will listen on. | *[443]* |
 
 ### Backend services (Upstreams)
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *nginx.org/lb-method* | *lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify ``"round_robin"``. | *"random two least_conn"* |  |
@@ -173,11 +172,11 @@ The table below summarizes the available annotations.
 | *nginx.com/health-checks-mandatory-queue* | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | *0* | [health-checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks) |
 | *nginx.com/slow-start* | N/A | Sets the upstream server [slow-start period]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#server-slow-start" >}}). By default, slow-start is activated after a server becomes [available]({{< ref "/nginx/admin-guide/load-balancer/http-health-check.md#passive-health-checks" >}}) or [healthy]({{< ref "/nginx/admin-guide/load-balancer/http-health-check.md#active-health-checks" >}}). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks). | *"0s"* |  |
 | *nginx.org/use-cluster-ip* | N/A | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method* and ``next-upstream``) will have no effect, as NGINX Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP.   | *False* |  |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Rate limiting
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *nginx.org/limit-req-rate* | N/A | Enables request-rate-limiting for this ingress by creating a [limit_req_zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) and matching [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) for each location. All servers/locations of one ingress share the same zone. Must have unit r/s or r/m. | N/A | 200r/s |
@@ -190,22 +189,20 @@ The table below summarizes the available annotations.
 | *nginx.org/limit-req-log-level* | N/A | Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Allowed values are info, notice, warn or error. | error | info |
 | *nginx.org/limit-req-reject-code* | N/A | Sets the status code to return in response to rejected requests. Must fall into the range 400..599. | 429 | 503 |
 | *nginx.org/limit-req-scale* | N/A | Enables a constant rate-limit by dividing the configured rate by the number of nginx-ingress pods currently serving traffic. This adjustment ensures that the rate-limit remains consistent, even as the number of nginx-pods fluctuates due to autoscaling. Note: This will not work properly if requests from a client are not evenly distributed accross all ingress pods (sticky sessions, long lived TCP-Connections with many requests etc.). In such cases using [zone-sync]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) instead would give better results.  Enabling `zone-sync` will suppress this setting. | false | true |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Snippets and custom templates
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|Annotation | ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| ---| --- |
-| *nginx.org/location-snippets* | *location-snippets* | Sets a custom snippet in location context. | N/A |  |
-| *nginx.org/server-snippets* | *server-snippets* | Sets a custom snippet in server context. | N/A |  |
-{{</bootstrap-table>}}
+|Annotation | ConfigMap Key | Description | Default |
+| ---| ---| ---| ---|
+| *nginx.org/location-snippets* | *location-snippets* | Sets a custom snippet in location context. | N/A |
+| *nginx.org/server-snippets* | *server-snippets* | Sets a custom snippet in server context. | N/A |
 
 ### App Protect WAF {#app-protect}
 
-{{< note >}} The App Protect annotations only work if the App Protect WAF module is [installed]({{< ref "/nic/installation/integrations/app-protect-waf/installation.md" >}}). {{< /note >}}
+{{< call-out "note" >}} The App Protect annotations only work if the App Protect WAF module is [installed]({{< ref "/nic/installation/integrations/app-protect-waf/installation.md" >}}). {{< /call-out >}}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *appprotect.f5.com/app-protect-policy* | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable* is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
@@ -213,14 +210,12 @@ The table below summarizes the available annotations.
 | *appprotect.f5.com/app-protect-security-log-enable* | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | *False* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
 | *appprotect.f5.com/app-protect-security-log* | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the  default is used which is:  filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma separated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
 | *appprotect.f5.com/app-protect-security-log-destination* | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a comma-separated list.  Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | *syslog:server=localhost:514* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### App Protect DoS
 
-{{< note >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< ref "/nic/installation/integrations/app-protect-dos/installation.md" >}}). {{< /note >}}
+{{< call-out "note" >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< ref "/nic/installation/integrations/app-protect-dos/installation.md" >}}). {{< /call-out >}}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Annotation | ConfigMap Key | Description | Default | Example |
 | ---| ---| ---| ---| --- |
 | *appprotectdos.f5.com/app-protect-dos-resource* | N/A | Enable App Protect DoS for the Ingress Resource by specifying a [DosProtectedResource]({{< ref "/nic/installation/integrations/app-protect-dos/dos-protected.md" >}}). | N/A | [app-protect-dos](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-dos) |
-{{</bootstrap-table>}}
diff --git a/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md b/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
index 8f5c8b764..ecba138a4 100644
--- a/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
+++ b/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md
@@ -27,7 +27,7 @@ Snippets have the following disadvantages:
 - *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources.
 - *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources.
 
-{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}}
+{{< call-out "note" >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /call-out >}}
 
 ## Using snippets
 
@@ -68,7 +68,7 @@ spec:
 
 These snippets generate the following NGINX configuration:
 
-{{< note >}} The example is shortened for conciseness. {{< /note >}}
+{{< call-out "note" >}} The example is shortened for conciseness. {{< /call-out >}}
 
 ```nginx
 server {
diff --git a/content/nic/configuration/ingress-resources/basic-configuration.md b/content/nic/configuration/ingress-resources/basic-configuration.md
index 00ed51ef6..5e71a73a9 100644
--- a/content/nic/configuration/ingress-resources/basic-configuration.md
+++ b/content/nic/configuration/ingress-resources/basic-configuration.md
@@ -25,7 +25,7 @@ Here is a breakdown of what this Ingress resource definition means:
 
 To learn more about the Ingress resource, view [the official Kubernetes documentation for Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
-{{< note >}} For complete instructions on deploying Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/complete-example) in the GitHub repository. {{< /note >}}
+{{< call-out "note" >}} For complete instructions on deploying Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/complete-example) in the GitHub repository. {{< /call-out >}}
 
 ---
 
diff --git a/content/nic/configuration/policy-resource.md b/content/nic/configuration/policy-resource.md
index 7ae1e6545..a09322da5 100644
--- a/content/nic/configuration/policy-resource.md
+++ b/content/nic/configuration/policy-resource.md
@@ -69,11 +69,11 @@ accessControl:
   deny:
   - 10.0.0.0/8
 ```
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). NGINX Ingress Controller access control policy supports either allow or deny rules, but not both (as the module does).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -115,17 +115,17 @@ rateLimit:
   zoneSize: 10M
   key: ${binary_remote_addr}
 ```
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_limit_req_module](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 When the [Zone Sync feature]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) is enabled with NGINX Plus, the rate limiting zone will be synchronized across all replicas in the cluster.  This means all replicas are aware of the requests that have been rate limited by other replicas in the cluster.
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -143,11 +143,11 @@ When the [Zone Sync feature]({{< ref "/nic/configuration/global-configuration/co
 |``condition`` | Add a condition to a rate-limit policy. | [ratelimit.condition](#ratelimitcondition) | No |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 For each policy referenced in a VirtualServer and/or its VirtualServerRoutes, NGINX Ingress Controller will generate a single rate limiting zone defined by the [`limit_req_zone`](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) directive. If two VirtualServer resources reference the same policy, NGINX Ingress Controller will generate two different rate limiting zones, one zone per VirtualServer.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### RateLimit Merging Behavior
 
@@ -180,20 +180,20 @@ condition:
 |``variables`` | defines a Variable condition to rate limit against. | [ratelimit.condition.variables](#ratelimitconditionvariables) | No |
 |``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same condition, only one policy can be the default. | ``bool`` | No |
 {{% /table %}}
-{{< note >}}
+{{< call-out "note" >}}
  
 One condition of type `jwt` or `variables` is required. Each Policy supports only one condition.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md).
 
 ### RateLimit.Condition.JWT
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 RateLimit.Condition.JWT defines a condition for a rate limit by JWT claim. For example, here we define a condition for a rate limit policy that only applies to requests with a JWT claim `user_details.level` with a value `premium`:
 
@@ -231,9 +231,9 @@ variables:
     match: GET
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Only one variable at a time is supported at present.
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -246,11 +246,11 @@ Only one variable at a time is supported at present.
 
 The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using NGINX [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) and [NGINX JavaScript (NJS)](https://nginx.org/en/docs/njs/).
 
-{{< /note >}}
+{{< /call-out >}}
 
 The policies' API keys are securely stored using SHA-256 hashing. When a client sends an API Key, it is hashed by NJS and then compared to the hashed API Key in the NGINX config.
 
@@ -289,7 +289,7 @@ data:
 |``clientSecret`` | The name of the Kubernetes secret that stores the API Key(s). It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/apikey``, and the API Key(s) must be stored in a key: val format where each key is a unique clientID and each value is a unique base64 encoded API Key  | ``string`` | Yes |
 {{% /table %}}
 
-{{<important>}}An APIKey Policy must include a minimum of one of the `suppliedIn.header` or `suppliedIn.query` parameters.  Both can also be supplied.{{</important>}}
+{{< call-out "important" >}}An APIKey Policy must include a minimum of one of the `suppliedIn.header` or `suppliedIn.query` parameters.  Both can also be supplied.{{< /call-out >}}
 
 #### APIKey Merging Behavior
 
@@ -335,9 +335,9 @@ basicAuth:
   secret: htpasswd-secret
   realm: "My API"
 ```
-{{< note >}}
+{{< call-out "note" >}}
 The feature is implemented using the NGINX [ngx_http_auth_basic_module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html).
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -360,11 +360,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### JWT Using Local Kubernetes Secret
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens.
 
@@ -395,11 +395,11 @@ We use the `requestHeaders` of the [Action.Proxy]({{< ref "/nic/configuration/vi
 
 The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For other claims, use `${jwt_claim_name}`, where `name` is the name of the claim. Note that nested claims and claims that include a period (`.`) are not supported. Similarly, use `${jwt_header_name}` where `name` is the name of a header. In our example, we use the `alg` header.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is implemented using the NGINX Plus [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -423,11 +423,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### JWT Using JWKS From Remote Location
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is only available with NGINX Plus.
 
-{{< /note >}}
+{{< /call-out >}}
 
 The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens, allowing import of the keys (JWKS) for JWT policy by means of a URL (for a remote server or an identity provider) as a result they don't have to be copied and updated to the IC pod.
 
@@ -441,11 +441,11 @@ jwt:
   keyCache: 1h
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This feature is implemented using the NGINX Plus directive [auth_jwt_key_request](http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_request) under [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required | Default |
@@ -458,13 +458,13 @@ This feature is implemented using the NGINX Plus directive [auth_jwt_key_request
 |``sniName`` | The SNI name to use when connecting to the remote server. If not set, the hostname from the ``jwksURI`` will be used. | ``string`` | No | -- |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Content caching is enabled by default for each JWT policy with a default time of 12 hours.
 
 This is done to ensure to improve resiliency by allowing the JWKS (JSON Web Key Set) to be retrieved from the cache even when it has expired.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### JWT Merging Behavior
 
@@ -526,22 +526,22 @@ action:
 
 We use the `requestHeaders` of the [Action.Proxy]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#actionproxy" >}}) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
 
-{{< note >}}
+{{< call-out "note" >}}
 
  The feature is implemented using the NGINX [ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html).
 
- {{< /note >}}
+ {{< /call-out >}}
 
 #### Using a Certificate Revocation List
 
 The IngressMTLS policy supports configuring at CRL for your policy.
 This can be done in one of two ways.
 
-{{< note >}}
+{{< call-out "note" >}}
 
  Only one of these configurations options can be used at a time.
 
-{{< /note >}}
+{{< /call-out >}}
 
 1. Adding the `ca.crl` field to the `nginx.org/ca` secret type, which accepts a base64 encoded certificate revocation list (crl).
    Example YAML:
@@ -559,13 +559,13 @@ data:
 
 2. Adding the `crlFileName` field to your IngressMTLS policy spec with the name of the CRL file.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 This configuration option should only be used when using a CRL that is larger than 1MiB.
 
 Otherwise we recommend using the `nginx.org/ca` secret type for managing your CRL.
 
-{{< /note >}}
+{{< /call-out >}}
 
 Example YAML:
 
@@ -625,11 +625,11 @@ egressMTLS:
   verifyDepth: 2
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the NGINX [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html).
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -659,11 +659,11 @@ In this example NGINX Ingress Controller will use the configuration from the fir
 
 ### OIDC
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 This feature is disabled by default. To enable it, set the [enable-oidc]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-enable-oidc" >}}) command-line argument of NGINX Ingress Controller.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 The OIDC policy configures NGINX Plus as a relying party for OpenID Connect authentication.
 
@@ -685,22 +685,22 @@ spec:
 
 NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP header `username`.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as a relying party for OpenID Connect authentication.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### Prerequisites
 
 In order to use OIDC, you need to enable [zone synchronization]({{< ref "/nginx/admin-guide/high-availability/zone_sync.md" >}}). If you don't set up zone synchronization, NGINX Plus will fail to reload.
 You also need to configure a resolver, which NGINX Plus will use to resolve the IDP authorization endpoint. You can find an example configuration [in our GitHub repository](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver).
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens.
 
-{{< /warning >}}
+{{< /call-out >}}
 
 #### Limitations
 
@@ -724,11 +724,11 @@ The OIDC policy defines a few internal locations that can't be customized: `/_jw
 |``pkceEnable`` | Switches Proof Key for Code Exchange on. The OpenID client needs to be in public mode. `clientSecret` is not used in this mode. | ``boolean`` | No |
 {{% /table %}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Only one OIDC policy can be referenced in a VirtualServer and its VirtualServerRoutes. However, the same policy can still be applied to different routes in the VirtualServer and VirtualServerRoutes.
 
-{{< /note >}}
+{{< /call-out >}}
 
 #### OIDC Merging Behavior
 
@@ -818,7 +818,7 @@ For `kubectl get` and similar commands, you can also use the short name `pol` in
 
 ### WAF
 
-{{< note >}} The feature is implemented using the NGINX Plus [NGINX App Protect WAF Module]({{< ref "/nap-waf/" >}}). {{< /note >}}
+{{< call-out "note" >}} The feature is implemented using the NGINX Plus [NGINX App Protect WAF Module]({{< ref "/nap-waf/" >}}). {{< /call-out >}}
 
 The WAF policy configures NGINX Plus to secure client requests using App Protect WAF policies.
 
@@ -837,7 +837,7 @@ waf:
     logDest: "syslog:server=syslog-svc-secondary.default:514"
 ```
 
-{{< note >}} The field `waf.securityLog` is deprecated and will be removed in future releases.It will be ignored if `waf.securityLogs` is populated. {{< /note >}}
+{{< call-out "note" >}} The field `waf.securityLog` is deprecated and will be removed in future releases.It will be ignored if `waf.securityLogs` is populated. {{< /call-out >}}
 
 {{% table %}}
 |Field | Description | Type | Required |
@@ -848,7 +848,7 @@ waf:
 |``securityLog.enable`` | Enables security log. | ``bool`` | No |
 |``securityLog.apLogConf`` | The [App Protect WAF log conf]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-logs" >}}) resource. Accepts an optional namespace. Only works with ``apPolicy``. | ``string`` | No |
 |``securityLog.apLogBundle`` | The [App Protect WAF log bundle]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-bundles" >}}) resource. Only works with ``apBundle``. | ``string`` | No |
-|``securityLog.logDest`` | The log destination for the security log. Only accepted variables are ``syslog:server=<ip-address &#124; localhost; fqdn>:<port>``, ``stderr``, ``<absolute path to file>``. | ``string`` | No |
+|``securityLog.logDest`` | The log destination for the security log. Only accepted variables are ``syslog:server=<ip-address>; localhost; fqdn>:<port>``, ``stderr``, ``<absolute path to file>``. | ``string`` | No |
 {{% /table %}}
 
 #### WAF Merging Behavior
diff --git a/content/nic/configuration/security.md b/content/nic/configuration/security.md
index c2637af8a..ad561cb21 100644
--- a/content/nic/configuration/security.md
+++ b/content/nic/configuration/security.md
@@ -33,9 +33,9 @@ By default, the ServiceAccount has access to all Secret resources in the cluster
 
 ### Configure root filesystem as read-only
 
-{{< caution >}}
+{{< call-out "caution"  >}}
  This feature is compatible with [NGINX App Protect WAF v5]({{< ref "/nap-waf/v5/" >}}). It is not compatible with [NGINX App Protect WAF v4]({{< ref "/nap-waf/v4/" >}}) or [NGINX App Protect DoS]({{< ref "/nap-dos/" >}}).
-{{< /caution >}}
+{{< /call-out >}}
 
 NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all containers to read-only, this includes `nginx-ingress-controller`, though also includes `waf-enforcer` and `waf-config-mgr` when NGINX App Protect WAFv5 is in use.  This is so that the attack surface is further reduced by limiting changes to binaries and libraries.
 
@@ -90,9 +90,9 @@ Snippets allow raw NGINX configuration to be inserted into resources. They are i
 
 Snippets are disabled by default. To use snippets, set the [**enable-snippets**]({{< ref"/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-enable-snippets" >}}) command-line argument.
 
-{{< caution >}}
+{{< call-out "caution"  >}}
  Snippets are **always** enabled for ConfigMap.
-{{< /caution >}}
+{{< /call-out >}}
 
 For more information, read the following:
 
diff --git a/content/nic/configuration/transportserver-resource.md b/content/nic/configuration/transportserver-resource.md
index ea2f3c688..31516a66e 100644
--- a/content/nic/configuration/transportserver-resource.md
+++ b/content/nic/configuration/transportserver-resource.md
@@ -84,8 +84,8 @@ The TransportServer resource defines load balancing configuration for TCP, UDP,
       pass: secure-app
   ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
-|Field | Description | Type | Required |
+{{< table >}}
+| Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``listener`` | The listener on NGINX that will accept incoming connections/datagrams. | [listener](#listener) | Yes |
 |``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. Wildcard domains like ``*.example.com`` are not allowed. When specified, NGINX will use this host for SNI-based routing. For TLS Passthrough, this field is required. For TCP with TLS termination, specifying the host enables SNI routing and requires specifying a TLS secret.| ``string`` | No |
@@ -96,7 +96,8 @@ The TransportServer resource defines load balancing configuration for TCP, UDP,
 |``ingressClassName`` | Specifies which Ingress Controller must handle the TransportServer resource. | ``string`` | No |
 |``streamSnippets`` | Sets a custom snippet in the ``stream`` context. | ``string`` | No |
 |``serverSnippets`` | Sets a custom snippet in the ``server`` context. | ``string`` | No |
-{{</bootstrap-table>}}
+{{< /table >}}
+
 
 \* -- Required for TLS Passthrough load balancing.
 
@@ -114,12 +115,10 @@ listener:
   protocol: UDP
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the listener. | ``string`` | Yes |
 |``protocol`` | The protocol of the listener. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ### TLS
 
@@ -129,11 +128,9 @@ The tls field defines TLS configuration for a TransportServer. When using TLS te
 secret: cafe-secret
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the TransportServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Upstream
 
@@ -149,7 +146,7 @@ failTimeout: 30s
 loadBalancingMethod: least_conn
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes |
@@ -162,7 +159,7 @@ loadBalancingMethod: least_conn
 |``loadBalancingMethod`` | The method used to load balance the upstream servers. By default, connections are distributed between the servers using a weighted round-robin balancing method. See the [upstream](http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream) section for available methods and their details. | ``string`` | No |
 |``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No |
 |``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Upstream.Healthcheck
 
@@ -182,9 +179,8 @@ healthCheck:
   port: 8080
 ```
 
-{{< note >}} This feature is only supported with NGINX Plus. {{< /note >}}
+{{< call-out "note" >}} This feature is only supported with NGINX Plus. {{< /call-out >}}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -195,7 +191,6 @@ healthCheck:
 |``passes`` | The number of consecutive passed health checks of a particular upstream server after which the server will be considered healthy. The default is ``1``. | ``integer`` | No |
 |``port`` | The port used for health check requests. By default, the [server port is used](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check_port). Note: in contrast with the port of the upstream, this port is not a service port, but a port of a pod. | ``integer`` | No |
 |``match`` | Controls the data to send and the response to expect for the healthcheck. | [match](#upstreamhealthcheckmatch) | No |
-{{</bootstrap-table>}}
 
 ### Upstream.Healthcheck.Match
 
@@ -211,12 +206,10 @@ Both `send` and `expect` fields can contain hexadecimal literals with the prefix
 
 See the [match](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match) directive for details.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``send`` | A string to send to an upstream server. | ``string`` | No |
 |``expect`` | A literal string or a regular expression that the data obtained from the server should match. The regular expression is specified with the preceding ``~*`` modifier (for case-insensitive matching), or the ``~`` modifier (for case-sensitive matching). NGINX Ingress Controller validates a regular expression using the RE2 syntax. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### UpstreamParameters
 
@@ -232,7 +225,6 @@ upstreamParameters:
   nextUpstreamTries: 1
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``udpRequests`` | The number of datagrams, after receiving which, the next datagram from the same client starts a new session. See the [proxy_requests](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_requests) directive. The default is ``0``. | ``int`` | No |
@@ -241,7 +233,6 @@ upstreamParameters:
 |``nextUpstream`` | If a connection to the proxied server cannot be established, determines whether a client connection will be passed to the next server. See the [proxy_next_upstream](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream) directive. The default is ``true``. | bool | No |
 |``nextUpstreamTries`` | The number of tries for passing a connection to the next server. See the [proxy_next_upstream_tries](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries) directive. The default is ``0``. | ``int`` | No |
 |``nextUpstreamTimeout`` | The time allowed to pass a connection to the next server. See the [proxy_next_upstream_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) directive. The default us ``0``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### SessionParameters
 
@@ -252,11 +243,9 @@ sessionParameters:
   timeout: 50s
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``timeout`` | The timeout between two successive read or write operations on client or proxied server connections. See [proxy_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) directive. The default is ``10m``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Action
 
@@ -269,11 +258,9 @@ action:
   pass: dns-app
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``pass`` | Passes connections/datagrams to an upstream. The upstream with that name must be defined in the resource. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ## Using TransportServer
 
@@ -337,7 +324,7 @@ spec:
     port: 80
 ```
 
-{{< note >}} To configure snippets in the `stream` context, use `stream-snippets` ConfigMap key. {{< /note >}}
+{{< call-out "note" >}} To configure snippets in the `stream` context, use `stream-snippets` ConfigMap key. {{< /call-out >}}
 
 For additional information, view the [Advanced configuration with Snippets]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) topic.
 
diff --git a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
index df0a4cd48..670599c36 100644
--- a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
+++ b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
@@ -82,13 +82,11 @@ redirect:
   enable: true
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). If the secret doesn't exist or is invalid, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer. If the secret is not specified but [wildcard TLS secret]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-wildcard-tls-secret" >}}) is configured, NGINX will use the wildcard secret for TLS termination. | ``string`` | No |
 |``redirect`` | The redirect configuration of the TLS for a VirtualServer. | [tls.redirect](#virtualservertlsredirect) | No | ### VirtualServer.TLS.Redirect |
 |``cert-manager`` | The cert-manager configuration of the TLS for a VirtualServer. | [tls.cert-manager](#virtualservertlscertmanager) | No | ### VirtualServer.TLS.CertManager |
-{{</bootstrap-table>}}
 
 ### VirtualServer.TLS.Redirect
 
@@ -100,13 +98,11 @@ code: 301
 basedOn: scheme
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables a TLS redirect for a VirtualServer. The default is ``False``. | ``boolean`` | No |
 |``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``.  The default is ``301``. | ``int`` | No |
 |``basedOn`` | The attribute of a request that NGINX will evaluate to send a redirect. The allowed values are ``scheme`` (the scheme of the request) or ``x-forwarded-proto`` (the ``X-Forwarded-Proto`` header of the request). The default is ``scheme``. | ``string`` | No | ### VirtualServer.Policy |
-{{</bootstrap-table>}}
 
 ### VirtualServer.TLS.CertManager
 
@@ -117,7 +113,6 @@ cert-manager:
   cluster-issuer: "my-issuer-name"
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``issuer`` |  the name of an Issuer. An Issuer is a cert-manager resource which describes the certificate authority capable of signing certificates. The Issuer must be in the same namespace as the VirtualServer resource. Please note that one of `issuer` and `cluster-issuer` are required, but they are mutually exclusive - one and only one must be defined. | ``string`` | No |
@@ -129,23 +124,21 @@ cert-manager:
 |``renew-before`` |  this annotation allows you to configure spec.renewBefore field for the Certificate to be generated. Must be specified using a [Go time.Duration](https://pkg.go.dev/time#ParseDuration) string format, which does not allow the d (days) suffix. You must specify these values using s, m, and h suffixes instead. | ``string`` | No |
 |``usages`` |  This field allows you to configure spec.usages field for the Certificate to be generated. Pass a string with comma-separated values i.e. ``key agreement,digital signature, server auth``. An exhaustive list of supported key usages can be found in the [the cert-manager api documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage). | ``string`` | No |
 |``issue-temp-cert`` | When ``true``, ask cert-manager for a [temporary self-signed certificate](https://cert-manager.io/docs/usage/certificate/#temporary-certificates-while-issuing) pending the issuance of the Certificate. This allows HTTPS-only servers to use ACME HTTP01 challenges when the TLS secret does not exist yet. | ``boolean`` | No |
-{{</bootstrap-table>}}
 
 ### VirtualServer.Listener
 The listener field defines a custom HTTP and/or HTTPS listener.
 The respective listeners used must reference the name of a listener defined using a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource.
 For example:
+
 ```yaml
 http: http-8083
 https: https-8443
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``http`` |  The name of am HTTP listener defined in a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource. | ``string`` | No |
 |``https`` |  The name of an HTTPS listener defined in a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### VirtualServer.ExternalDNS
 
@@ -155,7 +148,6 @@ The externalDNS field configures controlling DNS records dynamically for Virtual
 enable: true
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables ExternalDNS integration for a VirtualServer resource. The default is ``false``. | ``string`` | No |
@@ -163,7 +155,6 @@ enable: true
 |``providerSpecific`` | Configure provider specific properties which holds the name and value of a configuration which is specific to individual DNS providers. | [[]ProviderSpecific](#virtualserverexternaldnsproviderspecific) | No |
 |``recordTTL`` | TTL for the DNS record. This defaults to 0 if not defined. See [the ExternalDNS TTL documentation for provider-specific defaults](https://kubernetes-sigs.github.io/external-dns/v0.14.2/ttl/#providers) | ``int64`` | No |
 |``recordType`` | The record Type that should be created, e.g. "A", "AAAA", "CNAME". This is automatically computed based on the external endpoints if not defined. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### VirtualServer.ExternalDNS.ProviderSpecific
 
@@ -176,12 +167,10 @@ The providerSpecific field of the externalDNS block allows the specification of
   value: my-value2
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the key value pair. | ``string`` | Yes |
 |``value`` | The value of the key value pair. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ### VirtualServer.Policy
 
@@ -191,12 +180,10 @@ The policy field references a [Policy resource]({{< ref "/nic/configuration/poli
 name: access-control
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of a policy. If the policy doesn't exist or invalid, NGINX will respond with an error response with the `500` status code. | ``string`` | Yes |
 |``namespace`` | The namespace of a policy. If not specified, the namespace of the VirtualServer resource is used. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### VirtualServer.Route
 
@@ -208,7 +195,7 @@ The route defines rules for matching client requests to actions like passing a r
     pass: tea
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``path`` | The path of the route. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix (must start with ``/`` ) or an exact match (must start with ``=`` ), the path must not include any whitespace characters, ``{`` , ``}`` or ``;``. In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all routes of the VirtualServer. Check the [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive for more information. | ``string`` | Yes |
@@ -220,7 +207,7 @@ The route defines rules for matching client requests to actions like passing a r
 |``route`` | The name of a VirtualServerRoute resource that defines this route. If the VirtualServerRoute belongs to a different namespace than the VirtualServer, you need to include the namespace. For example, ``tea-namespace/tea``. | ``string`` | No |
 |``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No |
 |``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` ConfigMap key. | ``string`` | No |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 \* -- a route must include exactly one of the following: `action`, `splits`, or `route`.
 
@@ -280,14 +267,12 @@ spec:
 
 Note that each subroute must have a `path` that starts with the same prefix (here `/coffee`), which is defined in the route of the VirtualServer. Additionally, the `host` in the VirtualServerRoute must be the same as the `host` of the VirtualServer.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes. Must be the same as the ``host`` of the VirtualServer that references this resource. | ``string`` | Yes |
 |``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | No |
 |``subroutes`` | A list of subroutes. | [[]subroute](#virtualserverroutesubroute) | No |
 |``ingressClassName`` | Specifies which Ingress Controller must handle the VirtualServerRoute resource. Must be the same as the ``ingressClassName`` of the VirtualServer that references this resource. | ``string``_ | No |
-{{</bootstrap-table>}}
 
 ### VirtualServerRoute.Subroute
 
@@ -299,7 +284,7 @@ action:
   pass: coffee
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``path`` | The path of the subroute. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix, the path must start with the same path as the path of the route of the VirtualServer that references this resource. In the case of an exact or regex match, the path must be the same as the path of the route of the VirtualServer that references this resource. A matching path of the route of the VirtualServer but in different type is not accepted, e.g. a regex path (`~/match`) cannot be used with a prefix path in VirtualServer (`/match`) In the case of a prefix or an exact match, the path must not include any whitespace characters, ``{`` , ``}`` or ``;``.  In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all subroutes of the VirtualServerRoute. | ``string`` | Yes |
@@ -310,7 +295,7 @@ action:
 |``matches`` | The matching rules for advanced content-based routing. Requires the default ``action`` or ``splits``.  Unmatched requests will be handled by the default ``action`` or ``splits``. | [matches](#match) | No |
 |``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No |
 |``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` of the VirtualServer (if set) or the ``location-snippets`` ConfigMap key. | ``string`` | No |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 \* -- a subroute must include exactly one of the following: `action` or `splits`.
 
@@ -344,7 +329,7 @@ tls:
 
 **Note**: The WebSocket protocol is supported without any additional configuration.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes |
@@ -376,7 +361,7 @@ tls:
 |``type`` |The type of the upstream. Supported values are ``http`` and ``grpc``. The default is ``http``. For gRPC, it is necessary to enable HTTP/2 in the [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#listeners" >}}) and configure TLS termination in the VirtualServer. | ``string`` | No |
 |``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No |
 |``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No |
-{{</bootstrap-table>}}
+{{< /table >}}
 
 ### Upstream.Buffers
 
@@ -389,20 +374,16 @@ size: 8K
 
 See the [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directive for additional information.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``number`` | Configures the number of buffers. The default is set in the ``proxy-buffers`` ConfigMap key. | ``int`` | Yes |
 |``size`` | Configures the size of a buffer. The default is set in the ``proxy-buffers`` ConfigMap key. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ### Upstream.TLS
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables HTTPS for requests to upstream servers. The default is ``False`` , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an [EgressMTLS Policy]({{< ref "/nic/configuration/policy-resource/#egressmtls" >}}). | ``boolean`` | No |
-{{</bootstrap-table>}}
 
 ### Upstream.Queue
 
@@ -417,12 +398,10 @@ See [`queue`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue
 
 Note: This feature is supported only in NGINX Plus.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``size`` | The size of the queue. | ``int`` | Yes |
 |``timeout`` | The timeout of the queue. A request cannot be queued for a period longer than the timeout. The default is ``60s``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Upstream.Healthcheck
 
@@ -455,9 +434,8 @@ healthCheck:
   keepalive-time: 60s
 ```
 
-Note: This feature is supported only in NGINX Plus.
+{{< call-out "note" >}} This feature is supported only in NGINX Plus. {{< /call-out >}}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -478,7 +456,6 @@ Note: This feature is supported only in NGINX Plus.
 |``mandatory`` | Require every newly added server to pass all configured health checks before NGINX Plus sends traffic to it. If this is not specified, or is set to false, the server will be initially considered healthy. When combined with [slow-start](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start), it gives a new server more time to connect to databases and “warm up” before being asked to handle their full share of traffic. | ``bool`` | No |
 |``persistent`` | Set the initial “up” state for a server after reload if the server was considered healthy before reload. Enabling persistent requires that the mandatory parameter is also set to `true`. | ``bool`` | No |
 |``keepalive-time`` | Enables [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections for health checks and specifies the time during which requests can be processed through one keepalive connection. The default is ``60s``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Upstream.SessionCookie
 
@@ -503,9 +480,8 @@ sessionCookie:
 
 See the [`sticky`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html?#sticky) directive for additional information. The session cookie corresponds to the `sticky cookie` method.
 
-Note: This feature is supported only in NGINX Plus.
+{{< call-out "note" >}} This feature is supported only in NGINX Plus. {{< /call-out >}}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``enable`` | Enables session persistence with a session cookie for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -516,7 +492,6 @@ Note: This feature is supported only in NGINX Plus.
 |``httpOnly`` | Adds the ``HttpOnly`` attribute to the cookie. | ``boolean`` | No |
 |``secure`` | Adds the ``Secure`` attribute to the cookie. | ``boolean`` | No |
 |``samesite`` | Adds the ``SameSite`` attribute to the cookie. The allowed values are: ``strict``, ``lax``, ``none`` | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Header
 
@@ -527,12 +502,10 @@ name: Host
 value: example.com
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the header. | ``string`` | Yes |
 |``value`` | The value of the header. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Action
 
@@ -546,14 +519,12 @@ In the example below, client requests are passed to an upstream `coffee`:
   pass: coffee
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``pass`` | Passes requests to an upstream. The upstream with that name must be defined in the resource. | ``string`` | No |
 |``redirect`` | Redirects requests to a provided URL. | [action.redirect](#actionredirect) | No |
 |``return`` | Returns a preconfigured response. | [action.return](#actionreturn) | No |
 |``proxy`` | Passes requests to an upstream with the ability to modify the request/response (for example, rewrite the URI or modify the headers). | [action.proxy](#actionproxy) | No |
-{{</bootstrap-table>}}
 
 \* -- an action must include exactly one of the following: `pass`, `redirect`, `return` or `proxy`.
 
@@ -569,12 +540,10 @@ redirect:
   code: 301
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` , ``$http_x_forwarded_proto`` , ``$request_uri`` , ``$host``. Variables must be enclosed in curly braces. For example: ``${host}${request_uri}``. | ``string`` | Yes |
 |``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No |
-{{</bootstrap-table>}}
 
 ### Action.Return
 
@@ -592,14 +561,12 @@ return:
     value: espresso
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``code`` | The status code of the response. The allowed values are: ``2XX``, ``4XX`` or ``5XX``. The default is ``200``. | ``int`` | No |
 |``type`` | The MIME type of the response. The default is ``text/plain``. | ``string`` | No |
 |``body`` | The body of the response. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``Request is ${request_uri}\n``. | ``string`` | Yes |
 |``headers`` | The custom headers of the response. | [[]Action.Return.Header](#actionreturnheader) | No |
-{{</bootstrap-table>}}
 
 \* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing` and `$connections_waiting`.
 
@@ -612,12 +579,10 @@ name: x-coffee
 value: espresso
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the header. | ``string`` | Yes |
 |``value`` | The value of the header. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ### Action.Proxy
 
@@ -652,25 +617,21 @@ proxy:
   rewritePath: /
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``upstream`` | The name of the upstream which the requests will be proxied to. The upstream with that name must be defined in the resource. | ``string`` | Yes |
 |``requestHeaders`` | The request headers modifications. | [action.Proxy.RequestHeaders](#actionproxyrequestheaders) | No |
 |``responseHeaders`` | The response headers modifications. | [action.Proxy.ResponseHeaders](#actionproxyresponseheaders) | No |
 |``rewritePath`` | The rewritten URI. If the route path is a regular expression -- starts with `~` -- the `rewritePath` can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the [rewrite](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rewrites) example. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ### Action.Proxy.RequestHeaders
 
 The RequestHeaders field modifies the headers of the request to the proxied upstream server.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``pass`` | Passes the original request headers to the proxied upstream server. See the [proxy_pass_request_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_headers) directive for more information. Default is true. | ``bool`` | No |
 |``set`` | Allows redefining or appending fields to present request headers passed to the proxied upstream servers. See the [proxy_set_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive for more information. | [[]header](#actionproxyrequestheaderssetheader) | No |
-{{</bootstrap-table>}}
 
 ### Action.Proxy.RequestHeaders.Set.Header
 
@@ -688,12 +649,10 @@ name: Host
 value: example.com
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the header. | ``string`` | Yes |
 |``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 \* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only).
 
@@ -701,14 +660,12 @@ value: example.com
 
 The ResponseHeaders field modifies the headers of the response to the client.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``hide`` | The headers that will not be passed* in the response to the client from a proxied upstream server. See the [proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directive for more information. | ``[]string`` | No |
 |``pass`` | Allows passing the hidden header fields* to the client from a proxied upstream server. See the [proxy_pass_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directive for more information. | ``[]string`` | No |
 |``ignore`` | Disables processing of certain headers** to the client from a proxied upstream server. See the [proxy_ignore_headers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive for more information. | ``[]string`` | No |
 |``add`` | Adds headers to the response to the client. | [[]addHeader](#addheader) | No |
-{{</bootstrap-table>}}
 
 \* -- Default hidden headers are: `Date`, `Server`, `X-Pad` and `X-Accel-...`.
 
@@ -724,17 +681,15 @@ value: My-Value
 always: true
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the header. | ``string`` | Yes |
 |``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No |
 |``always`` | If set to true, add the header regardless of the response status code**. Default is false. See the [add_header](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) directive for more information. | ``bool`` | No |
-{{</bootstrap-table>}}
 
 \* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only).
 
-{{< note >}} If `always` is false, the response header is added only if the response status code is any of `200`, `201`, `204`, `206`, `301`, `302`, `303`, `304`, `307` or `308`. {{< /note >}}
+{{< call-out "note" >}} If `always` is false, the response header is added only if the response status code is any of `200`, `201`, `204`, `206`, `301`, `302`, `303`, `304`, `307` or `308`. {{< /call-out >}}
 
 ### Split
 
@@ -752,12 +707,10 @@ splits:
     pass: coffee-v2
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``weight`` | The weight of an action. Must fall into the range ``0..100``. The sum of the weights of all splits must be equal to ``100``. | ``int`` | Yes |
 |``action`` | The action to perform for a request. | [action](#action) | Yes |
-{{</bootstrap-table>}}
 
 ### Match
 
@@ -803,21 +756,18 @@ action:
   pass: coffee
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``conditions`` | A list of conditions. Must include at least 1 condition. | [[]condition](#condition) | Yes |
 |``action`` | The action to perform for a request. | [action](#action) | No |
 |``splits`` | The splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No |
-{{</bootstrap-table>}}
 
-{{< note >}} A match must include exactly one of the following: `action` or `splits`. {{< /note >}}
+{{< call-out "note" >}} A match must include exactly one of the following: `action` or `splits`. {{< /call-out >}}
 
 ### Condition
 
 The condition defines a condition in a match.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``header`` | The name of a header. Must consist of alphanumeric characters or ``-``. | ``string`` | No |
@@ -825,9 +775,8 @@ The condition defines a condition in a match.
 |``argument`` | The name of an argument. Must consist of alphanumeric characters or ``_``. | ``string`` | No |
 |``variable`` | The name of an NGINX variable. Must start with ``$``. See the list of the supported variables below the table. | ``string`` | No |
 |``value`` | The value to match the condition against. How to define a value is shown below the table. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
-{{< note >}}  a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /note >}}
+{{< call-out "note" >}}  a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /call-out >}}
 
 Supported NGINX variables: `$args`, `$http2`, `$https`, `$remote_addr`, `$remote_port`, `$query_string`, `$request`, `$request_body`, `$request_uri`, `$request_method`, `$scheme`. Find the documentation for each variable [here](https://nginx.org/en/docs/varindex.html).
 
@@ -841,7 +790,7 @@ The value supports two kinds of matching:
   - `!~^yes` -- negation of the previous regular expression that succeeds for strings like `YES`, `Yes123`, `noyes`. (The negation mechanism is not part of the PCRE syntax).
   - `~*no$` -- a case-insensitive regular expression that matches any string that ends with `no`. For example: `no`, `123no`, `123NO`.
 
-{{< note >}} A value must not include any unescaped double quotes (`"`) and must not end with an unescaped backslash (`\`). For example, the following are invalid values: `some"value`, `somevalue\`. {{< /note >}}
+{{< call-out "note" >}} A value must not include any unescaped double quotes (`"`) and must not end with an unescaped backslash (`\`). For example, the following are invalid values: `some"value`, `somevalue\`. {{< /call-out >}}
 
 ### ErrorPage
 
@@ -860,15 +809,13 @@ errorPages:
     body: "Original resource not found, but success!"
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``codes`` | A list of error status codes. | ``[]int`` | Yes |
 |``redirect`` | The redirect action for the given status codes. | [errorPage.Redirect](#errorpageredirect) | No |
 |``return`` | The canned response action for the given status codes. | [errorPage.Return](#errorpagereturn) | No |
-{{</bootstrap-table>}}
 
-{{< note >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /note >}}
+{{< call-out "note" >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /call-out >}}
 
 ### ErrorPage.Redirect
 
@@ -883,12 +830,10 @@ redirect:
   url: ${scheme}://cafe.example.com/error.html
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``.  The default is ``301``. | ``int`` | No |
 |``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` and ``$http_x_forwarded_proto``. Variables must be enclosed in curly braces. For example: ``${scheme}``. | ``string`` | Yes |
-{{</bootstrap-table>}}
 
 ### ErrorPage.Return
 
@@ -908,14 +853,12 @@ return:
     value: ${upstream_status}
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``code`` | The status code of the response. The default is the status code of the original response. | ``int`` | No |
 |``type`` | The MIME type of the response. The default is ``text/html``. | ``string`` | No |
 |``body`` | The body of the response. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | Yes |
 |``headers`` | The custom headers of the response. | [[]errorPage.Return.Header](#errorpagereturnheader) | No |
-{{</bootstrap-table>}}
 
 ### ErrorPage.Return.Header
 
@@ -926,12 +869,10 @@ name: x-debug-original-statuses
 value: ${upstream_status}
 ```
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
 |``name`` | The name of the header. | ``string`` | Yes |
 |``value`` | The value of the header. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | No |
-{{</bootstrap-table>}}
 
 ## Using VirtualServer and VirtualServerRoute
 
diff --git a/content/nic/installation/build-nginx-ingress-controller.md b/content/nic/installation/build-nginx-ingress-controller.md
index 560a46ca4..b278f03c5 100644
--- a/content/nic/installation/build-nginx-ingress-controller.md
+++ b/content/nic/installation/build-nginx-ingress-controller.md
@@ -59,7 +59,7 @@ Get your system ready for building and pushing the NGINX Ingress Controller imag
 
 After setting up your environment, follow these steps to build the NGINX Ingress Controller image.
 
-{{< note >}} If you have a local Golang environment and want to build the binary yourself, remove `TARGET=download` from the make commands. If you don't have Golang but still want to build the binary, use `TARGET=container`. {{< /note >}}
+{{< call-out "note" >}} If you have a local Golang environment and want to build the binary yourself, remove `TARGET=download` from the make commands. If you don't have Golang but still want to build the binary, use `TARGET=container`. {{< /call-out >}}
 
 ### For NGINX
 
@@ -103,7 +103,7 @@ make debian-image-plus PREFIX=<my-docker-registry>/nginx-plus-ingress TARGET=dow
 
 **What to expect**: The image is built and tagged with a version number, which is derived from the `VERSION` variable in the [_Makefile_](#makefile-details). This version number is used for tracking and deployment purposes.
 
-{{<note>}} If a patch for NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{</note>}}
+{{< call-out "note" >}} If a patch for NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{< /call-out >}}
 
 ---
 
@@ -135,12 +135,11 @@ This section provides comprehensive information on the targets and variables ava
 
 ### Key Makefile targets {#key-makefile-targets}
 
-{{<tip>}}To view available _Makefile_ targets, run `make` with no target or type `make help`.{{</tip>}}
+{{< call-out "tip" >}}To view available _Makefile_ targets, run `make` with no target or type `make help`.{{< /call-out >}}
 
 Key targets include:
 
-{{<bootstrap-table "table table-striped table-bordered">}}
-| <div style="width:200px">Target | Description                                                                                                                                                                                                  |
+| Target | Description                                                                                                                                                                                                  |
 |---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | _build_                       | Creates the NGINX Ingress Controller binary with your local Go environment.                                                                                                                                  |
 | _alpine-image_                | Builds an Alpine-based image with NGINX.                                                                                                                                                                     |
@@ -158,38 +157,38 @@ Key targets include:
 | _ubi-image-nap-plus_          | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF](/nginx-app-protect/) module for [OpenShift](https://www.openshift.com/) clusters.                                                   |
 | _ubi-image-nap-v5-plus_          | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF v5](/nginx-app-protect/) module for [OpenShift](https://www.openshift.com/) clusters.                                                   |
 | _ubi-image-dos-plus_          | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters.                                               |
-| _ubi-image-nap-dos-plus_      | <p>Builds a UBI-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect/) and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters.</p> <p> **Important**: Save your RHEL organization and activation keys in a file named _rhel_license_ at the project root.</p> <p> For instance:</p> <pre>RHEL_ORGANIZATION=1111111<br />RHEL_ACTIVATION_KEY=your-key</pre>|
-{{</bootstrap-table>}}
+| _ubi-image-nap-dos-plus_      | <p>Builds a UBI-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect/) and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters.|
 
----
+{{< call-out "important" >}}
+
+For RHEL, save your organization and activation keys in a file named _rhel_license_ at the project root. Ensure they are on separate lines, such as:
+
+- RHEL_ORGANIZATION=1111111 
+- RHEL_ACTIVATION_KEY=your-key
+
+{{< /call-out >}}
 
 ### Additional useful targets {#other-makefile-targets}
 
 A few other useful targets:
 
-{{<bootstrap-table "table table-striped table-bordered">}}
-| <div style="width:200px">Target</div> | Description   |
+| Target | Description   |
 |---------------------------------------|---------------|
 | _push_                              | Pushes the built image to the Docker registry. Configures with `PREFIX` and `TAG`.  |
 | _all_                               | Runs `test`, `lint`, `verify-codegen`, `update-crds`, and `debian-image`. Stops and reports an error if any of these targets fail.  |
 | _test_                              | Runs unit tests.  |
-{{</bootstrap-table>}}
 
 ### Makefile variables you can customize {#makefile-variables}
 
 The _Makefile_ includes several key variables. You have the option to either modify these variables directly in the _Makefile_ or override them when you run the `make` command.
 
-{{<bootstrap-table "table table-striped table-bordered">}}
-| <div style="width:200px">Variable</div> | Description   |
+| Variable | Description   |
 |-----------------------------------------|---------------|
 | _ARCH_                                | Defines the architecture for the image and binary. The default is `amd64`, but you can also use `arm64`. |
 | _PREFIX_                              | Gives the image its name. The default is `nginx/nginx-ingress`.  |
 | _TAG_                                 | Adds a tag to the image. This is often the version of NGINX Ingress Controller.   |
 | _DOCKER\_BUILD\_OPTIONS_                | Allows for additional [options](https://docs.docker.com/engine/reference/commandline/build/#options) during the `docker build` process, like `--pull`.  |
 | _TARGET_                              | <p>Determines the build environment. NGINX Ingress Controller compiles locally in a Golang environment by default. Ensure the NGINX Ingress Controller repo resides in your `$GOPATH` if you select this option.</p><p>Alternatively, you can set `TARGET=container` to build using a Docker [Golang](https://hub.docker.com/_/golang/) container. To skip compiling the binary if you're on a specific tag or the latest `main` branch commit, set `TARGET=download`.</p>  |
-{{</bootstrap-table>}}
-
----
 
 ## Alternatives to building your own image {#pre-built-images}
 
@@ -199,5 +198,5 @@ If you prefer not to build your own NGINX Ingress Controller image, you can use
 
 **NGINX Plus Ingress Controller**: You have two options for this:
 
-- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image" >}}) topic.
-- Use your NGINX Ingress Controller subscription JWT token to get the image. View the [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic.
+- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) topic.
+- Use your NGINX Ingress Controller subscription JWT token to get the image. View the [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topic.
diff --git a/content/nic/installation/create-license-secret.md b/content/nic/installation/create-license-secret.md
index 3b13bc543..abb72c50b 100644
--- a/content/nic/installation/create-license-secret.md
+++ b/content/nic/installation/create-license-secret.md
@@ -17,7 +17,7 @@ This requirement is part of F5’s broader licensing program and aligns with ind
 
 The JWT is required for validating your subscription and reporting telemetry data. For environments connected to the internet, telemetry is automatically sent to F5’s licensing endpoint.  In offline environments, telemetry is routed through [NGINX Instance Manager]({{< ref "/nim/" >}}). By default usage is reported every hour and also whenever NGINX is reloaded.
 
-{{< note >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses.md#for-internet-connected-environments" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{</ note >}}
+{{< call-out "note" >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses.md#for-internet-connected-environments" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{< /call-out >}}
 
 ## Set up your NGINX Plus license
 
@@ -27,20 +27,21 @@ The JWT is required for validating your subscription and reporting telemetry dat
 
 ### Create the Secret
 
-The JWT needs to be configured before deploying NGINX Ingress Controller. The JWT will be stored in a Kubernetes Secret of type `nginx.com/license`, and can be created with the following command.
+The JWT needs to be configured before deploying NGINX Ingress Controller. 
+
+It must be stored in a Kubernetes Secret of type `nginx.com/license` in the same namespace as your NGINX Ingress Controller pod(s).
+
+Create the Secret with the following command:
 
 ```shell
-kubectl create secret generic license-token --from-file=license.jwt=<path-to-your-jwt> --type=nginx.com/license -n <Your Namespace>
+kubectl create secret generic license-token --from-file=license.jwt=<path-to-your-jwt> --type=nginx.com/license -n <your-namespace>
 ```
-You can now delete the downloaded `.jwt` file.
 
-{{< note >}}
-The Secret needs to be in the same Namespace as the NGINX Ingress Controller Pod(s).
-{{</ note >}}
+Once created, you can download the `.jwt` file.
 
 {{< include "/nic/installation/jwt-password-note.md" >}}
 
-### Use the NGINX Plus license Secret
+### Add the license Secret to your deployment
 
 If using a name other than the default `license-token`, provide the name of this Secret when installing NGINX Ingress Controller:
 
@@ -50,7 +51,7 @@ If using a name other than the default `license-token`, provide the name of this
 
 Specify the Secret name using the `controller.mgmt.licenseTokenSecretName` Helm value.
 
-For detailed guidance on creating the Management block via Helm, refer to the [Helm configuration documentation]({{< ref "/nic/installation/installing-nic/installation-with-helm/#configuration" >}}).
+For detailed guidance on creating the Management block with Helm, refer to the [Helm configuration documentation]({{< ref "/nic/installation/installing-nic/installation-with-helm/#configuration" >}}).
 
 {{% /tab %}}
 
@@ -129,11 +130,8 @@ Specify the SSL trusted certificate Secret name in the `ssl-trusted-certificate-
 
 {{</tabs>}}
 
-<br>
-
 Once these Secrets are created and configured, you can now [install NGINX Ingress Controller ]({{< ref "/nic/installation/installing-nic/" >}}).
 
-
 ## What’s reported and how it’s protected {#telemetry}
 
 NGINX Plus reports the following data every hour by default:
diff --git a/content/nic/installation/ingress-nginx.md b/content/nic/installation/ingress-nginx.md
index 349b2c8d2..7727c56e8 100644
--- a/content/nic/installation/ingress-nginx.md
+++ b/content/nic/installation/ingress-nginx.md
@@ -1,12 +1,10 @@
 ---
-nd-docs: DOCS-1469
-doctypes:
-- tutorial
-tags:
-- docs
 title: Migrate from Ingress-NGINX Controller to NGINX Ingress Controller
 toc: true
-weight: 500
+weight: 700
+nd-content-type: how-to
+nd-product: NIC
+nd-docs: DOCS-1469
 ---
 
 This document describes how to migrate from the community-maintained Ingress-NGINX Controller to F5 NGINX Ingress Controller.
@@ -348,7 +346,6 @@ NGINX Ingress Controller has multiple proxy and load balancing functionalities y
 
 This table shows how Ingress-NGINX Controller annotations map to statements in the upstream field for [VirtualServer and VirtualServerRoute resources]({{<ref "/nic/configuration/virtualserver-and-virtualserverroute-resources">}}), covering load balancing, proxy timeout, proxy buffering and connection routing for a services' ClusterIP address and port.
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
 | Ingress-NGINX Controller | NGINX Ingress Controller |
 | ------------------------ | ------------------------ |
 | _nginx.ingress.kubernetes.io/load-balance_ | _lb-method_ |
@@ -361,7 +358,6 @@ This table shows how Ingress-NGINX Controller annotations map to statements in t
 | _nginx.ingress.kubernetes.io/proxy-read-timeout_ | _read-timeout_ |
 | _nginx.ingress.kubernetes.io/proxy-send-timeout_ | _send-timeout_ |
 | _nginx.ingress.kubernetes.io/service-upstream_ | _use-cluster-ip_ |
-{{% /bootstrap-table %}}
 
 #### mTLS authentication
 
@@ -449,14 +445,13 @@ The other option for migrating from the community Ingress-NGINX Controller to NG
 
 This ensures that all configuration is kept in the Ingress object.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 You should avoid altering the `spec` field of the Ingress resource when taking this option. Ingress-NGINX Controller and NGINX Ingress Controller differ slightly in their implementations: changing the Kubernetes Ingress can create incompatibility issues.
-{{< /warning >}}
+{{< /call-out >}}
 
 ### Advanced configuration with annotations
 This table maps the Ingress-NGINX Controller annotations to NGINX Ingress Controller's equivalent annotations, and the respective NGINX Directive.
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
 | Ingress-NGINX Controller | NGINX Ingress Controller | NGINX Directive |
 | ------------------------ | ------------------------ | --------------- |
 | [_nginx.ingress.kubernetes.io/configuration-snippet_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#configuration-snippet) | [_nginx.org/location-snippets_]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#snippets-and-custom-templates" >}}) | N/A |
@@ -471,7 +466,6 @@ This table maps the Ingress-NGINX Controller annotations to NGINX Ingress Contro
 | [_nginx.ingress.kubernetes.io/rewrite-target_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#rewrite) | [_nginx.org/rewrites_]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#request-uriheader-manipulation" >}}) | [_rewrite_](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite) |
 | [_nginx.ingress.kubernetes.io/server-snippet_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-snippet)| [_nginx.org/server-snippets_]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#snippets-and-custom-templates" >}}) | N/A |
 | [_nginx.ingress.kubernetes.io/ssl-redirect_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-side-https-enforcement-through-redirect) | [_ingress.kubernetes.io/ssl-redirect_]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#auth-and-ssltls" >}}) | N/A (2) |
-{{% /bootstrap-table %}}
 
 1. Ingress-NGINX Controller implements some of its load balancing algorithms with Lua, which may not have an equivalent in NGINX Ingress Controller.
 1. To redirect HTTP (80) traffic to HTTPS (443), NGINX Ingress Controller uses built-in NGINX `if` conditions while Ingress-NGINX Controller uses Lua.
@@ -491,19 +485,18 @@ nginx.ingress.kubernetes.io/session-cookie-path: "/route"
 nginx.com/sticky-cookie-services: "serviceName=example-svc cookie_name expires=time path=/route"
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 NGINX Ingress Controller has additional annotations for features using NGINX Plus that have no Ingress-NGINX Controller equivalent, such as active health checks and authentication using JSON Web Tokens (JWTs).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Global configuration with ConfigMaps
 
 This table maps the Ingress-NGINX Controller ConfigMap keys to NGINX Ingress Controller's equivalent ConfigMap keys.
 
-<!-- {{< note >}}
+<!-- {{< call-out "note" >}}
 Some of the key names are identical, and each Ingress Controller has ConfigMap keys that the other does not (Which are indicated).
-{{< /note >}} -->
+{{< /call-out >}} -->
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
 | Ingress-NGINX Controller | NGINX Ingress Controller |
 | ------------------------ | ------------------------ |
 | [_disable-access-log_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#disable-access-log) | [_access-log-off_]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#logging" >}}) |
@@ -544,4 +537,3 @@ Some of the key names are identical, and each Ingress Controller has ConfigMap k
 | [_worker-cpu-affinity_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-cpu-affinity) | [_worker-cpu-affinity_]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#general-customization" >}}) |
 | [_worker-processes_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-processes) | [_worker-processes_]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#general-customization" >}}) |
 | [_worker-shutdown-timeout_](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#worker-shutdown-timeout) | [_worker-shutdown-timeole_]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#general-customization" >}}) |
-{{% /bootstrap-table %}}
diff --git a/content/nic/installation/installing-nic/installation-with-helm.md b/content/nic/installation/installing-nic/installation-with-helm.md
index 8ac6f4d51..08d206d7d 100644
--- a/content/nic/installation/installing-nic/installation-with-helm.md
+++ b/content/nic/installation/installing-nic/installation-with-helm.md
@@ -9,103 +9,53 @@ nd-docs: DOCS-602
 
 This document explains how to install F5 NGINX Ingress Controller using [Helm](https://helm.sh/).
 
+Following these steps will deploy NGINX Ingress Controller in your Kubernetes cluster with the default configuration.
+
+The [Helm chart parameters](#helm-chart-parameters) lists the parameters that can be configured during installation.
+
 ## Before you begin
 
 {{< call-out "note" >}} All documentation should only be used with the latest stable release, indicated on [the releases page]({{< ref "/nic/releases.md" >}}) of the GitHub repository. {{< /call-out >}}
 
 - A [Kubernetes Version Supported by NGINX Ingress Controller]({{< ref "/nic/technical-specifications.md#supported-kubernetes-versions" >}})
 - Helm 3.0+.
-- If you’d like to use NGINX Plus:
-  - Get the NGINX Ingress Controller JWT and [create a license secret]({{< ref "/nic/installation/create-license-secret.md" >}}).
-  - Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-  - The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
-  - The [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) topic explains how to push an image to a private Docker registry.
-  - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly.
-
-## Custom Resource Definitions
-
-NGINX Ingress Controller requires custom resource definitions (CRDs) installed in the cluster, which Helm will install. If the CRDs are not installed, NGINX Ingress Controller pods will not become `Ready`.
-
-If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command.
-
-### Upgrade the CRDs
-
-{{< call-out "note" >}} If you are running NGINX Ingress Controller v3.x, you should read [Upgrade from NGINX Ingress Controller v3.x to v4.0.0]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md" >}}) before continuing. {{< /call-out >}}
-
-To upgrade the CRDs, pull the chart sources as described in [Pull the Chart](#pull-the-chart) and then run:
-
-```shell
-kubectl apply -f crds/
-```
 
-Alternatively, CRDs can be upgraded without pulling the chart by running:
+{{< call-out "note" >}} Helm version 3.18.5 has a [bug that returns an error when charts are referenced on a remote https url](https://github.com/helm/helm/issues/31136). Use versions up to 3.18.4 until they fix it. {{< /call-out >}}
 
-```shell
-kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{< nic-version >}}/deploy/crds.yaml
-```
+If you would like to use NGINX Plus, there are few options: you will need to update the `controller.image.repository` field of `values-plus.yaml` accordingly.
 
-In the above command, `v{{< nic-version >}}` represents the version of NGINX Ingress Controller release rather than the Helm chart version.
+- [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}})
+- [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}})
 
-{{< call-out "note" >}} The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`.
+## Install the Helm chart using the OCI Registry
 
-Check the [release notes](https://www.github.com/nginx/kubernetes-ingress/releases) for a new release for any special upgrade procedures.
-{{< /call-out >}}
+Run the following commands to install the chart with the release name _my-release_ (Which you can customize):
 
-### Uninstall the CRDs
+{{< tabs name="registry-chart-versions" >}}
 
-To remove the CRDs, pull the chart sources as described in [Pull the Chart](#pull-the-chart) and then run:
+{{% tab name="NGINX Open Source" %}}
 
 ```shell
-kubectl delete -f crds/
+helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}}
 ```
 
-{{< call-out "warning" >}} This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other NGINX Ingress Controller instances running in the cluster. {{< /call-out >}}
-
-## Manage the chart with OCI Registry
-
-### Install the chart
-
-Run the following commands to install the chart with the release name my-release (my-release is the name that you choose):
-
-- For NGINX:
-
-    ```shell
-    helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}}
-    ```
-
-- For NGINX Plus: (This assumes you have pushed NGINX Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`)
-
-    ```shell
-    helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
-    ```
-
-These commands install the latest `edge` version of NGINX Ingress Controller from GitHub Container Registry. If you prefer using Docker Hub, you can replace `ghcr.io/nginx/charts/nginx-ingress` with `registry-1.docker.io/nginxcharts/nginx-ingress`.
+{{% /tab %}}
 
-### Upgrade the chart
+{{% tab name="NGINX Plus" %}}
 
-Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrade the CRDs](#upgrade-the-crds).
-
-To upgrade the release `my-release`:
+This assumes you have pushed NGINX Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`:
 
 ```shell
-helm upgrade my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}}
+helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
 ```
 
-### Uninstall the chart
-
-To uninstall/delete the release `my-release`:
-
-```shell
-helm uninstall my-release
-```
+{{% /tab %}}
 
-The command removes all the Kubernetes components associated with the release and deletes the release.
+{{< /tabs >}}
 
-Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstall the CRDs](#uninstall-the-crds).
 
-### Edge version
+If you'd like to test the latest changes in NGINX Ingress Controller before a new release, you can install the `edge` version, which is built from the `main` branch of the [NGINX Ingress Controller repository](https://github.com/nginx/kubernetes-ingress).
 
-To test the latest changes in NGINX Ingress Controller before a new release, you can install the `edge` version. This version is built from the `main` branch of the NGINX Ingress Controller repository.
 You can install the `edge` version by specifying the `--version` flag with the value `0.0.0-edge`:
 
 ```shell
@@ -114,201 +64,79 @@ helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version 0.0.0
 
 {{< call-out "warning" >}} The `edge` version is not intended for production use. It is intended for testing and development purposes only. {{< /call-out >}}
 
-## Manage the chart with Sources
-
-### Pull the chart
-
-This step is required if you're installing the chart using its sources. It also manages the custom resource definitions (CRDs) which NGINX Ingress Controller requires, and for upgrading or deleting the CRDs.
-
-1. Pull the chart sources:
-
-    ```shell
-    helm pull oci://ghcr.io/nginx/charts/nginx-ingress --untar --version {{< nic-helm-version >}}
-    ```
-
-2. Change your working directory to nginx-ingress:
+## Install the Helm chart from source
 
-    ```shell
-    cd nginx-ingress
-    ```
+This section covers the steps involved with installing the Helm chart from the source, instead of using the registry.
 
-### Install the chart
+It also manages required the custom resource definitions (CRDs) for NGINX Ingress Controller.
 
-To install the chart with the release name my-release (my-release is the name that you choose):
-
-- For NGINX:
-
-    ```shell
-    helm install my-release .
-    ```
-
-- For NGINX Plus:
-
-    ```shell
-    helm install my-release -f values-plus.yaml .
-    ```
-
-The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
-
-### Upgrade the chart
-
-Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrade the CRDs](#upgrade-the-crds).
-
-To upgrade the release `my-release`:
+Pull the chart sources, which are also required for upgrading or deleting the CRDs:
 
 ```shell
-helm upgrade my-release .
+helm pull oci://ghcr.io/nginx/charts/nginx-ingress --untar --version {{< nic-helm-version >}}
 ```
 
-### Uninstall the chart
-
-To uninstall/delete the release `my-release`:
+Change your working directory to nginx-ingress:
 
 ```shell
-helm uninstall my-release
+cd nginx-ingress
 ```
 
-The command removes all the Kubernetes components associated with the release and deletes the release.
-
-Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstall the CRDs](#uninstall-the-crds).
+Install the chart with the release name _my-release_ (Which you can customize):
 
-## Upgrade without downtime
+{{< tabs name="source-chart-versions" >}}
 
-### Background
+{{% tab name="NGINX Open Source" %}}
 
-In NGINX Ingress Controller version 3.1.0, [changes were introduced](https://github.com/nginx/kubernetes-ingress/pull/3606) to Helm resource names, labels and annotations to fit with Helm best practices.
-When using Helm to upgrade from a version prior to 3.1.0, certain resources like Deployment, DaemonSet and Service will be recreated due to the aforementioned changes, which will result in downtime.
-
-Although the advisory is to update all resources in accordance with new naming convention, to avoid downtime follow the steps listed below.
-
-### Upgrade steps
-
-{{< call-out "note" >}} The following steps apply to both 2.x and 3.0.x releases.  {{</ call-out >}}
-
-The steps you should follow depend on the Helm release name:
-
-{{<tabs name="upgrade-helm">}}
-
-{{%tab name="Helm release name is `nginx-ingress`"%}}
-
-1. Use `kubectl describe` on deployment/daemonset to get the `Selector` value:
-
-    ```shell
-    kubectl describe deployments -n <namespace>
-    ```
-
-   Copy the key=value under `Selector`, such as:
-
-    ```shell
-    Selector: app=nginx-ingress-nginx-ingress
-    ```
-
-2. Checkout the latest available tag using `git checkout v{{< nic-version >}}`
-
-3. Navigate to `/kubernetes-ingress/charts/nginx-ingress`
-
-4. Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernetes-ingress/charts/nginx-ingress` with the copied `Selector` value.
-    ```shell
-    selectorLabels: {app: nginx-ingress-nginx-ingress}
-    ```
-
-5. Run `helm upgrade` with following arguments set:
-    ```shell
-    --set serviceNameOverride="nginx-ingress-nginx-ingress"
-    --set controller.name=""
-    --set fullnameOverride="nginx-ingress-nginx-ingress"
-    ```
-   It could look as follows:
-
-    ```shell
-    helm upgrade nginx-ingress oci://ghcr.io/nginx/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="nginx-ingress-nginx-ingress" --set controller.name="" --set fullnameOverride="nginx-ingress-nginx-ingress" -f values.yaml
-    ```
-
-6. Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by reviewing its events:
-    ```shell
-        Type    Reason             Age    From                   Message
-    ----    ------             ----   ----                   -------
-    Normal  ScalingReplicaSet  9m11s  deployment-controller  Scaled up replica set nginx-ingress-nginx-ingress-<old_version> to 1
-    Normal  ScalingReplicaSet  101s   deployment-controller  Scaled up replica set nginx-ingress-nginx-ingress-<new_version> to 1
-    Normal  ScalingReplicaSet  98s    deployment-controller  Scaled down replica set nginx-ingress-nginx-ingress-<old_version> to 0 from 1
-    ```
-{{%/tab%}}
-
-{{%tab name="Helm release name is not `nginx-ingress`"%}}
-
-1. Use `kubectl describe` on deployment/daemonset to get the `Selector` value:
-
-    ```shell
-    kubectl describe deployment/daemonset -n <namespace>
-    ```
-
-   Copy the key=value under ```Selector```, such as:
-
-    ```shell
-    Selector: app=<helm_release_name>-nginx-ingress
-    ```
-
-2. Checkout the latest available tag using `git checkout v{{< nic-version >}}`
-
-3. Navigate to `/kubernetes-ingress/charts/nginx-ingress`
-
-4. Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernetes-ingress/charts/nginx-ingress` with the copied `Selector` value.
-
-    ```shell
-    selectorLabels: {app: <helm_release_name>-nginx-ingress}
-    ```
+```shell
+helm install my-release . 
+```
 
-5. Run `helm upgrade` with following arguments set:
+{{% /tab %}}
 
-    ```shell
-    --set serviceNameOverride="<helm_release_name>-nginx-ingress"
-    --set controller.name=""
-    ```
+{{% tab name="NGINX Plus" %}}
 
-   It could look as follows:
+```shell
+helm install my-release . --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
+```
 
-    ```shell
-    helm upgrade test-release oci://ghcr.io/nginx/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="test-release-nginx-ingress" --set controller.name="" -f values.yaml
-    ```
+{{% /tab %}}
 
-6. Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by reviewing its events:
+{{< /tabs >}}
 
-    ```shell
-        Type    Reason             Age    From                   Message
-    ----    ------             ----   ----                   -------
-    Normal  ScalingReplicaSet  9m11s  deployment-controller  Scaled up replica set test-release-nginx-ingress-<old_version> to 1
-    Normal  ScalingReplicaSet  101s   deployment-controller  Scaled up replica set test-release-nginx-ingress-<new_version> to 1
-    Normal  ScalingReplicaSet  98s    deployment-controller  Scaled down replica set test-release-nginx-ingress-<old_version> to 0 from 1
-    ```
+## Custom Resource Definitions
 
-{{%/tab%}}
+When installing the NGINX Ingress Controller chart, Helm will also install the required custom resource definitions (CRDs).
 
-{{</tabs>}}
+If the CRDs are not installed, NGINX Ingress Controller pods will not become _Ready_.
 
+If you do not use the custom resources that require those CRDs (With `controller.enableCustomResources`, `controller.appprotect.enable` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` in your _helm install_ command.
 
-## Run multiple NGINX Ingress Controllers
+{{< call-out "caution" "Running multiple NGINX Ingress Controller instances">}}
 
-If you are running NGINX Ingress Controller releases in your cluster with custom resources enabled, the releases will share a single version of the CRDs.
+If you are running multiple NGINX Ingress Controller releases in your cluster with custom resources enabled, the releases will share a single version of the CRDs.
 
 Ensure the NGINX Ingress Controller versions match the version of the CRDs. When uninstalling a release, ensure that you don’t remove the CRDs until there are no other NGINX Ingress Controller releases running in the cluster.
 
 The [Run multiple NGINX Ingress Controllers]({{< ref "/nic/installation/run-multiple-ingress-controllers.md" >}}) topic has more details.
 
-## Configuration
+{{< /call-out >}}
+
+## Helm chart parameters
 
 The following tables lists the configurable parameters of the NGINX Ingress Controller chart and their default values.
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
+{{< table >}}
 |Parameter | Description | Default |
 | --- | --- | --- |
-| **controller.name** | The name of the Ingress Controller daemonset or deployment. | Autogenerated |
-| **controller.kind** | The kind of the Ingress Controller installation - deployment or daemonset. | deployment |
+| **controller.name** | The name of the NGINX Ingress Controller daemonset or deployment. | Autogenerated |
+| **controller.kind** | The kind of the NGINX Ingress Controller installation - deployment or daemonset. | deployment |
 | **controller.annotations** | Allows for setting of `annotations` for deployment or daemonset. | {} |
-| **controller.nginxplus** | Deploys the Ingress Controller for NGINX Plus. | false |
+| **controller.nginxplus** | Deploys the NGINX Ingress Controller for NGINX Plus. | false |
 | **controller.mgmt.licenseTokenSecretName** | Configures the secret used in the [license_token](https://nginx.org/en/docs/ngx_mgmt_module.html#license_token) directive. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.com/license` with the base64 encoded JWT in the `license.jwt` key. | license-token |
 | **controller.mgmt.enforceInitialReport** | Configures the [enforce_initial_report](https://nginx.org/en/docs/ngx_mgmt_module.html#enforce_initial_report) directive, which enables or disables the 180-day grace period for sending the initial usage report. | false |
 | **controller.mgmt.usageReport.endpoint** | Configures the endpoint of the [usage_report](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive. This is used to configure the endpoint NGINX uses to send usage reports to NIM. | product.connect.nginx.com |
-| **controller.mgmt.usageReport.interval** | Configures the interval of the [usage_report](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive. This specifies the frequency that usage reports are sent. This field takes an [NGINX time](https://nginx.org/en/docs/syntax.html). | 1h |
+| **controller.mgmt.usageReport.interval** | Configures the interval of the [usage_report](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive. This specifies the frequency that usage reports are sent. Only seconds(s), minutes(m), and hours(h) are allowed and must be between 60s and 24h. | 1h |
 | **controller.mgmt.usageReport.proxyHost** | Configures the host name of the [proxy](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy) directive with optional port. | N/A |
 | **controller.mgmt.usageReport.proxyCredentialsSecretName** | Configures the [proxy_username](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy_username) directive as well as the [proxy_password](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy_password) directive using a Kubernetes Opaque Secret. The Secret must contain `username` and `password` fields. | N/A |
 | **controller.mgmt.sslVerify** | Configures the [ssl_verify](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_verify) directive, which enables or disables verification of the usage reporting endpoint certificate.  | true |
@@ -318,9 +146,9 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.mgmt.sslCertificateSecretName** | Configures the secret used to create the `ssl_certificate` and `ssl_certificate_key` directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `kubernetes.io/tls` | N/A |
 | **controller.mgmt.sslTrustedCertificateSecretName** | Configures the secret used to create the file(s) referenced the in [ssl_trusted_certifcate](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_trusted_certificate), and [ssl_crl](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_crl) directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.org/ca`, where the `ca.crt` key contains a base64 encoded trusted cert, and the optional `ca.crl` key can contain a base64 encoded CRL. If the optional `ca.crl` key is supplied, it will configure the NGINX `ssl_crl` directive. | N/A |
 | **controller.mgmt.configMapName** | Allows changing the name of the MGMT config map. The name should not include a namespace| Autogenerated |
-| **controller.nginxReloadTimeout** | The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000 |
-| **controller.hostNetwork** | Enables the Ingress Controller pods to use the host's network namespace. | false |
-| **controller.dnsPolicy** | DNS policy for the Ingress Controller pods. | ClusterFirst |
+| **controller.nginxReloadTimeout** | The timeout in milliseconds which the NGINX Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000 |
+| **controller.hostNetwork** | Enables the NGINX Ingress Controller pods to use the host's network namespace. | false |
+| **controller.dnsPolicy** | DNS policy for the NGINX Ingress Controller pods. | ClusterFirst |
 | **controller.nginxDebug** | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false |
 | **controller.logLevel** | The log level of the Ingress Controller. | info |
 | **controller.logFormat** | The log format of the Ingress Controller. | glog |
@@ -330,7 +158,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.image.tag** | The tag of the Ingress Controller image. | {{< nic-version >}} |
 | **controller.image.pullPolicy** | The pull policy for the Ingress Controller image. | IfNotPresent |
 | **controller.lifecycle** | The lifecycle of the Ingress Controller pods. | {} |
-| **controller.customConfigMap** | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" |
+| **controller.customConfigMap** | The name of the custom ConfigMap used by the NGINX Ingress Controller. If set, then the default config is ignored. | "" |
 | **controller.config.name** | The name of the ConfigMap used by the Ingress Controller. | Autogenerated |
 | **controller.config.annotations** | The annotations of the Ingress Controller configmap. | {} |
 | **controller.config.entries** | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs]({{< ref "/nic/configuration/global-configuration/configmap-resource.md" >}}) for the list of supported ConfigMap keys. | {} |
@@ -341,28 +169,28 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.wildcardTLS.cert** | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |
 | **controller.wildcardTLS.key** | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |
 | **controller.wildcardTLS.secret** | The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. The value must follow the following format: `<namespace>/<name>`. Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. | None |
-| **controller.nodeSelector** | The node selector for pod assignment for the Ingress Controller pods. | {} |
-| **controller.terminationGracePeriodSeconds** | The termination grace period of the Ingress Controller pod. | 30 |
-| **controller.tolerations** | The tolerations of the Ingress Controller pods. | [] |
-| **controller.affinity** | The affinity of the Ingress Controller pods. | {} |
-| **controller.topologySpreadConstraints** | The topology spread constraints of the Ingress controller pods. | {} |
-| **controller.env** | The additional environment variables to be set on the Ingress Controller pods. | [] |
-| **controller.volumes** | The volumes of the Ingress Controller pods. | [] |
-| **controller.volumeMounts** | The volumeMounts of the Ingress Controller pods. | [] |
-| **controller.initContainers** | InitContainers for the Ingress Controller pods. | [] |
-| **controller.extraContainers** | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] |
+| **controller.nodeSelector** | The node selector for pod assignment for the NGINX Ingress Controller pods. | {} |
+| **controller.terminationGracePeriodSeconds** | The termination grace period of the NGINX Ingress Controller pod. | 30 |
+| **controller.tolerations** | The tolerations of the NGINX Ingress Controller pods. | [] |
+| **controller.affinity** | The affinity of the NGINX Ingress Controller pods. | {} |
+| **controller.topologySpreadConstraints** | The topology spread constraints of the NGINX Ingress Controller pods. | {} |
+| **controller.env** | The additional environment variables to be set on the NGINX Ingress Controller pods. | [] |
+| **controller.volumes** | The volumes of the NGINX Ingress Controller pods. | [] |
+| **controller.volumeMounts** | The volumeMounts of the NGINX Ingress Controller pods. | [] |
+| **controller.initContainers** | InitContainers for the NGINX Ingress Controller pods. | [] |
+| **controller.extraContainers** | Extra (eg. sidecar) containers for the NGINX Ingress Controller pods. | [] |
 | **controller.podSecurityContext**| The SecurityContext for Ingress Controller pods. | "seccompProfile": {"type": "RuntimeDefault"} |
 | **controller.securityContext** | The SecurityContext for Ingress Controller container. | {} |
 | **controller.initContainerSecurityContext** | The SecurityContext for Ingress Controller init container when `readOnlyRootFilesystem` is enabled by either setting `controller.securityContext.readOnlyRootFilesystem` or `controller.readOnlyRootFilesystem`to `true`. | {} |
-| **controller.resources** | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi |
+| **controller.resources** | The resources of the NGINX Ingress Controller pods. | requests: cpu=100m,memory=128Mi |
 | **controller.initContainerResources** | The resources of the init container which is used when `readOnlyRootFilesystem` is enabled by either setting `controller.securityContext.readOnlyRootFilesystem` or `controller.readOnlyRootFilesystem`to `true`. | requests: cpu=100m,memory=128Mi |
-| **controller.replicaCount** | The number of replicas of the Ingress Controller deployment. | 1 |
-| **controller.ingressClass.name** | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx |
+| **controller.replicaCount** | The number of replicas of the NGINX Ingress Controller deployment. | 1 |
+| **controller.ingressClass.name** | A class of the NGINX Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the NGINX Ingress Controller will fail to start. the NGINX Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. the NGINX Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx |
 | **controller.ingressClass.create** | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than {{< nic-version >}}, do not set the value to false. | true |
 | **controller.ingressClass.setAsDefaultIngress** | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass.name`. Requires `controller.ingressClass.create`.  | false |
-| **controller.watchNamespace** | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" |
-| **controller.watchNamespaceLabel** | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" |
-| **controller.watchSecretNamespace** | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources, see `controller.watchNamespace` and `controller.watchNamespaceLabel`. All namespaces included with this argument must be part of either `controller.watchNamespace` or  `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" |
+| **controller.watchNamespace** | Comma separated list of namespaces the NGINX Ingress Controller should watch for resources. By default the NGINX Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" |
+| **controller.watchNamespaceLabel** | Configures the NGINX Ingress Controller to watch only those namespaces with label foo=bar. By default the NGINX Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" |
+| **controller.watchSecretNamespace** | Comma separated list of namespaces the NGINX Ingress Controller should watch for resources of type Secret. If this arg is not configured, the NGINX Ingress Controller watches the same namespaces for all resources, see `controller.watchNamespace` and `controller.watchNamespaceLabel`. All namespaces included with this argument must be part of either `controller.watchNamespace` or  `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" |
 | **controller.enableCustomResources** | Enable the custom resources. | true |
 | **controller.enableOIDC** | Enable OIDC policies. | false |
 | **controller.enableTLSPassthrough** | Enable TLS Passthrough on default port 443. Requires `controller.enableCustomResources`. | false |
@@ -370,46 +198,46 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.enableCertManager** | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false |
 | **controller.enableExternalDNS** | Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Requires `controller.enableCustomResources`. | false |
 | **controller.globalConfiguration.create** | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false |
-| **controller.globalConfiguration.spec** | The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. | {} |
+| **controller.globalConfiguration.spec** | The spec of the GlobalConfiguration for defining the global configuration parameters of the NGINX Ingress Controller. | {} |
 | **controller.enableSnippets** | Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. | false |
-| **controller.healthStatus** | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress Controller. | false |
+| **controller.healthStatus** | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the NGINX Ingress Controller. | false |
 | **controller.healthStatusURI** | Sets the URI of health status location in the default server. Requires `controller.healthStatus`. | "/nginx-health" |
 | **controller.nginxStatus.enable** | Enable the NGINX stub_status, or the NGINX Plus API. | true |
 | **controller.nginxStatus.port** | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 |
 | **controller.nginxStatus.allowCidrs** | Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1,::1 |
-| **controller.priorityClassName** | The PriorityClass of the Ingress Controller pods. | None |
-| **controller.service.create** | Creates a service to expose the Ingress Controller pods. | true |
-| **controller.service.type** | The type of service to create for the Ingress Controller. | LoadBalancer |
+| **controller.priorityClassName** | The PriorityClass of the NGINX Ingress Controller pods. | None |
+| **controller.service.create** | Creates a service to expose the NGINX Ingress Controller pods. | true |
+| **controller.service.type** | The type of service to create for the NGINX Ingress Controller. | LoadBalancer |
 | **controller.service.externalTrafficPolicy** | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local |
-| **controller.service.annotations** | The annotations of the Ingress Controller service. | {} |
+| **controller.service.annotations** | The annotations of the NGINX Ingress Controller service. | {} |
 | **controller.service.extraLabels** | The extra labels of the service. | {} |
 | **controller.service.loadBalancerIP** | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | "" |
-| **controller.service.externalIPs** | The list of external IPs for the Ingress Controller service. | [] |
-| **controller.service.clusterIP** | The clusterIP for the Ingress Controller service, autoassigned if not specified. | "" |
+| **controller.service.externalIPs** | The list of external IPs for the NGINX Ingress Controller service. | [] |
+| **controller.service.clusterIP** | The clusterIP for the NGINX Ingress Controller service, autoassigned if not specified. | "" |
 | **controller.service.loadBalancerSourceRanges** | The IP ranges (CIDR) that are allowed to access the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | [] |
 | **controller.service.name** | The name of the service. | Autogenerated |
-| **controller.service.customPorts** | A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. | [] |
-| **controller.service.httpPort.enable** | Enables the HTTP port for the Ingress Controller service. | true |
-| **controller.service.httpPort.port** | The HTTP port of the Ingress Controller service. | 80 |
+| **controller.service.customPorts** | A list of custom ports to expose through the NGINX Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. | [] |
+| **controller.service.httpPort.enable** | Enables the HTTP port for the NGINX Ingress Controller service. | true |
+| **controller.service.httpPort.port** | The HTTP port of the NGINX Ingress Controller service. | 80 |
 | **controller.service.httpPort.nodePort** | The custom NodePort for the HTTP port. Requires `controller.service.type` set to `NodePort`. | "" |
-| **controller.service.httpPort.targetPort** | The target port of the HTTP port of the Ingress Controller service. | 80 |
-| **controller.service.httpsPort.enable** | Enables the HTTPS port for the Ingress Controller service. | true |
-| **controller.service.httpsPort.port** | The HTTPS port of the Ingress Controller service. | 443 |
+| **controller.service.httpPort.targetPort** | The target port of the HTTP port of the NGINX Ingress Controller service. | 80 |
+| **controller.service.httpsPort.enable** | Enables the HTTPS port for the NGINX Ingress Controller service. | true |
+| **controller.service.httpsPort.port** | The HTTPS port of the NGINX Ingress Controller service. | 443 |
 | **controller.service.httpsPort.nodePort** | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`. | "" |
-| **controller.service.httpsPort.targetPort** | The target port of the HTTPS port of the Ingress Controller service. | 443 |
-| **controller.serviceAccount.annotations** | The annotations of the Ingress Controller service account. | {} |
-| **controller.serviceAccount.name** | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated |
+| **controller.service.httpsPort.targetPort** | The target port of the HTTPS port of the NGINX Ingress Controller service. | 443 |
+| **controller.serviceAccount.annotations** | The annotations of the NGINX Ingress Controller service account. | {} |
+| **controller.serviceAccount.name** | The name of the service account of the NGINX Ingress Controller pods. Used for RBAC. | Autogenerated |
 | **controller.serviceAccount.imagePullSecretName** | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | "" |
 | **controller.serviceAccount.imagePullSecretsNames** | The list of secret names containing docker registry credentials. Secret must exist in the same namespace as the helm release. | [] |
-| **controller.reportIngressStatus.enable** | Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true |
-| **controller.reportIngressStatus.externalService** | Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated |
-| **controller.reportIngressStatus.ingressLink** | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | "" |
+| **controller.reportIngressStatus.enable** | Updates the address field in the status of Ingress resources with an external address of the NGINX Ingress Controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true |
+| **controller.reportIngressStatus.externalService** | Specifies the name of the service with the type LoadBalancer through which the NGINX Ingress Controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated |
+| **controller.reportIngressStatus.ingressLink** | Specifies the name of the IngressLink resource, which exposes the NGINX Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | "" |
 | **controller.reportIngressStatus.enableLeaderElection** | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true |
 | **controller.reportIngressStatus.leaderElectionLockName** | Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. | Autogenerated |
 | **controller.reportIngressStatus.annotations** | The annotations of the leader election configmap. | {} |
-| **controller.pod.annotations** | The annotations of the Ingress Controller pod. | {} |
-| **controller.pod.extraLabels** | The additional extra labels of the Ingress Controller pod. | {} |
-| **controller.appprotect.enable** | Enables the App Protect WAF module in the Ingress Controller. | false |
+| **controller.pod.annotations** | The annotations of the NGINX Ingress Controller pod. | {} |
+| **controller.pod.extraLabels** | The additional extra labels of the NGINX Ingress Controller pod. | {} |
+| **controller.appprotect.enable** | Enables the App Protect WAF module in the NGINX Ingress Controller. | false |
 | **controller.appprotect.v5** | Enables App Protect WAF v5. | false |
 | **controller.appprotect.volumes** | Volumes for App Protect WAF v5. | [{"name": "app-protect-bd-config", "emptyDir": {}},{"name": "app-protect-config", "emptyDir": {}},{"name": "app-protect-bundles", "emptyDir": {}}] |
 | **controller.appprotect.enforcer.host** | Host that the App Protect WAF v5 Enforcer runs on. | "127.0.0.1" |
@@ -424,15 +252,15 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.appprotect.configManager.image.digest** | The digest of the App Protect WAF v5 Configuration Manager. Takes precedence over tag if set. | "" |
 | **controller.appprotect.configManager.image.pullPolicy** | The pull policy for the App Protect WAF v5 Configuration Manager image. | IfNotPresent |
 | **controller.appprotect.configManager.securityContext** | The security context for App Protect WAF v5 Configuration Manager container. | {"allowPrivilegeEscalation":false,"runAsUser":101,"runAsNonRoot":true,"capabilities":{"drop":["all"]}} |
-| **controller.appprotectdos.enable** | Enables the App Protect DoS module in the Ingress Controller. | false |
-| **controller.appprotectdos.enable** | Enables the App Protect DoS module in the Ingress Controller. | false |
+| **controller.appprotectdos.enable** | Enables the App Protect DoS module in the NGINX Ingress Controller. | false |
+| **controller.appprotectdos.enable** | Enables the App Protect DoS module in the NGINX Ingress Controller. | false |
 | **controller.appprotectdos.debug** | Enable debugging for App Protect DoS. | false |
 | **controller.appprotectdos.maxDaemons** | Max number of ADMD instances. | 1 |
 | **controller.appprotectdos.maxWorkers** | Max number of nginx processes to support. | Number of CPU cores in the machine |
 | **controller.appprotectdos.memory** | RAM memory size to consume in MB. | 50% of free RAM in the container or 80MB, the smaller |
-| **controller.readyStatus.enable** | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true |
+| **controller.readyStatus.enable** | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the NGINX Ingress Controller pods that uses the readiness endpoint. | true |
 | **controller.readyStatus.port** | The HTTP port for the readiness endpoint. | 8081 |
-| **controller.readyStatus.initialDelaySeconds** | The number of seconds after the Ingress Controller pod has started before readiness probes are initiated. | 0 |
+| **controller.readyStatus.initialDelaySeconds** | The number of seconds after the NGINX Ingress Controller pod has started before readiness probes are initiated. | 0 |
 | **controller.startupStatus.enable** | Enables the startup probe for the Ingress Controller. | false |
 | **controller.startupStatus.port** | The port where the startup endpoint is exposed. This is a required field if `controller.startupStatus.enable` is set to true. | N/A |
 | **controller.startupStatus.path** | The path to the startup endpoint. This is a required field if `controller.startupStatus.enable` is set to true. | N/A |
@@ -444,14 +272,14 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.enableLatencyMetrics** | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false |
 | **controller.minReadySeconds** | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0 |
 | **controller.autoscaling.enabled** | Enables HorizontalPodAutoscaling. | false |
-| **controller.autoscaling.annotations** | The annotations of the Ingress Controller HorizontalPodAutoscaler. | {} |
+| **controller.autoscaling.annotations** | The annotations of the NGINX Ingress Controller HorizontalPodAutoscaler. | {} |
 | **controller.autoscaling.behavior** | Behavior configuration for the HPA. | {} |
 | **controller.autoscaling.minReplicas** | Minimum number of replicas for the HPA. | 1 |
 | **controller.autoscaling.maxReplicas** | Maximum number of replicas for the HPA. | 3 |
 | **controller.autoscaling.targetCPUUtilizationPercentage** | The target CPU utilization percentage. | 50 |
 | **controller.autoscaling.targetMemoryUtilizationPercentage** | The target memory utilization percentage. | 50 |
 | **controller.podDisruptionBudget.enabled** | Enables PodDisruptionBudget. | false |
-| **controller.podDisruptionBudget.annotations** | The annotations of the Ingress Controller pod disruption budget | {} |
+| **controller.podDisruptionBudget.annotations** | The annotations of the NGINX Ingress Controller pod disruption budget | {} |
 | **controller.podDisruptionBudget.minAvailable** | The number of Ingress Controller pods that should be available. This is a mutually exclusive setting with "maxUnavailable". | 0 |
 | **controller.podDisruptionBudget.maxUnavailable** | The number of Ingress Controller pods that can be unavailable. This is a mutually exclusive setting with "minAvailable". | 0 |
 | **controller.strategy** | Specifies the strategy used to replace old Pods with new ones. Docs for [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) and [Daemonset update strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) | {} |
@@ -480,20 +308,50 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **serviceInsight.secret** | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Service Insight endpoint with TLS connections. | "" |
 | **serviceNameOverride** | Used to prevent cloud load balancers from being replaced due to service name change during helm upgrades. | "" |
 | **nginxServiceMesh.enable** | Enable integration with NGINX Service Mesh. See the NGINX Service Mesh docs for more details. Requires `controller.nginxplus`. | false |
-| **nginxServiceMesh.enableEgress** | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh docs for more details. Requires `nginxServiceMesh.enable`. | false |
-|**nginxAgent.enable** | Enable NGINX Agent to integrate the Security Monitoring and App Protect WAF modules. Requires `controller.appprotect.enable`. | false |
-|**nginxAgent.instanceGroup** | Set a custom Instance Group name for the deployment, shown when connected to NGINX Instance Manager. `nginx-ingress.controller.fullname` will be used if not set. | "" |
-|**nginxAgent.logLevel** | Log level for NGINX Agent. | "error |
-|**nginxAgent.instanceManager.host** | FQDN or IP for connecting to NGINX Ingress Controller. Required when `nginxAgent.enable` is set to `true` | "" |
-|**nginxAgent.instanceManager.grpcPort** | Port for connecting to NGINX Ingress Controller. | 443 |
-|**nginxAgent.instanceManager.sni** | Server Name Indication for Instance Manager. See the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. | "" |
-|**nginxAgent.instanceManager.tls.enable** | Enable TLS for Instance Manager connection. | true |
-|**nginxAgent.instanceManager.tls.skipVerify** | Skip certification verification for Instance Manager connection. | false |
-|**nginxAgent.instanceManager.tls.caSecret** | Name of `nginx.org/ca` secret used for verification of Instance Manager TLS. | "" |
-|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs]({{< ref "/nim/system-configuration/secure-traffic.md#mutual-client-certificate-authentication-setup-mtls" >}}) and the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. | "" |
-|**nginxAgent.syslog.host** | Address for NGINX Agent to run syslog listener. | 127.0.0.1 |
-|**nginxAgent.syslog.port** | Port for NGINX Agent to run syslog listener. | 1514 |
-|**nginxAgent.napMonitoring.collectorBufferSize** | Buffer size for collector. Will contain log lines and parsed log lines. | 50000 |
-|**nginxAgent.napMonitoring.processorBufferSize** | Buffer size for processor. Will contain log lines and parsed log lines. | 50000 |
-|**nginxAgent.customConfigMap** | The name of a custom ConfigMap to use instead of the one provided by default. | "" |
-{{</bootstrap-table>}}
+| **nginxServiceMesh.enableEgress** | Enable NGINX Service Mesh workloads to route egress traffic through the NGINX Ingress Controller. See the NGINX Service Mesh docs for more details. Requires `nginxServiceMesh.enable`. | false |
+|**nginxAgent.enable** | Enable NGINX Agent 3.x to allow [connecting to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}) or to integrate NGINX Agent 2.x for [Security Monitoring]({{< ref "/nic/tutorials/security-monitoring.md" >}}) . | false |
+|**nginxAgent.logLevel** | Log level for NGINX Agent. | "error" |
+|**nginxAgent.dataplaneKeySecretName** | Name of the Kubernetes Secret containing the Data Plane key used to authenticate to NGINX One Console. Learn more [here]({{< ref "/nginx-one/k8s/add-nic.md" >}}). Required when `nginxAgent.enable` is set to `true`. Requires NGINX Agent 3.x. | "" |
+|**nginxAgent.endpointHost** | Domain or IP address for the NGINX One Console. Requires NGINX Agent 3.x. | "agent.connect.nginx.com" |
+|**nginxAgent.endpointPort** | Port for the NGINX One Console endpoint. Requires NGINX Agent 3.x. | 443 |
+|**nginxAgent.tlsSkipVerify** | Skip TLS verification for the NGINX One Console endpoint. Requires NGINX Agent 3.x. | false |
+|**nginxAgent.instanceGroup** | Set a custom Instance Group name for the deployment, shown when connected to NGINX Instance Manager. `nginx-ingress.controller.fullname` will be used if not set. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.host** | FQDN or IP for connecting to NGINX Ingress Controller. Required when `nginxAgent.enable` is set to `true`. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.grpcPort** | Port for connecting to NGINX Ingress Controller. Requires NGINX Agent 2.x. | 443 |
+|**nginxAgent.instanceManager.sni** | Server Name Indication for Instance Manager. See the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.tls.enable** | Enable TLS for Instance Manager connection. Requires NGINX Agent 2.x. | true |
+|**nginxAgent.instanceManager.tls.skipVerify** | Skip certification verification for Instance Manager connection. Requires NGINX Agent 2.x. | false |
+|**nginxAgent.instanceManager.tls.caSecret** | Name of `nginx.org/ca` secret used for verification of Instance Manager TLS. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.instanceManager.tls.secret** | Name of `kubernetes.io/tls` secret with a TLS certificate and key for using mTLS between NGINX Agent and Instance Manager. See the NGINX Instance Manager [docs]({{< ref "/nim/system-configuration/secure-traffic.md#mutual-client-certificate-authentication-setup-mtls" >}}) and the NGINX Agent [docs]({{< ref "/agent/configuration/encrypt-communication.md" >}}) for more details. Requires NGINX Agent 2.x. | "" |
+|**nginxAgent.syslog.host** | Address for NGINX Agent to run syslog listener. Requires NGINX Agent 2.x. | 127.0.0.1 |
+|**nginxAgent.syslog.port** | Port for NGINX Agent to run syslog listener. Requires NGINX Agent 2.x. | 1514 |
+|**nginxAgent.napMonitoring.collectorBufferSize** | Buffer size for collector. Will contain log lines and parsed log lines. Requires NGINX Agent 2.x. | 50000 |
+|**nginxAgent.napMonitoring.processorBufferSize** | Buffer size for processor. Will contain log lines and parsed log lines. Requires NGINX Agent 2.x. | 50000 |
+|**nginxAgent.customConfigMap** | The name of a custom ConfigMap to use instead of the one provided by default. Requires NGINX Agent 2.x.| "" |
+{{< /table >}}
+
+## Uninstall NGINX Ingress Controller
+
+To uninstall NGINX Ingress Controller, you must first remove the chart.
+
+To remove a release named _my-release_, use the following command:
+
+```shell
+helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the release and deletes the release.
+
+Uninstalling the release does not remove the CRDs. To do so, first pull the chart sources:
+
+```shell
+helm pull oci://ghcr.io/nginx/charts/nginx-ingress --untar --version {{< nic-helm-version >}}
+```
+
+Then use _kubectl_ to delete the CRDs:
+
+```shell
+kubectl delete -f crds/
+```
+
+{{< call-out "warning" >}} This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other NGINX Ingress Controller instances running in the cluster. {{< /call-out >}}
\ No newline at end of file
diff --git a/content/nic/installation/installing-nic/installation-with-manifests.md b/content/nic/installation/installing-nic/installation-with-manifests.md
index 2f44611f6..8df8e0a53 100644
--- a/content/nic/installation/installing-nic/installation-with-manifests.md
+++ b/content/nic/installation/installing-nic/installation-with-manifests.md
@@ -2,27 +2,27 @@
 title: Installation with Manifests
 toc: true
 weight: 200
-type: how-to
-product: NIC
+nd-content-type: how-to
+nd-product: NIC
 nd-docs: DOCS-603
 ---
 
 This guide explains how to use Manifests to install F5 NGINX Ingress Controller, then create both common and custom resources and set up role-based access control.
 
-## Before you start
+## Before you begin
 
 If you are using NGINX Plus, get the NGINX Ingress Controller JWT and [create a license secret]({{< ref "/nic/installation/create-license-secret.md" >}}).
 
 ### Get the NGINX Controller Image
 
-{{< note >}} Always use the latest stable release listed on the [releases page]({{< ref "/nic/releases.md" >}}). {{< /note >}}
+{{< call-out "note" >}} Always use the latest stable release listed on the [releases page]({{< ref "/nic/releases.md" >}}). {{< /call-out >}}
 
 Choose one of the following methods to get the NGINX Ingress Controller image:
 
 - **NGINX Ingress Controller**: Download the image `nginx/nginx-ingress` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress).
 - **NGINX Plus Ingress Controller**: You have two options for this, both requiring an NGINX Ingress Controller subscription.
-  - Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-  - The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
+- - [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) topic.
+- - [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}})
 - **Build your own image**: To build your own image, follow the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) topic.
 
 ### Clone the repository
@@ -90,7 +90,7 @@ There are optional CRDs that are necessary if you want to use NGINX App Protect
 
 **NGINX App Protect WAF**
 
-{{<  note >}} This step can be skipped if you are using App Protect WAF module with policy bundles. {{<  /note >}}
+{{< call-out "note" >}} This step can be skipped if you are using App Protect WAF module with policy bundles. {{< /call-out >}}
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{< nic-version >}}/deploy/crds-nap-waf.yaml
@@ -108,7 +108,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{<
 
 **NGINX App Protect WAF**
 
-{{<  note >}} This step can be skipped if you are using App Protect WAF module with policy bundles. {{<  /note >}}
+{{< call-out "note" >}} This step can be skipped if you are using App Protect WAF module with policy bundles. {{< /call-out >}}
 
 ```shell
 kubectl apply -f config/crd/bases/appprotect.f5.com_aplogconfs.yaml
@@ -209,7 +209,7 @@ For more information about the _LoadBalancer_ service, refer to the [Kubernetes
          kubectl apply -f deployments/common/nginx-config.yaml
          ```
 
-    {{<note>}}AWS users have more customization options for their load balancers. These include choosing the load balancer type and configuring SSL termination. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. {{</note>}}
+    {{< call-out "note" >}}AWS users have more customization options for their load balancers. These include choosing the load balancer type and configuring SSL termination. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. {{< /call-out >}}
 
 3. To access NGINX Ingress Controller, get the public IP of your load balancer.
 
@@ -241,7 +241,7 @@ Connect to ports 80 and 443 using the IP address of any node in the cluster wher
 
 ## Uninstall NGINX Ingress Controller
 
-{{<warning>}}Proceed with caution when performing these steps, as they will remove NGINX Ingress Controller and all related resources, potentially affecting your running services.{{</warning>}}
+{{< call-out "warning" >}}Proceed with caution when performing these steps, as they will remove NGINX Ingress Controller and all related resources, potentially affecting your running services.{{< /call-out >}}
 
 1. **Delete the nginx-ingress namespace**: To remove NGINX Ingress Controller and all auxiliary resources, run:
 
diff --git a/content/nic/installation/installing-nic/installation-with-operator.md b/content/nic/installation/installing-nic/installation-with-operator.md
index 459d7cfd1..e6100ab33 100644
--- a/content/nic/installation/installing-nic/installation-with-operator.md
+++ b/content/nic/installation/installing-nic/installation-with-operator.md
@@ -9,21 +9,21 @@ nd-docs: DOCS-604
 
 This document explains how to install F5 NGINX Ingress Controller using NGINX Ingress Operator.
 
-## Before you start
+## Before you begin
 
 If you're using NGINX Plus, get the NGINX Ingress Controller JWT and [create a license secret]({{< ref "/nic/installation/create-license-secret.md" >}}).
 
-{{< note >}} We recommend the most recent stable version of NGINX Ingress Controller, available on the GitHub repository's [releases page]({{< ref "/nic/releases.md" >}}). {{< /note >}}
+{{< call-out "note" >}} We recommend the most recent stable version of NGINX Ingress Controller, available on the GitHub repository's [releases page]({{< ref "/nic/releases.md" >}}). {{< /call-out >}}
 
 1. Make sure you have access to the NGINX Ingress Controller image:
-    - For NGINX Ingress Controller, use the image `nginx/nginx-ingress` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress).
-    - For NGINX Plus Ingress Controller, view the [Get the F5 Registry NGINX Ingress Controller image]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic for details on how to pull the image from the F5 Docker registry.
-    - The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
-    - The [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) topic explains how to push an image to a private Docker registry.
+- - For NGINX Ingress Controller, use the image `nginx/nginx-ingress` from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress).
+- - For NGINX Plus Ingress Controller, view the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download" >}}) topic for details on how to pull the image from the F5 Docker registry.
+- - The [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topic describes how to use your subscription JWT token to get the image.
+- - The [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) topic explains how to push an image to a private Docker registry.
 1. Install the NGINX Ingress Operator following the [instructions](https://github.com/nginx/nginx-ingress-helm-operator/blob/main/docs/installation.md).
 1. Create the SecurityContextConstraint as outlined in the ["Getting Started" instructions](https://github.com/nginx/nginx-ingress-helm-operator/blob/main/README.md#getting-started).
 
-{{< note >}} If you're upgrading your operator installation to a later release, navigate [here](https://github.com/nginx/nginx-ingress-helm-operator/blob/main/helm-charts/nginx-ingress) and run `kubectl apply -f crds/` or `oc apply -f crds/` as a prerequisite {{< /note >}}
+{{< call-out "note" >}} If you're upgrading your operator installation to a later release, navigate [here](https://github.com/nginx/nginx-ingress-helm-operator/blob/main/helm-charts/nginx-ingress) and run `kubectl apply -f crds/` or `oc apply -f crds/` as a prerequisite {{< /call-out >}}
 
 ## Create the NGINX Ingress Controller manifest
 
@@ -50,7 +50,7 @@ spec:
       imagePullSecretName: ""
 ```
 
-{{< note >}} For NGINX Plus, change the `image.repository` and `image.tag` values and change `nginxPlus` to `True`. If required, set the `serviceAccount.imagePullSecretName` or `serviceAccount.imagePullSecretsNames` to the name of the pre-created docker config secret that should be associated with the ServiceAccount. {{< /note >}}
+{{< call-out "note" >}} For NGINX Plus, change the `image.repository` and `image.tag` values and change `nginxPlus` to `True`. If required, set the `serviceAccount.imagePullSecretName` or `serviceAccount.imagePullSecretsNames` to the name of the pre-created docker config secret that should be associated with the ServiceAccount. {{< /call-out >}}
 
 ## Deploy NGINX Ingress Controller
 
diff --git a/content/nic/installation/installing-nic/upgrade-to-v4.md b/content/nic/installation/installing-nic/upgrade-to-v4.md
deleted file mode 100644
index f63d33fb2..000000000
--- a/content/nic/installation/installing-nic/upgrade-to-v4.md
+++ /dev/null
@@ -1,137 +0,0 @@
----
-title: Upgrade from NGINX Ingress Controller v3.x to v4.0.0
-toc: true
-weight: 400
-nd-content-type: how-to
-nd-product: NIC
-nd-docs: DOCS-1862
----
-
-This document explains how to upgrade F5 NGINX Ingress Controller from version v3.x to v4.0.0.
-
-There are two necessary steps required: updating the `apiVersion` value of custom resources and configuring structured logging.
-
-For NGINX Plus users, there is a third step to create a Secret for your license.
-
-{{< call-out "warning" "This upgrade path is intended for 3.x to 4.0.0 only" >}}
-
-The instructions in this document are intended only for users upgrading from NGINX Ingress Controller 3.x to 4.0.0. Internal changes meant that backwards compability was not possible, requiring extra steps to upgrade.
-
-From NGINX Ingress Controller v4.0.0 onwards, you can upgrade as normal, based on your installation method: [Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md">}}) or [Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md">}}).
-
-{{< /call-out >}}
-
----
-
-## Update custom resource apiVersion
-
-If the Helm chart you have been using is `v2.x`, before upgrading to NGINX Ingress Controller 4.0.0 you must update your GlobalConfiguration, Policy and TransportServer resources from `apiVersion: k8s.nginx.org/v1alpha1` to `apiVersion: k8s.nginx.org/v1`.
-
-If the Helm chart you have been using is `v1.0.2` or earlier (NGINX Ingress Controller `v3.3.2`), upgrade to Helm chart `v1.4.2` (NGINX Ingress Controller `v3.7.2`) before updating your GlobalConfiguration, Policy and TransportServer resources.
-
-The example below shows the change for a Policy resource: you must do the same for all GlobalConfiguration and TransportServer resources.
-
-{{<tabs name="resource-version-update">}}
-
-{{% comment %}} Keep this left aligned. {{% /comment %}}
-{{%tab name="Before"%}}
-
-```yaml
-apiVersion: k8s.nginx.org/v1alpha1
-kind: Policy
-metadata:
-  name: rate-limit-policy
-spec:
-  rateLimit:
-    rate: 1r/s
-    key: ${binary_remote_addr}
-    zoneSize: 10M
-```
-{{% /tab %}}
-
-{{%tab name="After"%}}
-```yaml
-apiVersion: k8s.nginx.org/v1
-kind: Policy
-metadata:
-  name: rate-limit-policy
-spec:
-  rateLimit:
-    rate: 1r/s
-    key: ${binary_remote_addr}
-    zoneSize: 10M
-```
-{{% /tab %}}
-
-{{</tabs>}}
-
-{{< warning >}}
-If a *GlobalConfiguration*, *Policy* or *TransportServer* resource is deployed with `apiVersion: k8s.nginx.org/v1alpha1`, it will be **deleted** during the upgrade process.
-{{</ warning >}}
-
-Once above specified custom resources are moved to `v1` ,please run below `kubectl` commands before upgrading to v4.0.0 Custom Resource Definitions (CRDs) to avoid [this issue](https://github.com/nginx/kubernetes-ingress/issues/7010).
-
-```shell
-kubectl patch customresourcedefinitions transportservers.k8s.nginx.org --subresource='status' --type='merge' -p '{"status":{"storedVersions": ["v1"]}}'
-```
-
-```shell
-kubectl patch customresourcedefinitions globalconfigurations.k8s.nginx.org --subresource='status' --type='merge' -p '{"status":{"storedVersions": ["v1"]}}'
-```
-
----
-
-## Configure structured logging
-
-To configure structured logging, you must update your log deployment arguments from an integer to a string. The logs themselves can also be rendered in different formats.
-
-{{< note >}} These options apply to NGINX Ingress Controller logs, and do not affect NGINX logs. {{< /note >}}
-
-| **Level arguments** | **Format arguments** |
-|---------------------|----------------------|
-| `trace`             | `json`               |
-| `debug`             | `text`               |
-| `info`              | `glog`               |
-| `warning`           |                      |
-| `error`             |                      |
-| `fatal`             |                      |
-
-{{<tabs name="structured logging">}}
-
-{{%tab name="Helm"%}}
-
-The Helm value of `controller.logLevel` has been changed from an integer to a string.
-
-To change the rendering of the log format, use the `controller.logFormat` key.
-
-```yaml
-controller:
-    logLevel: info
-    logFormat: json
-```
-{{% /tab %}}
-
-{{%tab name="Manifests"%}}
-
-The command line argument `-v` has been replaced with `-log-level`, and takes a string instead of an integer. The argument `-logtostderr` has also been deprecated.
-
-To change the rendering of the log format, use the `-log-format` argument.
-
-```yaml
-args:
-    - -log-level=info
-    - -log-format=json
-```
-{{% /tab %}}
-
-{{</tabs>}}
-
----
-
-## Create License secret
-
-If you're using [NGINX Plus]({{< ref "/nic/overview/nginx-plus.md" >}}) with NGINX Ingress Controller, you should read the [Create License Secret]({{< ref "/nic/installation/create-license-secret.md" >}}) topic to set up your NGINX Plus license.
-
-The topic also contains guidance for [sending reports to NGINX Instance Manager]({{< ref "/nic/installation/create-license-secret.md#nim">}}), which is necessary for air-gapped environments.
-
-In prior versions, usage reporting with the cluster connector was required: it is no longer necessary, as it is built into NGINX Plus.
diff --git a/content/nic/installation/integrations/_index.md b/content/nic/installation/integrations/_index.md
index 83943f248..1690f4888 100644
--- a/content/nic/installation/integrations/_index.md
+++ b/content/nic/installation/integrations/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Integrations
 description:
-weight: 600
+weight: 800
 url: /nginx-ingress-controller/installation/integrations
 ---
diff --git a/content/nic/installation/integrations/app-protect-dos/configuration.md b/content/nic/installation/integrations/app-protect-dos/configuration.md
index a63de7f9c..0b39faee8 100644
--- a/content/nic/installation/integrations/app-protect-dos/configuration.md
+++ b/content/nic/installation/integrations/app-protect-dos/configuration.md
@@ -7,11 +7,11 @@ nd-product: NIC
 nd-docs: DOCS-580
 ---
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 Check out the complete [NGINX Ingress Controller with App Protect DoS example for VirtualServer](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-dos) and the [NGINX Ingress Controller with App Protect DoS example for Ingress](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-dos).
 
-{{< /tip >}}
+{{< /call-out >}}
 
 ## App Protect DoS Configuration
 
diff --git a/content/nic/installation/integrations/app-protect-dos/dos-protected.md b/content/nic/installation/integrations/app-protect-dos/dos-protected.md
index 612cf37ad..cfb112eb3 100644
--- a/content/nic/installation/integrations/app-protect-dos/dos-protected.md
+++ b/content/nic/installation/integrations/app-protect-dos/dos-protected.md
@@ -9,7 +9,7 @@ nd-docs: DOCS-581
 
 NGINX App Protect DoS protected resource specification
 
-{{< note >}} This feature is only available using the NGINX Plus [NGINX App Protect DoS Module]({{< ref "/nap-dos/deployment-guide/learn-about-deployment.md" >}}). {{< /note >}}
+{{< call-out "note" >}} This feature is only available using the NGINX Plus [NGINX App Protect DoS Module]({{< ref "/nap-dos/deployment-guide/learn-about-deployment.md" >}}). {{< /call-out >}}
 
 ## DoS Protected resource specification
 
@@ -123,4 +123,4 @@ Events:
 
 The events section has Warning event with the rejection error in the message.
 
-{{< warning >}} If you invalidate an existing resource, NGINX Ingress Controller will reject it. {{< /warning >}}
+{{< call-out "warning" >}} If you invalidate an existing resource, NGINX Ingress Controller will reject it. {{< /call-out >}}
diff --git a/content/nic/installation/integrations/app-protect-dos/installation.md b/content/nic/installation/integrations/app-protect-dos/installation.md
index 75a4439ae..c678dcf49 100644
--- a/content/nic/installation/integrations/app-protect-dos/installation.md
+++ b/content/nic/installation/integrations/app-protect-dos/installation.md
@@ -73,24 +73,18 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect Do
 
      **What to expect**: The image is built and tagged with a version number, which is derived from the `VERSION` variable in the [_Makefile_]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}). This version number is used for tracking and deployment purposes.
 
-{{<note>}}In the event a patch version of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command.{{</note>}}
+{{< call-out "note" >}}In the event a patch version of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command.{{< /call-out >}}
 
-### Makefile targets {#makefile-targets}
+### Makefile targets
 
-{{<bootstrap-table "table table-striped table-bordered">}}
 | Makefile Target           | Description                                                       | Compatible Systems  |
 |---------------------------|-------------------------------------------------------------------|---------------------|
 | **debian-image-dos-plus** | Builds a Debian-based image with NGINX Plus and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module. | Debian  |
 | **debian-image-nap-dos-plus** | Builds a Debian-based image with NGINX Plus, [NGINX App Protect DoS](/nginx-app-protect-dos/), and [NGINX App Protect WAF](/nginx-app-protect/). | Debian  |
 | **ubi-image-dos-plus**    | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module. | OpenShift |
 | **ubi-image-nap-dos-plus** | Builds a UBI-based image with NGINX Plus, [NGINX App Protect DoS](/nginx-app-protect-dos/), and [NGINX App Protect WAF](/nginx-app-protect/). | OpenShift |
-{{</bootstrap-table>}}
 
-<br>
-
-{{< see-also >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{</ see-also >}}
-
----
+{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{< /call-out>}}
 
 ## Push the image to your private registry
 
@@ -176,7 +170,7 @@ kubectl apply -f config/crd/bases/appprotectdos.f5.com_dosprotectedresources.yam
 
 ## Install the App Protect DoS Arbitrator
 
-{{< note >}} If you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because there can only be one Arbitrator in a single namespace. {{< /note >}}
+{{< call-out "note" >}} If you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because there can only be one Arbitrator in a single namespace. {{< /call-out >}}
 
 ### Helm Chart
 
@@ -226,5 +220,5 @@ For more information, see the [Configuration guide]({{< ref "/nic/installation/i
 
 If you prefer not to build your own NGINX Ingress Controller image, you can use pre-built images. Here are your options:
 
-- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-  - The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
+- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) topic.
+  - The [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topic describes how to use your subscription JWT token to get the image.
diff --git a/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md b/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md
index e21c90e4e..639286906 100644
--- a/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md
+++ b/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md
@@ -30,7 +30,7 @@ The following steps describe how to use the NGINX Instance Manager API to create
 
 ## Create a new security policy
 
-{{< tip >}} You can skip this step if you intend to use an existing security policy. {{< /tip >}}
+{{< call-out "tip" >}} You can skip this step if you intend to use an existing security policy. {{< /call-out >}}
 
 Create a [new security policy]({{< ref "/nim/nginx-app-protect/manage-waf-security-policies.md#create-security-policy" >}}) using the API: this will require the use of a tool such as [`curl`](https://curl.se/) or [Postman](https://www.postman.com/)
 
@@ -47,7 +47,7 @@ Create the file `simple-policy.json` with the contents below:
 }
 ```
 
-{{< warning >}} The `content` value must be base64 encoded or you will encounter an error. {{< /warning >}}
+{{< call-out "warning" >}} The `content` value must be base64 encoded or you will encounter an error. {{< /call-out >}}
 
 Upload the policy JSON files with the API, which is the same method to create the bundle later.
 
@@ -80,12 +80,12 @@ You should receive an API response similar to the following output, indicating t
 }
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Take note of the *uid* field: `"uid": "6af9f261-658b-4be1-b07a-cebd83e917a1"`
 It is one of two unique IDs we will use to download the bundle: it will be referenced as *policy-UID*.
 
-{{< /important >}}
+{{< /call-out >}}
 
 ---
 
@@ -181,13 +181,13 @@ curl --location 'https://127.0.0.1/api/platform/v1/security/policies/bundles' \
 }
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 
 Take note of the *uid* field: `"uid": "de08b324-99d8-4155-b2eb-fe687b21034e"`
 
 It is one of two unique IDs we will use to download the bundle: it will be referenced as *bundle-UID*.
 
-{{< /important >}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nic/installation/integrations/app-protect-waf-v5/configuration.md b/content/nic/installation/integrations/app-protect-waf-v5/configuration.md
index d6cbc208a..a366c9bc0 100644
--- a/content/nic/installation/integrations/app-protect-waf-v5/configuration.md
+++ b/content/nic/installation/integrations/app-protect-waf-v5/configuration.md
@@ -11,7 +11,7 @@ nd-docs: DOCS-1866
 
 This document explains how to use F5 NGINX Ingress Controller to configure [NGINX App Protect WAF v5]({{< ref "/nap-waf/v5/" >}}).
 
-{{< note >}} There are complete NGINX Ingress Controller with NGINX App Protect WAF [example resources on GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5). {{< /note >}}
+{{< call-out "note" >}} There are complete NGINX Ingress Controller with NGINX App Protect WAF [example resources on GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5). {{< /call-out >}}
 
 ## Global configuration
 
@@ -29,7 +29,7 @@ App Protect WAF bundles for VirtualServer custom resources are defined by creati
 
 Before applying a policy, a WAF policy bundle must be created, then copied to a volume mounted to `/etc/app_protect/bundles`.
 
-{{< note >}} NGINX Ingress Controller supports `securityLogs` for policy bundles. Log bundles must also be copied to a volume mounted to `/etc/app_protect/bundles`. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller supports `securityLogs` for policy bundles. Log bundles must also be copied to a volume mounted to `/etc/app_protect/bundles`. {{< /call-out >}}
 
 This example shows how a policy is configured by referencing a generated WAF Policy Bundle:
 
@@ -67,7 +67,7 @@ spec:
 
 This example shows how to deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF v5, deploy a simple web application, and then configure load balancing and WAF protection for that application using the VirtualServer resource.
 
-{{< note >}} You can find the files for this example on [GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5).{{< /note >}}
+{{< call-out "note" >}} You can find the files for this example on [GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5).{{< /call-out >}}
 
 ### Prerequisites
 
@@ -105,7 +105,7 @@ Create the syslog service and pod for the NGINX App Protect WAF security logs:
 ### Deploy the WAF Policy
 
 
-{{< note >}} Configuration settings in the Policy resource enable WAF protection by configuring NGINX App Protect WAF with the log configuration created in the previous step. The policy bundle referenced as `your_policy_bundle_name.tgz` need to be created and placed in the `/etc/app_protect/bundles` volume first.{{</ note >}}
+{{< call-out "note" >}} Configuration settings in the Policy resource enable WAF protection by configuring NGINX App Protect WAF with the log configuration created in the previous step. The policy bundle referenced as `your_policy_bundle_name.tgz` need to be created and placed in the `/etc/app_protect/bundles` volume first.{{< /call-out >}}
 
 Create and deploy the WAF policy.
 
@@ -116,7 +116,7 @@ Create and deploy the WAF policy.
 
 ### Configure load balancing
 
-{{< note >}} VirtualServer references the `waf-policy` created in Step 3.{{</ note >}}
+{{< call-out "note" >}} VirtualServer references the `waf-policy` created in Step 3.{{< /call-out >}}
 
 1. Create the VirtualServer Resource:
 
diff --git a/content/nic/installation/integrations/app-protect-waf-v5/installation.md b/content/nic/installation/integrations/app-protect-waf-v5/installation.md
index 2cdc5964c..421dded1c 100644
--- a/content/nic/installation/integrations/app-protect-waf-v5/installation.md
+++ b/content/nic/installation/integrations/app-protect-waf-v5/installation.md
@@ -80,31 +80,28 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect WA
 
    **What to expect**: The image is built and tagged with a version number, which is derived from the `VERSION` variable in the [_Makefile_]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}). This version number is used for tracking and deployment purposes.
 
-{{<note>}} In the event a patch of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{</note>}}
+{{< call-out "note" >}} In the event a patch of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{< /call-out >}}
 
 ### Makefile targets {#makefile-targets}
 
 Create Docker image for NGINX Ingress Controller (Alpine with NGINX Plus, NGINX App Protect WAF v5 and FIPS)
 
-{{<bootstrap-table "table table-striped table-bordered">}}
 | Makefile Target           | Description                                                       | Compatible Systems  |
 |---------------------------|-------------------------------------------------------------------|---------------------|
 | **alpine-image-nap-v5-plus-fips** | Builds a Alpine-based image with NGINX Plus and the [NGINX App Protect WAF v5](/nginx-app-protect-waf/v5/) module with FIPS. | Alpine  |
 | **debian-image-nap-v5-plus** | Builds a Debian-based image with NGINX Plus and the [NGINX App Protect WAF v5](/nginx-app-protect-waf/v5/) module. | Debian  |
 | **ubi-image-nap-v5-plus**    | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF v5](/nginx-app-protect-waf/v5/) module. | OpenShift |
 | **ubi-image-nap-dos-v5-plus** | Builds a UBI-based image with NGINX Plus, [NGINX App Protect WAF v5](/nginx-app-protect-waf/v5/), and [NGINX App Protect DoS](/nginx-app-protect-dos/). | OpenShift |
-{{</bootstrap-table>}}
 
-<br>
 
-{{<see-also>}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) guide. {{</see-also>}}
+{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) guide. {{< /call-out>}}
 
 If you intend to use [external references](/nginx-app-protect-waf/v5/configuration-guide/configuration/#external-references) in NGINX App Protect WAF policies, you may want to provide a custom CA certificate to authenticate with the hosting server.
 
 To do so, place the `*.crt` file in the build folder and uncomment the lines following this comment:
 `#Uncomment the lines below if you want to install a custom CA certificate`
 
-{{<warning>}} External references are deprecated in NGINX Ingress Controller and will not be supported in future releases. {{</warning>}}
+{{< call-out "warning" >}} External references are deprecated in NGINX Ingress Controller and will not be supported in future releases. {{< /call-out >}}
 
 ---
 
@@ -135,9 +132,9 @@ docker push <my-docker-registry>/waf-enforcer:<your-tag>
 
 ## Deploy NGINX Ingress Controller {#deploy-ingress-controller}
 
-{{< important >}} NGINX Ingress Controller with the AppProtect WAF v5 module works only with policy bundles. You need to modify the Deployment or DaemonSet file to include volumes, volume mounts and two WAF 5 docker images: `waf-config-mgr` and `waf-enforcer`.
+{{< call-out "important" >}} NGINX Ingress Controller with the AppProtect WAF v5 module works only with policy bundles. You need to modify the Deployment or DaemonSet file to include volumes, volume mounts and two WAF 5 docker images: `waf-config-mgr` and `waf-enforcer`.
 
-NGINX Ingress Controller **requires** the volume mount path to be `/etc/app_protect/bundles`. {{< /important >}}
+NGINX Ingress Controller **requires** the volume mount path to be `/etc/app_protect/bundles`. {{< /call-out >}}
 
 {{<tabs name="deploy-nic">}}
 
@@ -204,7 +201,7 @@ controller:
 ...
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 By default, `emptyDir` mounts are used.
 Bundles that are added to these kind of volume mounts will **NOT** persist across pod restarts.
 
@@ -220,7 +217,7 @@ controller:
      emptyDir: {}
 ...
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Configuring `readOnlyRootFilesystem`
 
@@ -501,5 +498,5 @@ For more information, see the [Configuration guide]({{< ref "/nic/installation/i
 
 If you prefer not to build your own NGINX Ingress Controller image, you can use pre-built images. Here are your options:
 
-- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-- The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
+- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) topic.
+- The [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topic describes how to use your subscription JWT token to get the image.
diff --git a/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md b/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md
index aca3370d7..87c4dce2b 100644
--- a/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md
+++ b/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md
@@ -11,7 +11,7 @@ This document describes how to troubleshoot problems when using NGINX Ingress Co
 
 For general troubleshooting of NGINX Ingress Controller, check the general [troubleshooting]({{< ref "/nic/troubleshooting/troubleshoot-common" >}}) documentation.
 
-{{< see-also >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide]({{< ref "/nap-waf/v5/troubleshooting-guide/troubleshooting.md" >}}) {{< /see-also >}}.
+{{< call-out "note" >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide]({{< ref "/nap-waf/v5/troubleshooting-guide/troubleshooting.md" >}}) {{< /call-out>}}.
 
 ## Potential problems
 
@@ -78,7 +78,7 @@ The events section has a *Normal* event with the *AddedOrUpdated reason*, indica
 
 ### Replace the policy
 
-{{< note >}} This method only applies if using [external references](/nginx-app-protect/v4/configuration/#external-references) {{< /note >}}
+{{< call-out "note" >}} This method only applies if using [external references](/nginx-app-protect/v4/configuration/#external-references) {{< /call-out >}}
 
 If items on the external reference change but the spec of the APPolicy remains unchanged (even when re-applying the policy), Kubernetes will not detect the update.
 In this case you can force-replace the resource. This will remove the resource and add it again, triggering a reload. For example:
@@ -89,7 +89,7 @@ kubectl replace appolicy -f your-policy-manifest.yaml --force
 
 ### Check the availability of APPolicy external references
 
-{{< note >}} This method only applies if you're using [external references](/nginx-app-protect/v4/configuration/#external-references) in NGINX App Protect policies. {{< /note >}}
+{{< call-out "note" >}} This method only applies if you're using [external references](/nginx-app-protect/v4/configuration/#external-references) in NGINX App Protect policies. {{< /call-out >}}
 
 To check which servers host the external references of a policy:
 
diff --git a/content/nic/installation/integrations/app-protect-waf/configuration.md b/content/nic/installation/integrations/app-protect-waf/configuration.md
index ce77de634..574896ffa 100644
--- a/content/nic/installation/integrations/app-protect-waf/configuration.md
+++ b/content/nic/installation/integrations/app-protect-waf/configuration.md
@@ -9,7 +9,7 @@ nd-docs: DOCS-578
 
 This document explains how to use F5 NGINX Ingress Controller to configure NGINX App Protect WAF.
 
-{{< note >}} Check out the complete NGINX Ingress Controller with NGINX App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf).{{< /note >}}
+{{< call-out "note" >}} Check out the complete NGINX Ingress Controller with NGINX App Protect WAF example resources on GitHub [for VirtualServer resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf) and [for Ingress resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf).{{< /call-out >}}
 
 
 ## Global Configuration
@@ -32,7 +32,7 @@ NGINX App Protect WAF Policies can be created for VirtualServer, VirtualServerRo
 - [The Advanced gRPC Protection for Unary Traffic](/nginx-app-protect-waf/v4/configuration-guide/configuration/#grpc-protection-for-unary-traffic) only supports providing an `idl-file` inline. The fields `policy.idl-files[].link`, `policy.idl-files[].$ref`, and
  `policy.idl-files[].file` are not supported. The IDL file should be provided in field `policy.idl-files[].contents`. The value of this field can be base64 encoded. In this case the field `policy.idl-files[].isBase64` should be set to `true`.
 
-{{<warning>}} External references are deprecated in NGINX Ingress Controller and will not be supported in future releases. {{</warning>}}
+{{< call-out "warning" >}} External references are deprecated in NGINX Ingress Controller and will not be supported in future releases. {{< /call-out >}}
 
 To add an [NGINX App Protect WAF policy](/nginx-app-protect-waf/v4/declarative-policy/policy/) to an Ingress resource:
 
@@ -113,11 +113,11 @@ To add the [log configurations](/nginx-app-protect-waf/v4/logging-overview/secur
 1. Add the log configuration to the `spec` field in the `APLogConf` resource.
 1. Add a reference to `APLogConf` in the [VirtualServer Policy resource]({{< ref "/nic/configuration/policy-resource.md#waf" >}}) or the [Ingress resource]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#app-protect" >}}) as per the documentation.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The fields from the JSON must be presented in the YAML *exactly* the same, in name and level. NGINX Ingress Controller will transform the YAML into a valid JSON WAF log config.
 
-{{< /note >}}
+{{< /call-out >}}
 
 For example, say you want to [log state changing requests](/nginx-app-protect-waf/v4/logging-overview/security-log/#security-log-configuration-file) for your VirtualServer or Ingress resources using NGINX App Protect WAF. The  log configuration looks like this:
 
@@ -154,26 +154,26 @@ spec:
 
 You can define NGINX App Protect WAF [User-Defined Signatures](/nginx-app-protect-waf/v4/configuration-guide/configuration/#user-defined-signatures) for your VirtualServer or Ingress resources by creating an `APUserSig` [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The field `revisionDatetime` is not currently supported.
 
 `APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Read [NGINX fails to start or reload]({{< ref "/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md#nginx-fails-to-start-or-reload" >}}) for more information.
 
-{{< /note >}}
+{{< /call-out >}}
 
 To add the [User Defined Signatures](/nginx-app-protect-waf/v4/configuration-guide/configuration/#user-defined-signatures) to a VirtualServer or Ingress resource:
 
 1. Create an `APUserSig` Custom resource manifest.
 2. Add the desired User defined signature to the `spec` field in the `APUserSig` resource.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The fields from the JSON must be presented in the YAML *exactly* the same, in name and level.
 
 NGINX Ingress Controller will transform the YAML into a valid JSON User-Defined signature. There is no need to reference the user defined signature resource in the Policy or Ingress resources.
 
-{{< /note >}}
+{{< /call-out >}}
 
 For example, say you want to create the following user defined signature:
 
@@ -230,7 +230,7 @@ You can define App Protect WAF bundles for VirtualServer custom resources by cre
 
 Before applying a policy, a WAF policy bundle must be created, then copied to a volume mounted to `/etc/nginx/waf/bundles`.
 
-{{< note >}} NGINX Ingress Controller supports `securityLogs` for policy bundles when using `apLogBundle` instead of `apLogConf`. Log bundles must also be copied to a volume mounted to `/etc/nginx/waf/bundles`. {{< /note >}}
+{{< call-out "note" >}} NGINX Ingress Controller supports `securityLogs` for policy bundles when using `apLogBundle` instead of `apLogConf`. Log bundles must also be copied to a volume mounted to `/etc/nginx/waf/bundles`. {{< /call-out >}}
 
 This example shows how a policy is configured by referencing a generated WAF Policy Bundle:
 
@@ -305,7 +305,7 @@ These are the typical steps to deploy an OpenAPI protection Policy in NGINX Ingr
 6. Create a `Policy` object which references the `APPolicy` Custom Resource as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/app-protect-waf/waf.yaml).
 7. Finally, attach the `Policy` object to a `VirtualServer` resource as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/app-protect-waf/virtual-server.yaml).
 
-{{< note >}} You need to make sure that the server where the resource files are located is available while you are compiling your policy. {{< /note >}}
+{{< call-out "note" >}} You need to make sure that the server where the resource files are located is available while you are compiling your policy. {{< /call-out >}}
 
 ### Example Configuration
 
@@ -438,7 +438,7 @@ The `link` option is also available in the `openApiFileReference` property and i
 
 In this example we deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF, deploy a simple web application, and then configure load balancing and WAF protection for that application using the VirtualServer resource.
 
-{{< note >}} You can find the example, and the files referenced, on [GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf).{{< /note >}}
+{{< call-out "note" >}} You can find the example, and the files referenced, on [GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf).{{< /call-out >}}
 
 ## Prerequisites
 
diff --git a/content/nic/installation/integrations/app-protect-waf/installation.md b/content/nic/installation/integrations/app-protect-waf/installation.md
index ed7732450..0da5bc500 100644
--- a/content/nic/installation/integrations/app-protect-waf/installation.md
+++ b/content/nic/installation/integrations/app-protect-waf/installation.md
@@ -64,22 +64,18 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect WA
 
      **What to expect**: The image is built and tagged with a version number, which is derived from the `VERSION` variable in the [_Makefile_]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}). This version number is used for tracking and deployment purposes.
 
-{{<note>}} In the event a patch of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{</note>}}
+{{< call-out "note" >}} In the event a patch of NGINX Plus is released, make sure to rebuild your image to get the latest version. If your system is caching the Docker layers and not updating the packages, add `DOCKER_BUILD_OPTIONS="--pull --no-cache"` to the make command. {{< /call-out >}}
 
 ### Makefile targets {#makefile-targets}
 
-{{<bootstrap-table "table table-striped table-bordered table-responsive">}}
 | Makefile Target           | Description                                                       | Compatible Systems  |
 |---------------------------|-------------------------------------------------------------------|---------------------|
 | **debian-image-nap-plus** | Builds a Debian-based image with NGINX Plus and the [NGINX App Protect WAF](/nginx-app-protect-waf/) module. | Debian  |
 | **debian-image-nap-dos-plus** | Builds a Debian-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect-waf/), and [NGINX App Protect DoS](/nginx-app-protect-dos/) | Debian  |
 | **ubi-image-nap-plus**    | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF](/nginx-app-protect-waf/) module. | OpenShift |
 | **ubi-image-nap-dos-plus** | Builds a UBNI-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect-waf/), and [NGINX App Protect DoS](/nginx-app-protect-dos/). | OpenShift |
-{{</bootstrap-table>}}
 
-<br>
-
-{{< see-also >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{</ see-also >}}
+{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{< /call-out>}}
 
 ---
 
@@ -116,7 +112,7 @@ make push PREFIX=<my-docker-registry>/nginx-plus-ingress
 
 ## Create App Protect WAF custom resources
 
-{{< note >}} If you're using NGINX Ingress Controller with the App Protect WAF module and policy bundles, you can skip this section. You will need to create and configure [Persistent Volume and Persistent Volume Claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) in your Kubernetes cluster. {{< /note >}}
+{{< call-out "note" >}} If you're using NGINX Ingress Controller with the App Protect WAF module and policy bundles, you can skip this section. You will need to create and configure [Persistent Volume and Persistent Volume Claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) in your Kubernetes cluster. {{< /call-out >}}
 
 <br>
 
@@ -138,7 +134,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{<
 
 {{%tab name="Install CRDs after cloning the repo"%}}
 
-{{< note >}} If you are installing the CRDs this way, ensure you have first cloned the repository. {{< /note >}}
+{{< call-out "note" >}} If you are installing the CRDs this way, ensure you have first cloned the repository. {{< /call-out >}}
 
 These YAML files create CRDs for the following resources:
 
@@ -162,9 +158,9 @@ kubectl apply -f config/crd/bases/appprotect.f5.com_apusersigs.yaml
 
 {{< include "/nic/installation/deploy-controller.md" >}}
 
-{{< note >}} If you're using NGINX Ingress Controller with the AppProtect WAF module and policy bundles, you will need to modify the Deployment or DaemonSet file to include volumes and volume mounts.
+{{< call-out "note" >}} If you're using NGINX Ingress Controller with the AppProtect WAF module and policy bundles, you will need to modify the Deployment or DaemonSet file to include volumes and volume mounts.
 
-NGINX Ingress Controller **requires** the volume mount path to be `/etc/nginx/waf/bundles`. {{< /note >}}
+NGINX Ingress Controller **requires** the volume mount path to be `/etc/nginx/waf/bundles`. {{< /call-out >}}
 
 Add a `volumes` section to deployment template spec:
 
@@ -217,5 +213,5 @@ For more information, see the [Configuration guide]({{< ref "/nic/installation/i
 
 If you prefer not to build your own NGINX Ingress Controller image, you can use pre-built images. Here are your options:
 
-- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-- The [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image.
+- Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) topic.
+- The [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topic describes how to use your subscription JWT token to get the image.
diff --git a/content/nic/installation/integrations/nic-n1-console.md b/content/nic/installation/integrations/nic-n1-console.md
deleted file mode 100644
index 8602062a0..000000000
--- a/content/nic/installation/integrations/nic-n1-console.md
+++ /dev/null
@@ -1,130 +0,0 @@
----
-title: Connect NGINX Ingress Controller to NGINX One Console
-toc: true
-draft: true
-weight: 1800
-nd-type: how-to
-nd-product: NIC
----
-
-This document explains how to connect F5 NGINX Ingress Controller to NGINX One Console using NGINX Agent.
-
-Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
-
-## Deploy NGINX Ingress Controller with NGINX Agent
-
-{{<tabs name="deploy-config-resource">}}
-
-{{%tab name="Helm"%}}
-
-Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console:
-```yaml
-nginxAgent:
-  enable: true
-  dataplaneKey: "<Your Dataplane Key>"
-```
-
- The `dataplaneKey` is used to authenticate the agent with NGINX One Console. See the NGINX One Console Docs [here]({{< ref "/nginx-one/getting-started.md#generate-data-plane-key" >}}) to generate your dataplane key from the NGINX One Console.
-
-
-Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
-
-{{%/tab%}}
-
-{{%tab name="Manifests"%}}
-
-Add the following flag to the deployment/daemonset file of NGINX Ingress Controller:
-
-```yaml
-args:
-- -agent=true
-```
-
-Create a ConfigMap with an `nginx-agent.conf` file:
-
-```yaml
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: nginx-agent-config
-  namespace: <namespace>
-data:
-  nginx-agent.conf: |-
-  log:
-    # set log level (error, info, debug; default "info")
-    level: info
-    # set log path. if empty, don't log to file.
-    path: ""
-
-  allowed_directories:
-    - /etc/nginx
-    - /usr/lib/nginx/modules
-
-  features:
-    - certificates
-    - connection
-    - metrics
-    - file-watcher
-
-  ## command server settings
-  command:
-    server:
-      host: product.connect.nginx.com
-      port: 443
-    auth:
-      token: "<Your Dataplane Key>"
-    tls:
-      skip_verify: false
-```      
-  
-Make sure you set the namespace in the nginx-agent-config to the same namespace as NGINX Ingress Controller.
-
-Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller:
-
-```yaml
-volumeMounts:
-- name: nginx-agent-config
-  mountPath: /etc/nginx-agent/nginx-agent.conf
-  subPath: nginx-agent.conf
-volumes:
-- name: nginx-agent-config
-  configMap:
-    name: nginx-agent-config
-```
-
-Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
-
-{{%/tab%}}
-
-{{</tabs>}}
-
-## Verify that NGINX Ingress Controller is connected to NGINX One
-
-After deploying NGINX Ingress Controller with NGINX Agent, you can verify the connection to NGINX One Console.
-
-Log in to your NGINX One Console account and navigate to the Instances dashboard. Your NGINX Ingress Controller instances should appear in the list, where the instance name will be the pod name.
-
-## Troubleshooting
-
-If you encounter issues connecting NGINX Ingress Controller to NGINX One Console, try the following steps based on your image type:
-
-Check the NGINX Agent version:
-
-```shell
-kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- nginx-agent -v
-```
-  
-If nginx-agent version is v3, continue with the following steps.
-Otherwise, make sure you are using an image that does not include App Protect. 
-
-Check the NGINX Agent configuration:
-
-```shell
-kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- cat /etc/nginx-agent/nginx-agent.conf
-```
-
-Check NGINX Agent logs:
-
-```shell
-kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- nginx-agent
-```
diff --git a/content/nic/installation/nic-images/add-image-to-cluster.md b/content/nic/installation/nic-images/add-image-to-cluster.md
new file mode 100644
index 000000000..f07d77ff4
--- /dev/null
+++ b/content/nic/installation/nic-images/add-image-to-cluster.md
@@ -0,0 +1,167 @@
+---
+title: Add an NGINX Ingress Controller image to your cluster
+toc: true
+weight: 150
+nd-content-type: how-to
+nd-product: NIC
+nd-docs: DOCS-1454
+---
+
+This document describes how to add an F5 NGINX Plus Ingress Controller image from the F5 Docker registry into your Kubernetes cluster using a JWT token.
+
+## Before you begin
+
+To follow these steps, you will need the following pre-requisite:
+
+- [Create a license Secret]({{< ref "/nic/installation/create-license-secret.md" >}})
+
+You can also get the NGINX Ingress Controller image using the following alternate methods:
+
+- [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}})
+- [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) 
+- For NGINX Open Source, you can pull the [nginx/nginx-ingress image](https://hub.docker.com/r/nginx/nginx-ingress/) from DockerHub
+
+## Helm deployments
+
+If you are using Helm for deployment, there are two main methods: using a _chart_ or _source_.
+
+### Add the image from chart
+
+The following command installs NGINX Ingress Controller with a Helm chart, passing required arguments using the `set` parameter.
+
+```shell
+helm install my-release -n nginx-ingress oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} --set controller.image.repository=private-registry.nginx.com/nginx-ic/nginx-plus-ingress --set controller.image.tag={{< nic-version >}} --set controller.nginxplus=true --set controller.serviceAccount.imagePullSecretName=regcred
+```
+
+You can also use the certificate and key from the MyF5 portal and the Docker registry API to list the available image tags for the repositories, for example:
+
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
+```json
+{
+"name": "nginx-ic/nginx-plus-ingress",
+"tags": [
+    "{{< nic-version >}}-alpine",
+    "{{< nic-version >}}-alpine-fips",
+    "{{< nic-version >}}-ubi",
+    "{{< nic-version >}}"
+]
+}
+```
+
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
+```json
+{
+"name": "nginx-ic-nap/nginx-plus-ingress",
+"tags": [
+    "{{< nic-version >}}-alpine-fips",
+    "{{< nic-version >}}-ubi",
+    "{{< nic-version >}}"
+]
+}
+```
+
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
+```json
+{
+"name": "nginx-ic-dos/nginx-plus-ingress",
+"tags": [
+    "{{< nic-version >}}-ubi",
+    "{{< nic-version >}}"
+]
+}
+```
+
+The `jq` command was used in these examples to make the JSON output easier to read.
+
+### Add the image from source
+
+The [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md#install-the-helm-chart-from-source" >}}) documentation has a section describing how to use sources: these are the unique steps for Docker secrets using JWT tokens.
+
+1. Clone the NGINX [`kubernetes-ingress` repository](https://github.com/nginx/kubernetes-ingress).
+1. Navigate to the `charts/nginx-ingress` folder of your local clone.
+1. Open the `values.yaml` file in an editor.
+
+    You must change a few lines NGINX Ingress Controller with NGINX Plus to be deployed.
+
+    1. Change the `nginxplus` argument to `true`.
+    1. Change the `repository` argument to the NGINX Ingress Controller image you intend to use.
+    1. Add an argument to `imagePullSecretName` or `imagePullSecretsNames` to allow Docker to pull the image from the private registry.
+
+The following code block shows snippets of the parameters you will need to change, and an example of their contents:
+
+```yaml
+## Deploys the Ingress Controller for NGINX Plus
+nginxplus: true
+## Truncated fields
+## ...
+## ...
+image:
+## The image repository for the desired NGINX Ingress Controller image
+repository: private-registry.nginx.com/nginx-ic/nginx-plus-ingress
+
+## The version tag
+tag: {{< nic-version >}}
+
+serviceAccount:
+    ## The annotations of the service account of the Ingress Controller pods.
+    annotations: {}
+
+## Truncated fields
+## ...
+## ...
+
+    ## The name of the secret containing docker registry credentials.
+    ## Secret must exist in the same namespace as the helm release.
+    ## Note that also imagePullSecretsNames can be used here if multiple secrets need to be set.
+    imagePullSecretName: regcred
+```
+
+With the modified `values.yaml` file, you can now use Helm to install NGINX Ingress Controller, for example:
+
+```shell
+helm install nicdev01 -n nginx-ingress --create-namespace -f values.yaml .
+```
+
+The above command will install NGINX Ingress Controller in the `nginx-ingress` namespace.
+
+If the namespace does not exist, `--create-namespace` will create it. Using `-f values.yaml` tells Helm to use the `values.yaml` file that you modified earlier with the settings you want to apply for your NGINX Ingress Controller deployment.
+
+## Manifest deployment
+
+The page ["Installation with Manifests"]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) explains how to install NGINX Ingress Controller using manifests. The following snippet is an example of a deployment:
+
+```yaml
+spec:
+  serviceAccountName: nginx-ingress
+  imagePullSecrets:
+  - name: regcred
+  automountServiceAccountToken: true
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - image: private-registry.nginx.com/nginx-ic/nginx-plus-ingress:{{< nic-version >}}
+    imagePullPolicy: IfNotPresent
+    name: nginx-plus-ingress
+```
+
+The `imagePullSecrets` and `containers.image` lines represent the Kubernetes secret, as well as the registry and version of NGINX Ingress Controller we are going to deploy.
+
+## Download an image for local use
+
+If you need to download an image for local use (Such as to push to a different container registry), use this command:
+
+```shell
+docker login private-registry.nginx.com --username=<output_of_jwt_token> --password=none
+```
+
+Replace the contents of `<output_of_jwt_token>` with the contents of the JWT token itself.
+Once you have successfully pulled the image, you can then tag it as needed.
+
+{{< include "/nic/installation/jwt-password-note.md" >}}
diff --git a/content/nic/installation/nic-images/get-image-using-jwt.md b/content/nic/installation/nic-images/get-image-using-jwt.md
deleted file mode 100644
index 1dff0c74b..000000000
--- a/content/nic/installation/nic-images/get-image-using-jwt.md
+++ /dev/null
@@ -1,209 +0,0 @@
----
-title: Get the NGINX Ingress Controller image with JWT
-toc: true
-weight: 150
-nd-content-type: how-to
-nd-product: NIC
-nd-docs: DOCS-1454
----
-
-This document describes how to pull the F5 NGINX Plus Ingress Controller image from the F5 Docker registry into your Kubernetes cluster using your JWT token.
-
-## Overview
-
-{{< important >}}
-
-An NGINX Plus subscription certificate and key will not work with the F5 Docker registry.
-
-For NGINX Ingress Controller, you must have an NGINX Ingress Controller subscription -- download the NGINX Plus Ingress Controller (per instance) JWT access token from [MyF5](https://my.f5.com).
-
-To list the available image tags using the Docker registry API, you will also need to download the NGINX Plus Ingress Controller (per instance) certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) from [MyF5](https://my.f5.com).
-
-{{< /important >}}
-
-{{< note >}}
-
-You can also get the image using alternative methods:
-
-* You can use Docker to pull an NGINX Ingress Controller image with NGINX Plus and push it to your private registry by following the [Get NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/get-registry-image.md" >}}) topic.
-* You can follow the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) topic.
-
-If you would like to use an NGINX Ingress Controller image with NGINX open source, we provide the image through [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/).
-
-{{< /note >}}
-
-## Before You Begin
-
-You will need the following information from [MyF5](https://my.f5.com) for these steps:
-
-- A JWT Access Token (per instance) for NGINX Ingress Controller from an active NGINX Ingress Controller subscription.
-- The certificate (`nginx-repo.crt`) and key (`nginx-repo.key`) for each NGINX Ingress Controller instance, used to list the available image tags from the Docker registry API.
-
-## Prepare NGINX Ingress Controller
-
-1. Choose your desired [NGINX Ingress Controller Image]({{< ref "/nic/technical-specifications.md#images-with-nginx-plus" >}}).
-1. Log into the [MyF5 Portal](https://my.f5.com/), navigate to your subscription details, and download the relevant .cert, .key and .JWT files.
-1. Create a Kubernetes secret using the JWT token. You should use `cat` to view the contents of the JWT token and store the output for use in later steps.
-1. Ensure there are no additional characters or extra whitespace that might have been accidentally added. This will break authorization and prevent the NGINX Ingress Controller image from being downloaded.
-1. Modify your deployment (manifest or Helm) to use the Kubernetes secret created in step 3.
-1. Deploy NGINX Ingress Controller into your Kubernetes cluster and verify that the installation has been successful.
-
-## Using the JWT token in a Docker Config Secret
-
-1. Create a Kubernetes `docker-registry` secret type on the cluster, using the JWT token as the username and `none` for password (as the password is not used).  The name of the docker server is `private-registry.nginx.com`.
-
-    ```shell
-    kubectl create secret docker-registry regcred --docker-server=private-registry.nginx.com --docker-username=<JWT Token> --docker-password=none [-n nginx-ingress]
-    ```
-
-    It is important that the `--docker-username=<JWT Token>` contains the contents of the token and is not pointing to the token itself. Ensure that when you copy the contents of the JWT token, there are no additional characters or extra whitespaces. This can invalidate the token and cause 401 errors when trying to authenticate to the registry.
-
-1. Confirm the details of the created secret by running:
-
-    ```shell
-    kubectl get secret regcred --output=yaml
-    ```
-
-1. You can now use the newly created Kubernetes secret in Helm and manifest deployments.
-
-{{< include "/nic/installation/jwt-password-note.md" >}}
-
----
-
-## Manifest Deployment
-
-The page ["Installation with Manifests"]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) explains how to install NGINX Ingress Controller using manifests. The following snippet is an example of a deployment:
-
-```yaml
-spec:
-  serviceAccountName: nginx-ingress
-  imagePullSecrets:
-  - name: regcred
-  automountServiceAccountToken: true
-  securityContext:
-    seccompProfile:
-      type: RuntimeDefault
-  containers:
-  - image: private-registry.nginx.com/nginx-ic/nginx-plus-ingress:{{< nic-version >}}
-    imagePullPolicy: IfNotPresent
-    name: nginx-plus-ingress
-```
-
-The `imagePullSecrets` and `containers.image` lines represent the Kubernetes secret, as well as the registry and version of NGINX Ingress Controller we are going to deploy.
-
----
-
-## Helm Deployment
-
-If you are using Helm for deployment, there are two main methods: using *sources* or *charts*.
-
-### Helm Source
-
-The [Installation with Helm ]({{< ref "/nic/installation/installing-nic/installation-with-helm.md#managing-the-chart-via-sources" >}}) documentation has a section describing how to use sources: these are the unique steps for Docker secrets using JWT tokens.
-
-1. Clone the NGINX [`kubernetes-ingress` repository](https://github.com/nginx/kubernetes-ingress).
-1. Navigate to the `charts/nginx-ingress` folder of your local clone.
-1. Open the `values.yaml` file in an editor.
-
-    You must change a few lines NGINX Ingress Controller with NGINX Plus to be deployed.
-
-    1. Change the `nginxplus` argument to `true`.
-    1. Change the `repository` argument to the NGINX Ingress Controller image you intend to use.
-    2. Add an argument to `imagePullSecretName` or `imagePullSecretsNames` to allow Docker to pull the image from the private registry.
-
-    The following code block shows snippets of the parameters you will need to change, and an example of their contents:
-
-    ```yaml
-    ## Deploys the Ingress Controller for NGINX Plus
-    nginxplus: true
-    ## Truncated fields
-    ## ...
-    ## ...
-    image:
-    ## The image repository for the desired NGINX Ingress Controller image
-    repository: private-registry.nginx.com/nginx-ic/nginx-plus-ingress
-
-    ## The version tag
-    tag: {{< nic-version >}}
-
-    serviceAccount:
-        ## The annotations of the service account of the Ingress Controller pods.
-        annotations: {}
-
-    ## Truncated fields
-    ## ...
-    ## ...
-
-        ## The name of the secret containing docker registry credentials.
-        ## Secret must exist in the same namespace as the helm release.
-        ## Note that also imagePullSecretsNames can be used here if multiple secrets need to be set.
-        imagePullSecretName: regcred
-    ```
-
-With the modified `values.yaml` file, you can now use Helm to install NGINX Ingress Controller, for example:
-
-```shell
-helm install nicdev01 -n nginx-ingress --create-namespace -f values.yaml .
-```
-
-The above command will install NGINX Ingress Controller in the `nginx-ingress` namespace.
-
-If the namespace does not exist, `--create-namespace` will create it. Using `-f values.yaml` tells Helm to use the `values.yaml` file that you modified earlier with the settings you want to apply for your NGINX Ingress Controller deployment.
-
-
-### Helm Chart
-
-If you want to install NGINX Ingress Controller using the charts method, the following is an example of using the command line to pass the required arguments using the `set` parameter.
-
-```shell
-helm install my-release -n nginx-ingress oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}} --set controller.image.repository=private-registry.nginx.com/nginx-ic/nginx-plus-ingress --set controller.image.tag={{< nic-version >}} --set controller.nginxplus=true --set controller.serviceAccount.imagePullSecretName=regcred
-```
-You can also use the certificate and key from the MyF5 portal and the Docker registry API to list the available image tags for the repositories, for example:
-
-```shell
-   $ curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
-
-   {
-    "name": "nginx-ic/nginx-plus-ingress",
-    "tags": [
-        "{{< nic-version >}}-alpine",
-        "{{< nic-version >}}-alpine-fips",
-        "{{< nic-version >}}-ubi",
-        "{{< nic-version >}}"
-    ]
-    }
-
-   $ curl <https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tags/list> --key <path-to-client.key> --cert <path-to-client.cert> | jq
-   {
-    "name": "nginx-ic-nap/nginx-plus-ingress",
-    "tags": [
-        "{{< nic-version >}}-alpine-fips",
-        "{{< nic-version >}}-ubi",
-        "{{< nic-version >}}"
-    ]
-    }
-
-   $ curl <https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list> --key <path-to-client.key> --cert <path-to-client.cert> | jq
-   {
-    "name": "nginx-ic-dos/nginx-plus-ingress",
-    "tags": [
-        "{{< nic-version >}}-ubi",
-        "{{< nic-version >}}"
-    ]
-    }
-```
-
----
-
-## Pulling an Image for Local Use
-
-If you need to pull the image for local use to then push to a different container registry, use this command:
-
-```shell
-docker login private-registry.nginx.com --username=<output_of_jwt_token> --password=none
-```
-
-Replace the contents of `<output_of_jwt_token>` with the contents of the JWT token itself.
-Once you have successfully pulled the image, you can then tag it as needed.
-
-{{< include "/nic/installation/jwt-password-note.md" >}}
diff --git a/content/nic/installation/nic-images/get-registry-image.md b/content/nic/installation/nic-images/registry-download.md
similarity index 62%
rename from content/nic/installation/nic-images/get-registry-image.md
rename to content/nic/installation/nic-images/registry-download.md
index 9cf8dd08a..c37c00e05 100644
--- a/content/nic/installation/nic-images/get-registry-image.md
+++ b/content/nic/installation/nic-images/registry-download.md
@@ -1,5 +1,5 @@
 ---
-title: Get NGINX Ingress Controller from the F5 Registry
+title: Download NGINX Ingress Controller from the F5 Registry
 toc: true
 weight: 100
 nd-content-type: how-to
@@ -7,38 +7,37 @@ nd-product: NIC
 nd-docs: DOCS-605
 ---
 
-Learn how to pull an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry and upload it to your private registry.
+This page describes how to download an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry.
 
 The F5 Registry images include versions with NGINX App Protect WAF and NGINX App Protect DoS.
 
-This guide covers the prerequisites, image tagging, and troubleshooting steps.
-
 ## Before you begin
 
-Before you start, you'll need these installed on your machine:
+To follow these steps, you will need the following pre-requisites:
 
-- [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/).
-- An NGINX Ingress Controller subscription. Download both the certificate (*nginx-repo.crt*) and key (*nginx-repo.key*) from the [MyF5 Customer Portal](https://my.f5.com). Keep in mind that an NGINX Plus certificate and key won't work for for the steps in this guide.
+- [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/)
 
----
+You can also get the NGINX Ingress Controller image using the following alternate methods:
 
-## Set up Docker for F5 Container Registry
+- [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}})
+- [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) 
+- For NGINX Open Source, you can pull [an image from DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/)
 
-Start by setting up Docker to communicate with the F5 Container Registry located at `private-registry.nginx.com`. If you're using Linux, follow these steps to create a directory and add your certificate and key:
+### Download your subscription credential files
 
-```shell
-mkdir -p /etc/docker/certs.d/private-registry.nginx.com
-cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
-cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
-```
+{{< include "use-cases/credential-download-instructions.md" >}}
+
+### Set up Docker for the F5 Container Registry
 
-The steps provided are for Linux. For Mac or Windows, consult the [Docker for Mac](https://docs.docker.com/docker-for-mac/#add-client-certificates) or [Docker for Windows](https://docs.docker.com/docker-for-windows/#how-do-i-add-client-certificates) documentation. For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/).
+{{< include "use-cases/docker-registry-instructions.md" >}}
 
 ## Pull the image
 
-Next, pull the image you need from `private-registry.nginx.com`. To find the correct image, consult the [Tech Specs guide]({{< ref "/nic/technical-specifications.md#images-with-nginx-plus" >}}).
+Identify which image you need using the [Technical specifications]({{< ref "/nic/technical-specifications.md#images-with-nginx-plus" >}}) topic.
 
-To pull an image, follow these steps. Replace `<version-tag>` with the specific version you need, for example, `{{< nic-version >}}`.
+Next, pull the image from `private-registry.nginx.com`. 
+
+Replace `<version-tag>` with the specific version you need, for example, `{{< nic-version >}}`.
 
 - For NGINX Plus Ingress Controller, run:
 
@@ -66,7 +65,6 @@ To pull an image, follow these steps. Replace `<version-tag>` with the specific
    docker pull private-registry.nginx.com/nap/waf-enforcer:<waf-version-tag>
    ```
 
-
 - For NGINX Plus Ingress Controller with NGINX App Protect DoS, run:
 
    ```shell
@@ -79,10 +77,14 @@ To pull an image, follow these steps. Replace `<version-tag>` with the specific
    docker pull private-registry.nginx.com/nginx-ic-nap-dos/nginx-plus-ingress:<version-tag>
    ```
 
-You can use the Docker registry API to list the available image tags by running the following commands. Replace `<path-to-client.key>` with the location of your client key and `<path-to-client.cert>` with the location of your client certificate. The `jq` command is used to format the JSON output for easier reading.
+You can use the Docker registry API to list the available image tags by running the following commands. Replace `<path-to-client.key>` with the location of your client key and `<path-to-client.cert>` with the location of your client certificate. 
+
+The `jq` command was used in these examples to make the JSON output easier to read.
 
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
 ```json
-$ curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
 {
   "name": "nginx-ic/nginx-plus-ingress",
   "tags": [
@@ -92,8 +94,12 @@ $ curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/li
     "{{< nic-version >}}"
   ]
 }
+```
 
-$ curl https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
+```json
 {
   "name": "nginx-ic-nap/nginx-plus-ingress",
   "tags": [
@@ -102,8 +108,12 @@ $ curl https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tag
     "{{< nic-version >}}"
   ]
 }
+```
 
-$ curl https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
+```shell
+curl https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert>
+```
+```json
 {
   "name": "nginx-ic-dos/nginx-plus-ingress",
   "tags": [
@@ -165,7 +175,7 @@ After pulling the image, tag it and upload it to your private registry.
 
 ## Troubleshooting
 
-If you encounter issues while following this guide, here are solutions to common problems:
+If you encounter issues while following this guide, here are some possible solutions:
 
 - **Certificate errors**
   - **Likely Cause**: Incorrect certificate or key location, or using an NGINX Plus certificate.
@@ -177,17 +187,8 @@ If you encounter issues while following this guide, here are solutions to common
 
 - **Can't pull the image**
   - **Likely Cause**: Mismatched image name or tag.
-  - **Solution**: Double-check the image name and tag against the [Tech Specs guide]({{< ref "/nic/technical-specifications.md#images-with-nginx-plus" >}}).
+  - **Solution**: Double-check the image name and tag matches the [Technical specifications]({{< ref "/nic/technical-specifications.md#images-with-nginx-plus" >}}) document.
 
 - **Failed to push to private registry**
   - **Likely Cause**: Not logged into your private registry or incorrect image tagging.
   - **Solution**: Verify login status and correct image tagging before pushing. Consult the [Docker documentation](https://docs.docker.com/docker-hub/repos/) for more details.
-
-
-## Alternative installation options
-
-You can also get the NGINX Ingress Controller image using the following alternate methods:
-
-- [Get the NGINX Ingress Controller image with JWT]({{< ref "/nic/installation/nic-images/get-image-using-jwt.md" >}}).
-- [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md" >}}) using the source code from the GitHub repository and your NGINX Plus subscription certificate and key.
-- For NGINX Ingress Controller using NGINX OSS, you can pull the [nginx/nginx-ingress image](https://hub.docker.com/r/nginx/nginx-ingress/) from DockerHub.
diff --git a/content/nic/installation/nic-images/use-aws-image.md b/content/nic/installation/nic-images/use-aws-image.md
index 4198e253c..291a988ba 100644
--- a/content/nic/installation/nic-images/use-aws-image.md
+++ b/content/nic/installation/nic-images/use-aws-image.md
@@ -14,9 +14,9 @@ This guide walks you through the steps to set up NGINX Ingress Controller using
 
 Follow this guide to set up NGINX Ingress Controller using AWS Marketplace. This involves some extra steps to make sure everything works as it should.
 
-{{< important >}}This guide focuses on EKS version 1.30. For EKS versions below 1.30, you'll need to adjust security settings in the NGINX Pod to ensure compatibility with marketplace images. Make sure you're using updated versions of `eksctl` and the AWS CLI.{{< /important >}}
+{{< call-out "important" >}}This guide focuses on EKS version 1.30. For EKS versions below 1.30, you'll need to adjust security settings in the NGINX Pod to ensure compatibility with marketplace images. Make sure you're using updated versions of `eksctl` and the AWS CLI.{{< /call-out >}}
 
-{{< note >}}See the `AWS Marketplace Metering Service` section of the [AWS Marketplace documentation](https://docs.aws.amazon.com/general/latest/gr/aws-marketplace.html) for regions where NGINX Ingress Controller is supported.{{</note>}}
+{{< call-out "note" >}}See the `AWS Marketplace Metering Service` section of the [AWS Marketplace documentation](https://docs.aws.amazon.com/general/latest/gr/aws-marketplace.html) for regions where NGINX Ingress Controller is supported.{{< /call-out >}}
 
 ## Instructions
 
@@ -26,10 +26,10 @@ Follow this guide to set up NGINX Ingress Controller using AWS Marketplace. This
 
 3. Link this IAM role to your EKS cluster service account. Doing this will annotate your service account Kubernetes object with the IAM role link.
 
-{{< important >}}Associating your AWS EKS cluster with an OIDC provider is a prerequisite for creating your IAM service account.{{< /important >}}
+{{< call-out "important" >}}Associating your AWS EKS cluster with an OIDC provider is a prerequisite for creating your IAM service account.{{< /call-out >}}
 
 ## Use eksctl
-{{< note >}}Make sure you have an operational EKS cluster and that the namespace for your NGINX Ingress Controller is set up. If you don't have an EKS cluster yet, you'll need to create one.{{< /note >}}
+{{< call-out "note" >}}Make sure you have an operational EKS cluster and that the namespace for your NGINX Ingress Controller is set up. If you don't have an EKS cluster yet, you'll need to create one.{{< /call-out >}}
 
 {{<tabs name="install-aws">}}
 {{%tab name="manifests"%}}
@@ -134,6 +134,6 @@ Follow this guide to set up NGINX Ingress Controller using AWS Marketplace. This
 {{%/tab%}}
 {{</tabs>}}
 
-{{< tip >}}For help with credentials, AWS Labs offers a credential helper. Check out [their GitHub repository](https://github.com/awslabs/amazon-ecr-credential-helper) for setup instructions.{{< /tip >}}
+{{< call-out "tip" >}}For help with credentials, AWS Labs offers a credential helper. Check out [their GitHub repository](https://github.com/awslabs/amazon-ecr-credential-helper) for setup instructions.{{< /call-out >}}
 
 For options to customize your resources, see our [Configuration documentation]({{< ref "/nic/configuration/" >}}).
diff --git a/content/nic/installation/nic-images/use-gcp-image.md b/content/nic/installation/nic-images/use-gcp-image.md
index 2eb4e2f76..c398055f3 100644
--- a/content/nic/installation/nic-images/use-gcp-image.md
+++ b/content/nic/installation/nic-images/use-gcp-image.md
@@ -32,7 +32,7 @@ Choose one of the following methods to install NGINX Ingress Controller.
 
 2. Select **DEPLOY FROM MARKETPLACE** and search for *NGINX Ingress Controller*.
 
-   {{<note>}}Make sure to choose a _Premium Edition_ image from _NGINX, Inc._, not a third-party one.{{</note>}}
+   {{< call-out "note" >}}Make sure to choose a _Premium Edition_ image from _NGINX, Inc._, not a third-party one.{{< /call-out >}}
 
 3. Choose the appropriate *NGINX Ingress Controller* image, then select **CONFIGURE**.
 
@@ -42,7 +42,7 @@ Choose one of the following methods to install NGINX Ingress Controller.
 
    Recommended settings are pre-selected but feel free to adjust them.
 
-   {{< note >}}If you see the **CREATE NEW CLUSTER** button, select **OR SELECT AN EXISTING CLUSTER** . {{</note>}}
+   {{< call-out "note" >}}If you see the **CREATE NEW CLUSTER** button, select **OR SELECT AN EXISTING CLUSTER** . {{< /call-out >}}
 
 5. Select **DEPLOY** to start NGINX Ingress Controller installation process.
 
@@ -55,7 +55,7 @@ If you prefer to use a new GKE cluster, follow these steps. Ensure you have enou
 1. Open [Google Cloud Console](https://console.cloud.google.com/) and go to **Marketplace*.
 2. Search for *NGINX Ingress Controller*.
 
-   {{<note>}}Make sure to choose a _Premium Edition_ image from _NGINX, Inc._, not a third-party one.{{</note>}}
+   {{< call-out "note" >}}Make sure to choose a _Premium Edition_ image from _NGINX, Inc._, not a third-party one.{{< /call-out >}}
 
 3. Choose the appropriate *NGINX Ingress Controller* image, then select **CONFIGURE**.
 
diff --git a/content/nic/installation/run-multiple-ingress-controllers.md b/content/nic/installation/run-multiple-ingress-controllers.md
index 98f3417b8..676332fb4 100644
--- a/content/nic/installation/run-multiple-ingress-controllers.md
+++ b/content/nic/installation/run-multiple-ingress-controllers.md
@@ -1,10 +1,10 @@
 ---
-nd-docs: DOCS-606
-doctypes:
-- ''
 title: Run multiple NGINX Ingress Controllers
 toc: true
-weight: 400
+weight: 600
+nd-content-type: how-to
+nd-product: NIC
+nd-docs: DOCS-606
 ---
 
 This document describes how to run multiple F5 NGINX Ingress Controller instances.
@@ -15,9 +15,7 @@ It explains the following topics:
 - How to run NGINX Ingress Controller in the same cluster with another Ingress Controller and prevent conflicts between them
 - How to run multiple NGINX Ingress Controllers.
 
-{{< note >}} This document refers to [Ingress]({{< ref "/nic/configuration/ingress-resources/basic-configuration.md" >}}), [VirtualServer]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#virtualserver-specification" >}}), [VirtualServerRoute]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#virtualserverroute-specification" >}}), and [TransportServer]({{< ref "/nic/configuration/transportserver-resource.md" >}}) resources as "configuration resources".{{< /note >}}
-
----
+{{< call-out "note" >}} This document refers to [Ingress]({{< ref "/nic/configuration/ingress-resources/basic-configuration.md" >}}), [VirtualServer]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#virtualserver-specification" >}}), [VirtualServerRoute]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#virtualserverroute-specification" >}}), and [TransportServer]({{< ref "/nic/configuration/transportserver-resource.md" >}}) resources as "configuration resources".{{< /call-out >}}
 
 ## Ingress class
 
@@ -32,10 +30,8 @@ The IngressClass has the following characteristics:
 
 The default Ingress class of NGINX Ingress Controller is `nginx`, which means that it only handles configuration resources with the Ingress class set to `nginx`. You can customize the class through the `-ingress-class` command-line argument.
 
-{{< note >}}- If the class of an Ingress resource is not set, Kubernetes will set it to the class of the default Ingress Controller. To make the Ingress Controller the default one, the `ingressclass.kubernetes.io/is-default-class` property must be set on the IngressClass resource. To learn more, see Step 3 *Create an IngressClass resource* of the [Create Common Resources]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md#create-common-resources" >}}) section.
-- For VirtualServer, VirtualServerRoute, Policy and TransportServer resources, NGINX Ingress Controller will always handle resources with an empty class.{{< /note >}}
-
----
+{{< call-out "note" >}}- If the class of an Ingress resource is not set, Kubernetes will set it to the class of the default Ingress Controller. To make the Ingress Controller the default one, the `ingressclass.kubernetes.io/is-default-class` property must be set on the IngressClass resource. To learn more, see Step 3 *Create an IngressClass resource* of the [Create Common Resources]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md#create-common-resources" >}}) section.
+- For VirtualServer, VirtualServerRoute, Policy and TransportServer resources, NGINX Ingress Controller will always handle resources with an empty class.{{< /call-out >}}
 
 ## Run NGINX Ingress Controller and another Ingress Controller
 
@@ -43,8 +39,6 @@ It is possible to run NGINX Ingress Controller and an Ingress Controller for ano
 
 To make sure that NGINX Ingress Controller handles specific configuration resources, update those resources with the class set to the value that is configured in NGINX Ingress Controller. By default, this is `nginx`.
 
----
-
 ## Run multiple NGINX Ingress Controllers
 
 When running NGINX Ingress Controller, you have the following options with regards to which configuration resources it handles:
@@ -55,6 +49,6 @@ When running NGINX Ingress Controller, you have the following options with regar
 
 These options allow you to run multiple NGINX Ingress Controllers, each handling a different set of configuration resources.
 
-{{< see-also >}}[Command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}){{< /see-also >}}
+{{< call-out "note" >}}[Command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}){{< /call-out>}}
 
-{{< note >}}All the mentioned command-line arguments are also available as parameters in the [Helm chart]({{< ref "/nic/installation/installing-nic/installation-with-helm" >}}).{{< /note >}}
+{{< call-out "note" >}}All the mentioned command-line arguments are also available as parameters in the [Helm chart]({{< ref "/nic/installation/installing-nic/installation-with-helm" >}}).{{< /call-out >}}
diff --git a/content/nic/installation/upgrade-version.md b/content/nic/installation/upgrade-version.md
new file mode 100644
index 000000000..bacb9fe72
--- /dev/null
+++ b/content/nic/installation/upgrade-version.md
@@ -0,0 +1,318 @@
+---
+# We use sentence case and present imperative tone
+title: "Upgrade NGINX Ingress Controller"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 500
+# Creates a table of contents and sidebar, useful for large documents
+toc: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NIC 
+---
+
+This document describes how to upgrade F5 NGINX Ingress Controller when a new version releases. 
+
+It covers the necessary steps for minor versions as well as major versions (Such as 3.x to 4.x).
+
+Many of the nuances in upgrade paths relate to how custom resource definitions (CRDs) are managed.
+
+## Minor NGINX Ingress Controller upgrades
+
+### Upgrade NGINX Ingress Controller CRDs
+
+{{< call-out "note" >}} If you are running NGINX Ingress Controller v3.x, you should read [Upgrade from NGINX Ingress Controller v3.x to v4.0.0]({{< ref "/nic/installation/upgrade-version.md#upgrade-from-3x-to-4x" >}}) before continuing. {{< /call-out >}}
+
+To upgrade the CRDs, pull the Helm chart source, then use _kubectl apply_:
+
+```shell
+helm pull oci://ghcr.io/nginx/charts/nginx-ingress --untar --version {{< nic-helm-version >}}
+kubectl apply -f crds/
+```
+
+Alternatively, CRDs can be upgraded without pulling the chart by running:
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{< nic-version >}}/deploy/crds.yaml
+```
+
+In the above command, `v{{< nic-version >}}` represents the version of the NGINX Ingress Controller release rather than the Helm chart version.
+
+{{< call-out "note" >}} The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`.
+
+Check the [release notes](https://www.github.com/nginx/kubernetes-ingress/releases) for a new release for any special upgrade procedures.
+{{< /call-out >}}
+
+### Upgrade NGINX Ingress Controller charts
+
+Once the CRDs have been upgraded, you can then upgrade the release chart.
+
+The command depends on if you installed the chart using the registry or from source.
+
+To upgrade a release named _my-release_, use the following command:
+
+{{< tabs name="upgrade-chart" >}}
+
+{{% tab name="OCI registry" %}}
+
+```shell
+helm upgrade my-release oci://ghcr.io/nginx/charts/nginx-ingress --version {{< nic-helm-version >}}
+```
+
+{{% /tab %}}
+
+{{% tab name="Source" %}}
+
+```shell
+helm upgrade my-release .
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
+
+## Upgrade from 3.x to 4.x
+
+{{< call-out "warning" "This upgrade path is intended for 3.x to 4.0.0 only" >}}
+
+The instructions in this section are intended only for users upgrading from NGINX Ingress Controller 3.x to 4.0.0. Internal changes meant that backwards compability was not possible, requiring extra steps to upgrade.
+
+{{< /call-out >}}
+
+This section provides step-by-step instructions for upgrading NGINX Ingress Controller from version v3.x to v4.0.0.
+
+There are two necessary steps required
+
+- Update the `apiVersion` value of custom resources
+- Configure structured logging.
+
+If you want to use NGINX Plus, you will also need to follow the [Create a license Secret]({{< ref "/nic/installation/create-license-secret.md" >}}) topic.
+
+### Update custom resource apiVersion
+
+If you're using Helm chart version `v2.x`, update your `GlobalConfiguration`, `Policy`, and `TransportServer` resources from `apiVersion: k8s.nginx.org/v1alpha1` to `apiVersion: k8s.nginx.org/v1` before upgrading to NGINX Ingress Controller 4.0.0.
+
+If the Helm chart you have been using is `v1.0.2` or earlier (NGINX Ingress Controller `v3.3.2`), upgrade to Helm chart `v1.4.2` (NGINX Ingress Controller `v3.7.2`) before updating your GlobalConfiguration, Policy, and TransportServer resources.
+
+The example below shows the change for a Policy resource: you must do the same for all GlobalConfiguration and TransportServer resources.
+
+{{< tabs name="resource-version-update" >}}
+
+{{% tab name="Before" %}}
+
+```yaml
+apiVersion: k8s.nginx.org/v1alpha1
+kind: Policy
+metadata:
+  name: rate-limit-policy
+spec:
+  rateLimit:
+    rate: 1r/s
+    key: ${binary_remote_addr}
+    zoneSize: 10M
+```
+
+{{% /tab %}}
+
+{{% tab name="After" %}}
+
+```yaml
+apiVersion: k8s.nginx.org/v1
+kind: Policy
+metadata:
+  name: rate-limit-policy
+spec:
+  rateLimit:
+    rate: 1r/s
+    key: ${binary_remote_addr}
+    zoneSize: 10M
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
+
+{{< call-out "warning" >}}
+
+If a *GlobalConfiguration*, *Policy* or *TransportServer* resource is deployed with `apiVersion: k8s.nginx.org/v1alpha1`, it will be **deleted** during the upgrade process.
+
+{{</ call-out >}}
+
+After you move the custom resources to `v1`, run the following `kubectl` commands before upgrading to v4.0.0 Custom Resource Definitions (CRDs) to avoid webhook errors caused by leftover `v1alpha1` resources. For details, see [GitHub issue #7010](https://github.com/nginx/kubernetes-ingress/issues/7010).
+
+```shell
+kubectl patch customresourcedefinitions transportservers.k8s.nginx.org --subresource='status' --type='merge' -p '{"status":{"storedVersions": ["v1"]}}'
+```
+
+```shell
+kubectl patch customresourcedefinitions globalconfigurations.k8s.nginx.org --subresource='status' --type='merge' -p '{"status":{"storedVersions": ["v1"]}}'
+```
+
+### Configure structured logging
+
+To configure structured logging, you must update your log deployment arguments from an integer to a string. You can also choose different formats for the log output.
+
+{{< call-out "note" >}} These options apply to NGINX Ingress Controller logs, and do not affect NGINX logs. {{< /call-out >}}
+
+| **Level arguments** | **Format arguments** |
+|---------------------|----------------------|
+| `trace`             | `json`               |
+| `debug`             | `text`               |
+| `info`              | `glog`               |
+| `warning`           |                      |
+| `error`             |                      |
+| `fatal`             |                      |
+
+{{< tabs name="structured logging" >}}
+
+{{% tab name="Helm" %}}
+
+The Helm value `controller.logLevel` is now a string instead of an integer.
+
+To change the rendering of the log format, use the `controller.logFormat` key.
+
+```yaml
+controller:
+    logLevel: info
+    logFormat: json
+```
+{{% /tab %}}
+
+{{% tab name="Manifests" %}}
+
+The command line argument `-v` has been replaced with `-log-level`, and takes a string instead of an integer. The argument `-logtostderr` has also been deprecated.
+
+To change the rendering of the log format, use the `-log-format` argument.
+
+```yaml
+args:
+    - -log-level=info
+    - -log-format=json
+```
+{{% /tab %}}
+
+{{< /tabs >}}
+
+### Create License secret
+
+If you're using [NGINX Plus]({{< ref "/nic/overview/nginx-plus.md" >}}) with NGINX Ingress Controller, you should read the [Create a license Secret]({{< ref "/nic/installation/create-license-secret.md" >}}) topic to set up your NGINX Plus license.
+
+The topic also contains guidance for [sending reports to NGINX Instance Manager]({{< ref "/nic/installation/create-license-secret.md#nim">}}), which is necessary for air-gapped environments.
+
+Earlier versions required usage reporting through the cluster connector. This is no longer needed because it's now built into NGINX Plus.
+
+## Upgrade a version older than v3.1.0
+
+Starting in version 3.1.0, NGINX Ingress Controller uses updated Helm resource names, labels, and annotations to follow Helm best practices. [See the changes.](https://github.com/nginx/kubernetes-ingress/pull/3606)
+
+When you upgrade with Helm from a version earlier than 3.1.0, some resources such as `Deployment`, `DaemonSet`, and `Service` are recreated. This causes downtime.
+
+To reduce downtime, update all resources to use the new naming convention. The following steps help you do that.
+
+{{< call-out "note" >}} The following steps apply to both 2.x and 3.0.x releases.  {{</ call-out >}}
+
+The steps you should follow depend on your Helm release name:
+
+{{< tabs name="upgrade-helm" >}}
+
+{{% tab name="nginx-ingress" %}}
+
+Use `kubectl describe` on deployment/daemonset to get the `Selector` value:
+
+```shell
+kubectl describe deployments -n <namespace>
+```
+
+Copy the key=value under `Selector`, such as:
+
+```shell
+Selector: app=nginx-ingress-nginx-ingress
+```
+
+Check out the latest available tag using `git checkout v{{< nic-version >}}`
+
+Go to `/kubernetes-ingress/charts/nginx-ingress`
+
+Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernetes-ingress/charts/nginx-ingress` with the copied `Selector` value.
+
+```shell
+selectorLabels: {app: nginx-ingress-nginx-ingress}
+```
+
+Run `helm upgrade` with following arguments set:
+
+```shell
+--set serviceNameOverride="nginx-ingress-nginx-ingress"
+--set controller.name=""
+--set fullnameOverride="nginx-ingress-nginx-ingress"
+```
+
+It might look like this:
+
+```shell
+helm upgrade nginx-ingress oci://ghcr.io/nginx/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="nginx-ingress-nginx-ingress" --set controller.name="" --set fullnameOverride="nginx-ingress-nginx-ingress" -f values.yaml
+```
+
+Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by reviewing its events:
+
+```text
+    Type    Reason             Age    From                   Message
+----    ------             ----   ----                   -------
+Normal  ScalingReplicaSet  9m11s  deployment-controller  Scaled up replica set nginx-ingress-nginx-ingress-<old_version> to 1
+Normal  ScalingReplicaSet  101s   deployment-controller  Scaled up replica set nginx-ingress-nginx-ingress-<new_version> to 1
+Normal  ScalingReplicaSet  98s    deployment-controller  Scaled down replica set nginx-ingress-nginx-ingress-<old_version> to 0 from 1
+```
+
+{{% /tab %}}
+
+{{< tab name="Other release names" >}}
+
+Use `kubectl describe` on deployment/daemonset to get the `Selector` value:
+
+```shell
+kubectl describe deployment/daemonset -n <namespace>
+```
+
+Copy the key=value under ```Selector```, such as:
+
+```shell
+Selector: app=<helm_release_name>-nginx-ingress
+```
+
+Check out the latest available tag using `git checkout v{{< nic-version >}}`
+
+Go to `/kubernetes-ingress/charts/nginx-ingress`.
+
+Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernetes-ingress/charts/nginx-ingress` with the copied `Selector` value.
+
+```shell
+selectorLabels: {app: <helm_release_name>-nginx-ingress}
+```
+
+Run `helm upgrade` with following arguments set:
+
+```shell
+--set serviceNameOverride="<helm_release_name>-nginx-ingress"
+--set controller.name=""
+```
+
+It might look like this:
+
+```shell
+helm upgrade test-release oci://ghcr.io/nginx/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="test-release-nginx-ingress" --set controller.name="" -f values.yaml
+```
+
+Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by reviewing its events:
+
+```shell
+Type    Reason             Age    From                   Message
+----    ------             ----   ----                   -------
+Normal  ScalingReplicaSet  9m11s  deployment-controller  Scaled up replica set test-release-nginx-ingress-<old_version> to 1
+Normal  ScalingReplicaSet  101s   deployment-controller  Scaled up replica set test-release-nginx-ingress-<new_version> to 1
+Normal  ScalingReplicaSet  98s    deployment-controller  Scaled down replica set test-release-nginx-ingress-<old_version> to 0 from 1
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
diff --git a/content/nic/logging-and-monitoring/_index.md b/content/nic/logging-and-monitoring/_index.md
index c2e745897..cfa385b92 100644
--- a/content/nic/logging-and-monitoring/_index.md
+++ b/content/nic/logging-and-monitoring/_index.md
@@ -1,9 +1,6 @@
 ---
-title: Logging And Monitoring
+title: Logging and monitoring
 description:
 weight: 1500
 url: /nginx-ingress-controller/logging-and-monitoring
-menu:
-  docs:
-    parent: NGINX Ingress Controller
 ---
diff --git a/content/nic/logging-and-monitoring/logging.md b/content/nic/logging-and-monitoring/logging.md
index 2407b99a8..97c725a64 100644
--- a/content/nic/logging-and-monitoring/logging.md
+++ b/content/nic/logging-and-monitoring/logging.md
@@ -1,15 +1,19 @@
 ---
-title: Logging
+title: Logs available from NGINX Ingress Controller
 toc: true
-weight: 1800
+weight: 100
 nd-content-type: reference
 nd-product: NIC
 nd-docs: DOCS-613
 ---
 
-This document gives an overview of logging provided by NGINX Ingress Controller.
+This document gives an overview of logging provided by F5 NGINX Ingress Controller.
 
-NGINX Ingress Controller exposes the logs of the Ingress Controller process (the process that generates NGINX configuration and reloads NGINX to apply it) and NGINX access and error logs. All logs are sent to the standard output and error of the NGINX Ingress Controller process. To view the logs, you can execute the `kubectl logs` command for an Ingress Controller pod. For example:
+NGINX Ingress Controller exposes the logs of the Ingress Controller process (The process that generates NGINX configuration and reloads NGINX to apply it) and NGINX access and error logs. 
+
+All logs are sent to the standard output and error of the NGINX Ingress Controller process. To view the logs, you can execute the `kubectl logs` command for an Ingress Controller pod. 
+
+For example:
 
 ```shell
 kubectl logs <nginx-ingress-pod> -n nginx-ingress
@@ -17,13 +21,17 @@ kubectl logs <nginx-ingress-pod> -n nginx-ingress
 
 ## NGINX Ingress Controller Process Logs
 
-The NGINX Ingress Controller process logs are configured through the `-log-level` command-line argument of the NGINX Ingress Controller, which sets the log level. The default value is `info`. Other options include: `trace`, `debug`, `info`, `warning`, `error` and `fatal`. The value `debug` is useful for troubleshooting: you will be able to see how NGINX Ingress Controller gets updates from the Kubernetes API, generates NGINX configuration and reloads NGINX.
+The NGINX Ingress Controller process logs are configured through the `-log-level` command-line argument of the NGINX Ingress Controller, which sets the log level. 
+
+The default value is `info`. Other options include: `trace`, `debug`, `info`, `warning`, `error` and `fatal`. 
+
+The value `debug` is useful for troubleshooting: you will be able to see how NGINX Ingress Controller gets updates from the Kubernetes API, generates NGINX configuration and reloads NGINX.
 
-See also the doc about NGINX Ingress Controller [command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md" >}}).
+Read more about NGINX Ingress Controller [command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md" >}}).
 
 ## NGINX Logs
 
-The NGINX includes two logs:
+NGINX includes two logs:
 
 - *Access log*, where NGINX writes information about client requests in the access log right after the request is processed. The access log is configured via the [logging-related]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#logging" >}}) ConfigMap keys:
   - `log-format` for HTTP and HTTPS traffic.
@@ -32,4 +40,4 @@ The NGINX includes two logs:
     Additionally, you can disable access logging with the `access-log-off` ConfigMap key.
 - *Error log*, where NGINX writes information about encountered issues of different severity levels. It is configured via the `error-log-level` [ConfigMap key]({{< ref "/nic/configuration/global-configuration.md#configmap-resource#logging" >}}). To enable debug logging, set the level to `debug` and also set the `-nginx-debug` [command-line argument]({{< ref "/nic/configuration/global-configuration.md#command-line-arguments" >}}), so that NGINX is started with the debug binary `nginx-debug`.
 
-See also the doc about [NGINX logs]({{< ref "/nginx/admin-guide/monitoring/logging.md" >}}) from NGINX Admin guide.
+Read more about [NGINX logs]({{< ref "/nginx/admin-guide/monitoring/logging.md" >}}) from NGINX Admin guide.
diff --git a/content/nic/logging-and-monitoring/opentelemetry.md b/content/nic/logging-and-monitoring/opentelemetry.md
new file mode 100644
index 000000000..c86779b21
--- /dev/null
+++ b/content/nic/logging-and-monitoring/opentelemetry.md
@@ -0,0 +1,105 @@
+---
+# We use sentence case and present imperative tone
+title: "Enable OpenTelemetry"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 300
+# Creates a table of contents and sidebar, useful for large documents
+toc: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NIC
+---
+
+This topic describes how to enable [OpenTelemetry](https://opentelemetry.io/) for F5 NGINX Ingress Controller using the [native NGINX module](https://nginx.org/en/docs/ngx_otel_module.html).
+
+## Before you begin
+
+To complete this guide, you need the following pre-requisites:
+
+- An [NGINX Ingress Controller installation]({{< ref "/nic/installation/" >}}) with OpenTelemetry (v5.1.0+)
+
+## Load the OpenTelemetry module
+
+To enable OpenTelemetry, you must first load the module by adding the [_otel-exporter-endpoint_ ConfigMap key]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#modules" >}}), which takes an endpoint argument.
+
+The following is an example of a OpenTelemetry collector running in your cluster as the target for exporting data:
+
+```yaml
+otel-exporter-endpoint: "http://otel-collector.default.svc.cluster.local:4317"
+```
+
+A complete ConfigMap example with all OpenTelemetry options could look as follows:
+
+{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/shared-examples/otel/nginx-config.yaml" >}}
+
+## Enable OpenTelemetry
+
+Once you have loaded the module, you can now enable OpenTelemetry.
+
+You can configure it globally for all resources, or on a per resource basis.
+
+### Global
+
+To enable OpenTelemetry for all resources, set the _otel-trace-in-http_ ConfigMap key to `true`:
+
+```yaml
+otel-trace-in-http: "true"
+```
+
+### Per resource
+
+You can configure OpenTelemetry on a per resource basis in NGINX Ingress Controller.
+
+For this functionality, you must [enable snippets]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) with the `-enable-snippets` command-line argument.
+
+Based on the state of global configuration, you can selectively enable or disable metrics for each resource.
+
+#### Enable a specific resource or path
+
+With OpenTelemetry **disabled** globally, you can enable it for a specific resource using the server snippet annotation:
+
+```yaml
+nginx.org/server-snippets: |
+    otel_trace on;
+```
+
+You can enable it for specific paths using [Mergeable Ingress resources]({{<  ref "/nic/configuration/ingress-resources/cross-namespace-configuration.md" >}}).
+
+Use the server snippet annotation for the paths of a specific Minion Ingress resource:
+
+```yaml
+nginx.org/location-snippets: |
+    otel_trace on;
+```
+
+#### Disable a specific resource or path
+
+With OpenTelemetry **enabled** globally, you can disable it for a specific resource using the server snippet annotation:
+
+ ```yaml
+nginx.org/server-snippets: |
+    otel_trace off;
+```
+
+You can disable it for specific paths using [Mergeable Ingress resources]({{<  ref "/nic/configuration/ingress-resources/cross-namespace-configuration.md" >}}).
+
+Use the server snippet annotation for the paths of a specific Minion Ingress resource:
+
+```yaml
+nginx.org/location-snippets: |
+    otel_trace off;
+```
+
+## Customize OpenTelemetry
+
+{{< call-out "note" >}}
+
+You cannot modify the additional directives in the _otel_exporter_ block using snippets.
+
+{{< /call-out >}}
+
+You can customize OpenTelemetry through the supported [OpenTelemetry module directives](https://nginx.org/en/docs/ngx_otel_module.html). 
+
+Use the `location-snippets` ConfigMap keys or annotations to insert those directives into the generated NGINX configuration.
\ No newline at end of file
diff --git a/content/nic/installation/integrations/opentracing.md b/content/nic/logging-and-monitoring/opentracing.md
similarity index 82%
rename from content/nic/installation/integrations/opentracing.md
rename to content/nic/logging-and-monitoring/opentracing.md
index 9b131dc8c..89d6cfdee 100644
--- a/content/nic/installation/integrations/opentracing.md
+++ b/content/nic/logging-and-monitoring/opentracing.md
@@ -1,18 +1,24 @@
 ---
-nd-docs: DOCS-618
-doctypes:
-- ''
-title: OpenTracing (Deprecated in v5.0.0)
+title: Enable OpenTracing (Removed in v5.0.0)
 toc: true
-weight: 500
+weight: 700
+nd-content-type: how-to
+nd-product: NIC
+nd-docs: DOCS-618
 ---
-OpenTracing support has been deprecated from v5.0.0 of F5 NGINX Ingress Controller.
 
-
-Learn how to use OpenTracing with F5 NGINX Ingress Controller.
+This topic describes how to OpenTracing with F5 NGINX Ingress Controller.
 
 NGINX Ingress Controller supports [OpenTracing](https://opentracing.io/) with the third-party module [opentracing-contrib/nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing).
 
+{{< call-out "warning" >}}
+
+OpenTracing support has been removed from v5.0.0 of NGINX Ingress Controller.
+
+From v5.1.0 onwards, you should follow the guidance in [Configure OpenTelemetry]({{< ref "/nic/logging-and-monitoring/opentelemetry.md" >}}).
+
+{{< /call-out >}}
+
 ## Prerequisites
 
 1. Use a NGINX Ingress Controller image that contains OpenTracing.
@@ -111,4 +117,4 @@ nginx.org/location-snippets: |
    opentracing_propagate_context;
 ```
 
-{{< note >}}The `opentracing_propagate_context` and `opentracing_grpc_propagate_context` directives can be used in `http`, `server` or `location` contexts according to the [module documentation](https://github.com/opentracing-contrib/nginx-opentracing/blob/master/doc/Reference.md#opentracing_propagate_context). However, because of the way the module works and how NGINX Ingress Controller generates the NGINX configuration, it is only possible to use the directive in the `location` context.{{< /note >}}
+{{< call-out "note" >}}The `opentracing_propagate_context` and `opentracing_grpc_propagate_context` directives can be used in `http`, `server` or `location` contexts according to the [module documentation](https://github.com/opentracing-contrib/nginx-opentracing/blob/master/doc/Reference.md#opentracing_propagate_context). However, because of the way the module works and how NGINX Ingress Controller generates the NGINX configuration, it is only possible to use the directive in the `location` context.{{< /call-out >}}
diff --git a/content/nic/logging-and-monitoring/prometheus.md b/content/nic/logging-and-monitoring/prometheus.md
index 17f32abe5..0bca69823 100644
--- a/content/nic/logging-and-monitoring/prometheus.md
+++ b/content/nic/logging-and-monitoring/prometheus.md
@@ -1,17 +1,41 @@
 ---
-nd-docs: DOCS-614
-doctypes:
-- concept
-title: Prometheus
+title: Enable Prometheus metrics
 toc: true
-weight: 2000
+weight: 400
+nd-content-type: how-to
+nd-product: NIC
+nd-docs: DOCS-614
 ---
 
-NGINX Ingress Controller exposes metrics in the [Prometheus](https://prometheus.io/) format. Those include NGINX/NGINX Plus and the Ingress Controller metrics.
+This topic describes how to enable [Prometheus metrics](https://prometheus.io/) for F5 NGINX Ingress Controller.
+
+The metrics exposed include NGINX Ingress Controller data, as well as NGINX Open Source and NGINX Plus.
 
 ## Enabling Metrics
 
+### Using Helm
+
+To enable Prometheus metrics when using *Helm* to install NGINX Ingress Controller, configure the `prometheus.*` parameters of the Helm chart. 
+
+See the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) topic.
+
+#### Using ServiceMonitor
+
+When deploying with *Helm*, you can deploy a `Service` and `ServiceMonitor` resource using the `prometheus.service.*` and `prometheus.serviceMonitor.*` parameters.
+When these resources are deployed, Prometheus metrics exposed by NGINX Ingress Controller can be captured and enumerated using a `Prometheus` resource alongside a Prometheus Operator deployment.
+
+To view metrics captured this way, you will need:
+
+* A working [Prometheus resource and Prometheus Operator](https://prometheus-operator.dev/docs/getting-started/introduction/)
+* The latest ServiceMonitor CRD from the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) repository:
+
+```shell
+LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name)
+curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/$LATEST/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml | kubectl create -f -
+```
+
 ### Using Manifests
+
 If you're using *Kubernetes manifests* (Deployment or DaemonSet) to install the Ingress Controller, to enable Prometheus metrics:
 
 1. Run the Ingress Controller with the `-enable-prometheus-metrics` [command-line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md" >}}). As a result, the Ingress Controller will expose NGINX or NGINX Plus metrics in the Prometheus format via the path `/metrics` on port `9113` (customizable via the `-prometheus-metrics-listen-port` command-line argument).
@@ -32,23 +56,6 @@ If you're using *Kubernetes manifests* (Deployment or DaemonSet) to install the
         prometheus.io/scheme: http
     ```
 
-### Using Helm
-
-If you're using *Helm* to install the Ingress Controller, to enable Prometheus metrics, configure the `prometheus.*` parameters of the Helm chart. See the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) doc.
-
-### Using ServiceMonitor
-
-When deploying with *Helm*, you can deploy a `Service` and `ServiceMonitor` resource using the `prometheus.service.*` and `prometheus.serviceMonitor.*` parameters.
-When these resources are deployed, Prometheus metrics exposed by NGINX Ingress Controller can be captured and enumerated using a `Prometheus` resource alongside a Prometheus Operator deployment.
-
-To view metrics captured this way, the following is required:
-* The latest ServiceMonitor CRD from the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) repository:
-```shell
-LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name)
-curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/$LATEST/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml | kubectl create -f -
-```
-* A working [Prometheus resource and Prometheus Operator](https://prometheus-operator.dev/docs/getting-started/introduction/)
-
 ## Available Metrics
 
 The Ingress Controller exports the following metrics:
diff --git a/content/nic/logging-and-monitoring/service-insight.md b/content/nic/logging-and-monitoring/service-insight.md
index b2908d27c..35b4c89a8 100644
--- a/content/nic/logging-and-monitoring/service-insight.md
+++ b/content/nic/logging-and-monitoring/service-insight.md
@@ -1,7 +1,7 @@
 ---
-title: Service Insight
+title: Enable Service Insight
 toc: true
-weight: 2100
+weight: 600
 nd-content-type: how-to
 nd-product: NIC
 nd-docs: DOCS-1180
diff --git a/content/nic/logging-and-monitoring/status-page.md b/content/nic/logging-and-monitoring/status-page.md
index 0357f0fb1..8d7c42983 100644
--- a/content/nic/logging-and-monitoring/status-page.md
+++ b/content/nic/logging-and-monitoring/status-page.md
@@ -1,7 +1,7 @@
 ---
-title: Status Page
+title: View the NGINX status page
 toc: true
-weight: 1900
+weight: 200
 nd-content-type: how-to
 nd-product: NIC
 nd-docs: DOCS-615
diff --git a/content/nic/overview/design.md b/content/nic/overview/design.md
index 14e99a5d0..f481e6f21 100644
--- a/content/nic/overview/design.md
+++ b/content/nic/overview/design.md
@@ -24,7 +24,7 @@ This figure depicts an example of NGINX Ingress Controller exposing two web appl
 
 {{<img src="/nic/ic-high-level.png" alt="">}}
 
-{{<note>}} For simplicity, necessary Kubernetes resources like Deployments and Services aren't shown, which Admin and the users also need to create.{{</note>}}
+{{< call-out "note" >}} For simplicity, necessary Kubernetes resources like Deployments and Services aren't shown, which Admin and the users also need to create.{{< /call-out >}}
 
 The figure shows:
 
@@ -52,7 +52,7 @@ The following is an architectural diagram depicting how those processes interact
 
 This table describes each connection, starting with its type:
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
+{{< table >}}
 | # | Protocols | Description |
 | --- | --- | --- |
 |1|HTTP| _Prometheus_ fetches NGINX Ingress Controller and NGINX metrics with an NGINX Ingress Controller HTTP endpoint (Default `:9113/metrics`). **Note**: *Prometheus* is not required and the endpoint can be turned off. |
@@ -76,7 +76,7 @@ This table describes each connection, starting with its type:
 |19|HTTP,HTTPS,TCP,UDP| A _client_ sends traffic to and receives traffic from any of the _NGINX workers_ on ports 80 and 443 and any additional ports exposed by the [GlobalConfiguration resource]({{< ref "/nic//configuration/global-configuration/globalconfiguration-resource.md" >}}).
 |20|HTTP,HTTPS,TCP,UDP| An _NGINX worker_ sends traffic to and receives traffic from the _backends_.
 |21|HTTP| _Admin_ can connect to the [NGINX stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html#stub_status) using port 8080 via an _NGINX worker_. By default, NGINX only allows connections from `localhost`.
-{{% /bootstrap-table %}}
+{{< /table >}}
 
 ### Differences with NGINX Plus
 
diff --git a/content/nic/overview/nginx-plus.md b/content/nic/overview/nginx-plus.md
index 07316c039..313d5cd52 100644
--- a/content/nic/overview/nginx-plus.md
+++ b/content/nic/overview/nginx-plus.md
@@ -22,7 +22,7 @@ NGINX Ingress Controller works with [NGINX](https://nginx.org/) as well as [NGIN
 
 For a comprehensive guide of NGINX Plus features available with Ingress resources, see the [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource">}}) and [Annotations]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations">}}) documentation.
 
-{{< note >}} NGINX Plus features are configured for Ingress resources using Annotations that start with `nginx.com`. {{< /note >}}
+{{< call-out "note" >}} NGINX Plus features are configured for Ingress resources using Annotations that start with `nginx.com`. {{< /call-out >}}
 
 For a comprehensive guide of NGINX Plus features available with custom resources, see the [Policy]({{< ref "/nic/configuration/policy-resource" >}}), [VirtualServer]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources" >}}) and [TransportServer]({{< ref "/nic/configuration/transportserver-resource" >}}) documentation.
 
diff --git a/content/nic/overview/product-telemetry.md b/content/nic/overview/product-telemetry.md
index 29f1ad409..08196c4ca 100644
--- a/content/nic/overview/product-telemetry.md
+++ b/content/nic/overview/product-telemetry.md
@@ -15,7 +15,7 @@ NGINX Ingress Controller collects product telemetry data to allow its developers
 
 Product telemetry is enabled by default, collected once every 24 hours. It's then sent over HTTPS to a service managed by F5 at `oss.edge.df.f5.com`.
 
-{{< note >}} If you would prefer not to send any telemetry data, you can [opt-out](#opt-out) when installing NGINX Ingress Controller. {{< /note >}}
+{{< call-out "note" >}} If you would prefer not to send any telemetry data, you can [opt-out](#opt-out) when installing NGINX Ingress Controller. {{< /call-out >}}
 
 ---
 
diff --git a/content/nic/releases.md b/content/nic/releases.md
index f3480f11a..4821b26d8 100644
--- a/content/nic/releases.md
+++ b/content/nic/releases.md
@@ -5,18 +5,43 @@ toc: true
 nd-content-type: reference
 nd-product: NIC
 nd-docs: DOCS-616
+---
+## 5.1.1
+
+15 Aug 2025
+
+### <i class="fa-solid fa-bug-slash"></i> Fixes
+- [8046](https://github.com/nginx/kubernetes-ingress/pull/8046) Update interval checks for mgmt directive
+- [8079](https://github.com/nginx/kubernetes-ingress/pull/8079) Status updates for vs endpoints 
+- [8125](https://github.com/nginx/kubernetes-ingress/pull/8125) Don't send request headers & body to jwks uri
+
+### <i class="fa-solid fa-upload"></i> Dependencies
+- [8115](https://github.com/nginx/kubernetes-ingress/pull/8115) & [8131](https://github.com/nginx/kubernetes-ingress/pull/8131) Bump Go dependencies
+- [8030](https://github.com/nginx/kubernetes-ingress/pull/8030), [8080](https://github.com/nginx/kubernetes-ingress/pull/8080) & [8112](https://github.com/nginx/kubernetes-ingress/pull/8112) Bump Docker dependencies
+- [8139](https://github.com/nginx/kubernetes-ingress/pull/8139) Update to NGINX OSS 1.29.1, NGINX Plus r35, NGINX Agent v3.2, NGINX App Protect 4.16.0 & 5.8.0, and Alpine Linux 3.22
+
+### <i class="fa-solid fa-download"></i> Upgrade
+- For NGINX, use the 5.1.1 images from our [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=5.1.1), [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress).
+- For NGINX Plus, use the 5.1.1 images from the F5 Container registry or build your own image using the 5.1.1 source code.
+- For Helm, use version 2.2.2 of the chart.
+
+### <i class="fa-solid fa-life-ring"></i> Supported Platforms
+We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes versions: 1.25-1.33.
+
 ---
 ## 5.1.0
 
 08 Jul 2025
 
-This release includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources.
+This NGINX Ingress Controller release brings initial connectivity to the NGINX One Console! You can now use NGINX One Console to monitor NGINX instances that are part of your NGINX Ingress Controller cluster. See [here]({{< ref "/nginx-one/k8s/add-nic.md" >}}) to configure NGINX One Console with NGINX Ingress Controller.
+
+This release also includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources.
 
-Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. This release replaces that observability capability with native NGINX Open Telemetry traces, allowing you to monitor the internal traffic of your applications.
+Lastly, in our previous v5.0.0 release, we removed support for OpenTracing. This release replaces that observability capability with native [NGINX OpenTelemetry]({{< ref "/nic/logging-and-monitoring/opentelemetry.md" >}}) traces, allowing you to monitor the internal traffic of your applications.
 
 ### <i class="fa-solid fa-rocket"></i> Features
-- [7642](https://github.com/nginx/kubernetes-ingress/pull/7642) Add OpenTelemetry support
-- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for Agent V3
+- [7642](https://github.com/nginx/kubernetes-ingress/pull/7642) Add [OpenTelemetry support]({{< ref "/nic/logging-and-monitoring/opentelemetry.md" >}})
+- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for NGINX Agent version 3 and NGINX One Console
 - [7884](https://github.com/nginx/kubernetes-ingress/pull/7884) Tiered rate limits with variables
 - [7765](https://github.com/nginx/kubernetes-ingress/pull/7765) Add OIDC PKCE configuration through Policy
 - [7832](https://github.com/nginx/kubernetes-ingress/pull/7832) Add request_method to rate-limit Policy
@@ -46,7 +71,7 @@ Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. Thi
 [GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress),
 [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress).
 - For NGINX Plus, use the 5.1.0 images from the F5 Container registry or build your own image using the 5.1.0 source code
-- For Helm, use version 2.2.0 of the chart.
+- For Helm, use version 2.2.1 of the chart.
 
 ### <i class="fa-solid fa-life-ring"></i> Supported Platforms
 
@@ -61,17 +86,21 @@ versions: 1.25-1.33.
 
 Added support for [NGINX Plus R34]({{< ref "/nginx/releases.md#nginxplusrelease-34-r34" >}}), users needing to use a forward proxy for license verification are now able to make use of the [`proxy`](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy) directives available in F5 NGINX Plus.
 
-{{< important >}}
-With the removal of the OpenTracing dynamic module from [NGINX Plus R34](({{< ref "/nginx/releases.md#nginxplusrelease-34-r34" >}}), NGINX Ingress Controller also removes full OpenTracing support.  This will affect users making use of OpenTracing with the ConfigMap, `server-snippets` & `location-snippets` parameters.  Support for tracing with [OpenTelemetry]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) will come in a future release.
-{{< /important >}}
+{{< call-out "warning" >}}
+
+With the removal of the OpenTracing dynamic module from [NGINX Plus R34]({{< ref "/nginx/releases.md#nginxplusrelease-34-r34" >}}), NGINX Ingress Controller also removes full OpenTracing support. This will affect users making use of OpenTracing with the ConfigMap, `server-snippets` & `location-snippets` parameters.  Support for tracing with [OpenTelemetry]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) will come in a future release.
+
+{{< /call-out >}}
 
 We have extended the rate-limit Policy to allow tiered rate limit groups with JWT claims.  This will also allow users to apply different rate limits to their `VirtualServer` or `VirtualServerRoutes` with the value of a JWT claim.  See [here](https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/examples/custom-resources/rate-limit-tiered-jwt-claim/) for a working example.
 
 We introduced NGINX Plus Zone Sync as a managed service within NGINX Ingress Controller in this release.  In previous releases, we had examples using `stream-snippets` for OIDC support, users can now enable `zone-sync` without the need for `snippets`.  NGINX Plus Zone Sync is available when utilising two or more replicas, it supports OIDC & rate limiting.
 
-{{< note >}}
+{{< call-out "note" >}}
+
 For users who have previously installed OIDC or used the `zone_sync` directive with `stream-snippets`, please see the note in the [Configmap resources]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) topic to use the new `zone-sync` ConfigMap option.
-{{< /note >}}
+
+{{< /call-out >}}
 
 Open Source NGINX Ingress Controller architectures `armv7`, `s390x` & `ppc64le` are deprecated and will be removed in the next minor release.
 
@@ -123,7 +152,7 @@ versions: 1.25-1.32.
 - [7295](https://github.com/nginx/kubernetes-ingress/pull/7295) Clean up and fix for NIC Pod failing to bind when NGINX exits unexpectedly
 
 ### <i class="fa-solid fa-box"></i> Helm Chart
-{{< warning >}} From this release onwards, the Helm chart location has changed from `oci://ghcr.io/nginxinc/charts/nginx-ingress` to `oci://ghcr.io/nginx/charts/nginx-ingress`. {{< /warning >}}
+{{< call-out "warning" >}} From this release onwards, the Helm chart location has changed from `oci://ghcr.io/nginxinc/charts/nginx-ingress` to `oci://ghcr.io/nginx/charts/nginx-ingress`. {{< /call-out >}}
 - [7188](https://github.com/nginx/kubernetes-ingress/pull/7188) Correct typo in helm lease annotations template
 
 ### <i class="fa-solid fa-upload"></i> Dependencies
@@ -152,10 +181,10 @@ versions: 1.25-1.32.
 16 Dec 2024
 
 With added support for [NGINX R33]({{< ref "/nginx/releases.md#nginxplusrelease-33-r33" >}}), deployments of F5 NGINX Ingress Controller using NGINX Plus now require a valid JSON Web Token to run.
-Please see the [Upgrading to v4]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md#create-license-secret" >}}) for full details on setting up your license `Secret`.
+For full details on setting up your license `Secret`, see [Upgrading to v4]({{< ref "/nic/installation/upgrade-version.md#upgrade-from-3x-to-4x" >}}).
 
 API Version `v1alpha1` of `GlobalConfiguration`, `Policy` and `TransportServer` resources are now deprecated.
-Please see [Update custom resource apiVersion]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md#update-custom-resource-apiversion" >}}) for full details on updating your resources.
+For full details on updating your resources, see [Update custom resource apiVersion]({{< ref "/nic/installation/upgrade-version.md#upgrade-from-3x-to-4x" >}}).
 
 Updates have been made to our logging library. For a while, F5 NGINX Ingress Controller has been using the [golang/glog](https://github.com/golang/glog). For this release, we have moved to the native golang library [log/slog](https://pkg.go.dev/log/slog).
 This change was made for these reasons:
@@ -199,7 +228,7 @@ For more details on what this feature does, and how to configure it yourself, pl
 [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress).
 - For NGINX Plus, use the 4.0.0 images from the F5 Container registry or build your own image using the 4.0.0 source code
 - For Helm, use version 2.0.0 of the chart.
-- [Upgrading to v4]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md" >}})
+- [Upgrading to v4]({{< ref "/nic/installation/upgrade-version.md#upgrade-from-3x-to-4x" >}})
 
 ### <i class="fa-solid fa-life-ring"></i> Supported Platforms
 
@@ -213,14 +242,14 @@ versions: 1.25-1.32.
 
 25 Nov 2024
 
-{{< note >}}
+{{< call-out "note" >}}
 In our next major release, `v4.0.0`, the default log library for NGINX Ingress Controller will be changed from `golang/glog` to `log/slog`.
 This will mean that logs generated by NGINX Ingress Controller will be in a structured format with the option to choose a `string` or `json` output.
 This will not affect logs generated by NGINX.
 To ensure backwards compatibility, we will ensure the existing log format, `glog`, will be maintained through a configuration option for the next 3 releases.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< important >}}
+{{< call-out "important" >}}
 CRD version removal notice.
 In our next major release, `v4.0.0`, support for the following apiVersions for these listed CRDs will be dropped:
 1. `k8s.nginx.org/v1alpha` for `GlobalConfiguration`
@@ -231,7 +260,7 @@ Prior to upgrading, **please ensure** that any of these resources deployed as `a
 If a resource of `kind: GlobalConfiguration`, `kind: Policy` or `kind: TransportServer` are deployed as `apiVersion: k8s.nginx.org/v1alpha1`, these resources will be **deleted** when upgrading from, at least, `v3.4.0` to `v4.0.0`
 
 When `v4.0.0` is released, the release notes will contain the required upgrade steps to go from `v3.X.X` to `v4.X.X`
-{{< /important >}}
+{{< /call-out >}}
 
 ### <i class="fa-solid fa-bug-slash"></i> Fixes
 - [6838](https://github.com/nginx/kubernetes-ingress/pull/6838) Update oidc_template and conf
@@ -1683,7 +1712,7 @@ We will provide technical support for NGINX Ingress Controller on any Kubernetes
 ### <i class="fa-solid fa-download"></i> Upgrade
 
 - For NGINX, use the 1.12.1 image from our DockerHub: `nginx/nginx-ingress:1.12.1`, `nginx/nginx-ingress:1.12.1-alpine` or `nginx/nginx-ingress:1.12.1-ubi`
-- For NGINX Plus, use the 1.12.1 image from the F5 Container Registry - see [the documentation here]({{< ref "/nic/installation/nic-images/get-registry-image.md">}})
+- For NGINX Plus, use the 1.12.1 image from the F5 Container Registry - see [the documentation here]({{< ref "/nic/installation/nic-images/registry-download.md">}})
 - Alternatively, you can also build your own image using the 1.12.1 source code.
 - For Helm, use version 0.10.1 of the chart.
 
diff --git a/content/nic/technical-specifications.md b/content/nic/technical-specifications.md
index 794d5d818..869a87b3c 100644
--- a/content/nic/technical-specifications.md
+++ b/content/nic/technical-specifications.md
@@ -9,17 +9,15 @@ nd-docs: DOCS-617
 
 This page describes technical specifications for F5 NGINX Ingress Controller, such as its version compatibility with Kubernetes and other NGINX software.
 
----
-
 ## Supported NGINX Ingress Controller versions
 
 We recommend using the latest release of NGINX Ingress Controller. We provide software updates for the most recent release. We provide technical support for F5 customers who are using the most recent version of NGINX Ingress Controller, and any version released within two years of the current release.
 We test NGINX Ingress Controller on a range of Kubernetes platforms for each release, and list them in the [release notes]({{< ref "/nic/releases.md" >}}). We provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider, and that passes the [Kubernetes conformance tests](https://www.cncf.io/certification/software-conformance/).
 
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
+{{< table >}}
 | NIC version | Kubernetes versions tested  | NIC Helm Chart version | NIC Operator version | NGINX / NGINX Plus version | End of Technical Support |
 | --- | --- | --- | --- | --- | --- |
-| {{< nic-version >}} | 1.25 - 1.33 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.5 / R34 P1 | - |
+| {{< nic-version >}} | 1.25 - 1.33 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.29.1 / R35 | - |
 | 5.0.0 | 1.25 - 1.32 | 2.1.0 | 3.1.0 | 1.27.4 / R34 | Apr 16, 2027 |
 | 4.0.1 | 1.25 - 1.32 | 2.0.1 | 3.0.1 | 1.27.4 / R33 P2 | Feb 7, 2027 |
 | 3.7.2 | 1.25 - 1.31 | 1.4.2 | 2.4.2 | 1.27.2 / R32 P1 | Nov 25, 2026 |
@@ -28,9 +26,7 @@ We test NGINX Ingress Controller on a range of Kubernetes platforms for each rel
 | 3.4.3 | 1.23 - 1.29 | 1.1.3 | 2.1.2 | 1.25.4 / R31 P1 | Feb 19, 2026 |
 | 3.3.2 | 1.22 - 1.28 | 1.0.2 | 2.0.2 | 1.25.3 / R30 | Nov 1, 2025 |
 | 3.2.1 | 1.22 - 1.27 | 0.18.1 | 1.5.1 | 1.25.2 / R30 | Aug 18, 2025 |
-{{% /bootstrap-table %}}
-
----
+{{< /table >}}
 
 ## Supported Docker images
 
@@ -38,37 +34,35 @@ We provide the following Docker images, which include NGINX or NGINX Plus bundle
 
 ### Images with NGINX
 
-{{< important >}}
+{{< call-out "important" >}}
 From release `v5.1.0` onwards, NGINX Ingress Controller will no longer provide binaries for the `armv7`, `s390x` & `ppc64le` architectures.
-{{< /important >}}
+{{< /call-out >}}
 
-_All images include NGINX 1.27.5._
+_All images include NGINX 1.29.1._
 
-{{< bootstrap-table "table table-bordered table-responsive" >}}
 |<div style="width:200px">Name</div> | <div style="width:100px">Base image</div> | DockerHub image | Architectures |
 | ---| --- | --- | --- |
-|Alpine-based image | ``nginx:1.27.5-alpine``,<br>based on on ``alpine:3.21`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64<br>amd64 |
-|Debian-based image | ``nginx:1.27.5``,<br>based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64<br>amd64 |
+|Alpine-based image | ``nginx:1.29.1-alpine``,<br>based on on ``alpine:3.22`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64<br>amd64 |
+|Debian-based image | ``nginx:1.29.1``,<br>based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64<br>amd64 |
 |Ubi-based image | ``redhat/ubi9-minimal`` | ``nginx/nginx-ingress:{{< nic-version >}}-ubi`` | arm64<br>amd64 |
-{{% /bootstrap-table %}}
 
 ---
 
 ### Images with NGINX Plus
 
-_NGINX Plus images include NGINX Plus R34._
+_NGINX Plus images include NGINX Plus R35_
 
 ---
 
 #### **F5 Container registry**
 
-NGINX Plus images are available through the F5 Container registry `private-registry.nginx.com`, explained in the [Get the NGINX Ingress Controller image with JWT]({{<ref "/nic/installation/nic-images/get-image-using-jwt.md">}}) and [Get the F5 Registry NGINX Ingress Controller image]({{<ref "/nic/installation/nic-images/get-registry-image.md">}}) topics.
+NGINX Plus images are available through the F5 Container registry `private-registry.nginx.com`, explained in the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) and [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topics.
 
-{{< bootstrap-table "table table-striped table-bordered table-responsive" >}}
+{{< table >}}
 |<div style="width:200px">Name</div> | <div style="width:100px">Base image</div> | <div style="width:200px">Additional modules</div> | F5 Container Registry Image | Architectures |
 | ---| ---| --- | --- | --- |
-|Alpine-based image | ``alpine:3.21`` | NJS (NGINX JavaScript)<br>OpenTelemetry  | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine` | arm64<br>amd64 |
-|Alpine-based image with FIPS inside | ``alpine:3.21`` | NJS (NGINX JavaScript)<br>OpenTelemetry<br>FIPS module and OpenSSL configuration | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | arm64<br>amd64 |
+|Alpine-based image | ``alpine:3.22`` | NJS (NGINX JavaScript)<br>OpenTelemetry  | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine` | arm64<br>amd64 |
+|Alpine-based image with FIPS inside | ``alpine:3.22`` | NJS (NGINX JavaScript)<br>OpenTelemetry<br>FIPS module and OpenSSL configuration | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | arm64<br>amd64 |
 |Alpine-based image with NGINX App Protect WAF & FIPS inside | ``alpine:3.19`` | NGINX App Protect WAF<br>NJS (NGINX JavaScript)<br>OpenTelemetry<br>FIPS module and OpenSSL configuration | `nginx-ic-nap/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | amd64 |
 |Alpine-based image with NGINX App Protect WAF v5 & FIPS inside | ``alpine:3.19`` | NGINX App Protect WAF v5<br>NJS (NGINX JavaScript)<br>OpenTelemetry<br>FIPS module and OpenSSL configuration | `nginx-ic-nap-v5/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | amd64 |
 |Debian-based image | ``debian:12-slim`` | NJS (NGINX JavaScript)<br>OpenTelemetry | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}` | arm64<br>amd64 |
@@ -81,9 +75,7 @@ NGINX Plus images are available through the F5 Container registry `private-regis
 |Ubi-based image with NGINX App Protect WAF v5 | ``redhat/ubi9`` | NGINX App Protect WAF v5<br>NJS (NGINX JavaScript)<br>OpenTelemetry | `nginx-ic-nap-v5/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
 |Ubi-based image with NGINX App Protect DoS | ``redhat/ubi8`` | NGINX App Protect DoS<br>NJS (NGINX JavaScript)<br>OpenTelemetry | `nginx-ic-dos/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
 |Ubi-based image with NGINX App Protect WAF and DoS | ``redhat/ubi8`` | NGINX App Protect WAF and DoS<br>NJS (NGINX JavaScript)<br>OpenTelemetry | `nginx-ic-nap-dos/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
-{{% /bootstrap-table %}}
-
----
+{{< /table >}}
 
 ### Custom images
 
@@ -92,8 +84,6 @@ You can customize an existing Dockerfile or use it as a reference to create a ne
 - Choosing a different base image.
 - Installing additional NGINX modules.
 
----
-
 ## Supported Helm versions
 
 NGINX Ingress Controller can be [installed]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) using Helm 3.0 or later.
diff --git a/content/nic/troubleshooting/troubleshoot-common.md b/content/nic/troubleshooting/troubleshoot-common.md
index 4207917a9..58f59e218 100644
--- a/content/nic/troubleshooting/troubleshoot-common.md
+++ b/content/nic/troubleshooting/troubleshoot-common.md
@@ -156,7 +156,7 @@ controller:
 
 Enable the `nginx-debug` CLI argument and change the `error-log-level` to `debug` to capture more output for debugging.
 
-{{< note >}} It is recommended to only enable `nginx-debug` CLI and the `error-log-level` when debugging. {{< /note >}}
+{{< call-out "note" >}} It is recommended to only enable `nginx-debug` CLI and the `error-log-level` when debugging. {{< /call-out >}}
 
 #### Example debug NGINX Ingress Controller Output
 
diff --git a/content/nic/tutorials/oidc-custom-configuration.md b/content/nic/tutorials/oidc-custom-configuration.md
index a38143ad4..f33ff8a08 100644
--- a/content/nic/tutorials/oidc-custom-configuration.md
+++ b/content/nic/tutorials/oidc-custom-configuration.md
@@ -92,7 +92,7 @@ data:
         # Rest of configuration file truncated
 ```
 
-{{< important >}}
+{{< call-out "important" >}}
 
 In the next step, NGINX Ingress Controller will be deployed using this ConfigMap.
 
@@ -100,7 +100,7 @@ Any changes made to this ConfigMap must be made **before** deploying or updating
 
 Applying any updates to the data in this ConfigMap will require NGINX Ingress Controller to be re-deployed.
 
-{{< /important >}}
+{{< /call-out >}}
 
 ## Step 3 - Add Volume and VolumeMount to the Ingress Controller deployment
 
diff --git a/content/nic/tutorials/security-monitoring.md b/content/nic/tutorials/security-monitoring.md
index 4f2f17340..24ec21b9c 100644
--- a/content/nic/tutorials/security-monitoring.md
+++ b/content/nic/tutorials/security-monitoring.md
@@ -58,6 +58,9 @@ If you use custom container images, NGINX Agent must be installed along with NGI
         server:
           host: "<FQDN or IP address of NGINX Instance Manager>"
           grpcPort: 443
+        tls:
+          enable: true
+          skip_verify: false
         features:
         - registration
         - nginx-counting
@@ -77,9 +80,18 @@ If you use custom container images, NGINX Agent must be installed along with NGI
    ```
    See the [NGINX Agent Configuration Overview]({{< ref "/agent/configuration/configuration-overview.md" >}}) for more configuration options.
 
-{{< note >}} The `features` list must not contain `nginx-config-async` or `nginx-ssl-config` as these features can cause conflicts with NGINX Ingress Controller.{{< /note >}}
+{{< call-out "note" >}} The `features` list must not contain `nginx-config-async` or `nginx-ssl-config` as these features can cause conflicts with NGINX Ingress Controller.{{< /call-out >}}
 
-3. Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller with custom resources enabled.
+3. Make sure that the ConfigMap is mounted to the NGINX Ingress Controller pod at `/etc/nginx-agent/nginx-agent.conf` by adding the following to the NGINX Ingress Controller deployment manifest:
+
+   ```yaml
+    volumeMounts:
+    - name: agent-conf
+      mountPath: /etc/nginx-agent/nginx-agent.conf
+      subPath: nginx-agent.conf
+   ```
+
+4. Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller with custom resources enabled.
 
 {{%/tab%}}
 
@@ -94,4 +106,4 @@ NGINX Agent runs a syslog listener which NGINX App Protect WAF can be configured
 - [Custom Resources example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/security-monitoring)
 - [Ingress Resources example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/security-monitoring)
 
-{{< note >}} Modifying the APLogConf in the examples may result in the Security Monitoring integration not working, as NGINX Agent expects a specific log format.{{< /note >}}
+{{< call-out "note" >}} Modifying the APLogConf in the examples may result in the Security Monitoring integration not working, as NGINX Agent expects a specific log format.{{< /call-out >}}
diff --git a/content/nic/usage-reporting.md b/content/nic/usage-reporting.md
index f756237bc..6a910abe0 100644
--- a/content/nic/usage-reporting.md
+++ b/content/nic/usage-reporting.md
@@ -9,12 +9,12 @@ nd-product: NIC
 nd-docs: DOCS-1445
 ---
 
-{{< important >}}
+{{< call-out "important" >}}
 This page is only applicable to NGINX Ingress Controller versions 3.2.0 - 3.7.2.
 
 For more recent versions of NGINX Ingress Controller, view the [Upgrade to NGINX Ingress Controller 4.0.0]({{< ref "/nic/installation/install-nic/upgrade-to-v4.md" >}}) topic.
 
-{{< /important >}}
+{{< /call-out >}}
 
 This page describes how to enable Usage Reporting for F5 NGINX Ingress Controller and how to view usage data through the API.
 
@@ -103,7 +103,7 @@ Save this in a file named `nms-basic-auth.yaml`. In the example, the namespace i
 
 If you are using a different namespace, change the namespace in the `metadata` section of the file above.
 
-{{< note >}} Usage Reporting only supports basic-auth secret type in `data` format, not `stringData`, with the username and password encoded in base64. {{< /note >}}
+{{< call-out "note" >}} Usage Reporting only supports basic-auth secret type in `data` format, not `stringData`, with the username and password encoded in base64. {{< /call-out >}}
 
 ---
 
@@ -126,9 +126,9 @@ Download and save the deployment file [cluster-connector.yaml](https://raw.githu
 - `-nms-server-address` should be the address of the Usage Reporting API, which will be the combination of NGINX Instance Manager server hostname and the URI `api/platform/v1`
 - `nms-basic-auth-secret` should be the namespace/name of the secret created in step 3: `nginx-cluster-connector/nms-basic-auth`.
 
-{{< note >}}  OpenShift requires a SecurityContextConstraints object for NGINX Cluster Connector.
+{{< call-out "note" >}}  OpenShift requires a SecurityContextConstraints object for NGINX Cluster Connector.
 
-It can be created with the command `oc create -f scc.yaml`, using the file found in `shared-examples/` {{< /note >}}
+It can be created with the command `oc create -f scc.yaml`, using the file found in `shared-examples/` {{< /call-out >}}
 
 For more information, read the [Command-line arguments](#command-line-arguments) section of this page.
 
@@ -284,7 +284,7 @@ The display name of the Kubernetes cluster.
 
 Skip TLS verification for the NGINX Instance Manager server.
 
-{{< warning >}} This argument is intended for using a self-assigned certificate for testing purposes only. {{< /warning >}}
+{{< call-out "warning" >}} This argument is intended for using a self-assigned certificate for testing purposes only. {{< /call-out >}}
 
 ---
 
@@ -293,4 +293,4 @@ Skip TLS verification for the NGINX Instance Manager server.
 The minimum interval between updates to the NGINX Instance Manager.
 Default: `24h`.
 
-{{< warning >}} This argument is intended for testing purposes only. {{< /warning >}}
+{{< call-out "warning" >}} This argument is intended for testing purposes only. {{< /call-out >}}
diff --git a/content/nim/_index.md b/content/nim/_index.md
index ba5824b5b..9bf0baf8e 100644
--- a/content/nim/_index.md
+++ b/content/nim/_index.md
@@ -2,7 +2,105 @@
 title: NGINX Instance Manager
 description: Track and control NGINX Open Source and NGINX Plus instances.
 url: /nginx-instance-manager/
+nd-landing-page: true
 cascade:
-  logo: "NGINX-Instance-Manager-product-icon.png"
+  logo: "NGINX-Instance-Manager-product-icon.svg"
 ---
 
+## About
+[//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."
+[//]: # "Use underscores for _italics_, and double asterisks for **bold**."
+[//]: # "Backticks are for `monospace`, used sparingly and reserved mostly for executable names - they can cause formatting problems. Avoid them in tables: use italics instead."
+
+F5 NGINX Instance Manager gives you a centralized way to manage NGINX Open Source and NGINX Plus instances across your environment. It’s ideal for disconnected or air-gapped deployments, with no need for internet access or external cloud services. Use NGINX Instance Manager to organize and group instances, apply and version configuration files, monitor metrics and logs, and manage certificates securely and efficiently.
+
+NGINX Instance Manager is part of NGINX One, which includes [NGINX One components](#nginx-one-components).
+
+## Featured content
+[//]: # "You can add a maximum of three cards: any extra will not display."
+[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
+[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Deploy in a disconnected environment" titleUrl="/nginx-instance-manager/disconnected" icon="unplug" isFullSize="true">}}
+      Run NGINX Instance Manager in air-gapped or offline systems
+    {{</card >}}
+    {{<card title="Manage NGINX instances" titleUrl="/nginx-instance-manager/nginx-instances" >}}
+      Add instances, group them for config reuse, and manage certificates
+    {{</card>}}
+    {{<card title="Manage NGINX configs" titleUrl="/nginx-instance-manager/nginx-configs" >}}
+      Stage, version, and publish configs. Use templates to stay consistent.
+  {{</card>}}
+{{</card-section>}}
+
+### Set up and configure NGINX Instance Manager
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Administer your platform" titleUrl="/nginx-instance-manager/admin-guide" >}}
+      Add licenses, set up user access and roles, and back up your NGINX Instance Manager deployment.
+    {{</card>}}
+    {{<card title="Configure your system" titleUrl="/nginx-instance-manager/system-configuration/" >}}
+      Set platform behavior, enable high availability, and secure traffic. Use Vault and ClickHouse if needed.
+  {{</card>}}
+{{</card-section>}}
+
+
+### Monitor and secure your environment
+
+{{<card-section showAsCards="true" >}}
+  {{<card title="Monitor metrics and events" titleUrl="/nginx-instance-manager/monitoring/" >}}
+      Track performance, system health, and changes using built-in metrics, logs, and the REST API.
+    {{</card>}}
+    {{<card title="Secure with NGINX App Protect WAF" titleUrl="/nginx-instance-manager/nginx-app-protect/" >}}
+      Apply WAF policies and monitor activity from a centralized view.
+  {{</card>}}
+{{</card-section>}}
+
+
+### More information
+
+{{<card-section showAsCards="true" >}}
+    {{<card title="Deploy in connected environments" titleUrl="/nginx-instance-manager/deploy/">}}
+        Install NGINX Instance Manager using Docker, Kubernetes, or traditional infrastructure with internet access.
+      {{</ card >}}
+      {{<card title="Get to know NGINX Instance Manager" titleUrl="/nginx-instance-manager/fundamentals/">}}
+        Check system requirements, explore the dashboard, and learn how to access and use the REST API.
+      {{</ card >}}
+      {{<card title="View release notes and updates" titleUrl="/nginx-instance-manager/releases/" icon="clock-alert">}}
+        Get details on new features, bug fixes, and known issues.
+    {{</card>}}
+{{</card-section>}}
+
+
+## NGINX One components
+[//]: # "You can add any extra content for the page here, such as additional cards, diagrams or text."
+
+{{< card-section title="Kubernetes Solutions">}}
+  {{< card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon.png">}}
+      Kubernetes traffic management with API gateway, identity, and observability features.
+    {{</ card >}}
+    {{< card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric/" brandIcon="NGINX-product-icon.png">}}
+      Next generation Kubernetes connectivity using the Gateway API.
+    {{</ card >}}
+  {{</ card-section >}}
+  {{< card-section title="Cloud Console Option">}}
+    {{< card title="NGINX One Console" titleUrl="/nginx-one/" brandIcon="NGINX-One-product-icon.svg">}}
+      Manage, monitor, and secure your NGINX fleet from a centralized web-based interface.
+    {{</ card >}}
+  {{</ card-section >}}
+  {{< card-section title="Modern App Delivery">}}
+    {{< card title="NGINX Plus" titleUrl="/nginx/" brandIcon="NGINX-Plus-product-icon-RGB.png">}}
+      The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
+    {{</ card >}}
+    {{< card title="NGINX Open Source" titleUrl="https://nginx.org" brandIcon="NGINX-product-icon.png">}}
+      The open source all-in-one load balancer, content cache, and web server
+    {{</ card >}}
+  {{</ card-section >}}
+  {{< card-section title="Security">}}
+    {{< card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf" brandIcon="NGINX-App-Protect-WAF-product-icon.png">}}
+      Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs.
+    {{</ card >}}
+    {{< card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos" brandIcon="NGINX-App-Protect-DoS-product-icon.png">}}
+      Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs.
+  {{</ card >}}
+{{</ card-section >}}
diff --git a/content/nim/admin-guide/add-license.md b/content/nim/admin-guide/add-license.md
index 3c5b7afa8..d2beee9c6 100644
--- a/content/nim/admin-guide/add-license.md
+++ b/content/nim/admin-guide/add-license.md
@@ -7,7 +7,7 @@ type:
 - how-to
 ---
 
-{{< note >}}For disconnected environments, see [Add a license (disconnected)]({{< ref "nim/disconnected/add-license-disconnected-deployment.md" >}}).{{< /note >}}
+{{< call-out "note" >}}For disconnected environments, see [Add a license (disconnected)]({{< ref "nim/disconnected/add-license-disconnected-deployment.md" >}}).{{< /call-out >}}
 
 ## Overview
 
diff --git a/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md b/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md
index bbe22d82f..c26343eab 100644
--- a/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md
+++ b/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md
@@ -31,7 +31,7 @@ The `admin` user is associated with an [admin role]({{< ref "/nim/admin-guide/rb
 
 ## Create new users {#create-users}
 
-{{< note >}} Please note that the web interface does not support adding user passwords directly. Once you've created new users, refer to the following steps to [set user passwords](#set-basic-passwords).{{< /note >}}
+{{< call-out "note" >}} Please note that the web interface does not support adding user passwords directly. Once you've created new users, refer to the following steps to [set user passwords](#set-basic-passwords).{{< /call-out >}}
 
 To add users, take the following steps:
 
@@ -53,20 +53,20 @@ To add users, take the following steps:
 
 1. (Required for Basic Auth) Add each user's username and password to the `/etc/nms/nginx/.htpasswd` file on the NGINX Instance Manager server. You can choose to run a script or make the changes manually. Refer to the [Set user passwords]({{< ref "/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md#set-basic-passwords" >}}) topic for instructions.
 
-{{< see-also >}} Refer to the [Provision users and groups with SCIM]({{< ref "/nim/admin-guide/authentication/oidc/scim-provisioning.md" >}}) topic for instructions on automating user and group creation using the SCIM API. {{< /see-also >}}
+{{< call-out "note" >}} Refer to the [Provision users and groups with SCIM]({{< ref "/nim/admin-guide/authentication/oidc/scim-provisioning.md" >}}) topic for instructions on automating user and group creation using the SCIM API. {{< /call-out>}}
 
 
 ## Set user passwords {#set-basic-passwords}
 
-{{< before-you-begin >}}
+{{< call-out "note" >}}
 Before you can set users' passwords, ensure you have [created users](#create-users) in NGINX Instance Manager. Once you've created the users, you can use one of the following options to set their passwords.
-{{< /before-you-begin >}}
+{{< /call-out >}}
 
 ### (Recommended) Use the provided script {#set-basic-passwords-script}
 
 You can use the `basic_passwords.sh` script to add a user's encrypted password to the `/etc/nms/nginx/.htpasswd` file on the NGINX Instance Manager host.
 
-{{<note>}}The `basic_passwords.sh` script requires the [OpenSSL](https://www.openssl.org) package. We strongly recommend **OpenSSL v1.1.1 or later**.{{</note>}}
+{{< call-out "note" >}}The `basic_passwords.sh` script requires the [OpenSSL](https://www.openssl.org) package. We strongly recommend **OpenSSL v1.1.1 or later**.{{< /call-out >}}
 
 To change a user's password with the `basic_passwords.sh` script:
 
@@ -90,7 +90,7 @@ To manually set user passwords:
 1. Open the `/etc/nms/nginx/.htpasswd` file on the NGINX Instance Manager host and add the username and password for each user.
 2. Save the changes to the file.
 
-{{< see-also >}}Refer to the documentation [Restricting access with HTTP basic auth]({{< ref "/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md" >}}) for detailed instructions on working with the password file.{{< /see-also >}}
+{{< call-out "note" >}}Refer to the documentation [Restricting access with HTTP basic auth]({{< ref "/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md" >}}) for detailed instructions on working with the password file.{{< /call-out>}}
 
 ## Making API requests with basic authentication
 
diff --git a/content/nim/admin-guide/authentication/oidc/getting-started.md b/content/nim/admin-guide/authentication/oidc/getting-started.md
index 537553bbc..15796d1d2 100644
--- a/content/nim/admin-guide/authentication/oidc/getting-started.md
+++ b/content/nim/admin-guide/authentication/oidc/getting-started.md
@@ -48,9 +48,9 @@ Now that you've created a user group and assigned a role in NGINX Instance Manag
 
 ### Before you begin
 
-{{<warning>}}
+{{< call-out "warning" >}}
 Before switching from basic authentication to OIDC, make sure to add at least one admin user to your IdP. Failure to do so can result in admin users being locked out of NGINX Instance Manager. If this occurs, you can restore access by reverting back to basic authentication.
-{{</warning>}}
+{{< /call-out >}}
 
 When you configure OIDC for NGINX Instance Manager, basic authentication will be disabled for all users, including the default `admin` user. To ensure uninterrupted access, create a user group in NGINX Instance Manager that corresponds to a group in your IdP and assign the appropriate roles.
 
diff --git a/content/nim/admin-guide/authentication/oidc/microsoft-entra-automation.md b/content/nim/admin-guide/authentication/oidc/microsoft-entra-automation.md
index 3328f75a2..41484ccaf 100644
--- a/content/nim/admin-guide/authentication/oidc/microsoft-entra-automation.md
+++ b/content/nim/admin-guide/authentication/oidc/microsoft-entra-automation.md
@@ -62,7 +62,7 @@ Before proceeding, first secure NGINX Instance Manager with OpenID Connect (OIDC
 6. Under **Application permissions**, select the role you created earlier (for example, "Admin").
 7. Select **Add permissions**.
 
-{{< note >}}If the permission is not granted, contact your Microsoft Entra administrator to approve it.{{< /note >}}
+{{< call-out "note" >}}If the permission is not granted, contact your Microsoft Entra administrator to approve it.{{< /call-out >}}
 
 ## Configure NGINX OIDC to use Microsoft Entra as the IdP
 
@@ -154,7 +154,7 @@ Additionally, complete the following steps:
     }
     ```
 
-    {{< note >}}The `roles` claim will contain the role ID of the role you created in the [Create an app role](#create-app-role) step.{{< /note >}}
+    {{< call-out "note" >}}The `roles` claim will contain the role ID of the role you created in the [Create an app role](#create-app-role) step.{{< /call-out >}}
 
 ## Access NGINX Management Suite API using the access token
 
diff --git a/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md b/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md
index b6c0ccb14..66ef26b36 100644
--- a/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md
+++ b/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md
@@ -60,7 +60,7 @@ To register an application with Microsoft Entra:
 
 ### Create Client Secret {#az-ad-client-secret}
 
-{{< important >}}Make sure to save the value of the client secret in a secure location for future reference. Once you navigate away from the page, the value cannot be retrieved again.{{< /important >}}
+{{< call-out "important" >}}Make sure to save the value of the client secret in a secure location for future reference. Once you navigate away from the page, the value cannot be retrieved again.{{< /call-out >}}
 
 To create a client secret:
 
@@ -72,7 +72,7 @@ To create a client secret:
 
 ### Add Owners {#az-ad-owners}
 
-{{< important >}}Make sure to add at least one user with administrative privileges. Failure to do so may lock admin users out of NGINX Instance Manager. If that happens, revert to Basic Auth to restore access.{{< /important >}}
+{{< call-out "important" >}}Make sure to add at least one user with administrative privileges. Failure to do so may lock admin users out of NGINX Instance Manager. If that happens, revert to Basic Auth to restore access.{{< /call-out >}}
 
 To add owners (users):
 
@@ -82,7 +82,7 @@ To add owners (users):
 
 ### Add Group Claim to Token {#az-ad-group-claim}
 
-{{< note >}}The only supported group claim format for groups created in Microsoft Entra is **Microsoft Entra group ObjectId**.{{< /note >}}
+{{< call-out "note" >}}The only supported group claim format for groups created in Microsoft Entra is **Microsoft Entra group ObjectId**.{{< /call-out >}}
 
 To include the user's group membership information in the token for authentication and authorization, follow these steps:
 
@@ -93,7 +93,7 @@ To include the user's group membership information in the token for authenticati
 
 ### Assign Group to Application {#az-ad-group}
 
-{{< note >}}By default, tokens expire after 60 minutes. You can find instructions on configuring token expiration in the Microsoft Entra topic [Configurable token lifetime properties](https://learn.microsoft.com/en-us/azure/active-directory/develop/Active-directory-configurable-token-lifetimes#configurable-token-lifetime-properties).{{< /note >}}
+{{< call-out "note" >}}By default, tokens expire after 60 minutes. You can find instructions on configuring token expiration in the Microsoft Entra topic [Configurable token lifetime properties](https://learn.microsoft.com/en-us/azure/active-directory/develop/Active-directory-configurable-token-lifetimes#configurable-token-lifetime-properties).{{< /call-out >}}
 
 Adding a group to the registered application will give all group members the same access.
 
diff --git a/content/nim/admin-guide/authentication/oidc/scim-provisioning.md b/content/nim/admin-guide/authentication/oidc/scim-provisioning.md
index 0bcbe1d84..ff67f390c 100644
--- a/content/nim/admin-guide/authentication/oidc/scim-provisioning.md
+++ b/content/nim/admin-guide/authentication/oidc/scim-provisioning.md
@@ -134,7 +134,7 @@ In this request, `User` is assigned as a member.
 }
 ```
 
-{{< important >}}After creating a group with SCIM, you need to [assign roles to the group]({{< ref "/nim/admin-guide/rbac/assign-roles.md" >}}) in NGINX Instance Manager so the group has permissions associated with it.{{< /important >}}
+{{< call-out "important" >}}After creating a group with SCIM, you need to [assign roles to the group]({{< ref "/nim/admin-guide/rbac/assign-roles.md" >}}) in NGINX Instance Manager so the group has permissions associated with it.{{< /call-out >}}
 
 ## Update users created with SCIM
 
diff --git a/content/nim/admin-guide/maintenance/backup-and-recovery.md b/content/nim/admin-guide/maintenance/backup-and-recovery.md
index 279b65634..ac009796e 100644
--- a/content/nim/admin-guide/maintenance/backup-and-recovery.md
+++ b/content/nim/admin-guide/maintenance/backup-and-recovery.md
@@ -147,7 +147,7 @@ To back up NGINX Instance Manager deployed in a Kubernetes cluster:
     ./k8s-backup.sh
     ```
 
-    {{< note >}}The backup script does not require `sudo` permissions or the `utility` pod.{{</note>}}
+    {{< call-out "note" >}}The backup script does not require `sudo` permissions or the `utility` pod.{{< /call-out >}}
 
 4. The script will prompt you for the NGINX Instance Manager namespace. It will create a backup archive called `k8s-backup-<timestamp>.tar.gz`.
 
@@ -177,11 +177,11 @@ To restore NGINX Instance Manager to the same Kubernetes cluster:
 
     If the Kubernetes configuration is different, update the path accordingly.
 
-    {{< note >}}The restore script requires [root access]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md#root-access" >}}).{{</note>}}
+    {{< call-out "note" >}}The restore script requires [root access]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md#root-access" >}}).{{< /call-out >}}
 
 5. After specifying the NGINX Instance Manager namespace, the script will use the provided backup archive.
 
-    {{< note >}}The script uses the `utility` pod to restore databases and core secrets. It stops service pods during the restoration and restarts them afterward.{{</note>}}
+    {{< call-out "note" >}}The script uses the `utility` pod to restore databases and core secrets. It stops service pods during the restoration and restarts them afterward.{{< /call-out >}}
 
 ### Data-only restoration to a different Kubernetes Cluster
 
@@ -209,7 +209,7 @@ To restore NGINX Instance Manager to a different Kubernetes cluster:
 
     If the Kubernetes configuration differs, update the path accordingly.
 
-    {{< note >}}The restore script requires [root access]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md#root-access" >}}).{{</note>}}
+    {{< call-out "note" >}}The restore script requires [root access]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md#root-access" >}}).{{< /call-out >}}
 
 5. After specifying the NGINX Instance Manager namespace, the script will restore the databases and core secrets.
 
diff --git a/content/nim/admin-guide/report-usage-connected-deployment.md b/content/nim/admin-guide/report-usage-connected-deployment.md
index 3fdfbc24c..7b1e0e021 100644
--- a/content/nim/admin-guide/report-usage-connected-deployment.md
+++ b/content/nim/admin-guide/report-usage-connected-deployment.md
@@ -14,7 +14,7 @@ type:
 - how-to
 ---
 
-{{< note >}}For disconnected environments, see [Report usage data to F5 (disconnected)]({{< ref "nim/disconnected/report-usage-disconnected-deployment.md" >}}).{{< /note >}}
+{{< call-out "note" >}}For disconnected environments, see [Report usage data to F5 (disconnected)]({{< ref "nim/disconnected/report-usage-disconnected-deployment.md" >}}).{{< /call-out >}}
 
 ## Overview
 
diff --git a/content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md b/content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md
index 1e451340b..2936ccce1 100644
--- a/content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md
+++ b/content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md
@@ -31,11 +31,11 @@ Before you begin, make sure you have the following:
 - A JSON Web Token (JWT) from your [MyF5 subscriptions page](https://my.f5.com/manage/s/subscriptions). This is the same token used for NGINX Plus.
 - The right `docker-compose.yaml` file for your setup:
   - For **standard mode** (with metrics and dashboards):
-    {{<fa "download">}} {{<link "/scripts/docker-compose/docker-compose.yaml" "Download the standard docker-compose.yaml file">}}
+    {{<icon "download">}} {{<link "/scripts/docker-compose/docker-compose.yaml" "Download the standard docker-compose.yaml file">}}
   - For **lightweight mode** (no ClickHouse, no metrics):
-    {{<fa "download">}} {{<link "/scripts/docker-compose/docker-compose-lightweight.yaml" "Download the lightweight docker-compose.yaml file">}}
+    {{<icon "download">}} {{<link "/scripts/docker-compose/docker-compose-lightweight.yaml" "Download the lightweight docker-compose.yaml file">}}
 
-{{< note >}} If you're not sure which one to use, start with lightweight mode. You can always switch later by changing the Compose file and setting `ENABLE_METRICS: "true"`.{{< /note >}}
+{{< call-out "note" >}} If you're not sure which one to use, start with lightweight mode. You can always switch later by changing the Compose file and setting `ENABLE_METRICS: "true"`.{{< /call-out >}}
 
 ---
 
@@ -52,7 +52,7 @@ Standard mode requires a minimum of 4 CPU cores and 4 GB of memory. This setup i
 
 Lightweight mode removes ClickHouse, which lowers memory and CPU usage. While there’s no official minimum, users with basic instance management needs may see success with fewer resources. Test in your environment before committing to a smaller footprint.
 
-{{< note >}} If you're not sure which mode to use, start with lightweight mode. It's easier to set up, and you can switch to standard mode later by reintroducing ClickHouse. {{< /note >}}
+{{< call-out "note" >}} If you're not sure which mode to use, start with lightweight mode. It's easier to set up, and you can switch to standard mode later by reintroducing ClickHouse. {{< /call-out >}}
 
 ## Before you start
 
@@ -337,4 +337,4 @@ Run the backup command to capture the current state:
 docker exec nim-nim-1 nim-backup
 ```
 
-This creates a `.tgz` file inside the container under `/data/backup/`, which you can extract as described in the [Backup](#backup) section.
\ No newline at end of file
+This creates a `.tgz` file inside the container under `/data/backup/`, which you can extract as described in the [Backup](#backup) section.
diff --git a/content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md b/content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md
index 3052e20bb..c51069d66 100644
--- a/content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md
+++ b/content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md
@@ -23,8 +23,8 @@ Before you start, make sure that:
 
 - NGINX Instance Manager is [installed]({{< ref "/nim/deploy/vm-bare-metal/install.md" >}}).
 
-  {{<note>}} When installing and configuring NGINX Instance Manager, remember the domain name/IP address and the gRPC port number. You will need them to configure the NGINX Agent to communicate with NGINX Instance Manager.
-  {{</note>}}
+  {{< call-out "note" >}} When installing and configuring NGINX Instance Manager, remember the domain name/IP address and the gRPC port number. You will need them to configure the NGINX Agent to communicate with NGINX Instance Manager.
+  {{< /call-out >}}
 - You have the JSON Web Token (JWT) from MyF5 Customer Portal. The [download instructions](#download-jwt) are below.
 - The [Docker Engine](https://docs.docker.com/engine/install/) command-line tool is installed.
 - Your private Docker registry is configured and running.
diff --git a/content/nim/deploy/infrastructure-as-code/build-and-deploy.md b/content/nim/deploy/infrastructure-as-code/build-and-deploy.md
index f54fc9dbd..aed40e279 100644
--- a/content/nim/deploy/infrastructure-as-code/build-and-deploy.md
+++ b/content/nim/deploy/infrastructure-as-code/build-and-deploy.md
@@ -18,7 +18,7 @@ The deployment process has two stages:
 - Generate an image using Packer.
 - Deploy the image using Terraform.
 
-{{< call-out "tip" "Open-Source Project on GitHub" "fa-brands fa-github" >}}
+{{< call-out "tip" "Open-Source Project on GitHub" >}}
 The steps in this guide refer to the [NGINX Instance Manager Infrastructure as Code (IAC)](https://github.com/nginxinc/nginx-management-suite-iac) project on GitHub.
 {{< /call-out >}}
 
diff --git a/content/nim/deploy/infrastructure-as-code/configuration.md b/content/nim/deploy/infrastructure-as-code/configuration.md
index 51c43dee3..825aaaf51 100644
--- a/content/nim/deploy/infrastructure-as-code/configuration.md
+++ b/content/nim/deploy/infrastructure-as-code/configuration.md
@@ -15,7 +15,7 @@ This guide explains how to install F5 NGINX Instance Manager using the open-sour
 
 With Ansible, you can automate and replicate your installation across multiple environments.
 
-{{< call-out "tip" "Open-Source Project on GitHub" "fa-brands fa-github" >}}
+{{< call-out "tip" "Open-Source Project on GitHub" >}}
 The steps in this guide refer to the [Ansible NGINX Instance Manager Role](https://github.com/nginxinc/ansible-role-nginx-management-suite) project on GitHub.
 {{< /call-out >}}
 
@@ -68,7 +68,7 @@ The Ansible role for NGINX Instance Manager simplifies the installation process
     ansible-playbook -i <path-to-your-hostfile> nms-playbook.yml
     ```
 
-{{< see-also >}} For a comprehensive list of configuration options, view the [default `main.yaml` file](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/defaults/main.yml) on GitHub. {{< /see-also >}}
+{{< call-out "note" >}} For a comprehensive list of configuration options, view the [default `main.yaml` file](https://github.com/nginxinc/ansible-role-nginx-management-suite/blob/main/defaults/main.yml) on GitHub. {{< /call-out>}}
 
 ---
 
diff --git a/content/nim/deploy/kubernetes/deploy-using-helm.md b/content/nim/deploy/kubernetes/deploy-using-helm.md
index cbf7fa4ef..c3b792d5d 100644
--- a/content/nim/deploy/kubernetes/deploy-using-helm.md
+++ b/content/nim/deploy/kubernetes/deploy-using-helm.md
@@ -404,7 +404,7 @@ Run the `helm install` command to deploy NGINX Instance Manager:
 1. Replace `<path-to-your-values.yaml>` with the path to your `values.yaml` file.
 2. Replace `<your-password>` with a secure password (containing a mix of uppercase, lowercase letters, numbers, and special characters).
 
-   {{< important >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /important >}}
+   {{< call-out "important" >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /call-out >}}
 
 
 ```shell
@@ -462,7 +462,7 @@ The `values.yaml` file customizes the Helm chart installation without modifying
     - In the `imagePullSecrets` section, add the credentials for your private Docker registry.
     - Change the version tag to the version of NGINX Instance Manager you would like to install. See "Install the chart" below for versions.
 
-    {{< see-also >}} For details on creating a secret, see Kubernetes [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). {{</ see-also >}}
+    {{< call-out "note" >}} For details on creating a secret, see Kubernetes [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). {{< /call-out>}}
 
     ```yaml
     nms-hybrid:
@@ -505,7 +505,7 @@ Run the `helm install` command to deploy NGINX Instance Manager:
 1. Replace `<path-to-your-values.yaml>` with the path to your `values.yaml` file.
 2. Replace `YourPassword123#` with a secure password (containing a mix of uppercase, lowercase letters, numbers, and special characters).
 
-   {{< important >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /important >}}
+   {{< call-out "important" >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /call-out >}}
 
 3. (Optional) Replace `<chart-version>` with the desired chart version. If omitted, the latest version will be installed.
 
diff --git a/content/nim/deploy/kubernetes/frequently-used-helm-configs.md b/content/nim/deploy/kubernetes/frequently-used-helm-configs.md
index 6b14a83cb..77b0de767 100644
--- a/content/nim/deploy/kubernetes/frequently-used-helm-configs.md
+++ b/content/nim/deploy/kubernetes/frequently-used-helm-configs.md
@@ -28,7 +28,7 @@ To use your own ClickHouse installation, follow these steps:
 1. Set `nms-hybrid.nmsClickhouse.enabled` to `false`.
 2. Add values for `nms-hybrid.externalClickhouse.address`, `.user`, and `.password` that match your ClickHouse installation.
 
-   {{< note >}}The `nms-hybrid.externalClickhouse` field is required when `nms-hybrid.nmsClickhouse` is disabled.{{</ note >}}
+   {{< call-out "note" >}}The `nms-hybrid.externalClickhouse` field is required when `nms-hybrid.nmsClickhouse` is disabled.{{< /call-out >}}
 
 ---
 
diff --git a/content/nim/deploy/vm-bare-metal/install.md b/content/nim/deploy/vm-bare-metal/install.md
index bd104a3ac..f06b29897 100644
--- a/content/nim/deploy/vm-bare-metal/install.md
+++ b/content/nim/deploy/vm-bare-metal/install.md
@@ -30,7 +30,7 @@ Follow these steps to prepare for installing NGINX Instance Manager:
 
 - **Download the installation script**:
 
-  {{<fa "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download install-nim-bundle.sh script">}}
+  {{<icon "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download install-nim-bundle.sh script">}}
 
 - **Download the certificate and private key** (see the steps [below](#download-cert-key)):
   Use the certificate and private key for NGINX Instance Manager (the same files used for NGINX Plus).
@@ -91,7 +91,7 @@ Download the certificate and private key required for NGINX Instance Manager. Th
 
 If you haven’t already downloaded the script, you can download it here:
 
-{{<fa "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download install-nim-bundle.sh script">}}
+{{<icon "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download install-nim-bundle.sh script">}}
 
 ### Prepare your system for installation
 
diff --git a/content/nim/disconnected/add-license-disconnected-deployment.md b/content/nim/disconnected/add-license-disconnected-deployment.md
index 61926dc6e..b28c5d274 100644
--- a/content/nim/disconnected/add-license-disconnected-deployment.md
+++ b/content/nim/disconnected/add-license-disconnected-deployment.md
@@ -51,7 +51,7 @@ To add a license and submit the initial usage report in a disconnected environme
 
 <br>
 
-1. {{<fa "download">}}[Download license_usage_offline.sh](/scripts/license_usage_offline.sh).
+1. {{<icon "download">}}[Download license_usage_offline.sh](/scripts/license_usage_offline.sh).
 1.	Run the following command to allow the script to run:
 
     ```bash
@@ -65,7 +65,7 @@ To add a license and submit the initial usage report in a disconnected environme
       -j <license-filename>.jwt \
       -i <NIM-IP-address> \
       -u admin \
-      -p <password> \      
+      -p <password> \
       -s initial
     ```
 
@@ -85,7 +85,7 @@ To license NGINX Instance Manager, complete each of the following steps in order
 
 Run these `curl` commands on a system that can access NGINX Instance Manager and connect to `https://product.apis.f5.com/` on port `443`. Replace each placeholder with your specific values.
 
-{{< important >}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{</ important >}}
+{{< call-out "important" >}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{< /call-out >}}
 
 1. **Add the license to NGINX Instance Manager**:
 
@@ -235,7 +235,3 @@ To upload the the usage acknowledgement:
 
 
 {{</tabs>}}
-
-
-
-
diff --git a/content/nim/disconnected/offline-install-guide-manual.md b/content/nim/disconnected/offline-install-guide-manual.md
index f86873880..ce3647e35 100644
--- a/content/nim/disconnected/offline-install-guide-manual.md
+++ b/content/nim/disconnected/offline-install-guide-manual.md
@@ -35,7 +35,7 @@ To complete the steps in this guide, you need to download the NGINX Instance Man
 
 Local dependencies are common Linux packages like `curl` or `openssl`, which most Linux distributions include by default. When installing NGINX Instance Manager, your package manager will automatically install these dependencies. Without internet access, ensure your package manager can use a local package repository, such as a distribution DVD/ISO image or internal network mirror. Check your Linux distribution's documentation for details.
 
-{{< call-out "note" "RedHat on AWS" "fa-brands fa-aws" >}}If you're using AWS and can't attach remote or local RedHat package repositories, download the necessary packages on another RedHat machine and copy them to your target machine. Use the `yumdownloader` utility for this task:
+{{< call-out "note" "RedHat on AWS" >}}If you're using AWS and can't attach remote or local RedHat package repositories, download the necessary packages on another RedHat machine and copy them to your target machine. Use the `yumdownloader` utility for this task:
 <https://access.redhat.com/solutions/10154>.
 {{</ call-out >}}
 
@@ -47,7 +47,7 @@ To download external dependencies:
 
 1. Download the `fetch-external-dependencies.sh` script:
 
-    {{<fa "download">}} {{<link "/scripts/fetch-external-dependencies.sh" "Download fetch-external-dependencies.sh script">}}
+    {{<icon "download">}} {{<link "/scripts/fetch-external-dependencies.sh" "Download fetch-external-dependencies.sh script">}}
 
 2. Run the script to download the external dependencies for your specific Linux distribution:
 
@@ -77,7 +77,7 @@ To download external dependencies:
 
 3. Copy the archive to your target machine and extract the contents:
 
-    {{< note >}}The bundled NGINX server package may conflict with existing versions of NGINX or NGINX Plus. Delete the package from the bundle if you want to keep your current version.{{</note >}}
+    {{< call-out "note" >}}The bundled NGINX server package may conflict with existing versions of NGINX or NGINX Plus. Delete the package from the bundle if you want to keep your current version.{{< /call-out >}}
 
     - **For RHEL and RPM-Based systems**:
 
@@ -202,4 +202,4 @@ sudo systemctl restart nms-dpm
 
 ## Next steps
 
-- [Add NGINX Open Source and NGINX Plus instances to NGINX Instance Manager]({{< ref "nim/nginx-instances/add-instance.md" >}})
\ No newline at end of file
+- [Add NGINX Open Source and NGINX Plus instances to NGINX Instance Manager]({{< ref "nim/nginx-instances/add-instance.md" >}})
diff --git a/content/nim/disconnected/offline-install-guide.md b/content/nim/disconnected/offline-install-guide.md
index c8dedfee6..613b9003f 100644
--- a/content/nim/disconnected/offline-install-guide.md
+++ b/content/nim/disconnected/offline-install-guide.md
@@ -62,7 +62,7 @@ Download the SSL certificate and private key required for NGINX Instance Manager
 
 ### Download the installation script
 
-{{<fa "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download the install-nim-bundle.sh script.">}}
+{{<icon "download">}} {{<link "/scripts/install-nim-bundle.sh" "Download the install-nim-bundle.sh script.">}}
 
 ## Package NGINX Instance Manager and dependencies for offline installation
 
@@ -94,6 +94,28 @@ Run the installation script in `offline` mode to download NGINX Instance Manager
 
 After you’ve packaged the installation files on a connected system, copy the tarball, script, and SSL files to your disconnected system. Then, run the script again to install NGINX Instance Manager using the tarball.
 
+## Dependencies needed for install script to run offline 
+
+There are OS dependencies we have for NGINX, NIM and Clickhouse. In offline mode we package only NGINX, NIM and Clickhouse packages, customers should first install OS dependencies also. Below are the dependencies list for Linux distributions with `.deb` (Debian/Ubuntu) and `.rpm` (Red Hat) packages. In online mode, these dependencies are auto resolved and installed.
+
+### Debian/Ubuntu and similar operating systems
+
+- NGINX : libc6, libcrypt1, libpcre2-8-0, libssl3, zlib1g,lsb-base
+- NIM : openssl, rsyslog, systemd, tar, lsb-release, openssl, gawk
+- ClickHouse: libcap2-bin
+
+### Red Hat-based operating systems
+
+- NGINX : bash, glibc, libxcrypt, openssl-libs, glibc, pcre2, openssl-libs, zlib, procps-ng, glibc , shadow-utils, systemd
+- NIM : glibc, openssl, rsyslog,systemd, tar, which,zlib, yum-utils
+- ClickHouse: None
+
+You can find the latest dependencies with one of the following commands:
+
+- Ubuntu/Debian: apt-cache depends <package_name>=<version>
+- Red Hat : yum deplist <packagename-version>
+
+
 ### Required flags for installing in offline mode
 
 - `-m offline`: Required to run the script in offline mode. When used with `-i`, the script installs NGINX Instance Manager and its dependencies from the specified tarball.
@@ -210,4 +232,4 @@ sudo systemctl restart nms-dpm
 
 ## Next steps
 
-- [Add NGINX Open Source and NGINX Plus instances to NGINX Instance Manager]({{< ref "nim/nginx-instances/add-instance.md" >}})
\ No newline at end of file
+- [Add NGINX Open Source and NGINX Plus instances to NGINX Instance Manager]({{< ref "nim/nginx-instances/add-instance.md" >}})
diff --git a/content/nim/disconnected/report-usage-disconnected-deployment.md b/content/nim/disconnected/report-usage-disconnected-deployment.md
index 9fecb335b..96ac83234 100644
--- a/content/nim/disconnected/report-usage-disconnected-deployment.md
+++ b/content/nim/disconnected/report-usage-disconnected-deployment.md
@@ -47,7 +47,7 @@ To submit a usage report in a disconnected environment, use the provided `licens
 
 <br>
 
-1. {{<fa "download">}}[Download license_usage_offline.sh](/scripts/license_usage_offline.sh).
+1. {{<icon "download">}}[Download license_usage_offline.sh](/scripts/license_usage_offline.sh).
 1.	Run the following command to allow the script to run:
 
     ```bash
@@ -80,7 +80,7 @@ To submit a usage report using `curl`, complete each of the following steps in o
 
 Run these `curl` commands on a system that can access NGINX Instance Manager and connect to `https://product.apis.f5.com/` on port `443`. Replace each placeholder with your specific values.
 
-{{<important>}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{</important>}}
+{{< call-out "important" >}}The `-k` flag skips SSL certificate validation. Use this only if your NGINX Instance Manager is using a self-signed certificate or if the certificate is not trusted by your system.{{< /call-out >}}
 
 1. **Prepare the usage report**:
 
diff --git a/content/nim/fundamentals/api-overview.md b/content/nim/fundamentals/api-overview.md
index 9cd349c38..849a1e9ed 100644
--- a/content/nim/fundamentals/api-overview.md
+++ b/content/nim/fundamentals/api-overview.md
@@ -37,7 +37,7 @@ You can use tools such as `curl` or [Postman](https://www.postman.com) to intera
 
 You can find the NGINX Instance Manager API URLs in the following format: `https://<NMS_FQDN>/api/platform/<API_VERSION>`.
 
-{{<note>}}When making API calls by using `curl`, Postman, or any other tool, include your [authentication](#authentication) information with each call. Also include a `-k` to bypass TLS/SSL verification.{{</note>}}
+{{< call-out "note" >}}When making API calls by using `curl`, Postman, or any other tool, include your [authentication](#authentication) information with each call. Also include a `-k` to bypass TLS/SSL verification.{{< /call-out >}}
 
 Alternatively, in the API Reference docs, you can also use the "Try it Out" function. Since you're already logged into the NGINX Instance Manager platform, the "Try it Out" function automatically includes authentication credentials.
 
@@ -64,7 +64,7 @@ To use the NGINX Instance Manager API, you need to use one of the following auth
 
 If your organization is using OIDC, you will be prompted to log in with your Identity Provider the first time you attempt to reach an API. After authenticating, you can request a JWT to use in subsequent API calls.
 
-{{<note>}}The means of requesting a token varies according to the Identity Provider; if you're not sure which provider your organization uses, check with your system administrator or technical support team.{{</note>}}
+{{< call-out "note" >}}The means of requesting a token varies according to the Identity Provider; if you're not sure which provider your organization uses, check with your system administrator or technical support team.{{< /call-out >}}
 
 Once you have a JWT, set it up as a "Bearer" <access token> using the "Authorization" request header field, as shown in the example below.
 
diff --git a/content/nim/fundamentals/dashboard-overview.md b/content/nim/fundamentals/dashboard-overview.md
index 79c518fc6..ab92d7ff7 100644
--- a/content/nim/fundamentals/dashboard-overview.md
+++ b/content/nim/fundamentals/dashboard-overview.md
@@ -58,7 +58,7 @@ Select **See more** to open a detailed view where you can see a list of all inst
 
 Use the menu in the top-right corner to change the time range for disk utilization data. Select any hostname in the list to view a full set of metrics specific to that instance.
 
-{{< note >}}The value in the **Current Value** column reflects the disk usage of the root partition on the instance. An <i class="fa-solid fa-triangle-exclamation"></i> alert appears next to the hostname if the available space on the root partition drops below 20%.{{< /note >}}
+{{< call-out "note" >}}The value in the **Current Value** column reflects the disk usage of the root partition on the instance. An <i class="fa-solid fa-triangle-exclamation"></i> alert appears next to the hostname if the available space on the root partition drops below 20%.{{< /call-out >}}
 
 ## Network Utilization
 
diff --git a/content/nim/fundamentals/tech-specs.md b/content/nim/fundamentals/tech-specs.md
index 02110e4b3..762df55c3 100644
--- a/content/nim/fundamentals/tech-specs.md
+++ b/content/nim/fundamentals/tech-specs.md
@@ -115,7 +115,7 @@ The table below provides storage estimates for **NGINX Plus** based on configura
 |                     | 250       | 14               | 2 TiB                             |
 {{</bootstrap-table>}}
 
-{{<note>}}MiB (mebibyte), GiB (gibibyte), and TiB (tebibyte) are units of data storage. MiB equals 1,024^2 (2^20) bytes, GiB equals 1,024^3 (2^30) bytes, and TiB equals 1,024^4 (2^40) bytes. These are often used in computing to represent binary data storage capacities, as opposed to MB (megabyte), GB (gigabyte), and TB (terabyte), which use decimal units.{{</note>}}
+{{< call-out "note" >}}MiB (mebibyte), GiB (gibibyte), and TiB (tebibyte) are units of data storage. MiB equals 1,024^2 (2^20) bytes, GiB equals 1,024^3 (2^30) bytes, and TiB equals 1,024^4 (2^40) bytes. These are often used in computing to represent binary data storage capacities, as opposed to MB (megabyte), GB (gigabyte), and TB (terabyte), which use decimal units.{{< /call-out >}}
 
 #### Storage requirements for NGINX OSS
 
@@ -132,6 +132,39 @@ The table below shows the estimated storage requirements for **NGINX OSS**, base
 |                       | 250       | 14               | 4 GiB                            |
 {{</bootstrap-table>}}
 
+## Directory Requirements for NGINX Instance Manager
+
+Below are the directory requirements and storage recommendations for fresh, minimal, and moderate usage (<100 instances) of NGINX Instance Manager (NIM).
+
+{{< call-out "important" >}}
+These recommendations apply if you are using NGINX Agent to connect NGINX instances to NIM for full management capabilities, including:
+
+- Managing configurations
+- Viewing metrics
+- Applying WAF policies
+- Managing certificates
+
+If you're concerned solely on usage reporting, you do not need NGINX Agent. Required resources needed are significantly reduced. For usage reporting-only deployments, NIM receives and stores usage data sent directly from the instances.
+{{< /call-out >}}
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+| Directory path           | Content | Recommendation |
+|-----------------------|-----------------|----------------------------------|
+| /usr/bin |    Stores NIM binaries            | 500MB                         |
+| /var/lib/nms/dqlite |    Stores DQLite database data| 2GiB without NGINX App Protect; 5GiB with NGINX App Protect enabled and large compiled bundles    |
+| /var/lib/nms/streaming |    Stores NATS streaming messages           | 500MiB                         |
+| /var/lib/nms/secrets |    Stores secrets for LLM license handshakes         | 10MiB                         |
+| /var/lib/nms/modules |    Stores static content like manager.json           | 100KiB (12KiB minimum)                        |
+| /var/lib/clickhouse |    Stores ClickHouse metrics data           | recommend 2.5GB per instance (25GB for 10 instances, 250GB for 100 instances). This is only required if ClickHouse metrics are enabled                         |
+| /var/log/nms |    Stores logs for NIM with rotation enabled            | recommended 50MiB per week if archived once a month                         |
+| /etc/nms/ |      Stores NIM configuration files           | 50MiB                       |
+| /etc/nginx |    Stores NGINX configuration files           | typical size is 10MiB-50MiB   |
+{{</bootstrap-table>}}
+
+## ClickHouse tuning {#clickhouse-tuning}
+
+The default ClickHouse configuration works efficiently with NGINX Instance Manager. If you change the configuration and ClickHouse runs out of memory, see the [ClickHouse configuration guide]({{< ref "/nim/system-configuration/configure-clickhouse.md#clickhouse-tuning" >}}) to adjust the settings.
+
 ## Firewall ports {#firewall}
 
 NGINX Instance Manager and NGINX Agent use the Unix domain socket by default and proxy through the gateway on port `443`.
@@ -155,21 +188,6 @@ The NGINX Instance Manager web interface works best on the latest versions of th
 
 {{< include "nim/tech-specs/nim-app-protect-support.md" >}}
 
-## Security Monitoring Module {#security-monitoring}
-
-
-### Dependencies with NGINX Instance Manager
-
-#### Control plane requirements
-
-{{< include "nim/tech-specs/security-management-plane-dependencies.md" >}}
-
-### Dependencies with NGINX App Protect WAF and NGINX Plus
-
-#### Data plane requirements
-
-{{< include "nim/tech-specs/security-data-plane-dependencies.md" >}}
-
 ## NGINX Agent
 
 #### Data plane requirements
diff --git a/content/nim/monitoring/_index.md b/content/nim/monitoring/_index.md
index d90569edb..7eda91a14 100644
--- a/content/nim/monitoring/_index.md
+++ b/content/nim/monitoring/_index.md
@@ -1,5 +1,5 @@
 ---
-title: Monitoring
+title: Monitor metrics and events
 weight: 60
 url: /nginx-instance-manager/monitoring/
 ---
\ No newline at end of file
diff --git a/content/nim/monitoring/metrics-api.md b/content/nim/monitoring/metrics-api.md
index 11a77201c..2c76ffb5f 100644
--- a/content/nim/monitoring/metrics-api.md
+++ b/content/nim/monitoring/metrics-api.md
@@ -153,9 +153,9 @@ Using only `names` and time window parameters will give you the raw data points
 
 To get a more organized response, you can provide an aggregate function for each queried metric: `AVG`, `SUM`, `COUNT`, `MAX`, `MIN`, or `RATE`.
 
-{{< note >}}
+{{< call-out "note" >}}
 In the following definitions, `time period` refers to the `resolution` (if provided) or the difference between the `endTime` and `startTime` (when `resolution` is not provided).
-{{< /note >}}
+{{< /call-out >}}
 
 - `AVG` - calculates the average value of the metric data samples over the period
 - `SUM` - calculates the total value of the metric data samples over the period
@@ -163,13 +163,13 @@ In the following definitions, `time period` refers to the `resolution` (if provi
 - `MIN`/`MAX` - returns the minimal/maximal data sample of the metric from the given period
 - `RATE` - returns an average value of the metric calculated per second (always *per second*, regardless of the provided `resolution`), based on the data available in the given period
 
-{{< note >}}
+{{< call-out "note" >}}
 You must define a `startTime` when using aggregate functions.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< see-also >}}
+{{< call-out "note" >}}
 The list of supported aggregate functions for any particular metric is available in the [Metrics Catalog]({{< ref "/nms/reference/catalogs//metrics.md" >}})).
-{{< /see-also >}}
+{{< /call-out>}}
 
 For example, the following query returns a single value (per dimension set), which is the sum of the metric values for the last 12 hours. To get proper values, ensure that the `endTime` is greater than the `startTime`.
 
@@ -213,13 +213,13 @@ For example, the following query includes a simple filter on the app name. The q
 curl -X GET --url "<NMS_FQDN>/api/platform/v1/analytics/metrics?names=nginx.http.request.count&filter=nginx_id='nginx_id1'&startTime=now-12h" -H "Authorization: Bearer <access token>"
 ```
 
-{{< tip >}}
+{{< call-out "tip" >}}
 
 - Predicates can be combined into logical expressions using `OR`, `AND`, and `(` `)`.
 - For matching values, wildcard (`*`) use is supported.
 - We recommend wrapping predicates in single quotes to ensure that the full query string is processed correctly.
 
-{{< /tip >}}
+{{< /call-out >}}
 
 The following example request uses `filter` with logical expressions:
 
@@ -233,12 +233,12 @@ Using filters and aggregation functions may not be enough to allow you to get co
 
 The `groupBy` parameter helps to gather results according to the specified dimension(s). You can provide multiple dimension names as a comma-separated list.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - When using `groupBy`, you must use an aggregate function and a time window (`startTime` must be defined; `endTime` is optional).
 - If a request contains aggregated and non-aggregated metrics, the `groupBy` parameter will apply only to the aggregated metrics.
 
-{{< /note >}}
+{{< /call-out >}}
 
 For example, the following query returns data grouped by `nginx_id` for the last 12 hours.
 
diff --git a/content/nim/monitoring/view-events-metrics.md b/content/nim/monitoring/view-events-metrics.md
index 07eb41400..34a60bc7d 100644
--- a/content/nim/monitoring/view-events-metrics.md
+++ b/content/nim/monitoring/view-events-metrics.md
@@ -12,7 +12,7 @@ type:
 
 F5 NGINX Instance Manager provides events and metrics data for your instances. You can access this information in the user interface, or by using the REST API.
 
-{{<note>}}This topic provides examples for using the REST API to view, sort, and filter Events data that can be applied across the NGINX Instance Manager REST API.{{</note>}}
+{{< call-out "note" >}}This topic provides examples for using the REST API to view, sort, and filter Events data that can be applied across the NGINX Instance Manager REST API.{{< /call-out >}}
 
 ## View Events in the User Interface
 
@@ -272,9 +272,9 @@ To view the metrics summary for an NGINX instance, take the following steps:
 4. Select the **Metrics Summary** tab.
 5. To view detailed metrics as graphs, select the **Metrics** tab.
 
-{{<note>}}
+{{< call-out "note" >}}
 Select a time range to change the period for the metrics display. The metrics data refreshes every 30 seconds.
-{{</note>}}
+{{< /call-out >}}
 
 For NGINX OSS instances, you can view basic system metrics and metrics for the NGINX data plane. These provide a high-level overview of your system.
 
diff --git a/content/nim/nginx-app-protect/_index.md b/content/nim/nginx-app-protect/_index.md
index 6f85ed7b2..2900d6e8d 100644
--- a/content/nim/nginx-app-protect/_index.md
+++ b/content/nim/nginx-app-protect/_index.md
@@ -1,5 +1,5 @@
 ---
-title: NGINX App Protect WAF
+title: Secure with NGINX App Protect WAF
 weight: 90
 url: /nginx-instance-manager/nginx-app-protect/
 ---
\ No newline at end of file
diff --git a/content/nim/nginx-app-protect/manage-waf-security-policies.md b/content/nim/nginx-app-protect/manage-waf-security-policies.md
index e61e57280..6939d79b5 100644
--- a/content/nim/nginx-app-protect/manage-waf-security-policies.md
+++ b/content/nim/nginx-app-protect/manage-waf-security-policies.md
@@ -14,14 +14,14 @@ F5 NGINX Instance Manager lets you manage NGINX App Protect WAF configurations u
 
 You can compile a security policy, attack signatures, and threat campaigns into a security policy bundle. The bundle includes all necessary components for a specific NGINX App Protect WAF version. Precompiling the bundle improves performance by avoiding separate compilation of each component during deployment.
 
-{{<note>}}
+{{< call-out "note" >}}
 The following capabilities are available only through the Instance Manager REST API:
 
 - Update security policies
 - Create, read, and update security policy bundles
 - Create, read, update, and delete security log profiles
 - Publish security policies, log profiles, attack signatures, and threat campaigns to instances and instance groups
-{{</note>}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nim/nginx-app-protect/overview-nap-waf-config-management.md b/content/nim/nginx-app-protect/overview-nap-waf-config-management.md
index d9367f8f3..44f716549 100644
--- a/content/nim/nginx-app-protect/overview-nap-waf-config-management.md
+++ b/content/nim/nginx-app-protect/overview-nap-waf-config-management.md
@@ -54,9 +54,9 @@ location / {
 
 You can also configure NGINX Instance Manager to compile log profiles when you install a new version of the compiler. When publishing NGINX configs that include the [`app_protect_security_log`](https://docs.nginx.com/nginx-app-protect/logging-overview/security-log/#app_protect_security_log) directive, NGINX Instance Manager pushes the compiled log profile to your WAF instances (when precompiled publication is turned on).
 
-{{<important>}}
+{{< call-out "important" >}}
 NGINX Instance Manager and Security Monitoring both use log profiles, but their configurations are different. If you're using configuration management in NGINX Instance Manager, you must reference the log profile with the `.tgz` file extension, not `.json`.
-{{</important>}}
+{{< /call-out >}}
 
 ## Security management APIs
 
diff --git a/content/nim/nginx-app-protect/security-monitoring/give-access-to-security-monitoring-dashboards.md b/content/nim/nginx-app-protect/security-monitoring/give-access-to-security-monitoring-dashboards.md
index 6d29edf1a..1804e974b 100644
--- a/content/nim/nginx-app-protect/security-monitoring/give-access-to-security-monitoring-dashboards.md
+++ b/content/nim/nginx-app-protect/security-monitoring/give-access-to-security-monitoring-dashboards.md
@@ -13,9 +13,9 @@ F5 NGINX Security Monitoring tracks activity on NGINX App Protect WAF instances.
 
 This guide explains how to create a role to give users access to Security Monitoring and assign it to users or groups.
 
-{{< note >}}
+{{< call-out "note" >}}
 This guide follows the principle of least privilege, so users only get access to Security Monitoring. You can create roles with different permissions if needed.
-{{</ note >}}
+{{< /call-out >}}
 
 ---
 
@@ -36,7 +36,7 @@ Make sure you complete these steps:
   | Module(s)                         | Feature(s)            | Access                     | Description                                                                                              |
   |-----------------------------------|-----------------------|----------------------------|----------------------------------------------------------------------------------------------------------|
   | Instance&nbsp;Manager <hr> Security&nbsp;Monitoring | Analytics <hr> Security&nbsp;Monitoring | `READ` <hr> `READ`            | Gives read-only access to Security Monitoring dashboards. Users cannot access NGINX Instance Manager or Settings. |
-  | Instance&nbsp;Manager <hr> Security&nbsp;Monitoring <hr> Settings | Analytics <hr> Security&nbsp;Monitoring <hr> User Management | `READ` <hr> `READ` <hr> `CREATE`,&nbsp;`READ`,&nbsp;`UPDATE` | Lets users view dashboards and manage accounts and roles.<br><br>{{< fa "lightbulb" >}} Best for "super-users" who manage dashboard access. Does not allow deleting accounts. |
+  | Instance&nbsp;Manager <hr> Security&nbsp;Monitoring <hr> Settings | Analytics <hr> Security&nbsp;Monitoring <hr> User Management | `READ` <hr> `READ` <hr> `CREATE`,&nbsp;`READ`,&nbsp;`UPDATE` | Lets users view dashboards and manage accounts and roles.<br><br>{{< icon "lightbulb" >}} Best for "super-users" who manage dashboard access. Does not allow deleting accounts. |
 
   {{</bootstrap-table>}}
 
@@ -62,4 +62,4 @@ Assign the Security Monitoring role to users or groups.
 
 ### Assign the role to user groups
 
-{{< include "nim/rbac/assign-roles-to-user-groups.md" >}}
\ No newline at end of file
+{{< include "nim/rbac/assign-roles-to-user-groups.md" >}}
diff --git a/content/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md b/content/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md
index 2c8408899..e18ad36d5 100644
--- a/content/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md
+++ b/content/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md
@@ -22,12 +22,8 @@ Complete the following prerequisites before proceeding with the steps in this gu
 
 1. If you are new to NGINX App Protect WAF, follow the instructions in the installation and configuration guides to get up and running:
 
-   - [Install NGINX App Protect WAF]({{< ref "/nap-waf/v4/admin-guide/install.md" >}}) on one or more data plane instances. Each data plane instance must have connectivity to the NGINX Instance Manager host.
-   - [Configure NGINX App Protect WAF]({{< ref "/nap-waf/v4//configuration-guide/configuration.md#policy-configuration-overview" >}}) according to your needs on each of the data plane instance.
-
-1. Review the dependencies with NGINX App Protect WAF and NGINX Plus.
-
-   {{< include "nim/tech-specs/security-data-plane-dependencies.md" >}}
+   - [Install NGINX App Protect WAF]({{< ref "/nap-waf/v5/admin-guide/install.md" >}}) on one or more data plane instances. Each data plane instance must have connectivity to the NGINX Instance Manager host.
+   - [Configure NGINX App Protect WAF]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#policy-configuration-overview" >}}) according to your needs on each of the data plane instance.
 
 1. Determine your use case: **Security Monitoring only** or **Security Monitoring and Configuration Management**.
 1. [Upload your license]({{< ref "/nim/admin-guide/add-license.md" >}}).
@@ -114,10 +110,10 @@ Repeat the steps in this section on each NGINX App Protect WAF data plane host t
    sudo systemctl restart nginx
    ```
 
-{{<important>}}You can change the values of `syslog_ip` and `syslog_port` to meet your needs.
-   You must use the same values when configuring logging for the Security Monitoring module. If the `syslog:<server><port>` configuration does not match these settings, the monitoring dashboards will not display any data. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{</important>}}
+{{< call-out "important" >}}You can change the values of `syslog_ip` and `syslog_port` to meet your needs.
+   You must use the same values when configuring logging for the Security Monitoring module. If the `syslog:<server><port>` configuration does not match these settings, the monitoring dashboards will not display any data. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{< /call-out >}}
 
-   {{<note>}}You can use the NGINX Agent installation script to add the fields for `nginx_app_protect` and `nap_monitoring`:
+   {{< call-out "note" >}}You can use the NGINX Agent installation script to add the fields for `nginx_app_protect` and `nap_monitoring`:
 
 ```shell
 # Download install script via API
@@ -138,7 +134,7 @@ Restart NGINX Agent:
 sudo systemctl restart nginx-agent
 ```
 
-{{</ note >}}
+{{< /call-out >}}
 
 
 ---
@@ -186,7 +182,7 @@ Repeat the steps below on each NGINX App Protect WAF data plane instance.
       app_protect_security_log "/etc/app_protect/conf/log_sm.json" syslog:server=127.0.0.1:514;
    ```
 
-   {{<important>}}The `syslog:server=<syslog_ip>:<syslog_port>` must match the `syslog_ip` and `syslog_port` values specified in the [NGINX Agent configuration file](#agent-config). The dashboards won't display any data if these settings don't match. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{</important>}}
+   {{< call-out "important" >}}The `syslog:server=<syslog_ip>:<syslog_port>` must match the `syslog_ip` and `syslog_port` values specified in the [NGINX Agent configuration file](#agent-config). The dashboards won't display any data if these settings don't match. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{< /call-out >}}
 
 1. Restart NGINX Agent and the NGINX web server.
 
@@ -211,7 +207,6 @@ Take the steps below to update your NGINX App Protect WAF configurations by usin
 1. Next, edit the desired configuration file. You will add directives that reference the security policies bundle and enable the NGINX App Protect WAF logs required by the Security Monitoring dashboards. An example configuration is provided below.
 
    ```nginx
-      app_protect_enable on;
       app_protect_enable on;
       app_protect_policy_file "/etc/nms/NginxDefaultPolicy.tgz";
       app_protect_security_log_enable on;
@@ -230,7 +225,7 @@ Take the steps below to update your NGINX App Protect WAF configurations by usin
 
       If the `app_protect_security_log_enable` setting is already present, just add the `app_protect_security_log` beneath it in the same context.
 
-      {{<important>}}The `syslog:server=<syslog_ip>:<syslog_port>` must match the `syslog_ip` and `syslog_port` values specified in the [NGINX Agent configuration file](#agent-config). The Security Monitoring dashboards won't display any data if these settings don't match. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{</important>}}
+      {{< call-out "important" >}}The `syslog:server=<syslog_ip>:<syslog_port>` must match the `syslog_ip` and `syslog_port` values specified in the [NGINX Agent configuration file](#agent-config). The Security Monitoring dashboards won't display any data if these settings don't match. Also, the networking changes for NGINX App Protect Version 5 preclude the use of `127.0.0.1` as a syslog server address. For Version 5, the address of the `docker0` interface (typically `192.0.10.1`) or the IP address of the data plane host can be used for the syslog server address.{{< /call-out >}}
 
 1. Select **Publish** to immediately push the configuration file updates out to your NGINX instance or instance group.
 
diff --git a/content/nim/nginx-app-protect/setup-waf-config-management.md b/content/nim/nginx-app-protect/setup-waf-config-management.md
index 529c3f5ea..4464329f9 100644
--- a/content/nim/nginx-app-protect/setup-waf-config-management.md
+++ b/content/nim/nginx-app-protect/setup-waf-config-management.md
@@ -18,7 +18,7 @@ Make sure you've completed the following prerequisites before you get started:
 
 - You have one or more [NGINX App Protect WAF]({{< ref "/nap-waf/" >}}) instances running. For supported versions, see [Support for NGINX App Protect WAF]({{< ref "/nim/fundamentals/tech-specs.md#support-for-nginx-app-protect-waf" >}}).
 
-  {{<note>}}If you're using configuration management and Security Monitoring, follow the steps in the [setup guide]({{< ref "/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md" >}}) to set up your NGINX App Protect WAF instances first.{{</note>}}
+  {{< call-out "note" >}}If you're using configuration management and Security Monitoring, follow the steps in the [setup guide]({{< ref "/nim/nginx-app-protect/security-monitoring/set-up-app-protect-instances.md" >}}) to set up your NGINX App Protect WAF instances first.{{< /call-out >}}
 
 - You're running NGINX Instance Manager v2.6.0 or later. Make sure it's [installed]({{< ref "/nim/deploy/vm-bare-metal/_index.md" >}}), licensed, and running.
 
@@ -55,6 +55,7 @@ The table below shows which WAF compiler version to use for each version of NGIN
 
 | NGINX App Protect WAF version | WAF compiler version       |
 |-------------------------------|----------------------------|
+| 5.8.0                         | nms-nap-compiler-v5.498.0  |
 | 5.7.0                         | nms-nap-compiler-v5.442.0  |
 | 5.6.0                         | nms-nap-compiler-v5.342.0  |
 | 5.5.0                         | nms-nap-compiler-v5.264.0  |
@@ -62,6 +63,7 @@ The table below shows which WAF compiler version to use for each version of NGIN
 | 5.3.0                         | nms-nap-compiler-v5.144.0  |
 | 5.2.0                         | nms-nap-compiler-v5.48.0   |
 | 5.1.0                         | nms-nap-compiler-v5.17.0   |
+| 4.16.0                        | nms-nap-compiler-v5.498.0  |
 | 4.15.0                        | nms-nap-compiler-v5.442.0  |
 | 4.14.0                        | nms-nap-compiler-v5.342.0  |
 | 4.13.0                        | nms-nap-compiler-v5.264.0  |
@@ -88,20 +90,20 @@ The table below shows which WAF compiler version to use for each version of NGIN
 To install the WAF compiler on Debian or Ubuntu, run the following command:
 
 ```shell
-sudo apt-get install nms-nap-compiler-v5.442.0
+sudo apt-get install nms-nap-compiler-v5.498.0
 ```
 
 If you want to install more than one version of the WAF compiler on the same system, append the `--force-overwrite` option to the install command after the first installation:
 
 ```shell
-sudo apt-get install nms-nap-compiler-v5.442.0 -o Dpkg::Options::="--force-overwrite"
+sudo apt-get install nms-nap-compiler-v5.498.0 -o Dpkg::Options::="--force-overwrite"
 ```
 
 {{< include "nim/nap-waf/restart-nms-integrations.md" >}}
 
-### RHEL 8.1 or later
+### RHEL 8.1
 
-To install the WAF compiler on RHEL 8.1 or later:
+To install the WAF compiler on RHEL 8.1 :
 
 1. Download the `dependencies.repo` file to the `/etc/yum.repos.d` directory:
 
@@ -118,66 +120,36 @@ To install the WAF compiler on RHEL 8.1 or later:
 3. Install the WAF compiler:
 
    ```shell
-   sudo yum install nms-nap-compiler-v5.442.0
+   sudo yum install nms-nap-compiler-v5.498.0
    ```
 
-4. {{< include "nim/nap-waf/restart-nms-integrations.md" >}}
-
-### RHEL 7.4 or later; CentOS
+### RHEL 9
 
-To install the WAF compiler on RHEL 7.4 or later or CentOS:
+To install the WAF compiler on RHEL 9:
 
 1. Download the `dependencies.repo` file to the `/etc/yum.repos.d` directory:
 
-    ```shell
-    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-    ```
-
-2. Enable the RHEL 7 server repositories:
-
-    ```shell
-    sudo yum-config-manager --enable rhui-REGION-rhel-server-optional rhui-REGION-rhel-server-releases rhel-7-server-optional-rpms
-    ```
-
-3. Install the WAF compiler:
-
-    ```shell
-    sudo yum install nms-nap-compiler-v5.442.0
-    ```
-
-4.	{{< include "nim/nap-waf/restart-nms-integrations.md" >}}
-
-### Amazon Linux 2 LTS
-
-To install the WAF compiler on Amazon Linux 2 LTS:
-
-1. Download the required repo files to the `/etc/yum.repos.d` directory:
-
    ```shell
-   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms-amazon2.repo
-   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-7.repo
+   sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
    ```
 
-2. Enable the Extra Packages for Enterprise Linux (EPEL) repository:
+2. Enable the CodeReady Builder repository:
 
-    ```shell
-    sudo amazon-linux-extras enable epel
-    sudo yum clean metadata
-    sudo yum install epel-release
-    ```
+   ```shell
+   sudo subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms
+   ```
 
 3. Install the WAF compiler:
 
-    ```shell
-    sudo yum install nms-nap-compiler-v5.442.0
-    ```
+   ```shell
+   sudo yum install nms-nap-compiler-v5.498.0
+   ```
 
 4. {{< include "nim/nap-waf/restart-nms-integrations.md" >}}
 
+### Oracle Linux 8.1
 
-### Oracle Linux 7.4 or later
-
-To install the WAF compiler on Oracle Linux 7.4 or later:
+To install the WAF compiler on Oracle Linux 8.1:
 
 1. Download the `dependencies.repo` file to the `/etc/yum.repos.d` directory:
 
@@ -194,7 +166,7 @@ To install the WAF compiler on Oracle Linux 7.4 or later:
 3. Install the WAF compiler:
 
     ```shell
-    sudo yum install nms-nap-compiler-v5.442.0
+    sudo yum install nms-nap-compiler-v5.498.0
     ```
 
 4. {{< include "nim/nap-waf/restart-nms-integrations.md" >}}
@@ -270,6 +242,199 @@ error when creating the nginx repo retriever - NGINX repo certificates not found
 
 If needed, you can also [install the WAF compiler manually](#install-the-waf-compiler).
 
+
+## Install or update the WAF compiler in a disconnected environment
+
+To install the WAF compiler on a system without internet access, complete these steps:
+
+- **Step 1:** Generate the WAF compiler package on a system that has internet access.  
+- **Step 2:** Move the generated package to the offline target system and install it.
+
+
+Note : Version of NAP compiler can be referred from the table at the top of this page. 
+Current latest version 5.498.0 at the point of writing this document is used in below commands.
+
+{{<tabs name="WAF compiler installation in offline environment">}}
+
+{{%tab name="Ubuntu"%}}
+
+
+### Install on Ubuntu 24.04, 22.04
+
+#### Step 1: On a system with internet access
+
+Place your `nginx-repo.crt` and `nginx-repo.key` files on this system.
+```bash
+sudo apt-get update -y
+sudo mkdir -p /etc/ssl/nginx/
+sudo mv nginx-repo.crt /etc/ssl/nginx/
+sudo mv nginx-repo.key /etc/ssl/nginx/
+
+wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \
+    | gpg --dearmor \
+    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+
+printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+https://pkgs.nginx.com/nms/ubuntu $(lsb_release -cs) nginx-plus\n" | \
+sudo tee /etc/apt/sources.list.d/nms.list
+
+sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
+mkdir -p compiler && cd compiler
+sudo apt-get update
+
+sudo apt-get download nms-nap-compiler-v5.498.0
+cd ../
+mkdir -p compiler/compiler.deps
+sudo apt-get install --download-only --reinstall --yes --print-uris nms-nap-compiler-v5.498.0 | grep ^\' | cut -d\' -f2 | xargs -n 1 wget -P ./compiler/compiler.deps
+
+tar -czvf compiler.tar.gz compiler/
+```
+
+#### Step 2: On the target (offline) system
+
+Before running the steps, make sure the OS libraries are up to date, especially `glibc`.  
+Move the `compiler.tar.gz` file from Step 1 to this system.
+
+```bash
+tar -xzvf compiler.tar.gz
+sudo dpkg -i ./compiler/compiler.deps/*.deb
+sudo dpkg -i ./compiler/*.deb
+```
+
+{{%/tab%}}
+
+{{%tab name="Debian"%}}
+
+### Install on Debian 11 and 12
+
+#### Step 1: On a system with internet access
+
+Place your `nginx-repo.crt` and `nginx-repo.key` files on this system.
+```bash
+sudo apt-get update -y
+sudo mkdir -p /etc/ssl/nginx/
+sudo mv nginx-repo.crt /etc/ssl/nginx/
+sudo mv nginx-repo.key /etc/ssl/nginx/
+
+wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \
+    | gpg --dearmor \
+    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+
+printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+https://pkgs.nginx.com/nms/debian $(lsb_release -cs) nginx-plus\n" | \
+sudo tee /etc/apt/sources.list.d/nms.list
+
+sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
+mkdir -p compiler && cd compiler
+sudo apt-get update
+
+sudo apt-get download nms-nap-compiler-v5.498.0
+
+cd ../
+mkdir -p compiler/compiler.deps
+sudo apt-get install --download-only --reinstall --yes --print-uris nms-nap-compiler-v5.498.0 | grep ^\' | cut -d\' -f2 | xargs -n 1 wget -P ./compiler/compiler.deps
+tar -czvf compiler.tar.gz compiler/
+```
+
+#### Step 2: On the target (offline) system
+
+Before running the steps, make sure the OS libraries are up to date, especially `glibc`.  
+Move the `compiler.tar.gz` file from Step 1 to this system.
+
+```bash
+tar -xzvf compiler.tar.gz
+sudo dpkg -i ./compiler/compiler.deps/*.deb
+sudo dpkg -i ./compiler/*.deb
+```
+
+{{%/tab%}}
+
+
+{{%tab name="RHEL9, Oracle-9 "%}}
+
+### Install on RHEL 9 or Oracle Linux 9
+
+#### Step 1: On a system with internet access
+
+> For RHEL 8, you can skip the `yum-config-manager` line.
+
+Place your `nginx-repo.crt` and `nginx-repo.key` files on this system.
+```bash
+sudo yum update -y
+sudo yum install yum-utils -y
+sudo mkdir -p /etc/ssl/nginx/
+sudo mv nginx-repo.crt /etc/ssl/nginx/
+sudo mv nginx-repo.key /etc/ssl/nginx/
+sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms.repo
+sudo yum-config-manager --disable rhel-9-appstream-rhui-rpms
+sudo yum update -y
+sudo mkdir -p nms-nap-compiler
+
+sudo yumdownloader --resolve --destdir=nms-nap-compiler nms-nap-compiler-v5.498.0
+tar -czvf compiler.tar.gz nms-nap-compiler/
+```
+
+#### Step 2: On the target (offline) system
+
+Before running the steps, make sure the OS libraries are up to date, especially `glibc`.  
+Move the `compiler.tar.gz` file from Step 1 to this system.
+
+```bash
+tar -xzvf compiler.tar.gz
+cd nms-nap-compiler
+sudo dnf install *.rpm --disablerepo=*
+```
+
+{{%/tab%}}
+
+
+{{%tab name="Redhat-8, Oracle-8"%}}
+
+### Install on RHEL-8 or Oracle Linux 8
+
+#### Step 1: On a system with internet access
+
+Place your `nginx-repo.crt` and `nginx-repo.key` files on this system.
+```bash
+sudo yum update -y
+sudo yum install yum-utils tar -y
+sudo mkdir -p /etc/ssl/nginx/
+sudo mv nginx-repo.crt /etc/ssl/nginx/
+sudo mv nginx-repo.key /etc/ssl/nginx/
+sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms.repo
+
+sudo tee /etc/yum.repos.d/centos-vault-powertools.repo << 'EOF'
+[centos-vault-powertools]
+name=CentOS Vault - PowerTools
+baseurl=https://vault.centos.org/centos/8/PowerTools/x86_64/os/
+enabled=1
+gpgcheck=0
+EOF
+
+sudo yum update -y
+sudo mkdir -p nms-nap-compiler
+
+sudo yumdownloader --resolve --destdir=nms-nap-compiler nms-nap-compiler-v5.498.0
+tar -czvf compiler.tar.gz nms-nap-compiler/
+```
+
+#### Step 2: On the target (offline) system
+
+Before running the steps, make sure the OS libraries are up to date, especially `glibc`.  
+Move the `compiler.tar.gz` file from Step 1 to this system.
+
+```bash
+sudo yum install tar -y
+tar -xzvf compiler.tar.gz
+sudo dnf install --disablerepo=* nms-nap-compiler/*.rpm
+```
+
+
+{{%/tab%}}
+
+
+{{</tabs>}}
+
 ---
 
 ## Set up attack signatures and threat campaigns
@@ -415,30 +580,66 @@ This means NGINX Instance Manager can’t connect to the NGINX repository to ret
 
 ### Manually update packages
 
-If you prefer not to enable automatic updates, you can manually update the Attack Signature and Threat Campaign packages by downloading them from MyF5 and uploading them to NGINX Instance Manager.
+If you prefer not to enable automatic updates, you can manually update the Attack Signature and Threat Campaign packages by downloading them from NGINX repository and uploading them to NGINX Instance Manager.
+
+#### Download packages from NGINX Repository
 
-#### Download packages from MyF5
+1. Log in to [MyF5](https://account.f5.com/myf5) and then go to **My Products and Plans > Subscriptions**.
 
-1. Log in to [MyF5](https://my.f5.com), then go to **Resources > Downloads**.
+2. Download the following files from your NGINX App Protect WAF subscription:
+   - `nginx-repo.crt` (certificate)
+   - `nginx-repo.key` (private key)
 
-2. Select the following options in the product menu:
-    - **Group/Product Family**: *NGINX*
-    - **Product Line**: *NGINX App Protect*
-    - **Product Version**: Choose a version that matches your WAF compiler version.
-    - Select your **Linux Distribution**, **Version**, and **Architecture**.
+3. Chose the following options while downloading the packages from the [NGINX repository](https://pkgs.nginx.com/app-protect-security-updates):
+    - Select your **Linux Distribution** path.
+      - For **Ubuntu**: /ubuntu/pool/nginx-plus/a/
+      - For **Debian**: /debian/pool/nginx-plus/a/
+      - For **RHEL**: /centos/<8 or 9>/x86_64/RPMS/
 
-3. Download the `.deb` or `.rpm` packages:
+4. Download the `.deb` or `.rpm` packages from https://pkgs.nginx.com using your NGINX App Protect WAF cert and key:
     - For Attack Signatures: package starts with `app-protect-attack-signatures`
+      - Format for `.deb` package:
+      ```text
+      https://pkgs.nginx.com/app-protect-security-updates/<ubuntu or debian>/pool/nginx-plus/a/app-protect-attack-signatures/app-protect-attack-signatures_<Revision Timestamp in YYYY.MM.DD>-<version>~<OS Family>_amd64.deb
+      ```
+      - Example for `.deb` download:
+      ```shell
+      curl --key nginx-repo.key --cert nginx-repo.crt https://pkgs.nginx.com/app-protect-security-updates/ubuntu/pool/nginx-plus/a/app-protect-attack-signatures/app-protect-attack-signatures_2025.07.24-1~noble_amd64.deb --output app-protect-attack-signatures_2025.07.24-1~noble_amd64.deb
+      ```
+      - Format for `.rpm` package:
+      ```text
+      https://pkgs.nginx.com/app-protect-security-updates/centos/<8 or 9>/x86_64/RPMS/app-protect-attack-signatures-<Revision Timestamp in YYYY.MM.DD>-<version>.el<8 or 9>.ngx.x86_64.rpm
+      ```
+      - Example for `.rpm` download:
+      ```shell
+      curl -v --key nginx-repo.key --cert nginx-repo.crt https://pkgs.nginx.com/app-protect-security-updates/centos/8/x86_64/RPMS/app-protect-attack-signatures-2025.07.24-1.el8.ngx.x86_64.rpm --output app-protect-attack-signatures-2025.07.24-1.el8.ngx.x86_64.rpm
+      ```
     - For Threat Campaigns: package starts with `app-protect-threat-campaigns`
-
-4. Extract the following three files from the package:
+      - Format for `.deb` package:
+      ```text
+      https://pkgs.nginx.com/app-protect-security-updates/<ubuntu or debian>/pool/nginx-plus/a/app-protect-threat-campaigns/app-protect-threat-campaigns_<Revision Timestamp in YYYY.MM.DD>-<version>~<OS Family>_amd64.deb
+      ```
+      - Example for `.deb` download:
+      ```shell
+      curl --key nginx-repo.key --cert nginx-repo.crt https://pkgs.nginx.com/app-protect-security-updates/ubuntu/pool/nginx-plus/a/app-protect-threat-campaigns/app-protect-threat-campaigns_2025.07.29-1~noble_amd64.deb --output app-protect-threat-campaigns_2025.07.29-1~noble_amd64.deb
+      ```
+      - Format for `.rpm` package:
+      ```text
+      https://pkgs.nginx.com/app-protect-security-updates/centos/<8 or 9>/x86_64/RPMS/app-protect-threat-campaigns-<Revision Timestamp in YYYY.MM.DD>-<version>.el<8 or 9>.ngx.x86_64.rpm
+      ```
+      - Example for `.rpm` download:
+      ```shell
+      curl -v --key nginx-repo.key --cert nginx-repo.crt https://pkgs.nginx.com/app-protect-security-updates/centos/8/x86_64/RPMS/app-protect-threat-campaigns-2025.07.29-1.el8.ngx.x86_64.rpm --output app-protect-threat-campaigns-2025.07.29-1.el8.ngx.x86_64.rpm
+      ```
+
+5. Extract the following three files from the package:
     - `signatures.bin.tgz` (or `threat_campaigns.bin.tgz`)
     - `signature_update.yaml` (or `threat_campaign_update.yaml`)
     - `version`
 
     Use tools like `rpm2cpio | cpio` or `ar` (for `.deb`) to extract the files.
 
-5. Create a `.tgz` bundle that includes the three files. For example:
+6. Create a `.tgz` bundle that includes the three files. For example:
 
     ```shell
     tar -czvf attack-signatures.tgz signatures.bin.tgz signature_update.yaml version
@@ -466,7 +667,7 @@ curl -X POST 'https://{{NIM_FQDN}}/api/platform/v1/security/threat-campaigns' \
   --form 'filename=@"/threat-campaigns.tgz"'
 ```
 
-{{<important>}}The bundle you upload must match the OS of your NGINX Instance Manager host. For example, if the host is running Ubuntu 20.04, create the `.tgz` from the Ubuntu 20.04 package.{{</important>}}
+{{< call-out "important" >}}The bundle you upload must match the OS of your NGINX Instance Manager host. For example, if the host is running Ubuntu 20.04, create the `.tgz` from the Ubuntu 20.04 package.{{< /call-out >}}
 
 ### Update the Security Monitoring signature database
 
@@ -603,7 +804,7 @@ You should now be able to view your NGINX App Protect WAF instances in the Insta
 
 {{%tab name="API"%}}
 
-{{< see-also >}}{{< include "nim/how-to-access-nim-api.md" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{< include "nim/how-to-access-nim-api.md" >}}{{< /call-out>}}
 
 Use the REST API to confirm the version and status of NGINX App Protect WAF:
 
@@ -871,7 +1072,7 @@ If you’re using NGINX App Protect WAF v5:
 
 {{%tab name="API"%}}
 
-{{< see-also >}}{{< include "nim/how-to-access-nim-api.md" >}}{{< /see-also >}}
+{{< call-out "note" >}}{{< include "nim/how-to-access-nim-api.md" >}}{{< /call-out>}}
 
 You can use the NGINX Instance Manager REST API to deploy your NGINX App Protect WAF configuration.
 
@@ -884,7 +1085,7 @@ You can use the NGINX Instance Manager REST API to deploy your NGINX App Protect
 
 {{</bootstrap-table>}}
 
-{{<important>}}Before deploying a configuration to an instance group, make sure all instances in the group are running the same version of NGINX App Protect WAF. Otherwise, the deployment may fail.{{</important>}}
+{{< call-out "important" >}}Before deploying a configuration to an instance group, make sure all instances in the group are running the same version of NGINX App Protect WAF. Otherwise, the deployment may fail.{{< /call-out >}}
 
 1. Send a `GET` request to the `/api/platform/v1/systems/{systemUID}/instances` endpoint to list all instances. This response includes the unique identifier (UID) of the instance that you want to update.
 
@@ -1006,21 +1207,21 @@ sudo /opt/nms-nap-compiler/app_protect-<version>/bin/apcompile -h
 **Example:**
 
 ```shell
-sudo /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -h
+sudo /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -h
 ```
 
 **Expected output:**
 
 ```text
 USAGE:
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile <options>
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile <options>
 
 Examples:
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -p /path/to/policy.json -o mypolicy.tgz
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -p policyA.json -g myglobal.json -o /path/to/policyA_bundle.tgz
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -g myglobalsettings.json --global-state-outfile /path/to/myglobalstate.tgz
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -b /path/to/policy_bundle.tgz --dump
-    /opt/nms-nap-compiler/app_protect-5.442.0/bin/apcompile -l logprofA.json -o /path/to/logprofA_bundle.tgz
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -p /path/to/policy.json -o mypolicy.tgz
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -p policyA.json -g myglobal.json -o /path/to/policyA_bundle.tgz
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -g myglobalsettings.json --global-state-outfile /path/to/myglobalstate.tgz
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -b /path/to/policy_bundle.tgz --dump
+    /opt/nms-nap-compiler/app_protect-5.498.0/bin/apcompile -l logprofA.json -o /path/to/logprofA_bundle.tgz
 ```
 
 ### Confirm NGINX Agent configuration on the NGINX App Protect WAF instance
diff --git a/content/nim/nginx-configs/_index.md b/content/nim/nginx-configs/_index.md
index 68a09440c..aedd2e2b2 100644
--- a/content/nim/nginx-configs/_index.md
+++ b/content/nim/nginx-configs/_index.md
@@ -1,5 +1,5 @@
 ---
-title: NGINX configs
+title: Manage NGINX configs
 weight: 15
 url: /nginx-instance-manager/nginx-configs/
 weight: 70
diff --git a/content/nim/nginx-configs/config-templates/how-to/manage-nginx-configs-with-templates.md b/content/nim/nginx-configs/config-templates/how-to/manage-nginx-configs-with-templates.md
index 82e1d4e4b..f7033691d 100644
--- a/content/nim/nginx-configs/config-templates/how-to/manage-nginx-configs-with-templates.md
+++ b/content/nim/nginx-configs/config-templates/how-to/manage-nginx-configs-with-templates.md
@@ -73,7 +73,7 @@ To import an existing template from a `.tar.gz` archive file:
 8. If an error message appears indicating the archive is unsigned, and you recognize and trust the source of the file, select the checkbox **Allow Signature Bypass**.
 9. Select **Import** to finish importing the templates.
 
-{{<warning>}}<i class="fa fa-exclamation-triangle" aria-hidden="true" aria-label="Warning"></i> Make sure you validate the source of the archive before bypassing the signature requirement to maintain the security of your system.{{</warning>}}
+{{< call-out "warning" >}}<i class="fa fa-exclamation-triangle" aria-hidden="true" aria-label="Warning"></i> Make sure you validate the source of the archive before bypassing the signature requirement to maintain the security of your system.{{< /call-out >}}
 
 ### Create a Config Template from Scratch
 
diff --git a/content/nim/nginx-configs/publish-configs-version-control.md b/content/nim/nginx-configs/publish-configs-version-control.md
index d093490fa..e8cd5f316 100644
--- a/content/nim/nginx-configs/publish-configs-version-control.md
+++ b/content/nim/nginx-configs/publish-configs-version-control.md
@@ -138,4 +138,4 @@ publish_config_to_instance "$@"
 
 To publish configuration changes, modify the configuration files (`nginx.conf`) and push your changes upstream to trigger the pipeline. The process is the same whether you are pushing changes to individual instances or to instance groups. You can modify the script and pipeline rules based on whether you're targeting instances or instance groups.
 
-{{< note >}}You can find a sample template to modify as required in our [public repository](https://github.com/nginxinc/git-automation/).{{</note>}}
+{{< call-out "note" >}}You can find a sample template to modify as required in our [public repository](https://github.com/nginxinc/git-automation/).{{< /call-out >}}
diff --git a/content/nim/nginx-instances/_index.md b/content/nim/nginx-instances/_index.md
index 84061a18b..b6f72ea38 100644
--- a/content/nim/nginx-instances/_index.md
+++ b/content/nim/nginx-instances/_index.md
@@ -1,5 +1,5 @@
 ---
-title: NGINX instances
+title: Manage NGINX instances
 weight: 80
 url: /nginx-instance-manager/nginx-instances/
 ---
\ No newline at end of file
diff --git a/content/nim/nginx-instances/add-tags.md b/content/nim/nginx-instances/add-tags.md
index db7f69286..737f52baa 100644
--- a/content/nim/nginx-instances/add-tags.md
+++ b/content/nim/nginx-instances/add-tags.md
@@ -29,7 +29,7 @@ To add tags to the configuration file, take the following steps:
 
 1. Edit the `/var/lib/nginx-agent/agent-dynamic.conf` file and add the tags in a list under the key `tags:` <!-- get new nginx-agent.conf example -->
 
-    {{<note>}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{</note>}}
+    {{< call-out "note" >}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{< /call-out >}}
 
 2. Restart the NGINX Agent service:
 
diff --git a/content/nim/nginx-instances/manage-instance-groups.md b/content/nim/nginx-instances/manage-instance-groups.md
index 955fb8d74..7fcc0e8fa 100644
--- a/content/nim/nginx-instances/manage-instance-groups.md
+++ b/content/nim/nginx-instances/manage-instance-groups.md
@@ -40,10 +40,10 @@ To create an instance group:
 
 5. Select **Save**.
 
-{{<note>}}
+{{< call-out "note" >}}
 When an Instance Group is initially created via the UI/API, its NGINX config will be empty. Adding an Instance to the Instance Group will populated
 the Instance Group NGINX nginx with the first member's NGINX config.
-{{</note>}}
+{{< /call-out >}}
 
 ---
 
@@ -64,9 +64,9 @@ You can assign NGINX instances to instance groups in the following ways:
 
 You can easily add instances to a default instance group that you specify. To do so, [install the NGINX Agent on an instance]({{< ref "/nms/nginx-agent/install-nginx-agent.md" >}}), then edit the `/var/lib/nginx-agent/agent-dynamic.conf` file as described below.
 
-{{<note>}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{</note>}}
+{{< call-out "note" >}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{< /call-out >}}
 
-{{< important >}}If the specified instance group doesn't already exist, the NGINX Agent installer will create it, using the current instance's config file as the group's config file. This means that all instances added to the group later will use this config as well. If you're using a script to add instances, you should consider carefully which instance to run the script on first.{{< /important >}}
+{{< call-out "important" >}}If the specified instance group doesn't already exist, the NGINX Agent installer will create it, using the current instance's config file as the group's config file. This means that all instances added to the group later will use this config as well. If you're using a script to add instances, you should consider carefully which instance to run the script on first.{{< /call-out >}}
 
 1. Open a secure shell (SSH) connection to the NGINX instance and log in.
 2. Open the `/var/lib/nginx-agent/agent-dynamic.conf` for editing.
@@ -134,9 +134,9 @@ To add an instance to an instance group when installing the NGINX Agent:
     sudo sh install.sh --instance-group nginx-01
     ```
 
-{{< important >}}
+{{< call-out "important" >}}
 If the specified instance group doesn't already exist, the NGINX Agent installer will create it, using the current instance's NGINX config as the group's config file. This means that all instances added to the group later will use this config as well. If you're using a script to add instances, you should consider carefully which instance to run the script on first.
-{{< /important >}}
+{{< /call-out >}}
 
 {{%/tab%}}
 {{</tabs>}}
@@ -203,9 +203,9 @@ If the instance group you deleted was specified in the `agent-dynamic.conf` file
 
 See [Set Up RBAC]({{< ref "/nim/admin-guide/rbac/overview-rbac.md" >}}), for detail information on setting up role-based access control (RBAC) for Instance Groups.
 
-{{<note>}}
+{{< call-out "note" >}}
 Members of Instance Group automatically inherit role-based access control (RBAC) permissions from their parent.
-{{</note>}}
+{{< /call-out >}}
 
 ## Publishing to Instance Groups
 
@@ -221,9 +221,9 @@ A NGINX config update to Instance Group is considered "successful" with one of t
 - Instance Group does not have a member Instance online
 - Any Instance Group member reported "successful" to the NGINX config update
 
-{{<note>}}
+{{< call-out "note" >}}
 Check the Instance details page for the last NGINX config publish status.
-{{</note>}}
+{{< /call-out >}}
 
 ### Common Usage of Instance Groups
 
diff --git a/content/nim/nginx-instances/scan-instances.md b/content/nim/nginx-instances/scan-instances.md
index 6a2b996ab..dab74144e 100644
--- a/content/nim/nginx-instances/scan-instances.md
+++ b/content/nim/nginx-instances/scan-instances.md
@@ -20,9 +20,9 @@ type:
 1. [Install Instance Manager]({{< ref "/nim/deploy/vm-bare-metal/_index.md" >}}).
 2. Start and enable Instance Manager.
 
-{{<note>}}
+{{< call-out "note" >}}
 To update the CVE list manually or offline, refer to the [Offline Installation]({{<ref "/nim/disconnected/offline-install-guide.md#cve-check">}}) guide.
-{{</note>}}
+{{< /call-out >}}
 
 Host discovery, the first stage in instance discovery, is used to enumerate live hosts on a given network. However, in certain environments, Internet Control Message Protocol (ICMP) echo requests are disabled. The Instance Manager API provides a method for disabling host discovery in scanning.
 
@@ -42,11 +42,11 @@ If no host discovery options are provided, Instance Manager sends an ICMP echo r
 2. In the left menu, select **Scan**.
 3. Enter subnets and masks that correspond to your network.
 
-{{<note>}}
+{{< call-out "note" >}}
 To scan a single address, use the netmask of `/32` after the IP. This is the equivalent of scanning a single subnet. If you enter the wrong subnet, the scan may take longer than expected before erroring.
 
 There's a CVE that's not reported for NGINX that involves [unfiltered logging](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487). This CVE won't be fixed, has a severity of "None," and is excluded from our scans' CVE list.
-{{</note>}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nim/releases/known-issues.md b/content/nim/releases/known-issues.md
index 38f2f929a..498b1e39e 100644
--- a/content/nim/releases/known-issues.md
+++ b/content/nim/releases/known-issues.md
@@ -6,10 +6,9 @@ toc: true
 weight: 200
 ---
 
-{{<rn-styles>}}
 This document lists and describes the known issues and possible workarounds in F5 NGINX Instance Manager. We also list the issues resolved in the latest releases.
 
-{{< tip >}}We recommend you upgrade to the latest version of NGINX Instance Manager to take advantage of new features, improvements, and bug fixes.{{< /tip >}}
+{{< call-out "tip" >}}We recommend you upgrade to the latest version of NGINX Instance Manager to take advantage of new features, improvements, and bug fixes.{{< /call-out >}}
 
 ---
 
@@ -50,22 +49,6 @@ After the restart you will see the line “loading CVE data from file” in the
 
 ---
 
-### {{% icon-bug %}} New warning message when no usage data or report is available {#46022}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-| Issue ID       | Status |
-|----------------|--------|
-| 46022 | Won't be resolved  |
-{{</bootstrap-table>}}
-
-#### Description
-
-Users now see a warning message when they click the **Send Usage To F5** button if no new usage data or report is available. The message reads:
-
-> "Usage data is not available at the moment. Please try submitting usage details again later."
-
----
-
 
 ## 2.19.1
 
@@ -460,121 +443,10 @@ Threat Campaign versions can be published with the API using the route: `api/pla
 
 ---
 
-### {{% icon-bug %}} When upgrading to Instance Manager 2.10, there may be warnings from the Ingestion service {#42133}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 42133 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When upgrading to 2.10 you may see a warning like the below message for the NGINX Management Suite Ingestion service. It can be safely ignored.
-
-```none
-[WARN] #011/usr/bin/nms-ingestion               #011start/start.go:497                 #011error checking migrations Mismatched migration version for ClickHouse, expected 39 migrations to be applied, currently have only 44 migrations applied.
-```
-
----
-
-### {{% icon-bug %}} When upgrading to Instance Manager 2.10, the API does not return lastDeploymentDetails for existing configurations {#42119}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 42119 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-After upgrading to Instance Manager 2.10, the API does not return lastDeploymentDetails for existing configuration blocks. This is then reflected as "Invalid Date" in the UI (See #42108).
-
-#### Workaround
-
-Republish the configuration for the affected configuration blocks.
-
----
-
-
 ## 2.6.0
 
 November 17, 2022
 
-### {{% icon-bug %}} App Protect Policies page fails when deployed via Helm chart {#38782}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 38782 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When installing NGINX Instance Manager on Kubernetes via Helm Chart, the App Protect page shows an error banner, and no default policies are displayed.
-
----
-
-### {{% icon-bug %}} Config deployment could fail when referencing remote cert inside allowed directories {#38596}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 38596 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-Deploying NGINX config with references to remote cert that resides in allowed directories could fail, with the following error:
-`BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory`.
-
-This can also be diagnosed with log entries in `/var/log/nginx-agent/agent.log`, noting the removal of the referenced certificate.
-
-#### Workaround
-
-- Add the referenced cert to NMS as managed certificate and publish the config again.
-- Move the referenced remote certificate to a directory that's not in the allowed directory list.
-
----
-
-### {{% icon-bug %}} Unreferenced NGINX App Protect policy file in /etc/nms {#38488}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 38488 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When using NGINX Instance Manager with App Protect policies, previously referenced policies in the NGINX configuration may not be removed after they are no longer referenced in the NGINX config.
-
-#### Workaround
-
-Unreferenced policy files may be removed manually from /etc/nms.
-
----
-
-### {{% icon-bug %}} HTTP version schema returns incorrect value in Advanced metrics module {#38041}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 38041 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-The values currently populated for http.version_schema are incorrect. The response is "4" for HTTP traffic and "6" for HTTPS traffic.
-
----
-
 ### {{% icon-bug %}} External references are not supported in App Protect policies {#36265}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
@@ -595,55 +467,6 @@ For example, in the NGINX App Protect WAF JSON declarative policy, these referen
 
 ---
 
-
-## 2.5.0
-
-October 04, 2022
-
-### {{% icon-bug %}} Aux data fails to upload if the size is greater than 3145728 characters {#37498}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 37498 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-Updating a config with an aux data file exceeding 3145728 characters fails with a validation error similar to the following example:
-
-Request body has an error: doesn't match the schema: Error at "/auxFiles/files/3/contents": maximum string length is 3145728
-
----
-
-### {{% icon-bug %}} "Deployment Not Found" error when publishing NGINX config to NATS server {#37437}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 37437 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-Occasionally, when publishing an NGINX config to a NATS server, the system returns a `Deployment Not Found` error, and the `nms.log` file includes the error `http failure with code '131043': <nil>`.
-
-#### Workaround
-
-Remove the existing NATs working directory and restart the NMS Data Plane Manager (`nms-dpm`) service as root.
-
-{{<caution>}}Restarting the `nms-dpm` service is disruptive and may result in the loss of event data. You should schedule a maintenance window for restarting the service.{{</caution>}}
-
-```bash
-rm -rf /var/lib/nms/streaming
-systemctl restart nms-dpm
-```
-
----
-
-
 ## 2.3.0
 
 June 30, 2022
@@ -674,102 +497,10 @@ filterBy=<dimension-name>!= ''
 ---
 
 
-## 2.2.0
-
-May 25, 2022
-
-### {{% icon-bug %}} Giving long names (255+ characters) to certificates causes internal error {#34185}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 34185 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When adding certificates, an internal error (error code: 134018) is returned if the name given for the certificate exceeds 255 characters.
-
-#### Workaround
-
-Use a name that is 255 or fewer characters.
-
----
-
-
-## 2.1.0
-
-April 05, 2022
-
-### {{% icon-bug %}} An unexpected number of instances are shown after upgrading nginx-agent to 2.1.0 {#33307}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 33307 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-After upgrading to NGINX Instance Manager 2.1.0, and updating nginx-agent from platform packaging, duplicate instances may appear on the Instance overview page. This issue is caused by a change in how the NGINX Agent generates the `system_uid`.
-
-#### Workaround
-
-You can safely delete the older entries or wait for them to expire.
-
----
-
-### {{% icon-bug %}} “No such process” error occurs when publishing a configuration {#33160}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 33160 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When publishing a configuration, you might encounter an error similar to the following example:
-
-``` text
-config action failed: Config apply failed (write): no such process
-```
-
-This error can occur when there is a desyncronization between the NGINX Agent and NGINX PID, often after manually restarting NGINX when the Agent is running.
-
-#### Workaround
-
-Restart the NGINX Agent:
-
-``` bash
-sudo systemctl restart nginx-agent
-```
-
----
-
-
 ## 2.0.0
 
 December 21, 2021
 
-### {{% icon-bug %}} NGINX App Protect WAF blocks NGINX Instance Manager from publishing configurations {#32718}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 32718 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-NGINX Instance Manager does not currently support managing NGINX App Protect WAF instances. NGINX App Protect WAF may block attempts to publish configurations to NGINX App Protect WAF instances.
-
----
-
 ### {{% icon-bug %}} Web interface doesn’t report error when failing to upload large config files {#31081}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
@@ -787,44 +518,3 @@ In the web interface, when uploading a config file that's larger than 50 MB (max
 
 Keep config files under 50 MB.
 
----
-
-### {{% icon-bug %}} CentOS 7, RHEL 7, and Amazon Linux 2 package managers allow unsupported NGINX/NGINX Plus versions {#28758}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 28758 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-When installing on CentOS 7, RHEL 7, and Amazon Linux 2, the package manager doesn't prevent installing NGINX Instance Manager with unsupported versions of NGINX or NGINX Plus. As a consequence, it is possible that `nms-instance-manager` is installed without an NGINX gateway. Resulting in a less than optimal experience.
-
-#### Workaround
-
-Install a supported version of NGINX (v1.18 or later) or NGINX Plus (R22 or later). See the [Technical Specifications]({{< ref "nim/fundamentals/tech-specs.md" >}}) guide for details.
-
----
-
-### {{% icon-bug %}} gRPC errors occur when starting NGINX Instance Manager {#28683}
-
-{{<bootstrap-table "table table-striped table-bordered">}}
-
-| Issue ID       | Status |
-|----------------|--------|
-| 28683 | Won't be resolved  |
-
-{{</bootstrap-table>}}
-#### Description
-
-  When starting NGINX Instance Manager, you may see errors similar to the following in `/etc/nginx/conf.d/nms-http.conf:227`:
-
-  ```text
-  nginx[1234]: nginx: [emerg] unknown directive "grpc_socket_keepalive"
-  ```
-
-#### Workaround
-
-Make sure your version of NGINX is v1.18 or later.
diff --git a/content/nim/releases/release-notes.md b/content/nim/releases/release-notes.md
index 04c0e8983..a7a0fba6f 100644
--- a/content/nim/releases/release-notes.md
+++ b/content/nim/releases/release-notes.md
@@ -214,7 +214,7 @@ This release has the following changes in default behavior:
 
   When installing, users will be prompted to enter a fully qualified domain name (FQDN) to include in the Subject Alternative Name (SAN) of the NGINX Instance Manager's self-signed certificate generated during installation. This FQDN can serve as the server name for NGINX Instance Manager. Users can also specify this FQDN in the Installation Script
 
-  {{< note >}}Starting with NGINX Plus R33, usage data reporting requires validating the SSL certificate of NGINX Instance Manager via the `ssl_verify` directive in the `mgmt` block. Proper SAN configuration ensures seamless SSL verification.{{< /note >}}
+  {{< call-out "note" >}}Starting with NGINX Plus R33, usage data reporting requires validating the SSL certificate of NGINX Instance Manager via the `ssl_verify` directive in the `mgmt` block. Proper SAN configuration ensures seamless SSL verification.{{< /call-out >}}
 
 - {{% icon-feature %}} **Watchdog enhancements to improve stability**<a name="2-19-0-changes-in-behavior-Watchdog-enhancements-to-improve-stability"></a>
 
@@ -1084,9 +1084,9 @@ This release includes the following updates:
 
 ### Security Updates{#2-9-0-security-updates}
 
-{{< important >}}
+{{< call-out "important" >}}
 For the protection of our customers, NGINX doesn’t disclose security issues until an investigation has occurred and a fix is available.
-{{< /important >}}
+{{< /call-out >}}
 
 This release includes the following security updates:
 
@@ -1517,9 +1517,9 @@ If your NGINX Instance Manager version is older, you may need to upgrade to an i
 
 ### Security Updates{#2-3-1-security-updates}
 
-{{< important >}}
+{{< call-out "important" >}}
 For the protection of our customers, NGINX doesn’t disclose security issues until an investigation has occurred and a fix is available.
-{{< /important >}}
+{{< /call-out >}}
 
 This release includes the following security updates:
 
@@ -1684,7 +1684,7 @@ This release includes the following updates:
 
   Refer to the [NGINX Agent Docker Support](https://docs.nginx.com/nginx-agent/installation-upgrade/container-environments/docker-support/) guide for details.
 
-  {{< note >}}Containerizing the NGINX Agent is supported only with Docker at the moment. Look for additional container support in future releases of Instance Manager.{{< /note >}}
+  {{< call-out "note" >}}Containerizing the NGINX Agent is supported only with Docker at the moment. Look for additional container support in future releases of Instance Manager.{{< /call-out >}}
 
 - {{% icon-feature %}} **Redesigned metrics views in the web interface**<a name="2-1-0-whats-new-Redesigned-metrics-views-in-the-web-interface"></a>
 
diff --git a/content/nim/support/contact-support.md b/content/nim/support/contact-support.md
index b31dcb1bd..066f58a78 100644
--- a/content/nim/support/contact-support.md
+++ b/content/nim/support/contact-support.md
@@ -11,11 +11,11 @@ type:
 
 F5 NGINX Instance Manager follows the support policy detailed in the knowledge base article: [K000140156](https://my.f5.com/manage/s/article/K000140156).
 
-{{<important>}}
+{{< call-out "important" >}}
 Support licenses for NGINX Instance Manager **do not include** support for the NGINX instances being managed.
 
 Community support is available for NGINX Open Source instances on the [NGINX mailing list](http://mailman.nginx.org/mailman/listinfo). If you need support for NGINX Plus or [prebuilt NGINX Open Source packages](https://nginx.org/en/linux_packages.html), you must [purchase an NGINX license](https://www.nginx.com/purchase-nginx/).
-{{</important>}}
+{{< /call-out >}}
 
 ---
 
@@ -86,7 +86,7 @@ tar -f /tmp/nginx-manager-log.tar.gz \
 gzip -9 /tmp/nginx-manager-log.tar.gz
 ```
 
-{{<note>}}Files shared with F5 are protected under the [F5 Support and Maintenance Privacy Statement](https://www.f5.com/company/policies/support-and-maintenance-privacy-statement).{{</note>}}
+{{< call-out "note" >}}Files shared with F5 are protected under the [F5 Support and Maintenance Privacy Statement](https://www.f5.com/company/policies/support-and-maintenance-privacy-statement).{{< /call-out >}}
 
 ---
 
diff --git a/content/nim/support/support-package.md b/content/nim/support/support-package.md
index 3d1472a66..ed3678a21 100644
--- a/content/nim/support/support-package.md
+++ b/content/nim/support/support-package.md
@@ -20,9 +20,9 @@ The script collects system and service information and then packages the data in
 
 The F5 NGINX Instance Manager installer copies the `support-package.sh` script to the following location: `/etc/nms/scripts/support-package.sh`.
 
-{{< note >}}
+{{< call-out "note" >}}
 The supported shell is `bash`.
-{{< /note >}}
+{{< /call-out >}}
 
 To create a support package:
 
@@ -125,9 +125,9 @@ The status and state information of the host running Instance Manager, including
 
 The support package script uses the `-c` flag ( or `--nms_config_path`) to get the Instance Manager configuration. If the configuration file is not specified, the script uses the default value `/etc/nms/nms.conf`.
 
-{{< note >}}
+{{< call-out "note" >}}
 If the Instance Manager configuration file does not specify addresses for the `core` and `dpm` databases, the default values are assumed: `127.0.0.1:7891` and `127.0.0.1:7890`.
-{{< /note >}}
+{{< /call-out >}}
 
 The support package script uses a small Go executable file called `dqlite-backup` (located in `/etc/nms/scripts/`) to connect to the databases and generate data dumps.
 
diff --git a/content/nim/system-configuration/_index.md b/content/nim/system-configuration/_index.md
index 4be720de0..389488097 100644
--- a/content/nim/system-configuration/_index.md
+++ b/content/nim/system-configuration/_index.md
@@ -1,5 +1,5 @@
 ---
-title: System configuration
+title: Configure your system
 weight: 50
 url: /nginx-instance-manager/system-configuration/
 
diff --git a/content/nim/system-configuration/configure-clickhouse.md b/content/nim/system-configuration/configure-clickhouse.md
index 5f46af1a9..37478250b 100644
--- a/content/nim/system-configuration/configure-clickhouse.md
+++ b/content/nim/system-configuration/configure-clickhouse.md
@@ -69,3 +69,148 @@ When metrics are turned off:
 - The web interface no longer shows metrics dashboards. Instead, it displays a message explaining that metrics are turned off.
 - Metrics-related API endpoints return a 403 error.
 - All other NGINX Instance Manager features continue to work as expected.
+
+## ClickHouse tuning {#clickhouse-tuning}
+
+The default ClickHouse configuration works efficiently with NGINX Instance Manager. If you change the configuration and ClickHouse runs out of memory, use the following steps.
+
+ClickHouse has system tables that provide logs and telemetry for monitoring and debugging. These are not user activity logs but internal diagnostic logs. The following tables can cause memory issues if not managed:
+
+### trace_log
+
+Records detailed execution traces and profiling data. Useful for query debugging and performance analysis.
+
+You can change the settings for `trace_log` in `/etc/clickhouse-server/config.xml` under the `<trace_log>` section. The `flush_interval_milliseconds` setting controls how often data is flushed from memory to the table. The default is `7500`. Lowering this value can increase captured rows and use more memory.
+
+Default settings:
+
+```xml
+<trace_log>
+    <database>system</database>
+    <table>trace_log</table>
+    <partition_by>toYYYYMM(event_date)</partition_by>
+    <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+    <max_size_rows>1048576</max_size_rows>
+    <reserved_size_rows>8192</reserved_size_rows>
+    <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+    <flush_on_crash>false</flush_on_crash>
+    <symbolize>false</symbolize>
+</trace_log>
+```
+
+To check memory use by each table:
+
+```sql
+SELECT
+    database,
+    table,
+    formatReadableSize(sum(bytes_on_disk)) AS total_size
+FROM system.parts
+GROUP BY database, table
+ORDER BY sum(bytes_on_disk) DESC;
+```
+
+To configure a time to live (TTL):
+
+Update the interval value (for example, `7 DAY`) to set how long records are kept and prevent the table from growing too large:
+
+```sql
+ALTER TABLE system.trace_log
+MODIFY TTL event_time + INTERVAL 7 DAY;
+```
+
+To free memory immediately:
+
+Update the interval value (for example, `30 DAY`) to control how many records to delete.
+
+```sql
+ALTER TABLE system.trace_log DELETE WHERE event_time < now() - INTERVAL 30 DAY;
+```
+
+### metric_log
+
+Stores historical metrics from `system.metrics` and `system.events`. Useful for analyzing performance trends. Too much historical data can cause memory issues.
+
+Default settings:
+
+```xml
+<metric_log>
+   <database>system</database>
+   <table>metric_log</table>
+   <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+   <max_size_rows>1048576</max_size_rows>
+   <reserved_size_rows>8192</reserved_size_rows>
+   <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+   <collect_interval_milliseconds>1000</collect_interval_milliseconds>
+   <flush_on_crash>false</flush_on_crash>
+</metric_log>
+```
+
+Check table memory use:
+
+```sql
+SELECT
+   database,
+   table,
+   formatReadableSize(sum(bytes_on_disk)) AS total_size
+FROM system.parts
+GROUP BY database, table
+ORDER BY sum(bytes_on_disk) DESC;
+```
+
+Set TTL:
+
+```sql
+ALTER TABLE system.metric_log
+MODIFY TTL event_time + INTERVAL 7 DAY;
+```
+
+Free memory immediately:
+
+```sql
+ALTER TABLE system.metric_log DELETE WHERE event_time < now() - INTERVAL 30 DAY;
+```
+
+### text_log
+
+Stores general logs such as warnings, errors, system messages, and query events. You can control what is logged using the `text_log.level` server setting.
+
+Default settings:
+
+```xml
+<text_log>
+   <database>system</database>
+   <table>text_log</table>
+   <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+   <max_size_rows>1048576</max_size_rows>
+   <reserved_size_rows>8192</reserved_size_rows>
+   <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+   <flush_on_crash>false</flush_on_crash>
+   <level>trace</level>
+</text_log>
+```
+
+Check table memory use:
+
+```sql
+SELECT
+   database,
+   table,
+   formatReadableSize(sum(bytes_on_disk)) AS total_size
+FROM system.parts
+GROUP BY database, table
+ORDER BY sum(bytes_on_disk) DESC;
+```
+
+Set TTL:
+
+```sql
+ALTER TABLE system.text_log
+MODIFY TTL event_time + INTERVAL 7 DAY;
+```
+
+Free memory immediately:
+
+```sql
+ALTER TABLE system.text_log DELETE WHERE event_time < now() - INTERVAL 30 DAY;
+```
diff --git a/content/nim/system-configuration/configure-forward-proxy.md b/content/nim/system-configuration/configure-forward-proxy.md
index f0d1bda26..54145a071 100644
--- a/content/nim/system-configuration/configure-forward-proxy.md
+++ b/content/nim/system-configuration/configure-forward-proxy.md
@@ -127,7 +127,7 @@ kubectl edit cm nms-conf -n <namespace>
 If you’re deploying NGINX Instance Manager with Docker Compose, update the `docker-compose.yaml` file to configure a forward proxy.
 
 1. **Before you begin**: Follow the [Docker Compose deployment guide]({{< ref "nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md" >}}) to set up Docker for the NGINX container registry. The deployment guide also covers additional environment variables you may want to consider before deployment.
-2. {{<fa "download">}} {{<link "/scripts/docker-compose/docker-compose.yaml" "Download the preconfigured docker-compose.yaml file">}}
+2. {{<icon "download">}} {{<link "/scripts/docker-compose/docker-compose.yaml" "Download the preconfigured docker-compose.yaml file">}}
 3. Update `docker-compose.yaml` with the proxy settings:
 
     Modify the `services.nim.environment` section to include the proxy configuration:
@@ -187,7 +187,7 @@ If you’re deploying NGINX Instance Manager with Docker Compose, update the `do
 
 If your proxy uses HTTPS and `proxy_ssl_verify` is set to `true`, NGINX Instance Manager expects the proxy’s CA certificate to be trusted. If the proxy certificate is self-signed or issued by an untrusted Certificate Authority (CA), you must manually add it to the system’s trusted store.
 
-{{<note>}}For Kubernetes deployments, perform these steps inside the **integrations pod**.{{</note>}}
+{{< call-out "note" >}}For Kubernetes deployments, perform these steps inside the **integrations pod**.{{< /call-out >}}
 
 1. Copy the proxy CA certificate into the system’s trusted certificate directory. The path varies by distribution:
    - **Debian/Ubuntu**: `/usr/local/share/ca-certificates/`
diff --git a/content/nim/system-configuration/configure-selinux.md b/content/nim/system-configuration/configure-selinux.md
index 6d6f6ae75..e29621ec8 100644
--- a/content/nim/system-configuration/configure-selinux.md
+++ b/content/nim/system-configuration/configure-selinux.md
@@ -15,7 +15,7 @@ You can use the optional SELinux policy module included in the package to secure
 
 The scope of the SELinux policy allows NGINX Instance Manager to perform all operations needed to support the default configuration. This includes inter-process communication on the default Unix sockets and TCP as an alternative. Other changes may require manual adjustments to the default policy for the application to work.
 
-{{< important >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /important >}}
+{{< call-out "important" >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /call-out >}}
 
 ---
 
@@ -27,7 +27,7 @@ Take these preparatory steps before configuring SELinux:
 2. Install the tools `load_policy`, `semodule`, and `restorecon`.
 3. [Install NGINX Instance Manager]({{< ref "/nim/deploy/_index.md" >}}) with SELinux module files in place.
 
-{{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}}
+{{< call-out "important" >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /call-out >}}
 
 ---
 
diff --git a/content/nim/system-configuration/configure-telemetry.md b/content/nim/system-configuration/configure-telemetry.md
index 7ae48867e..375523b2d 100644
--- a/content/nim/system-configuration/configure-telemetry.md
+++ b/content/nim/system-configuration/configure-telemetry.md
@@ -78,4 +78,4 @@ If administrators miss the initial opt-out:
 1. Select the **User** icon in the top-right corner.
 2. Select **"Collect interaction data (all users)"** to clear the setting.
 
-{{<note>}}The admin's decision to enable or disable web analytics applies to all users.{{</note>}}
+{{< call-out "note" >}}The admin's decision to enable or disable web analytics applies to all users.{{< /call-out >}}
diff --git a/content/nim/system-configuration/configure-vault.md b/content/nim/system-configuration/configure-vault.md
index 4c3c1dc5c..2b0bae9e2 100644
--- a/content/nim/system-configuration/configure-vault.md
+++ b/content/nim/system-configuration/configure-vault.md
@@ -15,8 +15,8 @@ HashiCorp's Vault is a popular solution for storing secrets. While F5 NGINX Inst
 
 To complete the steps in this guide, you need:
 
-- A working understanding of [Vault](https://www.vaultproject.io) and its operations.
-- A running version of [Vault 1.8.8 or later](https://www.vaultproject.io/docs/install).
+- A working understanding of [Vault](https://developer.hashicorp.com/vault) and its operations.
+- A running version of [Vault 1.8.8 or later](https://developer.hashicorp.com/vault/install).
 
 ---
 
@@ -24,7 +24,7 @@ To complete the steps in this guide, you need:
 
 Access to a Vault requires a renewable token.
 
-{{<note>}}If you attempt to use the Vault's Root Token, NGINX Instance Manager won't start the secrets driver, as that token is not renewable.{{</note>}}
+{{< call-out "note" >}}If you attempt to use the Vault's Root Token, NGINX Instance Manager won't start the secrets driver, as that token is not renewable.{{< /call-out >}}
 
 To create a periodic service token for NGINX Instance Manager:
 
diff --git a/content/nim/system-configuration/secure-traffic.md b/content/nim/system-configuration/secure-traffic.md
index 3e361c605..4dbfd64e4 100644
--- a/content/nim/system-configuration/secure-traffic.md
+++ b/content/nim/system-configuration/secure-traffic.md
@@ -15,7 +15,7 @@ This guide explains how to secure client connections to NGINX Instance Manager a
 
 With NGINX Plus R33, telemetry data must be reported to a usage reporting endpoint, such as NGINX Instance Manager. This data validates subscription entitlements and tracks usage metrics. This guide also covers how to use the [`ssl_verify`](#ssl_verify-and-usage-reporting-in-nginx-plus-r33) directive to secure telemetry reporting through certificate verification.
 
-{{< important >}}Never expose your management server to the public internet. The settings in this guide reduce risk, but they can't replace keeping your server inaccessible to unauthorized users.{{< /important >}}
+{{< call-out "important" >}}Never expose your management server to the public internet. The settings in this guide reduce risk, but they can't replace keeping your server inaccessible to unauthorized users.{{< /call-out >}}
 
 {{< call-out "tip" "See also:" "fa-solid fa-book" >}}
 - To learn how to secure traffic for NGINX Agent, see [NGINX Agent TLS Settings](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/).
@@ -194,7 +194,7 @@ To generate the necessary certificates, follow these steps. You can modify these
     <details>
         <summary>ca.cnf</summary>
 
-    {{<fa "download">}} {{<link "/admin/encrypt/ca.cnf" "ca.cnf">}}
+    {{<icon "download">}} {{<link "/admin/encrypt/ca.cnf" "ca.cnf">}}
 
     ``` yaml
     [req]
@@ -332,7 +332,7 @@ To generate the necessary certificates, follow these steps. You can modify these
 	- If the CA is trusted by the operating system, you can omit the ca option.
 	- Update the server host to match the NGINX Instance Manager address.
 
-    {{< see-also >}}For additional information about TLS configurations for the NGINX Agent, refer to the [NGINX Agent TLS Settings](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/) topic. {{< /see-also >}}
+    {{< call-out "note" >}}For additional information about TLS configurations for the NGINX Agent, refer to the [NGINX Agent TLS Settings](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/) topic. {{< /call-out>}}
 
     <details>
         <summary>/etc/nginx-agent/nginx-agent.conf</summary>
diff --git a/content/nms/_index.md b/content/nms/_index.md
index 0cad5efb2..8e28584da 100644
--- a/content/nms/_index.md
+++ b/content/nms/_index.md
@@ -1,10 +1,12 @@
 ---
 title: F5 NGINX Management Suite
-description: A set of tools that enable enterprise scalability, security, observability, and governance.
+nd-subtitle: A set of tools that enable enterprise scalability, security, observability, and governance.
 url: /nginx-management-suite/
-layout: "nms-eos-list"
 cascade:
   logo: "NGINX-Management-Suite-product-icon.svg"
   noindex: true
+  nd-banner: 
+    enabled: true
+    type: deprecation
+    md: _banners/eos-nms.md
 ---
-
diff --git a/content/nms/acm/_index.md b/content/nms/acm/_index.md
index c6dce5b75..2acb5eb31 100644
--- a/content/nms/acm/_index.md
+++ b/content/nms/acm/_index.md
@@ -3,6 +3,10 @@ title: API Connectivity Manager
 weight: 500
 url: /nginx-management-suite/acm/
 cascade:
-  type: acm-eos
+  noindex: true
+  nd-banner:
+    enabled: true
+    type: deprecation
+    md: _banners/eos-acm.md
 ---
 
diff --git a/content/nms/acm/about/api-overview.md b/content/nms/acm/about/api-overview.md
index 6b89733bf..504340c24 100644
--- a/content/nms/acm/about/api-overview.md
+++ b/content/nms/acm/about/api-overview.md
@@ -53,18 +53,18 @@ You can make API requests with basic auth by sending the base64-encoded credenti
 curl -X GET "https://<NMS_FQDN>/api/acm/<API_VERSION>/workspaces/infrastructure" -H "Authorization: Basic YWRtaW..."
 ```
 
-{{<warning>}}Even when encoded, basic authentication is not secure. The use of basic auth is not recommended for production environments.{{</warning>}}
+{{< call-out "warning" >}}Even when encoded, basic authentication is not secure. The use of basic auth is not recommended for production environments.{{< /call-out >}}
 
 ### JSON Web Token
 
 If your organization is using OIDC, you will be prompted to log in with your Identity Provider the first time you attempt to reach an API. After authenticating, you can request a JWT to use in subsequent API calls.
 
-{{<note>}}
+{{< call-out "note" >}}
 <br />
 
 - The means of requesting a token varies according to the Identity Provider; if you're not sure which provider your organization uses, check with your system administrator or technical support team.
 - Automated CI/CD workflows are not supported when using OIDC authentication.
-{{</note>}}
+{{< /call-out >}}
 
 The JWT should be sent as a "Bearer" token in the "Authorization" request header, as shown in the example below.
 
@@ -79,7 +79,7 @@ curl -X GET "https://<NMS_FQDN>/api/acm/<API_VERSION>/workspaces/infrastructure"
 You can use tools such as `curl` or [Postman](https://www.postman.com) to interact with the API Connectivity Manager REST API.
 The API URL follows the format `https://<NMS_FQDN>/api/acm/<API_VERSION>`.
 
-{{<note>}}When making API calls by using `curl`, Postman, or any other tool, you will need to provide your authentication information with each call. {{</note>}}
+{{< call-out "note" >}}When making API calls by using `curl`, Postman, or any other tool, you will need to provide your authentication information with each call. {{< /call-out >}}
 
 ### User Interface
 
diff --git a/content/nms/acm/about/architecture.md b/content/nms/acm/about/architecture.md
index d1d6a0e24..051dd124a 100644
--- a/content/nms/acm/about/architecture.md
+++ b/content/nms/acm/about/architecture.md
@@ -44,8 +44,8 @@ API Connectivity Manager uses [NATS](https://nats.io) to communicate with the NG
 
 The following diagram shows how API Connectivity Manager's components are organized and interact.
 
-{{< note >}}API Connectivity Manager takes an API-first approach: commands issued using the web interface are processed using the API Connectivity Manager REST API.
-{{</note>}}
+{{< call-out "note" >}}API Connectivity Manager takes an API-first approach: commands issued using the web interface are processed using the API Connectivity Manager REST API.
+{{< /call-out >}}
 
 {{<img src="/acm/about/acm-architecture-diagram.png" alt="API Connectivity Manager architecture" >}}
 
diff --git a/content/nms/acm/about/rbac-roles.md b/content/nms/acm/about/rbac-roles.md
index 93c3935a7..bd43740f4 100644
--- a/content/nms/acm/about/rbac-roles.md
+++ b/content/nms/acm/about/rbac-roles.md
@@ -17,7 +17,7 @@ API Connectivity Manager comes pre-configured with roles suitable for API Owners
 
 {{< include "acm/rbac/api-owner-role.md" >}}
 
-{{<see-also>}}The tutorial [Set Up RBAC for API Owners]({{< ref "/nms/acm/tutorials/rbac-api-owners.md">}}) provides an example of how to configure RBAC for API owners.{{</see-also>}}
+{{< call-out "note" >}}The tutorial [Set Up RBAC for API Owners]({{< ref "/nms/acm/tutorials/rbac-api-owners.md">}}) provides an example of how to configure RBAC for API owners.{{< /call-out>}}
 
 <br>
 
@@ -25,4 +25,4 @@ API Connectivity Manager comes pre-configured with roles suitable for API Owners
 
 {{< include "acm/rbac/infra-admin-role.md" >}}
 
-{{<see-also>}}The tutorial [Set Up RBAC for Infra Admins]({{< ref "/nms/acm/tutorials/rbac-infra-admins.md">}}) provides an example of how to configure RBAC for Infrastructure Administrators.{{</see-also>}}
+{{< call-out "note" >}}The tutorial [Set Up RBAC for Infra Admins]({{< ref "/nms/acm/tutorials/rbac-infra-admins.md">}}) provides an example of how to configure RBAC for Infrastructure Administrators.{{< /call-out>}}
diff --git a/content/nms/acm/about/technical-specifications.md b/content/nms/acm/about/technical-specifications.md
index 412bb7715..1a3e43420 100644
--- a/content/nms/acm/about/technical-specifications.md
+++ b/content/nms/acm/about/technical-specifications.md
@@ -8,7 +8,7 @@ weight: 200
 
 {{< include "tech-specs/acm-nim-dependencies.md" >}}
 
-{{< important >}} If you're [installing API Connectivity Manager in an offline environment]({{< ref "/nim/disconnected/offline-install-guide.md#install-acm-offline" >}}) and the minimum required version of Instance Manager is not installed, the API Connectivity Manager installer will exit. You'll need to [install Instance Manager manually]({{< ref "/nim/disconnected/offline-install-guide.md#install-nim-offline" >}}) before installing API Connectivity Manager.{{< /important >}}
+{{< call-out "important" >}} If you're [installing API Connectivity Manager in an offline environment]({{< ref "/nim/disconnected/offline-install-guide.md#install-acm-offline" >}}) and the minimum required version of Instance Manager is not installed, the API Connectivity Manager installer will exit. You'll need to [install Instance Manager manually]({{< ref "/nim/disconnected/offline-install-guide.md#install-nim-offline" >}}) before installing API Connectivity Manager.{{< /call-out >}}
 
 ### API Connectivity Manager Supported NGINX Versions {#acm-supported-nginx}
 
diff --git a/content/nms/acm/getting-started/add-api-gateway.md b/content/nms/acm/getting-started/add-api-gateway.md
index d04a0aec8..0af2db5d9 100644
--- a/content/nms/acm/getting-started/add-api-gateway.md
+++ b/content/nms/acm/getting-started/add-api-gateway.md
@@ -56,7 +56,7 @@ Use the appropriate example below to deploy an API Gateway with either HTTP, HTT
 
 ### HTTP
 
-> {{< fa "lightbulb" >}} Use this example to get up and running quickly in a demo environment.
+> {{< icon "lightbulb" >}} Use this example to get up and running quickly in a demo environment.
 
 
 {{<bootstrap-table "table">}}
@@ -91,7 +91,7 @@ Use the appropriate example below to deploy an API Gateway with either HTTP, HTT
 To deploy a cluster that uses HTTPS for secure inbound communication, you'll add the **TLS Inbound** policy.
 Because this is done at the Infrastructure level, this is considered a "Global Policy".
 
-> {{< fa "lightbulb" >}} You need to provide a valid TLS server certificate and key in this API call.
+> {{< icon "lightbulb" >}} You need to provide a valid TLS server certificate and key in this API call.
 
 {{<comment>}}
 Need to add requirements for sending this info? Base64 encoding required?
@@ -140,7 +140,7 @@ Need to add requirements for sending this info? Base64 encoding required?
 To deploy a cluster that uses HTTP2 for secure inbound communication, you'll add the **TLS Inbound** policy.
 Because this is done at the Infrastructure level, this is considered a "Global Policy".
 
-> {{< fa "lightbulb" >}} You need to provide a valid TLS server certificate and key in this API call.
+> {{< icon "lightbulb" >}} You need to provide a valid TLS server certificate and key in this API call.
 
 
 {{<bootstrap-table "table">}}
@@ -224,4 +224,3 @@ Try sending traffic to the hostname you configured for the API Gateway. Send a P
 | GET | `/infrastructure/workspaces/{{infraWorkspaceName}}/environments/{{environmentName}}?includes=instances&includes=status`|
 
 {{</bootstrap-table>}}
-
diff --git a/content/nms/acm/getting-started/add-devportal.md b/content/nms/acm/getting-started/add-devportal.md
index ffee41ea3..78ffac5ae 100644
--- a/content/nms/acm/getting-started/add-devportal.md
+++ b/content/nms/acm/getting-started/add-devportal.md
@@ -31,17 +31,17 @@ hostname that you provided for the Developer Portal cluster, prefixed with `acm.
 You will need to update your DNS resolver settings to ensure this hostname is resolvable.
 The hostname and port for this server can be updated by selecting the **Edit Portal <-> API Connectivity Manager Connectivity** from the **Actions** menu for your desired developer portal.
 
-{{<important>}}
+{{< call-out "important" >}}
 
 - Be sure to provide the IP address or FQDN of the host where you installed the Dev Portal packages as the `{{portalClusterHostname}}`.
 - The Dev Portal must run on a dedicated host with the [`njs`](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/nginscript/) module installed.
-{{</important>}}
+{{< /call-out >}}
 
 Use the appropriate example below to deploy an HTTP or HTTPS Developer Portal.
 
 ### HTTP
 
-> {{< fa "lightbulb" >}} Use this example to get up and running quickly in a demo environment.
+> {{< icon "lightbulb" >}} Use this example to get up and running quickly in a demo environment.
 
 
 {{<bootstrap-table "table">}}
@@ -76,7 +76,7 @@ Use the appropriate example below to deploy an HTTP or HTTPS Developer Portal.
 To deploy a cluster that uses HTTPS for secure inbound communication, you'll add the **TLS Inbound** policy.
 Because this is done at the Infrastructure level, this is considered a "Global Policy".
 
-> {{< fa "lightbulb" >}} You need to provide your TLS server certificate and key as base64-encoded strings in this API call.
+> {{< icon "lightbulb" >}} You need to provide your TLS server certificate and key as base64-encoded strings in this API call.
 
 
 {{<bootstrap-table "table">}}
@@ -146,7 +146,7 @@ SSH access to the host and `sudo` permissions are required.
 The NGINX Management Suite management plane host uses the Developer Portal's hostname to communicate with the Dev Portal.
 You’ll need to update your DNS resolver settings with the Developer Portal's internal hostname.
 
-> {{< fa "lightbulb" >}} The internal hostname is the hostname that you provided for the Developer Portal, prefixed with `acm.`.
+> {{< icon "lightbulb" >}} The internal hostname is the hostname that you provided for the Developer Portal, prefixed with `acm.`.
 > For example: `acm.dev-portal.io`
 
 Next, open the Developer Portal in a browser window and make sure the portal loads.
@@ -156,7 +156,7 @@ Next, open the Developer Portal in a browser window and make sure the portal loa
 In this step, you'll apply a set of customizations to the Developer Portal.
 Because these settings are applied at the Infrastructure level, they are considered "global", meaning they apply to each Dev Portal Proxy that you associate with the cluster.
 
-{{<see-also>}}Refer to [Customize the Developer Portal]({{< ref "/nms/acm/how-to/infrastructure/customize-devportal.md" >}}) to learn more about the available customization options and how to customize a Dev Portal via the API Connectivity Manager user interface.{{</see-also>}}
+{{< call-out "note" >}}Refer to [Customize the Developer Portal]({{< ref "/nms/acm/how-to/infrastructure/customize-devportal.md" >}}) to learn more about the available customization options and how to customize a Dev Portal via the API Connectivity Manager user interface.{{< /call-out>}}
 
 
 {{<bootstrap-table "table">}}
@@ -170,7 +170,7 @@ Because these settings are applied at the Infrastructure level, they are conside
 
 Note that many fields in the example JSON payload -- including the logo image and Markdown documents -- are base64-encoded.
 
-**Example JSON payload**: {{< fa "download" >}} {{< link "/acm/customize-devportal.json" "customize-devportal.json" >}}
+**Example JSON payload**: {{< icon "download" >}} {{< link "/acm/customize-devportal.json" "customize-devportal.json" >}}
 
 Before you move on to the next guide, open the Dev Portal in your browser to view the changes.
 You should see the default Dev Portal replaced by the custom settings.
diff --git a/content/nms/acm/getting-started/publish-api-proxy.md b/content/nms/acm/getting-started/publish-api-proxy.md
index 065325158..4f0cfef28 100644
--- a/content/nms/acm/getting-started/publish-api-proxy.md
+++ b/content/nms/acm/getting-started/publish-api-proxy.md
@@ -95,7 +95,7 @@ On the Publish API Proxy window:
 1. Type a name for the API Proxy.
 1. Select No in the **Use an OpenAPI spec** option.
 1. Select the **Gateway Proxy Hostname from** the menu.
-{{< note >}}If this field is disabled, check the job status of your environment on the infrastructure workspace page.{{<  /note >}}
+{{< call-out "note" >}}If this field is disabled, check the job status of your environment on the infrastructure workspace page.{{< /call-out >}}
 
 ### Ingress
 
@@ -114,7 +114,7 @@ On the Publish API Proxy window:
 
 1. If your proxy is set up correctly, you can send traffic.
 
-{{< note >}}By default the ingress append rule is set to `PREFIX` so your request must be in the form of `version/basepath` {{< /note >}}
+{{< call-out "note" >}}By default the ingress append rule is set to `PREFIX` so your request must be in the form of `version/basepath` {{< /call-out >}}
 
 
 
@@ -363,7 +363,7 @@ Populated from API Specification and are read-only
     curl -k -X GET "https://gateway-proxy-hostname/version/basepath"
     ```
 
-{{< note >}} By default the ingress append rule is set to `NONE` when using an OAS Schema so your request must match the `basepath` you have supplied as part of your Global Server URL. {{< /note >}}
+{{< call-out "note" >}} By default the ingress append rule is set to `NONE` when using an OAS Schema so your request must match the `basepath` you have supplied as part of your Global Server URL. {{< /call-out >}}
 
 {{%/tab%}}
 {{%tab name="API"%}}
diff --git a/content/nms/acm/how-to/backup-recovery.md b/content/nms/acm/how-to/backup-recovery.md
index 98ae2f239..b88b100b9 100644
--- a/content/nms/acm/how-to/backup-recovery.md
+++ b/content/nms/acm/how-to/backup-recovery.md
@@ -8,7 +8,7 @@ nd-docs: "DOCS-1668"
 
 F5 NGINX Management Suite includes several scripts for backing up and restoring the configuration files, secrets, and databases used by the platform.
 
-{{<important>}}The backup and recovery scripts are provided for reference and may need to be changed for your deployment.{{</important>}}
+{{< call-out "important" >}}The backup and recovery scripts are provided for reference and may need to be changed for your deployment.{{< /call-out >}}
 
 ---
 
@@ -212,7 +212,7 @@ To back up NGINX Management Suite deployed in a Kubernetes cluster, follow these
     ./k8s-backup.sh
     ```
 
-    {{< note >}}The backup script does not need the `utility` pod or `sudo` permissions to create a backup.{{< /note >}}
+    {{< call-out "note" >}}The backup script does not need the `utility` pod or `sudo` permissions to create a backup.{{< /call-out >}}
 
 1. The command will ask for the NGINX Management Suite namespace. The script will create a backup archive in the same directory called `k8s-backup-<timestamp>.tar.gz`.
 
@@ -245,11 +245,11 @@ To restore NGINX Management Suite and the installed modules deployed in the same
     In the command above, `/etc/kubernetes/admin.conf` is the default configuration location of a Kubernetes cluster. If the configuration location is different for the target Kubernetes cluster, update the command accordingly.
 
 
-    {{< note >}}The restore script [needs root access]({{< ref "/nms/acm/how-to/backup-recovery.md#root-access" >}}) to Kubernetes for the restore operation.{{< /note >}}
+    {{< call-out "note" >}}The restore script [needs root access]({{< ref "/nms/acm/how-to/backup-recovery.md#root-access" >}}) to Kubernetes for the restore operation.{{< /call-out >}}
 
 1. The script will ask for the NGINX Management Suite namespace. Once the namespace has been provided, the script will use the specified backup archive.
 
-    {{< note >}}The script will use the `utility` pod to access all the mounted volumes to restore database directories and core secrets; and `kubectl` to restore the Kubernetes configmaps and secrets. Before starting the restoration, the script will stop all service pods and start the `utility` pod. After finishing the restore, it will stop the `utility` pod and start all service pods.{{< /note >}}
+    {{< call-out "note" >}}The script will use the `utility` pod to access all the mounted volumes to restore database directories and core secrets; and `kubectl` to restore the Kubernetes configmaps and secrets. Before starting the restoration, the script will stop all service pods and start the `utility` pod. After finishing the restore, it will stop the `utility` pod and start all service pods.{{< /call-out >}}
 
 
 ### Data-only restoration to a different Kubernetes Cluster
@@ -281,7 +281,7 @@ To restore NGINX Management Suite and the installed modules into a different Kub
     In the command above, `/etc/kubernetes/admin.conf` is the default configuration location of a Kubernetes cluster. If the configuration location is different for the target Kubernetes cluster, update the command accordingly.
 
 
-    {{< note >}}The restore script [needs root access]({{< ref "/nms/acm/how-to/backup-recovery.md#root-access" >}}) to Kubernetes for the restore operation.{{< /note >}}
+    {{< call-out "note" >}}The restore script [needs root access]({{< ref "/nms/acm/how-to/backup-recovery.md#root-access" >}}) to Kubernetes for the restore operation.{{< /call-out >}}
 
 1. The script will ask for the NGINX Management Suite namespace. Once the namespace has been provided, the script will use the specified backup archive.
 
diff --git a/content/nms/acm/how-to/deploy-api-connectivity-manager.md b/content/nms/acm/how-to/deploy-api-connectivity-manager.md
index d0b54903e..f8c1d8fe6 100644
--- a/content/nms/acm/how-to/deploy-api-connectivity-manager.md
+++ b/content/nms/acm/how-to/deploy-api-connectivity-manager.md
@@ -15,7 +15,7 @@ Review the following requirements for API Connectivity Manager before continuing
 
 ### Install Instance Manager
 
-{{< important >}}To install API Connectivity Manager, you must first install Instance Manager. This is because API Connectivity Manager relies on features that are included with Instance Manager.{{< /important >}}
+{{< call-out "important" >}}To install API Connectivity Manager, you must first install Instance Manager. This is because API Connectivity Manager relies on features that are included with Instance Manager.{{< /call-out >}}
 
 - [Deploy Instance Manager on Kubernetes]({{< ref "/nim/deploy/kubernetes/deploy-using-helm.md" >}})
 
@@ -48,7 +48,7 @@ Follow these steps to download the Docker image for API Connectivity Manager:
 
 ## Load Docker Image {#load-docker-image}
 
-{{< note >}} To complete the commands in this section, you need to have [Docker 20.10 or later](https://docs.docker.com/get-docker/) installed. {{< /note >}}
+{{< call-out "note" >}} To complete the commands in this section, you need to have [Docker 20.10 or later](https://docs.docker.com/get-docker/) installed. {{< /call-out >}}
 
 
 1. Change to the directory where you downloaded the Docker image:
@@ -75,17 +75,17 @@ Follow these steps to download the Docker image for API Connectivity Manager:
    Loaded image: nms-acm:1.5.0
    ```
 
-   {{<important>}}
+   {{< call-out "important" >}}
    Take note of the loaded image's name and tag.  You'll need to reference this information in the next section when pushing the image to your private registry.
 
    In the example output above, `nms-acm` is the image name and `1.5.0` is the tag.  The image name or tag could be different depending on the product version you downloaded from MyF5.
-   {{</important>}}
+   {{< /call-out >}}
 
 ---
 
 ## Push Image to Private Registry {#push-docker-image}
 
-{{<note>}}To complete the steps in this section, you need an [externally-accessible private Docker registry](https://docs.docker.com/registry/deploying/) to push the container images to.{{</note>}}
+{{< call-out "note" >}}To complete the steps in this section, you need an [externally-accessible private Docker registry](https://docs.docker.com/registry/deploying/) to push the container images to.{{< /call-out >}}
 
 To push the Docker images to your private registry, take the following steps:
 
@@ -157,14 +157,14 @@ To enable the API Connectivity Manager Module, take the following steps:
 
 ## Upgrade NGINX Management Suite Deployment {#upgrade-nms}
 
-{{< note >}} To complete the steps in this section, you need to have [OpenSSL 1.1.1](https://www.openssl.org/source/) or later installed. {{</ note >}}
+{{< call-out "note" >}} To complete the steps in this section, you need to have [OpenSSL 1.1.1](https://www.openssl.org/source/) or later installed. {{< /call-out >}}
 
 Run the following command to upgrade the NGINX instance deployment:
 
 - Replace `<path-to-your-values.yaml>` with the path to the [values.yaml file you created]({{< ref "/nim/deploy/kubernetes/deploy-using-helm.md#configure-chart" >}}).
 - Replace `YourPassword123#` with a secure password that contains a combination of uppercase and lowercase letters, numbers, and special characters.
 
-    {{< important >}}Make sure to copy and save the password for future reference. Only the encrypted password is stored in Kubernetes. There's no way to recover or reset a lost password.{{< /important >}}
+    {{< call-out "important" >}}Make sure to copy and save the password for future reference. Only the encrypted password is stored in Kubernetes. There's no way to recover or reset a lost password.{{< /call-out >}}
 
 - (Optional) Replace `<nms-chart-version>` with the desired version; see the table below for the available versions. Alternatively, you can omit this flag to install the latest version.
 
diff --git a/content/nms/acm/how-to/devportals/devportal-support-package.md b/content/nms/acm/how-to/devportals/devportal-support-package.md
index a155cc0e9..3dd53b1a4 100644
--- a/content/nms/acm/how-to/devportals/devportal-support-package.md
+++ b/content/nms/acm/how-to/devportals/devportal-support-package.md
@@ -43,9 +43,9 @@ To create a support package:
     tar -xvf support-pkg-<timestamp>.tar.gz
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The supported shell is `bash`.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Arguments
 
@@ -99,6 +99,6 @@ The support package script uses the `-c` flag ( or `--devportal_config_path`) to
 
 As the NGINX Developer Portal supports both SQLite & PostreSQL database types, the support package script will determine the database settings from the `devportal.conf` configuration file.
 
-{{< note >}}
+{{< call-out "note" >}}
 The NGINX Developer Portal support package script will try to utilize the relevant data backup tool for the database type used.  For example, the `sqlite3` binary will be needed in your path to allow a SQLite data dump to occur.  Similarly for PostgreSQL the `pg_dump` tool will be required.  If the relevant data dump tool is not currently found in the systems `$PATH`, an error will be logged to the console.
-{{< /note >}}
+{{< /call-out >}}
diff --git a/content/nms/acm/how-to/devportals/installation/devportal-helm-chart.md b/content/nms/acm/how-to/devportals/installation/devportal-helm-chart.md
index 1ad7e99db..cbe41c2cf 100644
--- a/content/nms/acm/how-to/devportals/installation/devportal-helm-chart.md
+++ b/content/nms/acm/how-to/devportals/installation/devportal-helm-chart.md
@@ -27,13 +27,13 @@ To complete the steps in this section, you need the following:
 - An [externally-accessible private Docker registry](https://docs.docker.com/registry/deploying/) to push the container images to
 - Your F5 NGINX Plus certificate and key files, which you can download from [MyF5](https://my.f5.com/manage/s/)
 
-{{<see-also>}}
+{{< call-out "note" >}}
 
 - Take a few minutes to review the [Configurable Helm Settings](#configuration-options) at the end of this topic. You can change these settings to customize your installation to meet your needs.
 
 - Check out the [Deployment Patterns for Developer Portal]({{< ref "/nms/acm/how-to/infrastructure/configure-devportal-backend.md" >}}) topic if you're considering installing the Developer Portal on a single host or on a cluster for high availability.
 
-{{</see-also>}}
+{{< /call-out>}}
 
 ---
 
@@ -50,9 +50,9 @@ To complete the steps in this section, you need the following:
 
 4. Download the `nginx-devportal-api-<version>-img.tar.gz` file.
 5. Download the `nginx-devportal-apigw-<version>-img.tar.gz` file.
-   {{< note >}}
+   {{< call-out "note" >}}
    If you require a version of NGINX Plus other than what is provided, please see the optional section on [building the API Gateway Container Image](#build-apigw-docker-image).
-   {{</ note >}}
+   {{< /call-out >}}
 
 ---
 
@@ -85,16 +85,16 @@ To complete the steps in this section, you need the following:
    Loaded image: nginx-devportal-apigw:1.5.0-r28
    ```
 
-   {{<important>}}
+   {{< call-out "important" >}}
    Take note of the loaded image's name and tag.  You'll need to reference this information in the next section when pushing the image to your private registry.
 
    In the example output above, `nginx-devportal-api` is the image name and `1.5.0` is the tag for the first image. For the second image `nginx-devportal-apigw` is the image name and `1.5.0-r28` is the tag (where `1.5.0` is the release version and `r28` is the NGINX Plus version). The image names or tags could be different depending on the product version you downloaded from MyF5.
-   {{</important>}}
+   {{< /call-out >}}
 
 ### (Optional) Build the API Gateway Container Image {#build-apigw-docker-image}
-   {{< note >}}
+   {{< call-out "note" >}}
    This is step is only required for versions of API Connectivity Manager Developer Portal prior to `1.5.0` or if you require a specific release of NGINX Plus that is not provided on MyF5.
-   {{< /note >}}
+   {{< /call-out >}}
    <details closed>
    <summary><i class="fa-solid fa-circle-info"></i> Build the API Gateway Container Image</summary>
    The Developer Portal Helm chart requires a container image that includes the NGINX Plus service and NGINX Agent in order to deploy the chart and have the API Gateway register with the API Connectivity Manager control plane.
@@ -115,7 +115,7 @@ Create a Dockerfile similar to the following example:
     <details closed>
     <summary><i class="fa-solid fa-circle-info"></i> Example Dockerfile</summary>
 
-    {{< fa "download" >}} {{< link "/acm/containers/devportal/Dockerfile" "Download example Dockerfile" >}}
+    {{< icon "download" >}} {{< link "/acm/containers/devportal/Dockerfile" "Download example Dockerfile" >}}
 
     ```Dockerfile
     FROM ubuntu:focal
@@ -193,7 +193,7 @@ Create a Dockerfile similar to the following example:
     <details closed>
       <summary><i class="fa-solid fa-circle-info"></i> Example entrypoint.sh</summary>
 
-    {{< fa "download" >}} {{< link "/acm/containers/devportal/entrypoint.sh" "Download example entrypoint.sh file" >}}
+    {{< icon "download" >}} {{< link "/acm/containers/devportal/entrypoint.sh" "Download example entrypoint.sh file" >}}
 
     ```bash
     #!/bin/bash
@@ -281,7 +281,9 @@ Create a Dockerfile similar to the following example:
 
 ## Push Images to Private Registry {#push-images-private-registry}
 
-{{<before-you-begin>}}To complete this step, you need an [externally-accessible private Docker registry](https://docs.docker.com/registry/deploying/) to push the container images to.{{</before-you-begin>}}
+{{< call-out "note" >}}
+To complete this step, you need an [externally-accessible private Docker registry](https://docs.docker.com/registry/deploying/) to push the container images to.
+{{< / call-out >}}
 
 After building or loading the Docker images, you can now tag and push the images to your private Docker registry. Replace `<my-docker-registry>` in the examples below with the path to your private Docker registry.
 
@@ -362,11 +364,11 @@ A Helm `values.yaml` file is a configuration file you can use to customize the i
     - Replace `<version>` with the tag you used when [pushing the images to your private registry](#push-images-private-registry).
     - In the `imagePullSecrets` section, add the credentials for your private Docker registry.
 
-   {{<note>}}The contents of `api.acm.client.caSecret.key` can be obtained from the `/etc/nms/certs/apigw/ca.pem` on the control plane.{{</note>}}
+   {{< call-out "note" >}}The contents of `api.acm.client.caSecret.key` can be obtained from the `/etc/nms/certs/apigw/ca.pem` on the control plane.{{< /call-out >}}
 
     This `values.yaml` file specifies the Docker images to be used for the NGINX Developer Portal `apigw` and `api` components, including the repository (`<my-docker-registry>`) and tag (`version`) of each image. It also specifies that a secret called `regcred` should be used for image pulls.
 
-    {{<see-also>}}For instructions on creating a secret, see the Kubernetes topic [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).{{</see-also>}}
+    {{< call-out "note" >}}For instructions on creating a secret, see the Kubernetes topic [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).{{< /call-out>}}
 
 2. Save and close the `values.yaml` file.
 
@@ -374,9 +376,9 @@ A Helm `values.yaml` file is a configuration file you can use to customize the i
 
 The Developer Portal does not require (although it is recommended) a dedicated namespace for the data plane. You can create this namespace yourself, or you can allow Helm to create it for you by using the `--create-namespace` flag when installing.
 
-{{< note >}}
+{{< call-out "note" >}}
 If persistent storage is not configured in your cluster, set the `apigw.persistence.enabled` and `api.persistence.enabled` values to `false` either in the values file or using the `--set` helm commands.
-{{< /note >}}
+{{< /call-out >}}
 
 To install the chart with the release name `devportal` and namespace `devportal`, run the following command:
 
@@ -430,17 +432,17 @@ Select from the following options to view some of the commonly used configuratio
 
 ### Deploy Developer Portal with an SQLite database
 
-{{< note >}}
+{{< call-out "note" >}}
 This configuration is recommended for proof of concept installations and not for production deployments.
-{{</ note >}}
+{{< /call-out >}}
 
 {{< include "installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md" >}}
 
 ### Deploy Developer Portal with an embedded PostgreSQL database
 
-{{< note >}}
+{{< call-out "note" >}}
 This configuration is recommended for proof of concept installations and not for production deployments.
-{{</ note >}}
+{{< /call-out >}}
 
 {{< include "installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md" >}}
 
@@ -451,4 +453,3 @@ This configuration is recommended for proof of concept installations and not for
 ### Deploy Developer Portal using TLS for the backend API service
 
 {{< include "installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md" >}}
-
diff --git a/content/nms/acm/how-to/devportals/installation/install-dev-portal.md b/content/nms/acm/how-to/devportals/installation/install-dev-portal.md
index 25262a947..f4eb76501 100644
--- a/content/nms/acm/how-to/devportals/installation/install-dev-portal.md
+++ b/content/nms/acm/how-to/devportals/installation/install-dev-portal.md
@@ -13,7 +13,7 @@ type:
 
 ## Platform Requirements {#acm-devportal-requirements}
 
-{{<important>}}To run the Developer Portal, you need a **dedicated** Linux host specifically for this purpose. **Do not** install the Developer Portal on a host that is currently serving as a management or data plane.{{</important>}}
+{{< call-out "important" >}}To run the Developer Portal, you need a **dedicated** Linux host specifically for this purpose. **Do not** install the Developer Portal on a host that is currently serving as a management or data plane.{{< /call-out >}}
 
 Complete the following steps to prepare the Developer Portal for use with API Connectivity Manager:
 
@@ -234,9 +234,9 @@ Depending on your [deployment pattern for the Developer Portal]({{< ref "/nms/ac
 1. If mTLS is configured on your Developer Portal service, you must add a TLS Backend Policy to both;
    - The Developer Portal Cluster (Used for communication from users to the Developer Portal API)
    - The Developer Portal Internal Cluster (For communication from the API Connectivity Manager to your Devportal Portal API to publish and maintain information)
-{{< note >}}
+{{< call-out "note" >}}
 To add a TLS Backend Policy to both clusters. Follow the [TLS Policies]({{< ref "/nms/acm/how-to/policies/tls-policies.md#add-tls-listener" >}}) documentation.
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md b/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
index 2d3f58eeb..da52cc892 100644
--- a/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
+++ b/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
@@ -34,7 +34,7 @@ To install NGINX Plus and njs, take the following steps on the Developer Portal
 
 3. Select the following link to download the `fetch-external-acm-dataplane-dependencies.sh` script. This script downloads the necessary NGINX Plus and njs packages to a `tar.gz` archive.
 
-    {{<fa "download">}} {{<link "/scripts/fetch-external-acm-dataplane-dependencies.sh" "Download fetch-external-acm-dataplane-dependencies.sh script">}}
+    {{<icon "download">}} {{<link "/scripts/fetch-external-acm-dataplane-dependencies.sh" "Download fetch-external-acm-dataplane-dependencies.sh script">}}
 
 4. To download the NGINX Plus and njs dependencies, run the `fetch-external-acm-dataplane-dependencies.sh` script. As parameters, specify your Linux distribution and the location of your `nginx-repo.crt` and `nginx-repo.key` files.
 
@@ -65,7 +65,7 @@ To install NGINX Plus and njs, take the following steps on the Developer Portal
 
 5. After you copy and extract the bundle onto your target machine, take the following steps to install the packages:
 
-    {{< note >}}The bundled NGINX Plus package may conflict with installed versions of NGINX Plus. Delete the package from the bundle if you want to keep the existing version.{{< /note >}}
+    {{< call-out "note" >}}The bundled NGINX Plus package may conflict with installed versions of NGINX Plus. Delete the package from the bundle if you want to keep the existing version.{{< /call-out >}}
 
     {{<tabs name="install-acm-dataplane-dependencies">}}
     {{%tab name="CentOS, RHEL, and RPM-Based"%}}
diff --git a/content/nms/acm/how-to/infrastructure/customize-devportal.md b/content/nms/acm/how-to/infrastructure/customize-devportal.md
index b7c9a31e7..3a64e7aca 100644
--- a/content/nms/acm/how-to/infrastructure/customize-devportal.md
+++ b/content/nms/acm/how-to/infrastructure/customize-devportal.md
@@ -41,12 +41,12 @@ Take the steps below to customize your Dev Portal by defining a custom Dev Porta
 
 1. You can save your changes at any time by selecting the **Save and Publish** option.
 
-{{<note>}}
+{{< call-out "note" >}}
 <br/>
 
 - The Preview section to the right of the settings in each section will update automatically as you make changes.
 - The changes will be applied immediately when you select **Save and Publish**; as such we recommend testing any changes in a "non-production" Environment first.
-{{</note>}}
+{{< /call-out >}}
 
 ## Brand Options
 
@@ -162,7 +162,7 @@ To edit the **Get Started** steps:
 1. Enter your desired **Title** (required), **Description** (required), icon, and **Alt Text** for each of the four steps.
 1. Select **Save Changes**.
 
-> {{< fa "fa-solid fa-lightbulb" >}} At this point, we recommend selecting **Save and Publish** to save any customizations you've made.
+> {{< icon "fa-solid fa-lightbulb" >}} At this point, we recommend selecting **Save and Publish** to save any customizations you've made.
 > Verify that the changes have been applied, then move on to adding your [**Documentation**](#add-documentation).
 
 ### Documentation {#add-documentation}
diff --git a/content/nms/acm/how-to/infrastructure/enable-create-credentials.md b/content/nms/acm/how-to/infrastructure/enable-create-credentials.md
index c94f8d883..c57d11f97 100644
--- a/content/nms/acm/how-to/infrastructure/enable-create-credentials.md
+++ b/content/nms/acm/how-to/infrastructure/enable-create-credentials.md
@@ -67,7 +67,7 @@ Afterward, the API consumer can create credentials on the Developer Portal by pe
 
 As mTLS is not enabled by default, the Credentials endpoint is disabled initially. You must enable the Credentials endpoint on the API Connectivity Manager host to use the Developer Portal credentials workflow.
 
-{{<important>}}mTLS is essential to secure communication between API Connectivity Manager and the Developer Portal.{{</important>}}
+{{< call-out "important" >}}mTLS is essential to secure communication between API Connectivity Manager and the Developer Portal.{{< /call-out >}}
 
 To enable the Credentials endpoint on the API Connectivity Manager host, take the following steps:
 
@@ -136,11 +136,11 @@ To add a CORS policy:
 
 Log in to the Developer Portal as an API Consumer. Use the **Create Credentials** option to create credentials for the API.
 
-{{<important>}}
+{{< call-out "important" >}}
 
   To avoid misuse, the API Consumer may create only one APIKey per API.
 
-{{</important>}}
+{{< /call-out >}}
 
 ### Try It Out on the Developer Portal
 
diff --git a/content/nms/acm/how-to/infrastructure/manage-api-infrastructure.md b/content/nms/acm/how-to/infrastructure/manage-api-infrastructure.md
index a8f01d8aa..2671eb7e2 100644
--- a/content/nms/acm/how-to/infrastructure/manage-api-infrastructure.md
+++ b/content/nms/acm/how-to/infrastructure/manage-api-infrastructure.md
@@ -95,11 +95,11 @@ The **Create Workspace** drawer will display a confirmation when the Workspace h
 
 After creating a Workspace, you must create at least one Environment. When creating an Environment, you will also create the Clusters where your API Gateway(s) and/or Developer Portal(s) will reside.
 
-{{<caution>}}
+{{< call-out "caution"  >}}
 
 - Do not add the same host to both an API Gateway cluster and a Developer Portal cluster.
 - The Developer Portal cluster requires at least one dedicated host.
-{{</caution>}}
+{{< /call-out >}}
 
 Take the steps below to add an Environment.
 
@@ -116,7 +116,7 @@ Take the steps below to add an Environment.
 
    This instance, or instance group, will host the Developer Portal.
 
-   {{<note>}}The Dev Portal requires a separate, dedicated host. Do not install the Dev Portal on a host that is already running the management or data planes.{{</note>}}
+   {{< call-out "note" >}}The Dev Portal requires a separate, dedicated host. Do not install the Dev Portal on a host that is already running the management or data planes.{{< /call-out >}}
 1. Select the **Create** button to create the Environment. The **Add Environment** drawer will display a confirmation when the Environment has been created.
 1. Copy the `cURL` or `wget` command shown in the confirmation drawer and save it -- you will need to use this information to [add your NGINX instances to the cluster](#register-nginx-instance).
 
@@ -184,11 +184,10 @@ Take the steps below to add an NGINX instance to an API Gateway.
 
 {{</bootstrap-table>}}
 
-> {{< fa "fa-solid fa-circle-question" >}} **Lost your install command?**
+> {{< icon "fa-solid fa-circle-question" >}} **Lost your install command?**
 >
 > Don't worry! You can take the steps below to recover it:
 >
 > 1. In the API Connectivity Manager user interface, go to **Infrastructure > Environments > \<your environment\>**.
 > 1. Click anywhere in the row of the Cluster that you want to add an instance to.
 > 1. The **Onboarding Commands** will be shown in the cluster details drawer.
-
diff --git a/content/nms/acm/how-to/infrastructure/publish-developer-portal.md b/content/nms/acm/how-to/infrastructure/publish-developer-portal.md
index 21e6516ba..1ddeacdb4 100644
--- a/content/nms/acm/how-to/infrastructure/publish-developer-portal.md
+++ b/content/nms/acm/how-to/infrastructure/publish-developer-portal.md
@@ -80,7 +80,7 @@ Complete the following prerequisites before proceeding with this guide:
 
 ### Delete Services Workspaces
 
-{{<note>}}To delete a Workspace, you must delete all the API Proxies and API Docs belonging to a Services Workspace.{{</note>}}
+{{< call-out "note" >}}To delete a Workspace, you must delete all the API Proxies and API Docs belonging to a Services Workspace.{{< /call-out >}}
 
 1. On the sidebar, select **Services**.
 1. Select the ellipsis button next to your workspace in the **Actions** column.
diff --git a/content/nms/acm/how-to/install-acm-offline.md b/content/nms/acm/how-to/install-acm-offline.md
index 962a4efeb..41b90087b 100644
--- a/content/nms/acm/how-to/install-acm-offline.md
+++ b/content/nms/acm/how-to/install-acm-offline.md
@@ -19,14 +19,14 @@ See our [End of Sale announcement](https://my.f5.com/manage/s/article/K000137989
 
 ### Install API Connectivity Manager {#install-acm}
 
-{{< important >}}
+{{< call-out "important" >}}
 API Connectivity Manager requires Instance Manager to be installed first.
 
 Before you begin:
 
 1. Review the [Dependencies with Instance Manager](#acm-nim-dependencies) table above.
 2. [Install a compatible version of Instance Manager](#install-nim-offline).
-{{< /important>}}
+{{< /call-out >}}
 
 &nbsp;
 
@@ -152,7 +152,7 @@ The API Connectivity Manager data plane requires [NGINX Plus R24](https://docs.n
 
 3. Select the following link to download the `fetch-external-acm-dataplane-dependencies.sh` script. This script downloads the necessary NGINX Plus and njs packages to a `tar.gz` archive.
 
-    {{<fa "download">}} {{<link "/scripts/fetch-external-acm-dataplane-dependencies.sh" "Download fetch-external-acm-dataplane-dependencies.sh script">}}
+    {{<icon "download">}} {{<link "/scripts/fetch-external-acm-dataplane-dependencies.sh" "Download fetch-external-acm-dataplane-dependencies.sh script">}}
 
 4. To download the NGINX Plus and njs dependencies, run the `fetch-external-acm-dataplane-dependencies.sh` script. As parameters, specify your Linux distribution and the location of your `nginx-repo.crt` and `nginx-repo.key` files.
 
@@ -182,7 +182,7 @@ The API Connectivity Manager data plane requires [NGINX Plus R24](https://docs.n
 
 5. After you copy and extract the bundle onto your target machine, take the following steps to install the packages:
 
-    {{< note >}}The bundled NGINX Plus package may conflict with installed versions of NGINX Plus. Delete the package from the bundle if you want to keep the existing version.{{< /note >}}
+    {{< call-out "note" >}}The bundled NGINX Plus package may conflict with installed versions of NGINX Plus. Delete the package from the bundle if you want to keep the existing version.{{< /call-out >}}
 
     {{<tabs name="install-acm-dataplane-dependencies">}}
     {{%tab name="CentOS, RHEL, and RPM-Based"%}}
diff --git a/content/nms/acm/how-to/install-acm.md b/content/nms/acm/how-to/install-acm.md
index ab8aaffae..46973a608 100644
--- a/content/nms/acm/how-to/install-acm.md
+++ b/content/nms/acm/how-to/install-acm.md
@@ -87,7 +87,7 @@ Refer to the [Add a License]({{< ref "/nim/admin-guide/add-license.md" >}}) topi
 
 ## Upgrade API Connectivity Manager {#upgrade-acm}
 
-{{<note>}}When you confirm the upgrade, the upgrade process will automatically upgrade dependent packages as needed, including Instance Manager. If you prefer to [back up NGINX Management Suite]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md" >}}) before upgrading, you can cancel the upgrade when prompted.{{</note>}}
+{{< call-out "note" >}}When you confirm the upgrade, the upgrade process will automatically upgrade dependent packages as needed, including Instance Manager. If you prefer to [back up NGINX Management Suite]({{< ref "/nim/admin-guide/maintenance/backup-and-recovery.md" >}}) before upgrading, you can cancel the upgrade when prompted.{{< /call-out >}}
 
 <br>
 
diff --git a/content/nms/acm/how-to/policies/access-control-routing.md b/content/nms/acm/how-to/policies/access-control-routing.md
index b454b074e..e001a5487 100644
--- a/content/nms/acm/how-to/policies/access-control-routing.md
+++ b/content/nms/acm/how-to/policies/access-control-routing.md
@@ -88,7 +88,7 @@ Take the steps in this section if you would like to restrict access to Advanced
     {{%/tab%}}
 {{</tabs>}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - Any requests which do not match a specified condition will be allowed to access the API Gateway or Developer Portal. Adding a rule with no route or HTTP method specified means that
 - Adding multiple match conditions in a rule requires that all conditions are matched in order to access the API.
@@ -99,7 +99,7 @@ Take the steps in this section if you would like to restrict access to Advanced
   - `STRING` will match if any of the values contained in the array match one of the values.
   - `REGEX` will check against the array converted to a comma-separated string. For example, `[ "first", "second", "third" ]` will become `first,second,third` when the regular expression is checked against it.
 
-{{< /note >}}
+{{< /call-out >}}
 
 ## Verification
 
diff --git a/content/nms/acm/how-to/policies/advanced-security.md b/content/nms/acm/how-to/policies/advanced-security.md
index 6c859b0c9..fbb92ea18 100644
--- a/content/nms/acm/how-to/policies/advanced-security.md
+++ b/content/nms/acm/how-to/policies/advanced-security.md
@@ -47,12 +47,12 @@ To create a new policy or modify an existing policy, you can navigate to the *Ap
 
 *NGINX App Protect* policies can also contain a reference to an Open API Specification which will enable payload schema validation on the dataplane instance.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 For information on how to configure an *App Protect* policy, please visit - [Configure NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#policy-configuration-overview)
 
 To create an NGINX App Protect WAF policy to use in your Advanced Security policy, please see the [Create a Policy]({{< ref "/nim/nginx-app-protect/manage-waf-security-policies#create-security-policy" >}}) documentation.
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -74,7 +74,7 @@ There are two methods available to enable adding an *Advanced Security* policy t
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an *Advanced Security* policy using the REST API, send an HTTP `POST` or `PUT` request to the *Environments* endpoint.
 
@@ -141,7 +141,7 @@ To create an *Advanced Security* policy using the web interface:
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an *Advanced Security* policy using the REST API, send an HTTP `POST` or `PUT` request to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/allowed-http-methods.md b/content/nms/acm/how-to/policies/allowed-http-methods.md
index a760a454f..39de271d0 100644
--- a/content/nms/acm/how-to/policies/allowed-http-methods.md
+++ b/content/nms/acm/how-to/policies/allowed-http-methods.md
@@ -54,7 +54,7 @@ To complete the steps in this guide, you need the following:
 
 Follow these steps to restrict which HTTP methods clients can use to access your API. If the request's HTTP method is not in the allowed methods list, a `405 Method Not Allowed` response is returned by default, or you can specify a different error code.
 
-{{< note >}} By enabling the `GET` method, the `HEAD` method is also enabled. {{< /note >}}
+{{< call-out "note" >}} By enabling the `GET` method, the `HEAD` method is also enabled. {{< /call-out >}}
 
 <br>
 
@@ -62,7 +62,7 @@ Follow these steps to restrict which HTTP methods clients can use to access your
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an *Allowed HTTP Methods* policy using the REST API, send an HTTP `POST` request to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/api-access-control-lists.md b/content/nms/acm/how-to/policies/api-access-control-lists.md
index 77129cf08..1af0524f4 100644
--- a/content/nms/acm/how-to/policies/api-access-control-lists.md
+++ b/content/nms/acm/how-to/policies/api-access-control-lists.md
@@ -63,12 +63,12 @@ Take the steps in this section if you would like to deny or allow access to your
     {{%/tab%}}
 {{</tabs>}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - If you only set an allow list, then the deny list will default to deny all and vice versa.
 - If IP addresses are not explicitly allowed they will be denied. To allow IP addresses as default, include the `*` symbol in the allow list.
 - The most specific rule applied will be used to allow or deny traffic. For example, IP addresses take priority over CIDR blocks. Smaller CIDR blocks take priority over larger ones.
-{{< /note >}}
+{{< /call-out >}}
 
 
 
@@ -111,11 +111,11 @@ Specific consumer client IDs or token claims can be denied or allowed access to
 
 {{</tabs>}}
 
-{{< note >}}
+{{< call-out "note" >}}
 
 - If you only set an allow list, then the deny list will default to deny all and vice versa.
 - If values are not allowed, they will be denied by default if neither list contains a wildcard.
-  {{< /note >}}
+  {{< /call-out >}}
 
 ### Verification
 
diff --git a/content/nms/acm/how-to/policies/apikey-authn.md b/content/nms/acm/how-to/policies/apikey-authn.md
index 9ae35586b..4bfae0ca0 100644
--- a/content/nms/acm/how-to/policies/apikey-authn.md
+++ b/content/nms/acm/how-to/policies/apikey-authn.md
@@ -17,7 +17,7 @@ type:
 
 ## API Key Authentication
 
-{{< warning >}} API key authentication is recommended for test environments only. For production environments, consider a more robust authentication method. {{< /warning >}}
+{{< call-out "warning" >}} API key authentication is recommended for test environments only. For production environments, consider a more robust authentication method. {{< /call-out >}}
 
 Authentication & authorization policies allow a user to restrict access to their APIs by determining the caller's identity and access level. There are several API Gateway authentication/authorization policy types supported by API Connectivity Manager: API key authentication, basic authentication, OAuth2 JWT assertion, and OAuth2 token introspection. This guide focuses specifically on API key authentication.
 
@@ -64,7 +64,7 @@ Send a POST request to add the API key authentication policy to the API Proxy.
 {{</bootstrap-table>}}
 
 
-{{< note >}} To include sensitive data in Proxy `GET` requests, provide the query parameter `includes=sensitivedata`; otherwise, the response will have this data redacted. {{< /note >}}
+{{< call-out "note" >}} To include sensitive data in Proxy `GET` requests, provide the query parameter `includes=sensitivedata`; otherwise, the response will have this data redacted. {{< /call-out >}}
 
 ```json
 {
diff --git a/content/nms/acm/how-to/policies/basic-authn.md b/content/nms/acm/how-to/policies/basic-authn.md
index b546f5936..662e57bb3 100644
--- a/content/nms/acm/how-to/policies/basic-authn.md
+++ b/content/nms/acm/how-to/policies/basic-authn.md
@@ -17,7 +17,7 @@ type:
 
 ## Basic Authentication
 
-{{< warning >}} Basic authentication is recommended for test environments only. For production environments, consider a more robust authentication method. {{< /warning >}}
+{{< call-out "warning" >}} Basic authentication is recommended for test environments only. For production environments, consider a more robust authentication method. {{< /call-out >}}
 
 Authentication & authorization policies allow a user to restrict access to their APIs by determining the caller's identity and access level. There are several API Gateway authentication/authorization policy types supported by API Connectivity Manager: API key authentication, basic authentication, OAuth2 JWT assertion, and OAuth2 token introspection. This guide focuses specifically on basic authentication.
 
@@ -64,7 +64,7 @@ Send a `POST` request to add the basic authentication policy to the API Proxy.
 {{</bootstrap-table>}}
 
 
-{{< note >}} To include sensitive data in Proxy `GET` requests, provide the query parameter `includes=sensitivedata`; otherwise, the response will have this data redacted. {{< /note >}}
+{{< call-out "note" >}} To include sensitive data in Proxy `GET` requests, provide the query parameter `includes=sensitivedata`; otherwise, the response will have this data redacted. {{< /call-out >}}
 
 ```json
 {
diff --git a/content/nms/acm/how-to/policies/cluster-wide-config.md b/content/nms/acm/how-to/policies/cluster-wide-config.md
index 1e0063fc3..0e7da1442 100644
--- a/content/nms/acm/how-to/policies/cluster-wide-config.md
+++ b/content/nms/acm/how-to/policies/cluster-wide-config.md
@@ -70,7 +70,7 @@ The following table lists the configurable settings and their default values for
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an Cluster-Wide Config settings using the REST API, send an HTTP `PUT` request to the Add-Endpoint-Name-Here endpoint.
 
diff --git a/content/nms/acm/how-to/policies/cluster-zone-sync.md b/content/nms/acm/how-to/policies/cluster-zone-sync.md
index f8bbf6050..4ef0bf02a 100644
--- a/content/nms/acm/how-to/policies/cluster-zone-sync.md
+++ b/content/nms/acm/how-to/policies/cluster-zone-sync.md
@@ -33,13 +33,13 @@ To apply the policy or make changes to it, here's what you need to do:
 - Check the cluster config settings for the environment to see if the policy has been applied.
 - Edit the policy to make changes for each cluster. Save and publish the changes.
 
-{{< note >}}
+{{< call-out "note" >}}
 We strongly recommend securing your Zone Sync environment by enabling TLS for your listeners and Zone Sync TLS verification for the policy. To do this, you'll need to provide server certificates, as well as Zone Sync certificates and CA certs.
 
 When adding a new instance to a cluster with the Zone Sync policy applied, make sure the instance is resolvable by DNS if a DNS server is used, or that the Zone Sync Server list is updated to include the instance if the list is provided manually.
 
 Similarly, when removing an instance from a cluster with the Zone Sync policy applied, be sure to do the necessary clean-up in the DNS resolver or the Zone Sync Server list.
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -88,7 +88,7 @@ The following table lists the configurable settings and their default values for
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an Cluster Zone Sync policy using the REST API, send an HTTP `PUT` request to the Add-Endpoint-Name-Here endpoint.
 
diff --git a/content/nms/acm/how-to/policies/cors.md b/content/nms/acm/how-to/policies/cors.md
index 8a4cdd88d..e4b2ef3e6 100644
--- a/content/nms/acm/how-to/policies/cors.md
+++ b/content/nms/acm/how-to/policies/cors.md
@@ -57,9 +57,9 @@ The following table lists the configurable settings and their default values for
 {{< /bootstrap-table >}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 Setting a wildcard (`*`) in `exposedHeaders` does not include headers related to `Access-Control-Allow-Credentials`; those must explicitly be added to exposed headers.
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -69,7 +69,7 @@ Setting a wildcard (`*`) in `exposedHeaders` does not include headers related to
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an CORS policy using the REST API, send an HTTP `PUT` request to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/error-response-format.md b/content/nms/acm/how-to/policies/error-response-format.md
index 01be8d2e5..f69a1e3af 100644
--- a/content/nms/acm/how-to/policies/error-response-format.md
+++ b/content/nms/acm/how-to/policies/error-response-format.md
@@ -40,11 +40,11 @@ To apply the policy or make changes to it, follow these steps:
 
 ## Policy Settings
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Either `errorMessage` or `errorMessageBody` must be provided for each error code.
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
diff --git a/content/nms/acm/how-to/policies/health-check.md b/content/nms/acm/how-to/policies/health-check.md
index 75dff9b6f..c4a1ce481 100644
--- a/content/nms/acm/how-to/policies/health-check.md
+++ b/content/nms/acm/how-to/policies/health-check.md
@@ -76,7 +76,7 @@ To complete the steps in this guide, you need the following:
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create an HTTP health check policy, send an HTTP `POST` to the Proxies endpoint.
 
@@ -228,7 +228,7 @@ To complete the steps in this guide, you need the following:
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create a gRPC health check policy, send an HTTP `POST` to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/http-backend-configuration.md b/content/nms/acm/how-to/policies/http-backend-configuration.md
index 2215b035d..5732998db 100644
--- a/content/nms/acm/how-to/policies/http-backend-configuration.md
+++ b/content/nms/acm/how-to/policies/http-backend-configuration.md
@@ -140,7 +140,7 @@ This algorithm distributes requests to the server with the least number of activ
 
 #### Least Time
 
-{{< note >}} This load balancing algorithm is available as part of the F5 NGINX Plus commercial subscription. {{</ note >}}
+{{< call-out "note" >}} This load balancing algorithm is available as part of the F5 NGINX Plus commercial subscription. {{< /call-out >}}
 
 This algorithm distributes requests to the server with the least average response time and least number of active connections. If there are several servers, they are tried sequentially using the round-robin balancing method.
 
@@ -473,7 +473,7 @@ Send a `POST` request to add a queue configuration to the API Proxy through the
 
 ## Buffers
 
-{{<see-also>}}See the [Module ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html) topic for more information about the directives mentioned in this section.{{</see-also>}}
+{{< call-out "note" >}}See the [Module ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html) topic for more information about the directives mentioned in this section.{{< /call-out>}}
 
 When buffering is enabled, NGINX receives a response from the proxied server as soon as possible, saving it into the buffers set by the `proxy_buffer_size` and `proxy_buffers` directives.
 
diff --git a/content/nms/acm/how-to/policies/introspection.md b/content/nms/acm/how-to/policies/introspection.md
index e958c2b0a..7a4ec2266 100644
--- a/content/nms/acm/how-to/policies/introspection.md
+++ b/content/nms/acm/how-to/policies/introspection.md
@@ -163,8 +163,8 @@ Send a POST request to add the OAuth2 Introspection policy to the API-Proxy.
 {{</bootstrap-table>}}
 
 
-{{< note >}} While all request body configuration values are presented in the request body structure example below, not all configuration
-    values are compatible. Please see the configuration value description table for further information. {{< /note >}}
+{{< call-out "note" >}} While all request body configuration values are presented in the request body structure example below, not all configuration
+    values are compatible. Please see the configuration value description table for further information. {{< /call-out >}}
 
 <details open>
 <summary>JSON request</summary>
diff --git a/content/nms/acm/how-to/policies/jwt-assertion.md b/content/nms/acm/how-to/policies/jwt-assertion.md
index b09eb8f8e..29608ca28 100644
--- a/content/nms/acm/how-to/policies/jwt-assertion.md
+++ b/content/nms/acm/how-to/policies/jwt-assertion.md
@@ -100,8 +100,8 @@ Send a `POST` request to add the OAuth2 JWT Assertion policy to the API Proxy.
 {{</bootstrap-table>}}
 
 
-{{< warning >}} Local JSON Web Key usage with the policy configuration value `jwksKeys[]` is recommended for test/debugging environments only. For production environments, `jwksURI` should be used for remote JSON Web Key retrieval. {{< /warning >}}
-{{< note >}} While all request body configuration values are presented in the request body structure example below, not all configuration values are compatible. See the configuration value description table for further information. {{< /note >}}
+{{< call-out "warning" >}} Local JSON Web Key usage with the policy configuration value `jwksKeys[]` is recommended for test/debugging environments only. For production environments, `jwksURI` should be used for remote JSON Web Key retrieval. {{< /call-out >}}
+{{< call-out "note" >}} While all request body configuration values are presented in the request body structure example below, not all configuration values are compatible. See the configuration value description table for further information. {{< /call-out >}}
 
 ```json
 {
diff --git a/content/nms/acm/how-to/policies/log-format.md b/content/nms/acm/how-to/policies/log-format.md
index b279027e1..b00c5a3dd 100644
--- a/content/nms/acm/how-to/policies/log-format.md
+++ b/content/nms/acm/how-to/policies/log-format.md
@@ -76,7 +76,7 @@ If these default options don't meet your requirements, you can customize the pol
 
 <br>
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To add the Log Format policy using the REST API, send an HTTP `POST` request to the Environments endpoint.
 
diff --git a/content/nms/acm/how-to/policies/openID-connect.md b/content/nms/acm/how-to/policies/openID-connect.md
index de4e128d9..1dfb1ba59 100644
--- a/content/nms/acm/how-to/policies/openID-connect.md
+++ b/content/nms/acm/how-to/policies/openID-connect.md
@@ -38,11 +38,11 @@ Before configuring API gateways and Developer Portals as OpenID Connect relying
 - Client ID
 - Client Secret (needed depending on the OAuth flow)
 
-{{< note >}}
+{{< call-out "note" >}}
 
 The Developer Portal supports both PCKE and AuthCode [authorization code flows](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow).
 
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -323,7 +323,7 @@ You can set up an OIDC policy by using either the web interface or the REST API.
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To apply the OpenID Connect policy using the REST API, send an HTTP `POST` request to the Environments endpoint.
 
diff --git a/content/nms/acm/how-to/policies/proxy-cache.md b/content/nms/acm/how-to/policies/proxy-cache.md
index 0d900a97a..dc0becfe9 100644
--- a/content/nms/acm/how-to/policies/proxy-cache.md
+++ b/content/nms/acm/how-to/policies/proxy-cache.md
@@ -70,7 +70,7 @@ The following table lists the configurable settings and their default values for
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To apply the Proxy Cache policy using the REST API, send an HTTP `POST` request to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/proxy-request-headers.md b/content/nms/acm/how-to/policies/proxy-request-headers.md
index 7a6a55273..7abe837b9 100644
--- a/content/nms/acm/how-to/policies/proxy-request-headers.md
+++ b/content/nms/acm/how-to/policies/proxy-request-headers.md
@@ -56,7 +56,7 @@ The following table lists the configurable settings and their default values for
 
 ### Default Headers {#default-headers}
 
-{{<note>}}When `proxyDefaultHeadersToBackend` is `true`, the following headers are applied.{{</note>}}
+{{< call-out "note" >}}When `proxyDefaultHeadersToBackend` is `true`, the following headers are applied.{{< /call-out >}}
 
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
@@ -73,7 +73,7 @@ The following table lists the configurable settings and their default values for
 
 ### Header Value Prefixes {#value-prefixes}
 
-{{<note>}}When adding a custom header to `proxyCustomHeadersToBackend,` include one of the following prefixes for the `value` setting.{{</note>}}
+{{< call-out "note" >}}When adding a custom header to `proxyCustomHeadersToBackend,` include one of the following prefixes for the `value` setting.{{< /call-out >}}
 
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
@@ -102,7 +102,7 @@ You can apply this policy using either the web interface or the REST API.
 
 <br>
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To apply the Proxy Request Headers policy using the REST API, send an HTTP `PUT` request to the Proxies endpoint.
 
diff --git a/content/nms/acm/how-to/policies/proxy-response-headers.md b/content/nms/acm/how-to/policies/proxy-response-headers.md
index 3bc216546..2155a2934 100644
--- a/content/nms/acm/how-to/policies/proxy-response-headers.md
+++ b/content/nms/acm/how-to/policies/proxy-response-headers.md
@@ -155,7 +155,7 @@ The following table lists the configurable settings and their default values for
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To create or update a Response Headers policy using the REST API, send an HTTP `PUT` request to the Environment endpoint.
 
diff --git a/content/nms/acm/how-to/policies/request-body-size-limit.md b/content/nms/acm/how-to/policies/request-body-size-limit.md
index fa55e4ee0..ca2c93888 100644
--- a/content/nms/acm/how-to/policies/request-body-size-limit.md
+++ b/content/nms/acm/how-to/policies/request-body-size-limit.md
@@ -60,7 +60,7 @@ You can apply this policy using either the web interface or the REST API.
 
 {{%tab name="API"%}}
 
-{{<see-also>}}{{< include "acm/how-to/access-acm-api.md" >}}{{</see-also>}}
+{{< call-out "note" >}}{{< include "acm/how-to/access-acm-api.md" >}}{{< /call-out>}}
 
 To add the Request Body Size Limit policy using the REST API, send an HTTP `POST` request to the Environments endpoint.
 
diff --git a/content/nms/acm/how-to/services/publish-api.md b/content/nms/acm/how-to/services/publish-api.md
index 9ee1bdfbd..010f85f6b 100644
--- a/content/nms/acm/how-to/services/publish-api.md
+++ b/content/nms/acm/how-to/services/publish-api.md
@@ -30,9 +30,9 @@ Complete the following prerequisites before proceeding with this guide:
 
 ## Create a Service Workspace
 
-{{<note>}}
+{{< call-out "note" >}}
 The API Connectivity Manager admin must verify that the user (API Onwer) has CRUD [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control) permissions for the services feature.
-{{</note>}}
+{{< /call-out >}}
 
 Service Workspaces let you group API configurations. Publishing an API requires at least one Service Workspace.
 
@@ -57,9 +57,9 @@ After creating a Service Workspace, two options are displayed:
 5. **Base Path** and **Version** build up the URI, for example **/api/v1/**.
 6. Select **Publish** to save and publish your API Proxy.
 
-{{<note>}}
+{{< call-out "note" >}}
 If you choose to use an OpenAPI spec, it will get processed into a config and published.
-{{</note>}}
+{{< /call-out >}}
 
 ## Advanced Configurations {#advanced-configurations}
 
@@ -77,7 +77,7 @@ To add an Advanced Routing configuration, select the **Ingress** menu item in th
 4. Choose the required **HTTP Method** you want to use for this route match.
 5. Change the **Target Backend Service Label** if required to target a specific backend based on the label value.
 6. Select **Add Parameter** to add a parameter to the Path, Query, or Header that's used to match on the route.
-   {{<note>}}If you choose a path parameter then you must have a placeholder for that parameter in **Match URI**.{{</note>}}
+   {{< call-out "note" >}}If you choose a path parameter then you must have a placeholder for that parameter in **Match URI**.{{< /call-out >}}
 7. Select **Add** to finish adding the route.
 8. Select **Next** to move to the **Backend** configuration page.
 
@@ -110,9 +110,9 @@ You may also upload a new OpenAPI spec in this form by selecting **+Add API Spec
 3. Edit as needed.
 4. Select **Save and Publish**.
 
-{{<note>}}
+{{< call-out "note" >}}
 Certain sections can't be modified for API Proxies created with OpenAPI Specs, for example, **Advanced Routing** in the **Ingress** step.
-{{</note>}}
+{{< /call-out >}}
 
 ## Delete a Published API Proxy
 
diff --git a/content/nms/acm/releases/known-issues.md b/content/nms/acm/releases/known-issues.md
index fae32ff21..6730f887e 100644
--- a/content/nms/acm/releases/known-issues.md
+++ b/content/nms/acm/releases/known-issues.md
@@ -11,8 +11,6 @@ type:
 - reference
 ---
 
-{{<rn-styles>}}
-
 
 ---
 
@@ -537,7 +535,7 @@ If you are using an API doc with a proxy:
       - url: /api/v3
       ```
 
-      {{< note >}}In the example above only  `/api/v3` is relevant for this issue, and it should be the full base path to which the individual paths in the API document can be appended directly. {{< /note >}}
+      {{< call-out "note" >}}In the example above only  `/api/v3` is relevant for this issue, and it should be the full base path to which the individual paths in the API document can be appended directly. {{< /call-out >}}
 
   2. Set the value of the base path version append rule (`basePathVersionAppendRule`) in the proxy to `NONE`.
 
diff --git a/content/nms/acm/releases/release-notes.md b/content/nms/acm/releases/release-notes.md
index 91e531892..cae372091 100644
--- a/content/nms/acm/releases/release-notes.md
+++ b/content/nms/acm/releases/release-notes.md
@@ -7,8 +7,6 @@ toc: true
 weight: 100
 ---
 
-{{<rn-styles>}}
-
 ---
 
 ## 1.9.3
@@ -408,10 +406,10 @@ This release includes the following updates:
 
   With new [built-in RBAC roles for API Connectivity Manager]({{< ref "/nim/admin-guide/rbac/overview-rbac.md#build-in-roles" >}}), administrators can grant or restrict user access to workspaces and features, empowering teams to manage their own workflows.
 
-  {{<see-also>}}
+  {{< call-out "note" >}}
   - [Set Up RBAC for API Owners]({{< ref "/nms/acm/tutorials/rbac-api-owners.md" >}})
   - [Set Up RBAC for Infra Admins]({{< ref "/nms/acm/tutorials/rbac-infra-admins.md" >}})
-  {{</see-also>}}
+  {{< /call-out>}}
 
 - {{% icon-feature %}} **Multiple hostname support**<a name="1-5-0-whats-new-Multiple-hostname-support"></a>
 
@@ -440,9 +438,9 @@ This release includes the following updates:
 
 ### Security Updates{#1-5-0-security-updates}
 
-{{< important >}}
+{{< call-out "important" >}}
 For the protection of our customers, NGINX doesn’t disclose security issues until an investigation has occurred and a fix is available.
-{{< /important >}}
+{{< /call-out >}}
 
 This release includes the following security updates:
 
@@ -769,7 +767,7 @@ This release includes the following updates:
 
   API Owners can [restrict access to their APIs with OAuth2 tokens]({{< ref "/nms/acm/how-to/policies/introspection.md" >}}) by swapping an opaque token for claims or a JWT token to be proxied to the backend service. The policy can be configured to grant access to APIs after having the tokens introspected. In addition, the claims in the token can be extracted and forwarded to the backend service.
 
-  {{<tip>}}Learn how to [set up an OAuth2 Introspection policy with Keycloak]({{< ref "/nms/acm/tutorials/introspection-keycloak.md" >}}) as the authorization server.{{</tip>}}
+  {{< call-out "tip" >}}Learn how to [set up an OAuth2 Introspection policy with Keycloak]({{< ref "/nms/acm/tutorials/introspection-keycloak.md" >}}) as the authorization server.{{< /call-out >}}
 
 - {{% icon-feature %}} **Enhanced API documentation on developer portal**<a name="1-2-0-whats-new-Enhanced-API-documentation-on-developer-portal"></a>
 
@@ -795,7 +793,7 @@ This release includes the following updates:
 
 - {{% icon-feature %}} **Publish and manage gRPC services - preview release**<a name="1-2-0-whats-new-Publish-and-manage-gRPC-services---preview-release"></a>
 
-  {{<important>}}This is a **preview** feature for you to try out. You shouldn't use preview features for production purposes.{{</important>}}
+  {{< call-out "important" >}}This is a **preview** feature for you to try out. You shouldn't use preview features for production purposes.{{< /call-out >}}
 
   To handle gRPC traffic, you can now [publish and manage gRPC proxies]({{< ref "/nms/acm/how-to/services/publish-grpc-proxy.md" >}}).
 
diff --git a/content/nms/acm/troubleshooting.md b/content/nms/acm/troubleshooting.md
index 9567d6694..4ae12365e 100644
--- a/content/nms/acm/troubleshooting.md
+++ b/content/nms/acm/troubleshooting.md
@@ -68,9 +68,9 @@ The number API proxy advanced routes which can be deployed to a single API proxy
 
 {{< /bootstrap-table >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 The numbers in the above table are provided only as an example. Other factors may impact the total supported number of routes.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Resolution
 
diff --git a/content/nms/acm/tutorials/aws-deploy.md b/content/nms/acm/tutorials/aws-deploy.md
index b21e8ac3c..1b4c403e8 100644
--- a/content/nms/acm/tutorials/aws-deploy.md
+++ b/content/nms/acm/tutorials/aws-deploy.md
@@ -18,7 +18,7 @@ Keep in mind that production environments may require larger instance sizes and
 
 - Make sure you have an AWS account.
 
-{{< important >}}Because the [minimum requirement for the F5 NGINX Management Suite host]({{< ref "/nim/fundamentals/tech-specs#system-sizing" >}}) requires 2 CPU and 4GB RAM (NOT a free tier size), completing this deployment guide will incur charges from AWS according to their price plan.{{< /important >}}
+{{< call-out "important" >}}Because the [minimum requirement for the F5 NGINX Management Suite host]({{< ref "/nim/fundamentals/tech-specs#system-sizing" >}}) requires 2 CPU and 4GB RAM (NOT a free tier size), completing this deployment guide will incur charges from AWS according to their price plan.{{< /call-out >}}
 
 ### Hosts Specs
 
@@ -90,7 +90,7 @@ Take the steps below to create a new internet gateway:
 1. Select the VPC created from above.
 1. Select **Attach internet gateway**.
 
-{{< note >}}The Internet Gateway is what provides a public subnet internet access.{{< /note >}}
+{{< call-out "note" >}}The Internet Gateway is what provides a public subnet internet access.{{< /call-out >}}
 
 #### Create a New Route Table
 
@@ -153,11 +153,11 @@ The table below summarizes the two security groups that you should create.
 {{</bootstrap-table>}}
 Table 1.3 AWS Inbound Security Group Source
 
-{{< warning >}}Selecting **Anywhere-IPv4** as the _Source_ for **HTTP** and **HTTPS** will cause the instances placed inside your Security Group to be publicly accessible. If this is not suitable for you or your organization, please ensure that appropriate restrictions are in place. {{< /warning >}}
+{{< call-out "warning" >}}Selecting **Anywhere-IPv4** as the _Source_ for **HTTP** and **HTTPS** will cause the instances placed inside your Security Group to be publicly accessible. If this is not suitable for you or your organization, please ensure that appropriate restrictions are in place. {{< /call-out >}}
 
-{{< note >}}Select **My IP** as the _Source_ for **SSH** to prevent SSH connection attempts by anyone other than yourself.
+{{< call-out "note" >}}Select **My IP** as the _Source_ for **SSH** to prevent SSH connection attempts by anyone other than yourself.
 
-If you are not allowed to do this, refer to the [Terminal Access Using Session Manager](#session-manager) section below.{{< /note >}}
+If you are not allowed to do this, refer to the [Terminal Access Using Session Manager](#session-manager) section below.{{< /call-out >}}
 
 <br>
 
@@ -211,7 +211,7 @@ Take the steps below to obtain the public IP so you can access the instance thro
 1. Select your instance.
 1. Select the **Details** tab.
 1. The public IP address is shown in the **Public IPv4 address** section. This is the IP that allows external access (such as from your workstation) to the selected EC2 Instance.
-   {{< note >}}It takes about a minute for the instance to become available for SSH connections.{{< /note >}}
+   {{< call-out "note" >}}It takes about a minute for the instance to become available for SSH connections.{{< /call-out >}}
 
 ## NGINX Management Suite Host Installation
 
@@ -252,7 +252,7 @@ You must create a new IAM Role that grants Session Manager access to EC2 Instanc
 1. Provide the **Role name** and **Tag** (optional) for this IAM Role specifically allowing Session Manager access to EC2 Instances.
 1. Select **Create role**.
 
-{{< note >}}Creating an IAM Role from the AWS Management Console and choosing EC2 as the AWS Service also creates an AWS Instance Profile associated with EC2 Instances. Additional details can be found in [the AWS knowledge article](https://aws.amazon.com/premiumsupport/knowledge-center/attach-replace-ec2-instance-profile/).{{< /note >}}
+{{< call-out "note" >}}Creating an IAM Role from the AWS Management Console and choosing EC2 as the AWS Service also creates an AWS Instance Profile associated with EC2 Instances. Additional details can be found in [the AWS knowledge article](https://aws.amazon.com/premiumsupport/knowledge-center/attach-replace-ec2-instance-profile/).{{< /call-out >}}
 
 ### Associating IAM Instance Profile to EC2 Instance
 
@@ -299,13 +299,13 @@ Take the steps below to get terminal access using **Session Manager**.
 1. Select **Start session**. This takes you to the terminal where you are logged in as `ssm-user`.
 1. When you are done, select **Terminate** at the top.
 
-{{< note >}} If you do not see your instance in the **Target Instances** section:
+{{< call-out "note" >}} If you do not see your instance in the **Target Instances** section:
 
 - Verify the IAM Instance Profile is associated to your instance.
 - Verify the IAM Role has SSM permissions properly configured.
 - The instance allows outbound HTTPS traffic to the endpoints shown in the **Connectivity to endpoints** row from the [Session Manager Prerequisites](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html) page.
 - Wait about 15 minutes if you attached the IAM Instance Profile to an existing instance.
-{{< /note >}}
+{{< /call-out >}}
 
 ### AWS Command Line Interface Tool
 
@@ -329,9 +329,9 @@ Take the steps below to get terminal access on an instance:
     Default output format []: json
     ```
 
-    {{< note >}} If your AWS account is configured to use temporary credentials, you need to provide the `aws_session_token` by running the command below:
+    {{< call-out "note" >}} If your AWS account is configured to use temporary credentials, you need to provide the `aws_session_token` by running the command below:
 
-    aws configure set aws_session_token <sessionToken>{{< /note >}}
+    aws configure set aws_session_token <sessionToken>{{< /call-out >}}
 
 1. Run `aws ssm start-session --target "<instanceId>"` to start a session which provides terminal access.
 
diff --git a/content/nms/acm/tutorials/enable-metrics.md b/content/nms/acm/tutorials/enable-metrics.md
index 9466dbc7e..0a9471c9c 100644
--- a/content/nms/acm/tutorials/enable-metrics.md
+++ b/content/nms/acm/tutorials/enable-metrics.md
@@ -13,7 +13,7 @@ weight: 100
 
 This guide walks through setting up and using metrics in API Connectivity Manager.
 
-{{<important>}}The configuration presented in this guide is for demonstration purposes only. Securely configuring environments and proxies in API Connectivity Manager is not in scope for this tutorial but should be given full attention when planning for production use.{{</important>}}
+{{< call-out "important" >}}The configuration presented in this guide is for demonstration purposes only. Securely configuring environments and proxies in API Connectivity Manager is not in scope for this tutorial but should be given full attention when planning for production use.{{< /call-out >}}
 
 Currently, only the following metric is available:
 
@@ -92,7 +92,7 @@ To ensure that the advanced metrics modules are installed across all data plane
 
 ### Install Echo Server {#install-echo-server}
 
-{{< note >}} The server is designed for testing HTTP proxies and clients. It echoes information about HTTP request headers and bodies back to the client. {{</ note >}}
+{{< call-out "note" >}} The server is designed for testing HTTP proxies and clients. It echoes information about HTTP request headers and bodies back to the client. {{< /call-out >}}
 
 1. [Download and install the latest version of Go](https://go.dev/doc/install) by following the instructions on the official Go website.
 2. Run the following commands to install and start [Echo Server](https://github.com/jmalloc/echo-server):
diff --git a/content/nms/acm/tutorials/introspection-keycloak.md b/content/nms/acm/tutorials/introspection-keycloak.md
index 5173b61e1..83b150da7 100644
--- a/content/nms/acm/tutorials/introspection-keycloak.md
+++ b/content/nms/acm/tutorials/introspection-keycloak.md
@@ -13,9 +13,9 @@ type:
 
 This tutorial walks through configuring an OAuth2 Introspection policy on an API Proxy in API Connectivity Manager with Keycloak as the authorization server.
 
-{{<important>}}The configuration presented in this guide is for demonstration purposes only. The secure configuration of Environments and Proxies in API Connectivity Manager, or the secure configuration of Keycloak as the authorization server, is not in scope for this tutorial and should be given full attention when planning for production use.{{</important>}}
+{{< call-out "important" >}}The configuration presented in this guide is for demonstration purposes only. The secure configuration of Environments and Proxies in API Connectivity Manager, or the secure configuration of Keycloak as the authorization server, is not in scope for this tutorial and should be given full attention when planning for production use.{{< /call-out >}}
 
-{{<see-also>}}See the [OAuth2 Introspection Policy]({{< ref "/nms/acm/how-to/policies/introspection.md" >}}) reference guide for a detailed overview of the policy.{{</see-also>}}
+{{< call-out "note" >}}See the [OAuth2 Introspection Policy]({{< ref "/nms/acm/how-to/policies/introspection.md" >}}) reference guide for a detailed overview of the policy.{{< /call-out>}}
 
 ---
 
@@ -127,7 +127,7 @@ Production mode sets the following default configuration:
 
 3. Create environment variables for the Keycloak admin username and password:
 
-   {{< important >}} Do not use the example `admin/password` combination in any scenario. Replace the username and password with strong alternatives. {{< /important >}}
+   {{< call-out "important" >}} Do not use the example `admin/password` combination in any scenario. Replace the username and password with strong alternatives. {{< /call-out >}}
 
    ```shell
     export KEYCLOAK_ADMIN=<admin user>
@@ -219,7 +219,7 @@ curl -L -X GET http://{HOST/IP_ADDRESS}:{PORT}/realms/{REALM}/.well-known/openid
 
 #### Example
 
-{{< note >}} `jq` is used in the following examples to format the JSON response from Keycloak in a legible and attractive way. For more information about `jq`   , see the [jq GitHub page](https://github.com/stedolan/jq). {{< /note >}}
+{{< call-out "note" >}} `jq` is used in the following examples to format the JSON response from Keycloak in a legible and attractive way. For more information about `jq`   , see the [jq GitHub page](https://github.com/stedolan/jq). {{< /call-out >}}
 
 ```bash
 curl -L -X GET http://192.0.2.5:8080/realms/nginx/.well-known/openid-configuration | jq
@@ -308,7 +308,7 @@ Typically, the `access_token` is passed in requests to a **Resource Server** (AP
 
 You can mimic the process by which an NGINX client introspects an incoming user `access_token` with Keycloak.
 
-{{< note >}} Keycloak is configured to accept basic auth credentials from the `nginx-plus` client; in this case, the credentials are formatted as `CLIENT_ID:CLIENT_SECRET`. This combination must be [base64 url encoded](https://www.base64url.com/) before it is passed in the `Authorization` header. {{< /note >}}
+{{< call-out "note" >}} Keycloak is configured to accept basic auth credentials from the `nginx-plus` client; in this case, the credentials are formatted as `CLIENT_ID:CLIENT_SECRET`. This combination must be [base64 url encoded](https://www.base64url.com/) before it is passed in the `Authorization` header. {{< /call-out >}}
 
 #### Structure
 
@@ -519,7 +519,7 @@ In this section, we will use the API Connectivity Manager Rest API to set up a p
 
 1. Upsert the API proxy with an OAuth2 Introspection policy. The default `action.introspectionResponse` type `application/json` is used, so you don't need to define it in the API request body.
 
-   {{< note >}} This shortened request body removes all the default API proxy policies. To maintain these default policies, perform a `GET` request on the proxy before the upsert and copy the policy configuration from the response. {{< /note >}}
+   {{< call-out "note" >}} This shortened request body removes all the default API proxy policies. To maintain these default policies, perform a `GET` request on the proxy before the upsert and copy the policy configuration from the response. {{< /call-out >}}
 
    ```bash
    PUT https://192.0.2.2/api/acm/v1/services/workspaces/service-ws/proxies/test-proxy
@@ -787,9 +787,9 @@ You can configure NGINX to cache a copy of the introspection response for each a
 
 #### Security Considerations {#security-considerations}
 
-{{<important>}}There are some security considerations to keep in mind when enabling token caching. For example, a shorter cache expiration time is more secure since the resource servers must query the introspection endpoint more frequently; however, the increased number of queries may put a load on the endpoint. Longer expiration times, by comparison, open a window where a token may actually be expired or revoked but still be able to be used at a resource server for the remaining cache time.
+{{< call-out "important" >}}There are some security considerations to keep in mind when enabling token caching. For example, a shorter cache expiration time is more secure since the resource servers must query the introspection endpoint more frequently; however, the increased number of queries may put a load on the endpoint. Longer expiration times, by comparison, open a window where a token may actually be expired or revoked but still be able to be used at a resource server for the remaining cache time.
 
-You can mitigate these situations by never caching the value beyond the token's expiration time. For example, in Keycloak, the default token duration is **300 seconds**. This should be the upper limit of token caching in the Introspection policy configuration.{{</important>}}
+You can mitigate these situations by never caching the value beyond the token's expiration time. For example, in Keycloak, the default token duration is **300 seconds**. This should be the upper limit of token caching in the Introspection policy configuration.{{< /call-out >}}
 
 #### Token Caching Setup {#token-caching-setup}
 
@@ -1044,7 +1044,7 @@ You can define multiple hostnames/IP addresses and port combinations, along with
 
 When a user access token is introspected with an OAuth server, the token introspection endpoint should respond with a JSON object with the properties listed below. Only the `active` property is required; the rest are optional.
 
-{{< see-also >}} Detailed descriptions of each claim can be found in [Section 2.2 of OAuth 2.0 Token Introspection Token [RFC7662]](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2). {{< /see-also >}}
+{{< call-out "note" >}} Detailed descriptions of each claim can be found in [Section 2.2 of OAuth 2.0 Token Introspection Token [RFC7662]](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2). {{< /call-out>}}
 
 {{<bootstrap-table "table table-striped table-bordered">}}
 
@@ -1355,7 +1355,7 @@ You can change the `401` and `403` response codes by configuring the `action.err
    }
    ```
 
-   {{< note >}} To edit the response message and format for these custom error codes, add them to the default global policy `error-response-format` with the related `errorCode` and `errorMessage`. {{< /note >}}
+   {{< call-out "note" >}} To edit the response message and format for these custom error codes, add them to the default global policy `error-response-format` with the related `errorCode` and `errorMessage`. {{< /call-out >}}
 
 2. Send a request to the echo server API proxy without providing an access token. The request should not go to the backend, and the API proxy should respond with the status code `410 Gone`.
 
@@ -1369,12 +1369,12 @@ The introspection response, as specified in OAuth 2.0 Token Introspection [RFC76
 
 An example is a resource server using verified personal data to create certificates, which are then used to create qualified electronic signatures. In such use cases, it may be helpful or even required to return a signed [JSON Web token (JWT) [RFC7519]](https://www.rfc-editor.org/rfc/rfc7519) as the introspection response.
 
-{{<important>}}The introspection response type `application/jwt`, configured using `action.introspectionResponse`, has not finalized its security protocol specification at the time of writing, and it remains in **DRAFT** status. While in **DRAFT** status, the specification may change at any time, and API Connectivity Manager may change to meet the requirements of the specification. We recommend using the default OAuth2 Introspection response type `application/json` for all **production** scenarios.
+{{< call-out "important" >}}The introspection response type `application/jwt`, configured using `action.introspectionResponse`, has not finalized its security protocol specification at the time of writing, and it remains in **DRAFT** status. While in **DRAFT** status, the specification may change at any time, and API Connectivity Manager may change to meet the requirements of the specification. We recommend using the default OAuth2 Introspection response type `application/json` for all **production** scenarios.
 
 For reference, see [JWT Response for OAuth Token Introspection](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-introspection-response).
-{{</important>}}
+{{< /call-out >}}
 
-{{< note >}} Not all OAuth2 servers support the `application/jwt` response type; Keycloak, for example, does not. Check your OAuth2 server documentation to verify support for this introspection response type. {{< /note >}}
+{{< call-out "note" >}} Not all OAuth2 servers support the `application/jwt` response type; Keycloak, for example, does not. Check your OAuth2 server documentation to verify support for this introspection response type. {{< /call-out >}}
 
 1. Upsert the proxy with an updated Introspection policy configuration that sets the `action.introspectionResponse` parameter to `application/jwt`.
 
@@ -1526,7 +1526,7 @@ An opaque token, also known as a phantom token, is a random, unique string of ch
 
 Opaque tokens are supported out-of-the-box with the API Connectivity Manager OAuth2 Introspection policy. Just pass the opaque token in place of the standard access token when a user sends a request to an API proxy with token introspection configured.
 
-{{< note >}} Not all OAuth2 Servers support opaque tokens; Keycloak, for example, does not. Check your OAuth2 server documentation to verify support for this token format. {{< /note >}}
+{{< call-out "note" >}} Not all OAuth2 Servers support opaque tokens; Keycloak, for example, does not. Check your OAuth2 server documentation to verify support for this token format. {{< /call-out >}}
 
 ```bash
 POST https://192.0.2.4/my/test/api
diff --git a/content/nms/acm/tutorials/oas-security-schemes.md b/content/nms/acm/tutorials/oas-security-schemes.md
index 1e8605327..8ac38460a 100644
--- a/content/nms/acm/tutorials/oas-security-schemes.md
+++ b/content/nms/acm/tutorials/oas-security-schemes.md
@@ -15,7 +15,7 @@ type:
 
 The OpenAPI Specification (OAS) allows you to specify authentication and authorization requirements, or security schemes, for your APIs, ensuring that only authorized users or applications can access them. These security schemes are applied globally, meaning they are enforced for all APIs within the OAS.
 
-{{<note>}}When configuring security schemes, keep in mind that path-level security requirements will not be applied and are ignored.{{</note>}}
+{{< call-out "note" >}}When configuring security schemes, keep in mind that path-level security requirements will not be applied and are ignored.{{< /call-out >}}
 
 Listed below are the OAS security schemes that API Connectivity Manager supports.
 
diff --git a/content/nms/nginx-agent/install-nginx-agent.md b/content/nms/nginx-agent/install-nginx-agent.md
index 1f2bb13cf..6c7cba535 100644
--- a/content/nms/nginx-agent/install-nginx-agent.md
+++ b/content/nms/nginx-agent/install-nginx-agent.md
@@ -15,8 +15,8 @@ This section lists the prerequisites for installing and configuring NGINX Agent.
 
 1. [F5 NGINX Management Suite is installed on a server]({{< ref "/nim/deploy/_index.md" >}}).
 
-    {{<note>}} When installing and configuring NGINX Management Suite, take note of the fully qualified domain name (FQDN) and gRPC port number. You'll need this information to properly configure NGINX Agent to communicate with NGINX Management Suite.
-    {{</note>}}
+    {{< call-out "note" >}} When installing and configuring NGINX Management Suite, take note of the fully qualified domain name (FQDN) and gRPC port number. You'll need this information to properly configure NGINX Agent to communicate with NGINX Management Suite.
+    {{< /call-out >}}
 
 2. Make sure NGINX is running on your instance:
 
@@ -61,13 +61,13 @@ You can choose one of the following two methods to install NGINX Agent on your d
 - Install via the NGINX Management Suite API Gateway
 - Install from packages downloaded from [MyF5 Customer Portal](https://account.f5.com/myf5) or from your NGINX/F5 sales team.
 
-{{< note >}} You can also install NGINX Agent in the following ways:
+{{< call-out "note" >}} You can also install NGINX Agent in the following ways:
 
 - From the [GitHub releases](https://docs.nginx.com/nginx-agent/installation-upgrade/installation-github/)
 - From the [NGINX Repository](https://docs.nginx.com/nginx-agent/installation-upgrade/installation-oss/)
 - From the [NGINX Plus Repository](https://docs.nginx.com/nginx-agent/installation-upgrade/installation-plus/).
 
-{{< /note >}}
+{{< /call-out >}}
 
 ### Install using the API
 
@@ -128,9 +128,9 @@ In a web browser, go to the FQDN for your NGINX Management Suite host and log in
 
 Once you've verified the NGINX Agent instance is registered with NGINX Management Suite, no additional action is required for monitoring the instance.
 
-{{<note>}}
+{{< call-out "note" >}}
 If you need to remove the instance, ensure that the NGINX Agent service is stopped first. Then you can remove the instance from the inventory.
-{{</note>}}
+{{< /call-out >}}
 
 ---
 
@@ -138,7 +138,7 @@ If you need to remove the instance, ensure that the NGINX Agent service is stopp
 
 The following sections explain how to configure NGINX Agent using configuration files, CLI flags, and environment variables.
 
-{{<note>}}
+{{< call-out "note" >}}
 
 - NGINX Agent interprets configuration values set by configuration files, CLI flags, and environment variables in the following priorities:
 
@@ -150,20 +150,20 @@ The following sections explain how to configure NGINX Agent using configuration
 
 - Open any required firewall ports or SELinux/AppArmor rules for the ports and IPs you want to use.
 
-{{</note>}}
+{{< /call-out >}}
 
 ### Configure with Config Files
 
 The configuration files for NGINX Agent are `/etc/nginx-agent/nginx-agent.conf` and `/var/lib/nginx-agent/agent-dynamic.conf`. These files have comments at the top indicating their purpose.
 
-{{<note>}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{</note>}}
+{{< call-out "note" >}}If you're running Instance Manager 2.10.1 or earlier or NGINX Agent 2.25.1 or earlier, the `agent-dynamic.conf` file is located in `/etc/nginx-agent/`.{{< /call-out >}}
 
 Examples of the configuration files are provided below:
 
 <details open>
     <summary>example nginx-agent.conf</summary>
 
-{{<note>}}
+{{< call-out "note" >}}
 In the following example `nginx-agent.conf` file, you can change the `server.host` and `server.grpcPort` to connect to the NGINX Management Suite.
 
 If NGINX Agent was previously installed for data reporting purposes only, you may need to find and remove the following line from the NGINX Agent configuration file:
@@ -172,7 +172,7 @@ If NGINX Agent was previously installed for data reporting purposes only, you ma
 features: registration,dataplane-status
 ```
 
-{{</note>}}
+{{< /call-out >}}
 
 ```nginx {hl_lines=[13]}
 #
@@ -288,13 +288,13 @@ nginx-agent
 
 ### CLI Flags and Environment Variables
 
-{{< warning >}}
+{{< call-out "warning" >}}
 
 Before version 2.35.0, the environment variables were prefixed with `NMS_` instead of `NGINX_AGENT_`.
 
 If you are upgrading from an older version, update your configuration accordingly.
 
-{{< /warning >}}
+{{< /call-out >}}
 
 {{<bootstrap-table "table table-responsive table-bordered">}}
 | CLI flag                                    | Environment variable                 | Description                                                                 |
@@ -337,7 +337,7 @@ If you are upgrading from an older version, update your configuration accordingl
 
 <br>
 
-{{<note>}}
+{{< call-out "note" >}}
 Use the `--config-dirs` command-line option, or the `config_dirs` key in the `nginx-agent.conf` file, to identify the directories NGINX Agent can read from or write to. This setting also defines the location to which you can upload config files when using a control plane.
 
 NGINX Agent cannot write to directories outside the specified location when updating a config and cannot upload files to directories outside of the configured location.
@@ -346,7 +346,7 @@ NGINX Agent follows NGINX configuration directives to file paths outside the des
 
 - [`ssl_certificate`](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate)
 
-{{</note>}}
+{{< /call-out >}}
 
 
 ### Enable NGINX App Protect WAF Status Reporting
@@ -410,7 +410,7 @@ Additionally, you can use the agent installation script to add these fields:
 
 ## Secure NGINX Agent with mTLS
 
-{{< important >}}By default, communication between NGINX Agent and NGINX Management Suite is unsecured.{{< /important >}}
+{{< call-out "important" >}}By default, communication between NGINX Agent and NGINX Management Suite is unsecured.{{< /call-out >}}
 
 For instructions on how configure mTLS to secure communication between NGINX Agent and NGINX Management Suite, see [NGINX Agent TLS Settings](https://docs.nginx.com/nginx-agent/configuration/encrypt-communication/).
 
diff --git a/content/nms/nginx-agent/install-nginx-plus-advanced-metrics.md b/content/nms/nginx-agent/install-nginx-plus-advanced-metrics.md
index 08fe599ce..cc19e5a0b 100644
--- a/content/nms/nginx-agent/install-nginx-plus-advanced-metrics.md
+++ b/content/nms/nginx-agent/install-nginx-plus-advanced-metrics.md
@@ -142,7 +142,7 @@ advanced_metrics:
     priority_table_threshold: 1000
 ```
 
-{{< see-also >}} See the [NGINX Agent CLI Flags & Usage]({{< ref "/nms/nginx-agent/install-nginx-agent.md#nginx-agent-cli-flags--usage" >}}) topic for a description of each of these flags. {{< /see-also >}}
+{{< call-out "note" >}} See the [NGINX Agent CLI Flags & Usage]({{< ref "/nms/nginx-agent/install-nginx-agent.md#nginx-agent-cli-flags--usage" >}}) topic for a description of each of these flags. {{< /call-out>}}
 
 <br>
 
diff --git a/content/nms/nim/getting-started/waf-config-management.md b/content/nms/nim/getting-started/waf-config-management.md
index e6f30cb55..0691b22d1 100644
--- a/content/nms/nim/getting-started/waf-config-management.md
+++ b/content/nms/nim/getting-started/waf-config-management.md
@@ -27,4 +27,4 @@ You can use F5 NGINX Management Suite Instance Manager to publish configurations
 
 5. [Add or edit a WAF Configuration]({{< ref "/nim/nginx-app-protect/setup-waf-config-management#add-waf-config" >}}) to your NGINX Instances, and publish using Instance Manager.
 
-   {{<note>}}Map the App Protect directives on NGINX configuration to `.tgz` file extensions (not `.json`).{{< /note >}}
+   {{< call-out "note" >}}Map the App Protect directives on NGINX configuration to `.tgz` file extensions (not `.json`).{{< /call-out >}}
diff --git a/content/nms/nms-resilience.md b/content/nms/nms-resilience.md
index 551407f79..11043be8e 100644
--- a/content/nms/nms-resilience.md
+++ b/content/nms/nms-resilience.md
@@ -111,7 +111,7 @@ The recovery time for the DPM (Data Plane Manager) pod depends the number of NGI
 
 ## Business Continuity and Disaster Recovery
 
-{{<important>}}
+{{< call-out "important" >}}
 When integrating NGINX Management Suite into your existing Business Continuity and Disaster Recovery (BC/DR) strategy, consider the following:
 
 - NGINX data plane instances managed by NGINX Management Suite can serve traffic independently of the NGINX Management Suite control plane. Data plane instances will continue to operate seamlessly with their last published configurations as long as they remain healthy.
@@ -120,7 +120,7 @@ When integrating NGINX Management Suite into your existing Business Continuity a
 
 - Establish specific metrics for your disaster recovery plan, such as Recovery Time Objective (RTO) and Recovery Point Objective (RPO), for the NGINX Management Suite control plane independently of the data plane. Regularly review and update these metrics to consider the impact of data plane size on NGINX Management Suite services and storage requirements.
 
-{{</important>}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nms/support/contact-support.md b/content/nms/support/contact-support.md
index 8810e47c2..baedebc00 100644
--- a/content/nms/support/contact-support.md
+++ b/content/nms/support/contact-support.md
@@ -12,13 +12,13 @@ type:
 
 F5 NGINX Management Suite adheres to the support policy detailed in the following knowledge base article: [K000140156](https://my.f5.com/manage/s/article/K000140156).
 
-{{<important>}}
+{{< call-out "important" >}}
 Support licenses for Instance Manager **do not include** support for the NGINX instances that are being managed.
 
 Community support is available for NGINX Open Source instances at the [NGINX mailing list](http://mailman.nginx.org/mailman/listinfo).
 If you need support for NGINX Plus or any of the [prebuilt NGINX Open Source packages](https://nginx.org/en/linux_packages.html), you will need to [purchase an NGINX license](https://www.nginx.com/purchase-nginx/).
 
-{{</important>}}
+{{< /call-out >}}
 
 ---
 
diff --git a/content/nms/support/support-package.md b/content/nms/support/support-package.md
index d41cdaa5d..0e6d33dd3 100644
--- a/content/nms/support/support-package.md
+++ b/content/nms/support/support-package.md
@@ -43,9 +43,9 @@ To create a support package:
     tar -xvf support-pkg-<timestamp>.tar.gz
     ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The supported shell is `bash`.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Arguments
 
@@ -126,9 +126,9 @@ The status and state information of the host running Instance Manager, including
 
 The support package script uses the `-c` flag ( or `--nms_config_path`) to get the Instance Manager configuration. If the configuration file is not specified, the script uses the default value `/etc/nms/nms.conf`.
 
-{{< note >}}
+{{< call-out "note" >}}
 If the Instance Manager configuration file does not specify addresses for the `core` and `dpm` databases, the default values are assumed: `127.0.0.1:7891` and `127.0.0.1:7890`.
-{{< /note >}}
+{{< /call-out >}}
 
 The support package script uses a small Go executable file called `dqlite-backup` (located in `/etc/nms/scripts/`) to connect to the databases and generate data dumps.
 
diff --git a/content/ossc.md b/content/ossc.md
index 85b433ed6..0a20c3ae0 100644
--- a/content/ossc.md
+++ b/content/ossc.md
@@ -3,8 +3,6 @@ nd-docs: DOCS-1343
 title: Open Source Components
 ---
 
-{{<rn-styles>}}
-
 The F5 NGINX Docs website is made possible thanks to many contributors, which also includes the tools used to build it. We would like to draw attention to the maintainers of the following libraries, which are used to create the NGINX Docs:
 
 ---
@@ -35,30 +33,28 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 </details>
 
-## [Bootstrap](https://github.com/twbs/bootstrap)
+## [Lucide](https://lucide.dev/)
 
-Copyright © 2011-2023 The Bootstrap Authors
+Copyright © 2025 Lucide Contributors
+Copyright (c) 2013-2023 Cole Bemis
 
 <details closed>
-<summary><i class="fa-solid fa-file"></i> The MIT License (MIT)</summary>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+<summary><i class="fa-solid fa-file"></i> ISC License (ISC)</summary>
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-</details>
+Copyright (c) for portions of Lucide are held by Cole Bemis 2013-2023 as part of Feather (MIT). All other copyright (c) for Lucide are held by Lucide Contributors 2025.
 
-## [Font Awesome Free](https://fontawesome.com/license/free)
+Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
 
-- Icons - [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/) - In the Font Awesome Free download, the CC BY 4.0 license applies to all icons packaged as .svg and .js files types.
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-- Fonts - [SIL OFL 1.1 License](https://opensource.org/license/ofl-1-1/) - In the Font Awesome Free download, the SIL OFL license applies to all icons packaged as web and desktop font files.
+</details>
 
-- Code - [MIT License](https://mit-license.org/) - In the Font Awesome Free download, the MIT license applies to all non-font and non-icon files.
+<details closed>
+<summary><i class="fa-solid fa-file"></i> The MIT License (MIT)</summary>
 
----
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-License information for open source components included in the [NGINX Plus]({{< ref "/nginx/" >}}) software:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-- [NGINX Plus Open Source Components]({{< ref "/nginx/open-source-components.md" >}})
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+</details>
\ No newline at end of file
diff --git a/content/solutions/about-subscription-licenses.md b/content/solutions/about-subscription-licenses.md
index a1c8177c1..8aba61588 100644
--- a/content/solutions/about-subscription-licenses.md
+++ b/content/solutions/about-subscription-licenses.md
@@ -14,14 +14,18 @@ We’re updating NGINX Plus to align with F5’s entitlement and visibility poli
 
 Starting with NGINX Plus R33, all **NGINX Plus instances require a valid JSON Web Token (JWT) license**. This license is tied to your subscription (not individual instances) and is used to validate your subscription and automatically send usage reports to F5's licensing endpoint (`product.connect.nginx.com`), as required by your subscription agreement. In offline environments, usage reporting is [routed through NGINX Instance Manager]({{< ref "nim/disconnected/report-usage-disconnected-deployment.md" >}}).
 
-### Important changes
+## Important changes
 
-##### NGINX Plus won't start if:
+If you have multiple subscriptions, you’ll also have multiple JWT licenses. You can assign each NGINX Plus instance to the license you prefer. NGINX combines usage reporting across all licensed instances.
+
+This feature is available in NGINX Instance Manager 2.20 and later.
+
+### NGINX Plus won't start if:
 
 - The JWT license is missing or invalid.
 - The JWT license expired over 90 days ago.
 
-##### NGINX Plus will **stop processing traffic** if:
+### NGINX Plus will **stop processing traffic** if:
 
 - It can't submit an initial usage report to F5's licensing endpoint or NGINX Instance Manager.
 
@@ -41,17 +45,48 @@ When installing or upgrading to NGINX Plus R33 or later, take the following step
 
 ---
 
-## Add the JWT license {#add-jwt}
+## Download the license from MyF5 {#download-jwt}
+
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+
+---
+
+## Deploy the JWT license
 
-Before you install or upgrade to NGINX Plus R33 or later, make sure to:
+After you download the JWT license, you can deploy it to your NGINX Plus instances using either of the following methods:
 
-### Download the license from MyF5 {#download-jwt}
+- Use a **Config Sync Group** if you're managing instances with the NGINX One Console (recommended)
+- Copy the license manually to each instance
 
-{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+Each method ensures your NGINX Plus instances have access to the required license file.
+
+### Deploy with a Config Sync Group (Recommended)
+
+If you're using the [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}}), the easiest way to manage your JWT license is with a [Config Sync Group]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}). This method lets you:
+
+- Avoid manual file copying
+- Keep your fleet consistent
+- Automatically apply updates to new NGINX Plus instances
+
+To deploy the JWT license with a Config Sync Group:
+
+{{< include "/licensing-and-reporting/deploy-jwt-with-csgs.md" >}}
+
+Your JWT license now syncs to all NGINX Plus instances in the group.
+
+When your subscription renews and a new JWT license is issued, update the file in the Config Sync Group to apply the change across your fleet.  
 
-### Copy the license to each NGINX Plus instance
+New instances added to the group automatically inherit the license.
 
-{{< include "licensing-and-reporting/apply-jwt.md" >}}
+{{< call-out "note" "If you’re using NGINX Instance Manager" "" >}}
+If you're using NGINX Instance Manager instead of the NGINX One Console, the equivalent feature is called an *instance group*. You can manage your JWT license in the same way by adding or updating the file in the instance group. For details, see [Manage instance groups]({{< ref "/nim/nginx-instances/manage-instance-groups.md" >}}).
+{{< /call-out >}}
+
+### Copy the license manually
+
+If you're not using the NGINX One Console, copy the JWT license file to each NGINX Plus instance manually.
+
+{{< include "/licensing-and-reporting/apply-jwt.md" >}}
 
 ### Custom paths {#custom-paths}
 
@@ -106,7 +141,24 @@ mgmt {
 }
 ```
 
-{{<important>}}After 180 days, if usage reporting still hasn’t been established, NGINX Plus will stop processing traffic.{{</important>}}
+{{< call-out "important" >}}After 180 days, if usage reporting still hasn’t been established, NGINX Plus will stop processing traffic.{{< /call-out >}}
+
+
+## Update the JWT license {#update-jwt}
+
+Updating the JWT license after renewing your F5 NGINX subscription is a simple and seamless process that does not require manually downloading the JWT or reloading/restarting the NGINX service. This procedure applies both to subscriptions nearing expiration (within 30 days) and to those that have expired but are still within the 90-day grace period.
+
+The update process will work automatically provided that license reporting has been configured and at least one report has been successfully transmitted. If this setup is not configured, follow the [Deploy the JWT license](#deploy-the-jwt-license) steps instead.
+
+The updated JWT license is saved directly as a state file at the path specified by the [`state_path`](https://nginx.org/en/docs/ngx_mgmt_module.html#state_path) directive. The existing JWT license file located at `/etc/nginx/license.jwt` (or a custom path specified by the [`license_token`](https://nginx.org/en/docs/ngx_mgmt_module.html#license_token) directive) will remain unchanged during this process and will not impact the performance or functionality of NGINX Plus in the future. If necessary, you may replace it manually with the updated license from MyF5.
+
+### For internet-connected environments
+
+Once your subscription has been successfully renewed by F5 Sales, all NGINX Plus instances will automatically receive and apply the updated JWT license — no manual action is required.
+
+### For network-restricted environments
+
+In network-restricted environments, there is no change in the JWT update process. It follows the same steps as [adding a new JWT](#for-network-restricted-environments).
 
 ---
 
diff --git a/content/unit/_index.md b/content/unit/_index.md
index a809a67b0..99b1f115c 100644
--- a/content/unit/_index.md
+++ b/content/unit/_index.md
@@ -1,7 +1,39 @@
 ---
 title: NGINX Unit
-description: A lightweight web app server that combines several layers of the typical application stack into a single component.
+nd-subtitle: A lightweight web app server that combines several layers of the typical application stack into a single component
 url: /nginx-unit/
+nd-landing-page: true
 cascade:
-  logo: "NGINX-Unit-product-icon-RGB.png"
----
\ No newline at end of file
+  logo: "NGINX-Unit-product-icon.svg"
+nd-content-type: landing-page
+nd-product: NGINX Unit
+---
+
+## About
+
+NGINX Unit is a lightweight and versatile application runtime that provides the essential components for your web application as a single open-source server: running application code (including WebAssembly), serving static assets, handling TLS and request routing.
+
+## Featured content
+
+{{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Key features" titleUrl="/nginx-unit/keyfeatures/" isFullSize="true" icon="unplug">}}
+    Learn about the key features of NGINX Unit, including its support for multiple languages, security, performance, and more
+  {{</card >}}
+  {{<card title="Installation" titleUrl="/nginx-unit/installation/" isFullSize="true">}}
+    Get started with NGINX Unit by installing it on your system. Find instructions for various platforms and package managers
+  {{</card >}}
+  {{<card title="Configuration" titleUrl="/nginx-unit/configuration/" isFullSize="true">}}
+    Learn how to configure NGINX Unit for your applications
+  {{</card >}}
+{{</card-section>}}
+
+## Other resources
+
+{{<card-section showAsCards="true">}}
+  {{<card title="How-to guides" titleUrl="/nginx-unit/howto/" isFullSize="true">}}
+    Learn how to resolve various real-life situations and issues that you may experience with Unit
+  {{</card >}}
+  {{<card title="Changelog" titleUrl="/nginx-unit/changes/" isFullSize="true" icon="file-clock">}}
+    See the latest changes and updates in NGINX Unit, including new features, bug fixes, and improvements
+  {{</card >}}
+{{</card-section>}}
\ No newline at end of file
diff --git a/content/unit/about.md b/content/unit/about.md
index 24d0ebd06..e2ea01bb3 100644
--- a/content/unit/about.md
+++ b/content/unit/about.md
@@ -15,9 +15,9 @@ handling TLS and request routing.
 Unit was created by [nginx](https://nginx.org/en/) team members from scratch to
 be highly efficient and fully configurable at runtime.
 
-{{< tip >}}You can read the details
+{{< call-out "tip" >}}You can read the details
 about the latest release in the [Releases and announcements]({{< relref "/unit/news/">}}) section.
-{{< /tip >}}
+{{< /call-out >}}
 
 - See a quickstart [guide](https://github.com/nginx/unit/) on our GitHub page.
 - Browse the [Changelog]({{< relref "/unit/changes/">}}) or see the release notes in the [Releases and announcements]({{< relref "/unit/news/">}}) archive.
diff --git a/content/unit/certificates.md b/content/unit/certificates.md
index 743d4e0fb..77f8fd712 100644
--- a/content/unit/certificates.md
+++ b/content/unit/certificates.md
@@ -11,10 +11,10 @@ handles TLS certificates that are used with Unit's
 To set up SSL/TLS for a listener, upload a **.pem** file with your certificate
 chain and private key to Unit, and name the uploaded bundle in the listener's configuration; next, the listener can be accessed via SSL/TLS.
 
-{{< note >}}
+{{< call-out "note" >}}
 For the details of certificate issuance and renewal in Unit,
 see an example in [TLS with Certbot]({{< relref "/unit/howto/certbot.md" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 
 First, create a **.pem** file with your certificate chain and private key:
@@ -37,11 +37,11 @@ Upload the resulting bundle file to Unit's certificate storage under a suitable
 }
 ```
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Don't use **-d** for file upload with `curl`; this option damages **.pem** files.
 Use the **--data-binary** option when uploading file-based data to avoid data
 corruption.
-{{< /warning >}}
+{{< /call-out >}}
 
 Internally, Unit stores the uploaded certificate bundles along with other configuration data in its **state** subdirectory; the
 [control API]({{< relref "/unit/controlapi.md" >}})
@@ -104,7 +104,7 @@ exposes some of their properties as **GET**-table JSON using **/certificates**:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Access array items, such as individual certificates in a chain,
 and their properties by indexing, running the following commands as root:
 
@@ -117,7 +117,7 @@ and their properties by indexing, running the following commands as root:
 # curl -X GET --unix-socket /path/to/control.unit.sock \ # Path to Unit's control socket in your installation
        http://localhost/certificates/bundle/chain/0/subject/alt_names/0/  # Certificate bundle name
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 Next, add the uploaded bundle to a
 [listener]({{< relref "/unit/configuration.md#configuration-listeners" >}}).
@@ -188,7 +188,7 @@ from the storage, running the following command as root:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 You can't delete certificate bundles still referenced in your configuration,
 overwrite existing bundles using **put**, or delete non-existent ones.
-{{< /note >}}
+{{< /call-out >}}
diff --git a/content/unit/configuration.md b/content/unit/configuration.md
index 6336866ab..a32c1119d 100644
--- a/content/unit/configuration.md
+++ b/content/unit/configuration.md
@@ -5,10 +5,10 @@ toc: true
 nd-docs: DOCS-1700
 ---
 
-{{<note>}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{</note>}}
+{{< /call-out >}}
 
 The **/config** section of the
 [control API]({{< relref "/unit/controlapi.md#configuration-api" >}})
@@ -32,13 +32,13 @@ the object's name can be:
 - On Linux-based systems, [abstract UNIX sockets](https://man7.org/linux/man-pages/man7/unix.7.html)
 can be used as well: **unix:@abstract_socket**.
 
-{{< note >}}
+{{< call-out "note" >}}
 Also on Linux-based systems, wildcard listeners can't overlap with other listeners
 on the same port due to rules imposed by the kernel.
 For example, **\*:8080** conflicts with **127.0.0.1:8080**;
 in particular, this means **\*:8080** can't be *immediately* replaced
 by **127.0.0.1:8080** (or vice versa) without deleting it first.
-{{< /note >}}
+{{< /call-out >}}
 
 Unit dispatches the requests it receives to destinations referenced by listeners.
 You can plug several listeners into one destination or use a single listener
@@ -325,10 +325,10 @@ The **tickets** option works as follows:
   the last key is always used to create new session tickets
   and update the tickets created earlier.
 
-  {{< note >}}
+  {{< call-out "note" >}}
   An empty array effectively disables session tickets,
   same as setting **tickets** to **false**.
-  {{< /note >}}
+  {{< /call-out >}}
 
 ### IP, protocol forwarding {#configuration-listeners-forwarded}
 
@@ -344,12 +344,12 @@ with the **forwarded** object and its options:
 | **recursive**           | Boolean; controls how the **client_ip** fields are traversed. <br><br> The default is **false** (no recursion).                                                                                                                                                      |
 {{</bootstrap-table>}}
 
-{{< note >}}
+{{< call-out "note" >}}
 Besides **source**, the **forwarded** object must specify
 **client_ip**, **protocol**, or both.
-{{< /note >}}
+{{< /call-out >}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Before version 1.28.0, Unit provided the **client_ip** object
 that evolved into **forwarded**:
 
@@ -364,7 +364,7 @@ that evolved into **forwarded**:
 
 This old syntax still works but will be eventually deprecated,
 though not earlier than version 1.30.0.
-{{< /warning >}}
+{{< /call-out >}}
 
 When **forwarded** is set, Unit respects the appropriate header fields
 only if the immediate source IP of the request
@@ -535,11 +535,11 @@ A request passed to a route traverses its steps sequentially:
 - If a step's condition isn't met, Unit proceeds to the next step of the route.
 - If no steps of the route match, a 404 "Not Found" response is returned.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 If a step omits the **match** option, its **action** occurs automatically.
 Thus, use no more than one such step per route, always placing it last to
 avoid potential routing issues.
-{{< /warning >}}
+{{< /call-out >}}
 
 <details>
 <summary>Ad-Hoc examples</summary>
@@ -1507,10 +1507,10 @@ normalizes capitalization and hyphenation in header field names, so the
 **Accept-Encoding** header field can also be referred to as **\$header_Accept_Encoding**,
 **\$header_accept-encoding**, or **\$header_accept_encoding**.
 
-{{< note >}}
+{{< call-out "note" >}}
 With multiple argument instances (think **Color=Red&Color=Blue**),the rightmost
 one is used (**Blue**).
-{{< /note >}}
+{{< /call-out >}}
 
 At runtime, variables expand into dynamically computed values (at your risk!).
 The previous example targets an entire set of routes, picking individual
@@ -1713,9 +1713,9 @@ it to routing:
 }
 ```
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Avoid infinite loops when you **pass** requests back to **routes**.
-{{< /warning >}}
+{{< /call-out >}}
 
 This action normalizes the request URI and passes it to an application:
 
@@ -1907,7 +1907,7 @@ A **share**-based action provides the following options:
 {{</bootstrap-table>}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 To serve the files, Unit's router process must be able to access them;
 thus, the account this process runs as must have proper permissions
 [assigned]({{< relref "/unit/configuration.md#security-apps" >}}). When
@@ -1915,7 +1915,7 @@ Unit is installed from the [official packages]({{< relref
 "/unit/installation.md#installation-precomp-pkgs" >}}), the process runs
 as **unit:unit**; for details of other installation methods, see
 [installation]({{< relref "/unit/installation/">}}).
-{{< /note >}}
+{{< /call-out >}}
 
 Consider the following configuration:
 
@@ -1944,7 +1944,7 @@ resulting path. If this doesn't yield a servable file, a 404 "Not Found"
 response is returned.
 
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Before version 1.26.0, Unit used **share** as the document root. This was
 changed for flexibility, so now **share** must resolve to specific files.
 A common solution is to append **\$uri** to your document root.
@@ -1960,7 +1960,7 @@ Pre-1.26, the snippet above would've looked like this:
 Mind that URI paths always start with a slash, so there's no need to separate
 the directory from **\$uri**; even if you do, Unit compacts adjacent slashes
 during path resolution, so there won't be an issue.
-{{< /warning >}}
+{{< /call-out >}}
 
 If **share** is an array, its items are searched in order of appearance
 until a servable file is found:
@@ -2009,11 +2009,11 @@ curl http://localhost/ -v
    ...
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Unit's ETag response header fields use the **MTIME-FILESIZE** format, where
 **MTIME** stands for file modification timestamp and **FILESIZE** stands for
 file size in bytes, both in hexadecimal.
-{{< /note >}}
+{{< /call-out >}}
 
 ### MIME filtering {#configuration-share-mime}
 
@@ -2085,10 +2085,10 @@ If a share path specifies only the directory name, Unit *doesn't* apply MIME fil
 
 ### Path restrictions {#configuration-share-path}
 
-{{< note >}}
+{{< call-out "note" >}}
 To have these options, Unit must be built and run on a system with Linux kernel
 version 5.6+.
-{{< /note >}}
+{{< /call-out >}}
 
 The **chroot** option confines the path resolution within a share to a
 certain directory. First, it affects symbolic links: any attempts to go up
@@ -2504,9 +2504,9 @@ option of a route step [action]({{< relref "/unit/configuration.md#configuration
 As the example suggests, you can use UNIX, IPv4, and IPv6 socket addresses
 for proxy destinations.
 
-{{< note >}}
+{{< call-out "note" >}}
 The HTTPS scheme is not supported yet.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Load balancing {#configuration-upstreams}
 
@@ -2582,12 +2582,12 @@ Each app that Unit runs is defined as an object in the **/config/applications**
 section of the control API; it lists the app's language and settings, its
 runtime limits, process model, and various language-specific options.
 
-{{< note >}}
+{{< call-out "note" >}}
 Our official
 [language-specific packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}})
 include end-to-end examples of application configuration, available for your
 reference at **/usr/share/doc/\<module name>/examples/** after package installation.
-{{< /note >}}
+{{< /call-out >}}
 
 Here, Unit runs 20 processes of a PHP app called **blogs**, stored in the
 **/www/blogs/scripts/** directory:
@@ -2813,11 +2813,11 @@ echo 1G > /sys/fs/cgroup/staging/app/memory.high # cgroup's path set in Unit con
 For more details and possible options,refer to the
 [admin guide](https://docs.kernel.org/admin-guide/cgroup-v2.html).
 
-{{< note >}}
+{{< call-out "note" >}}
 To avoid confusion, mind that the **namespaces/cgroups** option
 controls the application's cgroup *namespace*; instead, the **cgroup/path** option
 specifies the cgroup where Unit puts the application.
-{{< /note >}}
+{{< /call-out >}}
 
 ##### Changing root directory {#conf-rootfs}
 
@@ -2845,7 +2845,7 @@ any path options for the app should be relative to the new root. Note the
 }
 ```
 
-{{< warning >}}
+{{< call-out "warning" >}}
 When using **rootfs** with **credential** set to **true**:
 
 ```json
@@ -2858,7 +2858,7 @@ When using **rootfs** with **credential** set to **true**:
 ```
 
 Ensure that the user the app *runs as* can access the **rootfs** directory.
-{{< /warning >}}
+{{< /call-out >}}
 
 Unit mounts language-specific files and directories to the new root
 so the app stays operational:
@@ -2987,11 +2987,11 @@ idles after 20 seconds:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For details of manual application process restart, see the
 [process management]({{< relref "/unit/configuration.md#configuration-proc-mgmt" >}})
 documentation.
-{{< /note >}}
+{{< /call-out >}}
 
 <a name="configuration-languages"></a>
 
@@ -3131,11 +3131,11 @@ you have:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For Go-based examples, see our [grafana]({{< relref "/unit/howto/apps/grafana/">}})
 howto or a basic
 [sample]({{< relref "/unit/howto/samples.md#sample-go" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Java {#configuration-java}
 
@@ -3174,7 +3174,7 @@ you have:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For Java-based examples, see our
 [Jira]({{< relref "/unit/howto/apps/jira/">}}),
 [OpenGrok]({{< relref "/unit/howto/apps/opengrok/">}}),
@@ -3182,7 +3182,7 @@ and
 [Springbook]({{< relref "/unit/howto/frameworks/springboot/">}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-java" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Node.js {#configuration-nodejs}
 
@@ -3296,7 +3296,7 @@ To use the WebSocket protocol, your app only needs to replace the default **webs
 var webSocketServer = require('unit-http/websocket').server;
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For Node.js-based examples, see our
 [apollo]({{< relref "/unit/howto/apps/apollo/">}}),
 [express]({{< relref "/unit/howto/frameworks/express/">}}),
@@ -3305,7 +3305,7 @@ and
 [Docker]({{< relref "/unit/howto/docker" >}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-nodejs" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Perl {#configuration-perl}
 
@@ -3337,7 +3337,7 @@ you have:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For Perl-based examples of Perl,
 see our
 [Bugzilla]({{< relref "/unit/howto/apps/bugzilla/">}})
@@ -3345,7 +3345,7 @@ and
 [Catalyst]({{< relref "/unit/howto/frameworks/catalyst/">}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-perl" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### PHP {#configuration-php}
 
@@ -3414,16 +3414,16 @@ it causes PHP to scan the directory preconfigured with the
 and then the directory you set here, which is **/tmp/php.inis/**.
 To skip the preconfigured directory, drop the **:** prefix.
 
-{{< note >}}
+{{< call-out "note" >}}
 Values in **options** must be strings (for example, **"max_file_uploads": "4"**,
 not **"max_file_uploads": 4**); for boolean flags, use **"0"** and **"1"** only.
 For details aof **PHP_INI\_\*** modes, see the
 [PHP docs](https://www.php.net/manual/en/configuration.changes.modes.php).
-{{< /note >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 Unit implements the **fastcgi_finish_request()** [function](https://www.php.net/manual/en/function.fastcgi-finish-request.php) in a manner similar to PHP-FPM.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Example:
 
@@ -3506,12 +3506,12 @@ in listeners and routes to serve requests:
 App-wide settings (**isolation**, **limits**, **options**, **processes**)
 are shared by all targets within the app.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 If you specify **targets**, there should be no **root**, **index**, or **script**
 defined at the app level.
-{{< /warning >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 For PHP-based examples, see our
 [CakePHP]({{< relref "/unit/howto/frameworks/cakephp/">}}),
 [CodeIgniter]({{< relref "/unit/howto/frameworks/codeigniter/">}}),
@@ -3532,7 +3532,7 @@ and
 [Yii]({{< relref "/unit/howto/frameworks/yii/">}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-php" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Python {#configuration-python}
 
@@ -3616,21 +3616,21 @@ async def application(scope, receive, send):
     })
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Legacy [two-callable](https://asgi.readthedocs.io/en/latest/specs/main.html#legacy-applications)
 ASGI 2.0 applications were not supported prior to Unit 1.21.0.
-{{< /note >}}
+{{< /call-out >}}
 
 Choose either one according to your needs; Unit tries to infer your choice automatically.
 If this inference fails, use the **protocol** option to set the interface explicitly.
 
-{{< note >}}
+{{< call-out "note" >}}
 The **prefix** option controls the **SCRIPT_NAME**
 ([WSGI](https://wsgi.readthedocs.io/en/latest/definitions.html))
 or **root_path**
 ([ASGI](https://asgi.readthedocs.io/en/latest/specs/www.html#http-connection-scope))
 setting in Python's context, allowing to route requests regardless of the app's factual path.
-{{< /note >}}
+{{< /call-out >}}
 
 
 #### Targets {#configuration-python-targets}
@@ -3692,13 +3692,13 @@ in listeners and routes to serve requests:
 The **home**, **path**, **protocol**, **threads**, and **thread_stack_size** settings
 are shared by all targets in the app.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 If you specify **targets**, there should be no **module** or **callable**
 defined at the app level. Moreover, you can't combine WSGI and ASGI targets
 within a single app.
-{{< /warning >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 For Python-based examples, see our
 [Bottle]({{< relref "/unit/howto/frameworks/bottle/">}}),
 [Datasette]({{< relref "/unit/howto/apps/datasette/">}}),
@@ -3723,7 +3723,7 @@ and
 [Zope]({{< relref "/unit/howto/frameworks/zope/">}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-python" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 
 ### Ruby {#configuration-ruby}
@@ -3731,14 +3731,14 @@ howtos or a basic
 First, make sure to install Unit along with the
 [Ruby language module]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}).
 
-{{< note >}}
+{{< call-out "note" >}}
 Unit uses the [Rack](https://rack.github.io) interface to run Ruby scripts;
 you need to have it installed as well:
 
 ```console
 $ gem install rack
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 Besides the
 [common options]({{< relref "/unit/configuration.md#configuration-apps-common" >}}),
@@ -3811,14 +3811,14 @@ end
 
 Use these hooks to add custom runtime logic to your app.
 
-{{< note >}}
+{{< call-out "note" >}}
 For Ruby-based examples, see our
 [Rails]({{< relref "/unit/howto/frameworks/rails/">}})
 and
 [Redmine]({{< relref "/unit/howto/apps/redmine/">}})
 howtos or a basic
 [sample]({{< relref "/unit/configuration.md#sample-ruby" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 
 ### WebAssembly {#configuration-wasm}
@@ -3877,19 +3877,19 @@ The `access` object has the following structure:
    }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 A good, first Rust-based project is available at
 [sunfishcode/hello-wasi-http](https://github.com/sunfishcode/hello-wasi-http).
 It also includes all the important steps to get started with WebAssembly, WASI, and Rust.
-{{< /note >}}
+{{< /call-out >}}
 {{%/tab%}}
 
 {{%tab name="unit-wasm"%}}
-{{< warning >}}
+{{< call-out "warning" >}}
 The `unit-wasm` module is deprecated. We recommend using `wasm-wasi-component`
 instead, which supports WebAssembly Components using standard WASI 0.2 interfaces.
 The `wasm-wasi-component` module is available in Unit 1.32 and later.
-{{< /warning >}}
+{{< /call-out >}}
 
 First, make sure to install Unit along with the
 [WebAssembly language module]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}).
@@ -3942,9 +3942,9 @@ Use these handlers to add custom runtime logic to your app; for a detailed
 discussion of their usage and requirements, see the
 [SDK](https://github.com/nginx/unit-wasm/) source code and documentation.
 
-{{< note >}}
+{{< call-out "note" >}}
 For WASM-based examples, see our [Rust and C samples]({{< relref "/unit/configuration.md#sample-wasm" >}}).
-{{< /note >}}
+{{< /call-out >}}
 {{%/tab%}}
 {{</tabs>}}
 
diff --git a/content/unit/controlapi.md b/content/unit/controlapi.md
index 14806b9d4..d1e57970c 100644
--- a/content/unit/controlapi.md
+++ b/content/unit/controlapi.md
@@ -70,10 +70,10 @@ are interchangeable as long as Unit version stays the same,
 so you can use a shortcut to replicate a Unit instance. Also, this works with the
 Docker [images]({{< relref "/unit/howto/docker.md" >}}).
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit's state can change its structure between versions
 and must not be edited by external means.
-{{< /warning >}}
+{{< /call-out >}}
 
 On the machine where the *reference* Unit instance runs,
 find out where the state is stored:
@@ -102,11 +102,11 @@ Stop both Unit instances, for example, running the following command as root:
 systemctl stop unit
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Stop and start commands may differ if Unit was installed from a
 [non-official]({{<relref "/unit/installation.md#installation-community-repos">}})
 repo or built from [source]({{<relref "/unit/installation.md#source">}}).
-{{< /note >}}
+{{< /call-out >}}
 
 Copy the reference state directory to the target state directory by arbitrary means;
 make sure to include subdirectories and hidden files.
@@ -151,9 +151,9 @@ port of the instance's
 
 ## Quick start {#configuration-quickstart}
 
-{{< note >}}
+{{< call-out "note" >}}
 Run the `curl` commands in this section as root.
-{{< /note >}}
+{{< /call-out >}}
 
 For a brief intro, we configure Unit to serve a static file.
 Suppose you saved this as **/www/data/index.html**:
@@ -250,11 +250,11 @@ members or indexes of its
 [JSON array](https://datatracker.ietf.org/doc/html/rfc8259#section-5)
 elements.
 
-{{< note >}}
+{{< call-out "note" >}}
 If you often configure Unit manually, JSON command-line tools such as
 [jq](https://stedolan.github.io/jq/) and [jo](https://jpmens.net/2016/03/05/a-shell-command-to-create-json-jo/) may
 come in handy.
-{{< /note >}}
+{{< /call-out >}}
 
 The API supports the following HTTP methods:
 
diff --git a/content/unit/howto/ansible.md b/content/unit/howto/ansible.md
index 7299d85b1..03465da57 100644
--- a/content/unit/howto/ansible.md
+++ b/content/unit/howto/ansible.md
@@ -10,13 +10,13 @@ Steampunk](https://steampunk.si) provides a number of Unit-related tasks
 that you can use with Ansible; some of them simplify installation and setup,
 while others provide common configuration steps.
 
-{{< note >}}
+{{< call-out "note" >}}
 Ansible 2.9+ required; the collection relies on official packages and
 supports Debian only.
 
 A brief intro by the collection's authors can be found [here](https://docs.steampunk.si/unit/quickstart.html); a behind-the-scenes
 blog post is [here](https://steampunk.si/blog/why-and-how-of-the-nginx-unit-ansible-collection/).
-{{< /note >}}
+{{< /call-out >}}
 
 First, install the collection:
 
diff --git a/content/unit/howto/apps/bugzilla.md b/content/unit/howto/apps/bugzilla.md
index e74ef0b9e..c19b3668e 100644
--- a/content/unit/howto/apps/bugzilla.md
+++ b/content/unit/howto/apps/bugzilla.md
@@ -16,10 +16,10 @@ Unit:
 3. Install Bugzilla`s [core files](https://bugzilla.readthedocs.io/en/latest/installing/linux.html#bugzilla).
    Here we install them at **/path/to/app**; use a real path in your configuration.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Unit uses [PSGI](https://metacpan.org/pod/PSGI) to run Perl
    applications; Bugzilla natively supports PSGI since version 5.1.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Change ownership:
 
diff --git a/content/unit/howto/apps/drupal.md b/content/unit/howto/apps/drupal.md
index 95e3bcf33..a6c96df07 100644
--- a/content/unit/howto/apps/drupal.md
+++ b/content/unit/howto/apps/drupal.md
@@ -138,7 +138,7 @@ Here we install them at **/path/to/app**; use a real path in your configuration.
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of
    the **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -146,7 +146,7 @@ Here we install them at **/path/to/app**; use a real path in your configuration.
      URI or **index.php** if the URI omits it.
    - The **index** target specifies the **script** that Unit
      runs for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
 6. Upload the updated configuration.
 
diff --git a/content/unit/howto/apps/grafana.md b/content/unit/howto/apps/grafana.md
index 2566314f5..626dc414f 100644
--- a/content/unit/howto/apps/grafana.md
+++ b/content/unit/howto/apps/grafana.md
@@ -142,14 +142,14 @@ to run on Unit.
    # chown unit:unit $GOPATH/bin/grafana-server  # User and group that Unit's router runs as by default | Path to the application's executable
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The **unit:unit** user-group pair is available only with
    [official packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}), Docker
    [images]({{< relref "/unit/installation.md#installation-docker" >}})
    , and some
    [third-party repos]({{< relref "/unit/installation.md#installation-community-repos" >}}).
    Otherwise, account names may differ; run the `ps aux | grep unitd` command to be sure.
-   {{< /note >}}
+   {{< /call-out >}}
 
    For further details, including permissions, see the
    [security checklist]({{< relref "/unit/howto/security.md#security-apps" >}}).
diff --git a/content/unit/howto/apps/jira.md b/content/unit/howto/apps/jira.md
index dea7e1284..d9af3774c 100644
--- a/content/unit/howto/apps/jira.md
+++ b/content/unit/howto/apps/jira.md
@@ -5,10 +5,10 @@ weight: 700
 nd-docs: DOCS-1725
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 This howto uses the 8.19.1 version; other versions may have different
 dependencies and options.
-{{< /note >}}
+{{< /call-out >}}
 
 To run [Atlassian Jira](https://www.atlassian.com/software/jira) using Unit:
 
@@ -153,10 +153,10 @@ To run [Atlassian Jira](https://www.atlassian.com/software/jira) using Unit:
    [Java application options]({{< relref "/unit/configuration.md#configuration-java" >}})
    for details.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    You can't update the configuration in Unit after startup due to Jira's
    own restrictions.
-   {{< /note >}}
+   {{< /call-out >}}
 
 7. Upload the updated configuration.
 
diff --git a/content/unit/howto/apps/mailman.md b/content/unit/howto/apps/mailman.md
index 29c81a255..a5f407493 100644
--- a/content/unit/howto/apps/mailman.md
+++ b/content/unit/howto/apps/mailman.md
@@ -28,14 +28,14 @@ To install and run the web UI for the [Mailman 3](https://docs.list.org/en/lates
    # chown -R unit:unit /opt/mailman/web/static/  # User and group that Unit's router runs as by default | Mailman's static file path
    ```
 
-  {{< note >}}
+  {{< call-out "note" >}}
    The **unit:unit** user-group pair is available only with
    [official packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}), Docker
    [images]({{< relref "/unit/installation.md#installation-docker" >}})
    , and some
    [third-party repos]({{< relref "/unit/installation.md#installation-community-repos" >}}).
    Otherwise, account names may differ; run the `ps aux | grep unitd` command to be sure.
-   {{< /note >}}
+   {{< /call-out >}}
 
    Alternatively, add Unit's unprivileged user account to Mailman's group so Unit
    can access the static files. Run the following command as root:
diff --git a/content/unit/howto/apps/mediawiki.md b/content/unit/howto/apps/mediawiki.md
index 539a97e82..069617f65 100644
--- a/content/unit/howto/apps/mediawiki.md
+++ b/content/unit/howto/apps/mediawiki.md
@@ -114,7 +114,7 @@ documentation platform using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -122,7 +122,7 @@ documentation platform using Unit:
      defaults to **index.php** if the w omits it.
    - The **index** target specifies the **script** that Unit runs
      for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
 5. Upload the updated configuration.
 
diff --git a/content/unit/howto/apps/moin.md b/content/unit/howto/apps/moin.md
index 44e43359e..1b7613376 100644
--- a/content/unit/howto/apps/moin.md
+++ b/content/unit/howto/apps/moin.md
@@ -5,20 +5,20 @@ weight: 1300
 nd-docs: DOCS-1732
 ---
 
-{{< warning >}}
+{{< call-out "warning" >}}
 So far, Unit doesn't support handling the **REMOTE_USER** headers directly, so
 authentication should be implemented via other means. For a
 full list of available authenticators, see [here](https://moinmo.in/HelpOnAuthentication).
-{{< /warning >}}
+{{< /call-out >}}
 
 To run the [MoinMoin](https://moinmo.in/MoinMoinWiki) wiki engine using Unit:
 
 1. Install [Unit]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}) with a Python 2 language module.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    As of now, MoinMoin [doesn't fully support](https://moinmo.in/Python3)
    Python 3. Mind that Python 2 is officially deprecated.
-   {{< /note >}}
+   {{< /call-out >}}
 
 2. Install and configure MoinMoin's [prerequisites](https://moinmo.in/MoinMoinDependencies)
 
diff --git a/content/unit/howto/apps/nextcloud.md b/content/unit/howto/apps/nextcloud.md
index 03287a00e..f1d7e8a12 100644
--- a/content/unit/howto/apps/nextcloud.md
+++ b/content/unit/howto/apps/nextcloud.md
@@ -15,7 +15,7 @@ platform using Unit:
 3. Install NextCloud's [core files](https://docs.nextcloud.com/server/latest/admin_manual/installation/command_line_installation.html). Here we install them at **/path/to/app**;
    use a real path in your configuration.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Verify the resulting settings in **/path/to/app/config/config.php**;
    in particular, check the [trusted domains](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains-label)
    to ensure the installation is accessible within your network:
@@ -27,7 +27,7 @@ platform using Unit:
      1 => '*.example.com',
    ),
    ```
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Change ownership:
 
@@ -162,7 +162,7 @@ platform using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -170,7 +170,7 @@ platform using Unit:
      defaults to **index.php** if the URI omits it.
    - Other targets specify the **script** that Unit runs for *any* URIs
      the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
 6. Upload the updated configuration.
 
diff --git a/content/unit/howto/apps/phpbb.md b/content/unit/howto/apps/phpbb.md
index 42171bbf2..eccbcb2a1 100644
--- a/content/unit/howto/apps/phpbb.md
+++ b/content/unit/howto/apps/phpbb.md
@@ -93,7 +93,7 @@ To run the [phpBB](https://www.phpbb.com) bulletin board using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -101,7 +101,7 @@ To run the [phpBB](https://www.phpbb.com) bulletin board using Unit:
      defaults to **index.php** if the URI omits it.
    - The **index** target specifies the **script** that Unit runs
      for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
 6. Upload the updated configuration.
 
diff --git a/content/unit/howto/apps/phpmyadmin.md b/content/unit/howto/apps/phpmyadmin.md
index cebf258fe..d0b547bc9 100644
--- a/content/unit/howto/apps/phpmyadmin.md
+++ b/content/unit/howto/apps/phpmyadmin.md
@@ -14,10 +14,10 @@ To run the [phpMyAdmin](https://www.phpmyadmin.net) web tool using Unit:
 3. Install phpMyAdmin's [core files](https://docs.phpmyadmin.net/en/latest/setup.html#quick-install-1). Here we install them at **/path/to/app**;
    use a real path in your configuration.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Make sure to create the **config.inc.php** file [manually](https://docs.phpmyadmin.net/en/latest/setup.html#manually-creating-the-file)
    or using the [setup script](https://docs.phpmyadmin.net/en/latest/setup.html#using-the-setup-script).
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Change ownership:
 
diff --git a/content/unit/howto/apps/plone.md b/content/unit/howto/apps/plone.md
index b4da7d9df..1ec058775 100644
--- a/content/unit/howto/apps/plone.md
+++ b/content/unit/howto/apps/plone.md
@@ -32,13 +32,13 @@ To run the [Plone](https://plone.org) content management system using Unit:
                   standalone
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Plone's [Zope](https://plone.org/what-is-plone/zope) instance and
    virtual environment are created in the **zinstance/** subdirectory;
    later, the resulting path is used to configure Unit, so take care to note
    it in your setup. Also, make sure the Python version specified with
    `--with-python` matches the module version from Step 1.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. To run Plone on Unit, add a new configuration file named
    **/path/to/app/zinstance/wsgi.cfg**:
diff --git a/content/unit/howto/apps/reviewboard.md b/content/unit/howto/apps/reviewboard.md
index e4240bb56..ed4156046 100644
--- a/content/unit/howto/apps/reviewboard.md
+++ b/content/unit/howto/apps/reviewboard.md
@@ -11,9 +11,9 @@ To run the [Review Board](https://www.reviewboard.org) code review tool using Un
 
 2. Install and configure Review Board's [prerequisites](https://www.reviewboard.org/docs/manual/dev/admin/installation/linux/#before-you-begin)
 
-   {{< note >}}
+   {{< call-out "note" >}}
    We'll use Unit as the web server, so you can skip the corresponding step.
-   {{< /note >}}
+   {{< /call-out >}}
 
 3. Install the [core files](https://www.reviewboard.org/docs/manual/dev/admin/installation/linux/#installing-review-board)
    and create a [site](https://www.reviewboard.org/docs/manual/dev/admin/installation/creating-sites/).
diff --git a/content/unit/howto/apps/trac.md b/content/unit/howto/apps/trac.md
index 60ad67498..3a052dd9e 100644
--- a/content/unit/howto/apps/trac.md
+++ b/content/unit/howto/apps/trac.md
@@ -5,22 +5,22 @@ weight: 2200
 nd-docs: DOCS-1729
 ---
 
-{{< warning >}}
+{{< call-out "warning" >}}
 So far, Unit doesn't support handling the **REMOTE_USER** headers
 directly, so authentication should be implemented via external means. For
 example, consider using [trac-oidc](https://pypi.org/project/trac-oidc/) or
 [OAuth2Plugin](https://trac-hacks.org/wiki/OAuth2Plugin).
-{{< /warning >}}
+{{< /call-out >}}
 
 To run the [Trac](https://trac.edgewall.org) issue tracking system using
 Unit:
 
 1. Install [Unit]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}) with a Python 2 language module.
 
-   {{< note >}}
+   {{< call-out "note" >}}
    As of now, Trac [doesn't fully support](https://trac.edgewall.org/ticket/12130) Python 3. Mind that Python 2
    is officially deprecated.
-   {{< /note >}}
+   {{< /call-out >}}
 
 2. Prepare and activate a [virtual environment](https://virtualenv.pypa.io/en/latest/) to contain your installation
    (assuming `virtualenv` is installed):
diff --git a/content/unit/howto/apps/wordpress.md b/content/unit/howto/apps/wordpress.md
index 15278f44f..0bf4d0160 100644
--- a/content/unit/howto/apps/wordpress.md
+++ b/content/unit/howto/apps/wordpress.md
@@ -5,10 +5,10 @@ weight: 2300
 nd-docs: DOCS-1737
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 For a more specific walkthrough that includes SSL setup and NGINX as a
 proxy, see our [blog post](https://www.nginx.com/blog/automating-installation-wordpress-with-nginx-unit-on-ubuntu/).
-{{< /note >}}
+{{< /call-out >}}
 
 To run the [WordPress](https://wordpress.org) content management system
 using Unit:
@@ -78,7 +78,7 @@ using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -86,7 +86,7 @@ using Unit:
      defaults to **index.php** if the URI omits it.
    - The **index** target specifies the **script** that Unit runs
      for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
 7. Upload the updated configuration.
 
@@ -97,7 +97,7 @@ using Unit:
 
    ![WordPress on Unit - Setup Screen](/unit/images/wordpress.png)
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The resulting URI scheme will affect your WordPress configuration; updates
    may require [extra steps](https://wordpress.org/support/article/changing-the-site-url/).
-   {{< /note >}}
+   {{< /call-out >}}
diff --git a/content/unit/howto/certbot.md b/content/unit/howto/certbot.md
index 97cc0d3be..59dc959bb 100644
--- a/content/unit/howto/certbot.md
+++ b/content/unit/howto/certbot.md
@@ -12,10 +12,10 @@ advisable to obtain certificates for your website from a certificate authority
 (CA). For this purpose, you may employ EFF's [Certbot](https://certbot.eff.org) that issues free certificates signed by [Let's
 Encrypt](https://letsencrypt.org), a non-profit CA.
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Generating certificates
 
@@ -93,10 +93,10 @@ with superuser privileges.
 
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Certbot offers other validation methods ([authenticators](https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins))
    as well, but they're omitted here for brevity.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Create a certificate bundle fit for Unit and upload it to the
    **certificates** section of Unit's
@@ -208,10 +208,10 @@ For manual renewal and rollover:
          'http://localhost/config/listeners/*:443/tls/certificate'  # Listener's name in Unit's configuration
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    There's no need to shut Unit down; your server can stay online during the
    rollover.
-   {{< /note >}}
+   {{< /call-out >}}
 
 3. Delete the expired bundle:
 
@@ -276,9 +276,9 @@ For manual renewal and rollover:
    Unit does the rest of the job, automatically figuring out which bundle to
    produce for each incoming connection to both domain names.
 
-{{< note >}}
+{{< call-out "note" >}}
 Currently, Certbot doesn't have [installer plugins](https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins)
 that enable automatic certificate rollover in Unit. However, you can set up
 Certbot's [hooks](https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates)
 using the commands listed here to the same effect.
-{{< /note >}}
+{{< /call-out >}}
diff --git a/content/unit/howto/docker.md b/content/unit/howto/docker.md
index 8bd6da4cd..c72dabf40 100644
--- a/content/unit/howto/docker.md
+++ b/content/unit/howto/docker.md
@@ -40,7 +40,7 @@ container-mounted directory on the host; if the file defines a listener on port
 details of the Unit configuration, see
 [Configuration]({{< relref "/unit/controlapi.md#configuration-api" >}}).
 
-{{< note >}}
+{{< call-out "note" >}}
 For app containerization examples, refer to our sample [<i class="fa-solid fa-download" style="margin-right: 0.2;"></i> Go](/unit/downloads/Dockerfile.go.txt),
 [<i class="fa-solid fa-download" style="margin-right: 0.2;"></i> Java](/unit/downloads/Dockerfile.java.txt),
 [<i class="fa-solid fa-download" style="margin-right: 0.2;"></i> Node.js](/unit/downloads/Dockerfile.nodejs.txt),
@@ -50,7 +50,7 @@ For app containerization examples, refer to our sample [<i class="fa-solid fa-do
 and [<i class="fa-solid fa-download" style="margin-right: 0.2;"></i> Ruby](/unit/downloads/Dockerfile.ruby.txt) Dockerfiles;
 also, see a more elaborate discussion
 [below]({{< relref "/unit/howto/docker.md#docker-apps" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 Now for a few detailed scenarios.
 
@@ -175,11 +175,11 @@ $ export UNIT=$(                                                         \
   )
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 With this mapping, Unit stores its state and log in your file structure. By
 default, our Docker images forward their log output to the [Docker log
 collector](https://docs.docker.com/config/containers/logging/).
-{{< /note >}}
+{{< /call-out >}}
 
 We've mapped the source **config/** to **/docker-entrypoint.d/** in the
 container; the official image
@@ -301,9 +301,9 @@ myapp/
 └── config.json
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Don't forget to `chmod +x` the **app.js** file so Unit can run it.
-{{< /note >}}
+{{< /call-out >}}
 
 Let's prepare a **Dockerfile** to install and configure the app in an
 image:
@@ -344,7 +344,7 @@ $ curl -X GET localhost:8080
      Hello, Unit!
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This mechanism allows to initialize Unit at container startup only if its
 state is empty; otherwise, the contents of **/docker-entrypoint.d/** is
 ignored. Continuing the previous sample:
@@ -366,7 +366,7 @@ $ export UNIT=$(
 Here, Unit *does not* pick up the **new-config.json** from the
 **/docker-entrypoint.d/** directory when we run a container from the
 updated image because Unit's state was initialized and saved earlier.
-{{< /note >}}
+{{< /call-out >}}
 
 To configure the app after startup, supply a file or an explicit snippet via
 the [control API]({{< relref "/unit/controlapi.md" >}}):
diff --git a/content/unit/howto/frameworks/bottle.md b/content/unit/howto/frameworks/bottle.md
index bc1c65d1b..622e00362 100644
--- a/content/unit/howto/frameworks/bottle.md
+++ b/content/unit/howto/frameworks/bottle.md
@@ -24,13 +24,13 @@ framework using Unit:
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try an updated version of the [quickstart app](https://bottlepy.org/docs/dev/tutorial.html#the-default-application),
    saving it as **/path/to/app/wsgi.py**:
diff --git a/content/unit/howto/frameworks/cakephp.md b/content/unit/howto/frameworks/cakephp.md
index aa06ecf87..62b355e5d 100644
--- a/content/unit/howto/frameworks/cakephp.md
+++ b/content/unit/howto/frameworks/cakephp.md
@@ -85,7 +85,7 @@ To run apps based on the [CakePHP](https://cakephp.org) framework using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -93,7 +93,7 @@ To run apps based on the [CakePHP](https://cakephp.org) framework using Unit:
      defaults to **index.php** if the URI omits it.
    - The **index** target specifies the **script** that Unit runs
      for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
    For a detailed discussion, see [Fire It Up](https://book.cakephp.org/4/en/installation.html#fire-it-up) in CakePHP   docs.
 
diff --git a/content/unit/howto/frameworks/django.md b/content/unit/howto/frameworks/django.md
index 8fb569612..22f68b7fd 100644
--- a/content/unit/howto/frameworks/django.md
+++ b/content/unit/howto/frameworks/django.md
@@ -110,9 +110,9 @@ using Unit:
    {{% /tab %}}
    {{% tab name="ASGI" %}}
 
-   {{< note >}}
+   {{< call-out "note" >}}
    ASGI requires Python 3.5+ and Django 3.0+.
-   {{< /note >}}
+   {{< /call-out >}}
 
    ```json
    {
diff --git a/content/unit/howto/frameworks/falcon.md b/content/unit/howto/frameworks/falcon.md
index 620a2c684..c62fcda11 100644
--- a/content/unit/howto/frameworks/falcon.md
+++ b/content/unit/howto/frameworks/falcon.md
@@ -25,13 +25,13 @@ web framework using Unit:
    ```
 
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try an updated version of the [quickstart app](https://falcon.readthedocs.io/en/stable/user/quickstart.html):
 
diff --git a/content/unit/howto/frameworks/fastapi.md b/content/unit/howto/frameworks/fastapi.md
index 6d7c41cb0..bcb9196ec 100644
--- a/content/unit/howto/frameworks/fastapi.md
+++ b/content/unit/howto/frameworks/fastapi.md
@@ -23,13 +23,13 @@ To run apps built with the [FastAPI](https://fastapi.tiangolo.com) web framework
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try a version of a [tutorial app](https://fastapi.tiangolo.com/tutorial/first-steps/),
    saving it as **/path/to/app/asgi.py**:
@@ -44,7 +44,7 @@ To run apps built with the [FastAPI](https://fastapi.tiangolo.com) web framework
        return {"message": "Hello, World!"}
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    For something more true-to-life, try the
    [RealWorld example app](https://github.com/nsidnev/fastapi-realworld-example-app); just
    install all its dependencies in the same virtual environment where you've
@@ -52,7 +52,7 @@ To run apps built with the [FastAPI](https://fastapi.tiangolo.com) web framework
    <configuration-apps-common>` like **DB_CONNECTION** or
    **SECRET_KEY** directly to the app configuration in Unit instead of
    the **.env** file.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Change ownership:
 
diff --git a/content/unit/howto/frameworks/flask.md b/content/unit/howto/frameworks/flask.md
index 567005083..778ee292f 100644
--- a/content/unit/howto/frameworks/flask.md
+++ b/content/unit/howto/frameworks/flask.md
@@ -23,13 +23,13 @@ To run apps built with the [Flask](https://flask.palletsprojects.com/en/1.1.x/)
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try a basic version of the [quickstart app](https://flask.palletsprojects.com/en/1.1.x/quickstart/),
    saving it as **/path/to/app/wsgi.py**:
diff --git a/content/unit/howto/frameworks/guillotina.md b/content/unit/howto/frameworks/guillotina.md
index 58b00e2fc..547caba35 100644
--- a/content/unit/howto/frameworks/guillotina.md
+++ b/content/unit/howto/frameworks/guillotina.md
@@ -23,13 +23,13 @@ To run apps built with the [Guillotina](https://guillotina.readthedocs.io/en/lat
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try a version of the [tutorial app](https://guillotina.readthedocs.io/en/latest/#build-a-guillotina-app),
    saving it as **/path/to/app/asgi.py**:
diff --git a/content/unit/howto/frameworks/laravel.md b/content/unit/howto/frameworks/laravel.md
index 1f98e8681..50b9d44c2 100644
--- a/content/unit/howto/frameworks/laravel.md
+++ b/content/unit/howto/frameworks/laravel.md
@@ -26,9 +26,9 @@ To run apps based on the [Laravel](https://laravel.com) framework using Unit:
 
    {{< include "unit/howto_change_ownership.md" >}}
 
-   {{< note >}}
+   {{< call-out "note" >}}
    See the Laravel docs for further details on [directory structure](https://laravel.com/docs/structure).
-   {{< /note >}}
+   {{< /call-out >}}
 
 5. Next, [prepare]({{< relref "/unit/configuration.md#configuration-php" >}}) the Laravel configuration for
    Unit (use real values for **share** and **root**):
diff --git a/content/unit/howto/frameworks/pyramid.md b/content/unit/howto/frameworks/pyramid.md
index 1d7c00908..36166b179 100644
--- a/content/unit/howto/frameworks/pyramid.md
+++ b/content/unit/howto/frameworks/pyramid.md
@@ -23,18 +23,18 @@ using Unit:
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Here, **\$VENV** isn't set because Unit picks up the virtual
    environment from **home** in Step 5.
-   {{< /note >}}
+   {{< /call-out >}}
 
 3. Let's see how the apps from the Pyramid
    [tutorial](https://docs.pylonsproject.org/projects/pyramid/en/latest/quick_tutorial)
diff --git a/content/unit/howto/frameworks/quart.md b/content/unit/howto/frameworks/quart.md
index 61c1a84b9..81368a71d 100644
--- a/content/unit/howto/frameworks/quart.md
+++ b/content/unit/howto/frameworks/quart.md
@@ -24,13 +24,13 @@ To run apps built with the [Quart](https://pgjones.gitlab.io/quart/index.html) w
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 
 3. Let's try a WebSocket-enabled version of a
diff --git a/content/unit/howto/frameworks/responder.md b/content/unit/howto/frameworks/responder.md
index 490521d55..7662c8085 100644
--- a/content/unit/howto/frameworks/responder.md
+++ b/content/unit/howto/frameworks/responder.md
@@ -25,13 +25,13 @@ for instance:
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 
 3. Let's try a Unit-friendly version of a [tutorial app](https://responder.kennethreitz.org/quickstart.html#declare-a-web-service),
diff --git a/content/unit/howto/frameworks/springboot.md b/content/unit/howto/frameworks/springboot.md
index 40239e937..ba55ca0a8 100644
--- a/content/unit/howto/frameworks/springboot.md
+++ b/content/unit/howto/frameworks/springboot.md
@@ -14,9 +14,9 @@ To run apps based on the [Spring Boot](https://spring.io/projects/spring-boot) f
 
    ![Spring Initializr - Project Setup Screen](/unit/images/springboot.png)
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Choose the same Java version that your Unit language module has.
-   {{< /note >}}
+   {{< /call-out >}}
 
    Download and extract the project files where you need them:
 
@@ -75,11 +75,11 @@ To run apps based on the [Spring Boot](https://spring.io/projects/spring-boot) f
    $ ./mvnw package
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    By default, Gradle puts the **.war** file in the **build/libs/**
    subdirectory, while Maven uses **target/**; note your path for later
    use in Unit configuration.
-   {{< /note >}}
+   {{< /call-out >}}
 
 3. Change ownership:
 
diff --git a/content/unit/howto/frameworks/starlette.md b/content/unit/howto/frameworks/starlette.md
index e73d99a49..7f1f288a7 100644
--- a/content/unit/howto/frameworks/starlette.md
+++ b/content/unit/howto/frameworks/starlette.md
@@ -26,13 +26,13 @@ framework using Unit:
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches the
    language module from Step 1 up to the minor number (**X.Y** in
    this example). Also, the app **type** in Step 5 must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. Let's try a version of a [tutorial app](https://www.starlette.io/applications/),
    saving it as **/path/to/app/asgi.py**:
@@ -73,11 +73,11 @@ framework using Unit:
    app = Starlette(debug=True, routes=routes, on_startup=[startup])
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    This sample omits the static route because Unit's quite
    [capable]({{< relref "/unit/configuration.md#configuration-static" >}})
    of serving static files itself if needed.
-   {{< /note >}}
+   {{< /call-out >}}
 
 4. Change ownership:
 
diff --git a/content/unit/howto/frameworks/symfony.md b/content/unit/howto/frameworks/symfony.md
index 8e8c7569c..1517a9418 100644
--- a/content/unit/howto/frameworks/symfony.md
+++ b/content/unit/howto/frameworks/symfony.md
@@ -84,7 +84,7 @@ To run apps built with the [Symfony](https://symfony.com) framework using Unit:
    }
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    The difference between the **pass** targets is their usage of the
    **script** [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
 
@@ -92,7 +92,7 @@ To run apps built with the [Symfony](https://symfony.com) framework using Unit:
      defaults to **index.php** if the URI omits it.
    - The **index** target specifies the **script** that Unit runs
      for *any* URIs the target receives.
-   {{< /note >}}
+   {{< /call-out >}}
 
    For a detailed discussion, see [Configuring a Web Server](https://symfony.com/doc/current/setup/web_server_configuration.html) in
    Symfony docs.
diff --git a/content/unit/howto/frameworks/yii.md b/content/unit/howto/frameworks/yii.md
index 21191982f..c28570b3a 100644
--- a/content/unit/howto/frameworks/yii.md
+++ b/content/unit/howto/frameworks/yii.md
@@ -95,7 +95,7 @@ versions 1.1 or 2.0 using Unit:
    For a detailed discussion, see [Configuring Web Servers](https://www.yiiframework.com/doc/guide/2.0/en/start-installation#configuring-web-servers)
    and [Running Applications](https://www.yiiframework.com/doc/guide/2.0/en/start-workflow) in Yii 2.0 docs.
 
-{{< note >}}
+{{< call-out "note" >}}
    The difference between the **pass** targets is their usage of
    the **script**
    [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
@@ -105,7 +105,7 @@ versions 1.1 or 2.0 using Unit:
 
    - The **index** target specifies the **script** that Unit
    runs for *any* URIs the target receives.
-{{< /note >}}
+{{< /call-out >}}
 
 
 5. Upload the updated configuration.
@@ -197,7 +197,7 @@ Yii and create or deploy your app.
 
    For a detailed discussion, see Yii 1.1 [docs](https://www.yiiframework.com/doc/guide/1.1/en/quickstart.first-app).
 
-{{< note >}}
+{{< call-out "note" >}}
 The difference between the **pass** targets is their usage of
 the **script**
 [setting]({{< relref "/unit/configuration.md#configuration-php" >}}):
@@ -207,7 +207,7 @@ the **script**
 
 - The **index** target specifies the **script** that Unit
    runs for *any* URIs the target receives.
-{{< /note >}}
+{{< /call-out >}}
 
 4. Upload the updated configuration.
 
diff --git a/content/unit/howto/frameworks/zope.md b/content/unit/howto/frameworks/zope.md
index ad36dee53..fc71feb7b 100644
--- a/content/unit/howto/frameworks/zope.md
+++ b/content/unit/howto/frameworks/zope.md
@@ -135,14 +135,14 @@ Unit:
    $ deactivate
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    Create your virtual environment with a Python version that matches
    the language module from Step 1 up to the minor number
    (**3.Y** in this example).  Also, the app **type** in Unit
    configuration must
    [resolve]({{< relref "/unit/configuration.md#configuration-apps-common" >}})
    to a similarly matching version; Unit doesn't infer it from the environment.
-   {{< /warning >}}
+   {{< /call-out >}}
 
    After installation, create your Zope [instance](https://zope.readthedocs.io/en/latest/operation.html#creating-a-zope-instance):
 
diff --git a/content/unit/howto/integration.md b/content/unit/howto/integration.md
index 88871eb36..506c5c822 100644
--- a/content/unit/howto/integration.md
+++ b/content/unit/howto/integration.md
@@ -82,10 +82,10 @@ By default, Unit exposes its
 via a UNIX domain socket. These sockets aren't network accessible, so the API is
 local only. To enable secure remote access, you can use NGINX as a reverse proxy.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Avoid exposing an unprotected control socket to public networks. Use NGINX
 or a different solution such as SSH for security and authentication.
-{{< /warning >}}
+{{< /call-out >}}
 
 Use this configuration template for NGINX (replace placeholders in
 **ssl_certificate**, **ssl_certificate_key**,
diff --git a/content/unit/howto/modules.md b/content/unit/howto/modules.md
index addd8cb69..78b9277bb 100644
--- a/content/unit/howto/modules.md
+++ b/content/unit/howto/modules.md
@@ -16,10 +16,10 @@ Languages supported by Unit fall into these two categories:
 
 For any specific language and its version, Unit needs a language module.
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## External language modules {#modules-ext}
 
@@ -110,13 +110,13 @@ Here, we are packaging a custom PHP 7.3
 to be installed next to the official Unit package;
 adjust the command samples as needed to fit your scenario.
 
-{{< note >}}
+{{< call-out "note" >}}
 For details of building Unit language modules, see the source code
 [now-to]({{< relref "/unit/howto/source.md#source-modules" >}}); it also describes building
 [Unit]({{< relref "/unit/howto/source.md" >}}) itself.
 For more packaging examples, see our package
 [sources](https://github.com/nginx/unit/tree/master/pkg).
-{{< /note >}}
+{{< /call-out >}}
 
 
 <a name="modules-deb"></a>
diff --git a/content/unit/howto/samples.md b/content/unit/howto/samples.md
index cabac4c07..220602afc 100644
--- a/content/unit/howto/samples.md
+++ b/content/unit/howto/samples.md
@@ -6,14 +6,14 @@ nd-docs: DOCS-1714
 ---
 
 
-{{< note >}}
+{{< call-out "note" >}}
 These steps assume Unit was already
 [installed]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}})
 with the language module for each app.
 
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Go {#sample-go}
 
@@ -292,11 +292,11 @@ or use a more elaborate app example:
    }).listen()
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 You can run a version of the same app
 [without]({{< relref "/unit/configuration.md#configuration-nodejs-loader" >}})
 requiring the **unit-http** module explicitly.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Perl {#sample-perl}
 
@@ -657,22 +657,22 @@ $ curl http://localhost:8080
 {{% /tab %}}
 {{% tab name="unit-wasm" %}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit 1.32.0 and later support the WebAssembly component
 Model and WASI 0.2 APIs.
 We recommend to use the new implementation.
-{{< /warning >}}
+{{< /call-out >}}
 
 Instead of dealing with bytecode, let's build a Unit-capable
 Rust app and compile it into WebAssembly.
 
-{{< note >}}
+{{< call-out "note" >}}
 Currently, WebAssembly support is provided as a Technology Preview.
 This includes support for compiling Rust and C code into Unit-compatible WebAssembly,
 using our SDK in the form of the the `libunit-wasm` library.
 For details, see our `unit-wasm` [repository](https://github.com/nginx/unit-wasm)
 on GitHub.
-{{< /note >}}
+{{< /call-out >}}
 
 First, install the WebAssembly-specific Rust tooling:
 
@@ -788,7 +788,7 @@ $ make WASI_SYSROOT=/path/to/wasi-sysroot/ examples       # C examples
 $ make WASI_SYSROOT=/path/to/wasi-sysroot/  examples-rust  # Rust examples
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 If the above commands fail like this:
 
 ```console
@@ -817,7 +817,7 @@ $ clang -print-runtime-dir         # Double-check the run-time directory, which
 # cp lib/wasi/libclang_rt.builtins-wasm32.a /path/to/runtime/dir/wasi/
 ```
 
-{{< /note >}}
+{{< /call-out >}}
 
 {{% /tab %}}
 {{< /tabs >}}
diff --git a/content/unit/howto/security.md b/content/unit/howto/security.md
index d16c50c28..82a0a334a 100644
--- a/content/unit/howto/security.md
+++ b/content/unit/howto/security.md
@@ -13,10 +13,10 @@ configuration, and maintenance.
 This guide lists the steps to protect your Unit from installation to individual
 app configuration.
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Update Unit regularly {#security-update}
 
@@ -392,13 +392,13 @@ they're writable for the app alone:
 
    ```
 
-   {{< note >}}
+   {{< call-out "note" >}}
    Usually, apps store and update their data outside the app code
    directories, but some apps may mix code and data.  In such a case,
    assign permissions on an individual basis, making sure you understand
    how the app uses each file or directory: is it code, read-only
    content, or writable data.
-   {{< /note >}}
+   {{< /call-out >}}
 
 1. For [embedded]({{< relref "/unit/howto/modules.md#modules-emb" >}})
    apps, it's usually enough to make the
@@ -517,10 +517,10 @@ they're writable for the app alone:
       }
    ```
 
-{{< note >}}
+{{< call-out "note" >}}
 As usual with permissions, different steps may be required if you use
 ACLs.
-{{< /note >}}
+{{< /call-out >}}
 </details>
 
 <details>
@@ -747,10 +747,10 @@ settings accordingly:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 As usual with permissions, different steps may be required if you use
 ACLs.
-{{< /note >}}
+{{< /call-out >}}
 
 </details>
 
diff --git a/content/unit/howto/source.md b/content/unit/howto/source.md
index b923eb5aa..7eb5afe63 100644
--- a/content/unit/howto/source.md
+++ b/content/unit/howto/source.md
@@ -9,10 +9,10 @@ After you've obtained Unit's
 [source code]({{< relref "/unit/installation.md#source" >}}), configure
 and compile it to fine-tune and run a custom Unit build.
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Installing Required Software {#source-prereq-build}
 
@@ -301,11 +301,11 @@ for further instructions.
 {{% /tab %}}
 {{% tab name="unit-wasm" %}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 The **unit-wasm** module is deprecated. We recommend using **wasm-wasi-component** instead,
 available in Unit 1.32.0 and later, which supports WebAssembly Components using
 standard WASI 0.2 interfaces.
-{{< /warning >}}
+{{< /call-out >}}
 
 To build Unit with the [WebAssembly](https://webassembly.org)
 language module, you need the [Wasmtime](https://wasmtime.dev) runtime.
@@ -479,11 +479,11 @@ Next, configure a module for each language you want to use with Unit. The
 `./configure <language>` commands set up individual language modules
 and place module-specific instructions in the **Makefile**.
 
-{{< note >}}
+{{< call-out "note" >}}
 To run apps in several versions of a language, build and install a module
 for each version. To package custom modules, see the module
 [howto]({{< relref "/unit/howto/modules.md#modules-pkg" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 {{< tabs name="modules" >}}
 {{% tab name="Go" %}}
@@ -505,7 +505,7 @@ it in your Go environment. Available configuration options:
 {{</bootstrap-table>}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 Running `./configure go` doesn't alter the `GOPATH`
 [environment variable](https://github.com/golang/go/wiki/GOPATH), so
 configure-time `--go-path` and compile-time `$GOPATH`
@@ -514,7 +514,7 @@ must be coherent for Go to find the resulting package.
 ```console
 $ GOPATH=<Go package installation path> GO111MODULE=auto go build -o app app.go # App executable name and source code>`
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 {{% /tab %}}
 {{% tab name="Java" %}}
@@ -632,10 +632,10 @@ Available command options:
 {{</bootstrap-table>}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 The Python interpreter set by `python-config` must be
 compiled with the `--enable-shared` [option](https://docs.python.org/3/using/configure.html#linker-options).
-{{< /note >}}
+{{< /call-out >}}
 
 To configure a module called **py33.unit.so** for Python 3.3:
 
@@ -678,11 +678,11 @@ The module's basename is wasm-wasi-component.
 {{% /tab %}}
 {{% tab name="Unit-Wasm" %}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit 1.32.0 and later support the WebAssembly Component Model and WASI
 0.2 APIs.
 We recommend using the new implementation.
-{{< /warning >}}
+{{< /call-out >}}
 
 When you run `./configure wasm`, the script configures a module
 to support running WebAssembly applications on Unit.
@@ -746,10 +746,10 @@ You can also build and install language modules individually; the specific
 method depends on whether the language module is embedded in Unit (Java, Perl,
 PHP, Python, Ruby) or packaged externally (Go, Node.js).
 
-{{< note >}}
+{{< call-out "note" >}}
 For further details about Unit's language modules, see
 [Working with language modules]({{< relref "/unit/howto/modules.md" >}})
-{{< /note >}}
+{{< /call-out >}}
 
 ### Embedded Language Modules {#source-bld-src-emb}
 
@@ -778,7 +778,7 @@ configuration, run `make <go>-install` and `make <node>-install`, for example:
 # make node-install # This is the --node option value from ./configure nodejs
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 To install the Node.js module locally, run `make <node>-local-install`:
 
 ```console
@@ -796,7 +796,7 @@ If both options are specified, `DESTDIR` prefixes the
 `--local` value set by `./configure nodejs`.
 
 Finally, mind that global installation is preferable for the Node.js module.
-{{< /note >}}
+{{< /call-out >}}
 
 If you customized the executable pathname with `--go` or `--node`, use the
 following pattern:
@@ -819,7 +819,7 @@ $ ./configure go --go=/usr/local/bin/go1.7 # Executable pathname
 
 ## Startup and Shutdown {#source-startup}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 We advise installing Unit from
 [precompiled packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}});
 in this case, startup is
@@ -829,7 +829,7 @@ automatically.
 Even if you install Unit otherwise, avoid manual startup. Instead, configure a
 service manager (`OpenRC`, `systemd`, and so on) or create an `rc.d` script to
 launch the Unit daemon using the options below.
-{{< /warning >}}
+{{< /call-out >}}
 
 The startup command depends on the directories you set with `./configure`, but
 their default values place the `unitd` binary in a well-known place, so:
diff --git a/content/unit/installation.md b/content/unit/installation.md
index dda25f2d8..78bdaeb8c 100644
--- a/content/unit/installation.md
+++ b/content/unit/installation.md
@@ -20,10 +20,10 @@ You can install NGINX Unit in four alternative ways:
   install the [toolchain]({{< relref "/unit/howto/source.md#source-prereq-build" >}}),
   and [build]({{< relref "/unit/howto/source.md#source-config-src" >}}) a custom binary from scratch; just make sure you know what you're doing.
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Prerequisites {#source-prereqs}
 
@@ -90,10 +90,10 @@ We also maintain a Homebrew [tap]({{< relref "/unit/installation.md#installation
 macOS users and a [module]({{< relref "/unit/installation.md#installation-nodejs-package" >}}) for Node.js
 at the [npm](https://www.npmjs.com/package/unit-http) registry.
 
-{{< note >}}
+{{< call-out "note" >}}
 For details of packaging custom modules that install alongside the official Unit,
 see [here]({{< relref "/unit/howto/modules.md#modules-pkg" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ### Repository installation script {#repo-install}
 
@@ -212,10 +212,10 @@ Supported architecture: x86-64.
 
 {{%tab name="AMI"%}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit's 1.22+ packages aren't built for Amazon Linux AMI. This distribution is
 obsolete; please update.
-{{< /warning >}}
+{{< /call-out >}}
 
 Supported architecture: x86-64.
 
@@ -416,10 +416,10 @@ Supported architecture: x86-64.
 
 ### RHEL and derivatives {#installation-precomp-rhel}
 
-{{< note >}}
+{{< call-out "note" >}}
 Use these steps for binary-compatible distributions: AlmaLinux, CentOS,
 Oracle Linux, or Rocky Linux.
-{{< /note >}}
+{{< /call-out >}}
 
 {{<tabs name="RHEL and derivatives">}}
 {{%tab name="9.x"%}}
@@ -510,7 +510,7 @@ Supported architecture: x86-64.
 
 ---
 
-{{< note >}}Use these steps for binary-compatible distributions: AlmaLinux, CentOS, Oracle Linux, or Rocky Linux.{{< /note >}}
+{{< call-out "note" >}}Use these steps for binary-compatible distributions: AlmaLinux, CentOS, Oracle Linux, or Rocky Linux.{{< /call-out >}}
 
 ---
 
@@ -675,10 +675,10 @@ Supported architectures: arm64, x86-64.
 {{%/tab%}}
 {{%tab name="18.04"%}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit's 1.31+ packages aren't built for Ubuntu 18.04. This distribution is obsolete;
 please update.
-{{< /warning >}}
+{{< /call-out >}}
 
 Supported architectures: arm64, x86-64.
 
@@ -732,10 +732,10 @@ Supported architectures: arm64, x86-64.
 {{%/tab%}}
 {{%tab name="16.04"%}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit's 1.24+ packages aren't built for Ubuntu 16.04. This distribution is obsolete;
 please update.
-{{< /warning >}}
+{{< /call-out >}}
 
 Supported architectures: arm64, i386, x86-64.
 
@@ -829,7 +829,7 @@ $ brew install unit-java unit-perl unit-php unit-python unit-python3 unit-ruby
 {{</bootstrap-table>}}
 
 
-{{< note >}}
+{{< call-out "note" >}}
 To run Unit as **root** on macOS:
 
 ```console
@@ -839,7 +839,7 @@ $ export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
 ```console
 $ sudo --preserve-env=OBJC_DISABLE_INITIALIZE_FORK_SAFETY /path/to/unitd ...
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Node.js {#installation-nodejs-package}
 
@@ -856,12 +856,12 @@ is called `unit-http`. Install it to run Node.js apps on Unit:
    # npm install -g --unsafe-perm unit-http
    ```
 
-   {{< warning >}}
+   {{< call-out "warning" >}}
    The `unit-http` module is platform dependent due to optimizations;
    you can't move it across systems with the rest of **node-modules**.
    Global installation avoids such scenarios; just [relink]({{< relref "/unit/configuration.md#configuration-nodejs" >}})
    the migrated app.
-   {{< /warning >}}
+   {{< /call-out >}}
 
 3. It's entirely possible to run
    [Node.js apps]({{< relref "/unit/configuration.md#configuration-nodejs" >}})
@@ -870,9 +870,9 @@ is called `unit-http`. Install it to run Node.js apps on Unit:
    built-in **http**, but mind that such frameworks as Express may require extra
    [changes]({{< relref "/unit/howto/frameworks/express.md" >}}).
 
-{{< warning >}}
+{{< call-out "warning" >}}
 The `unit-http` module and `Unit` must have matching version numbers.
-{{< /warning >}}
+{{< /call-out >}}
 
 If you update Unit later, make sure to update the module as well:
 
@@ -880,10 +880,10 @@ If you update Unit later, make sure to update the module as well:
 # npm update -g --unsafe-perm unit-http
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 You can also [configure]({{< relref "/unit/howto/modules.md#howto/source-modules-nodejs" >}}) and
 [install]({{< relref "/unit/installation.md#source-bld-src-ext" >}}) the `unit-http` module from sources.
-{{< /note >}}
+{{< /call-out >}}
 
 #### Working with multiple Node.js versions {#multiple-nodejs-versions}
 <details>
@@ -1024,16 +1024,16 @@ documentation.
 
 ---
 
-{{< note >}} Restarting Unit is necessary after installing or uninstalling any
+{{< call-out "note" >}} Restarting Unit is necessary after installing or uninstalling any
 language modules to pick up the changes.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Community Repositories {#installation-community-repos}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 These distributions are maintained by their respective communities,
 not NGINX. Use them with caution.
-{{< /warning >}}
+{{< /call-out >}}
 
 {{< tabs name="Community Repositories" >}}
 {{% tab name="Alpine" %}}
@@ -1719,11 +1719,11 @@ for the build.
 If not sure whether an official image exists for a specific language version,
 follow the links in the tag table above.
 
-{{< note >}}
+{{< call-out "note" >}}
 Unit relies on the official Docker images, so any customization method offered by their
 maintainers is equally applicable; to tailor a Unit image to your needs,
 see the quick reference for its base image.
-{{< /note >}}
+{{< /call-out >}}
 
 The language name can be **go**, **jsc**, **node**, **perl**, **php**,
 **python**, or **ruby**; the version is defined as **\<major\>.\<minor\>**,
@@ -1818,9 +1818,9 @@ $ docker run -d public.ecr.aws/nginx/unit:TAG # Specific image tag; see above fo
 {{%/tab%}}
 {{% tab name="packages.nginx.org" %}}
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit's 1.30+ image tarballs aren't published on the website; this channel is deprecated.
-{{< /warning >}}
+{{< /call-out >}}
 
 To install and run Unit from the tarballs stored on our
 [website](https://packages.nginx.org/unit/docker/):
@@ -1901,11 +1901,11 @@ COPY ./*.json /docker-entrypoint.d/
 COPY ./*.sh   /docker-entrypoint.d/
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Mind that running Unit even once populates its state directory;
 this prevents the script from executing, so this script-based initialization must occur
 before you run Unit in your derived container.
-{{< /note >}}
+{{< /call-out >}}
 
 This feature comes in handy if you want to tie Unit to a certain app configuration
 for later use. For ad-hoc initialization, you can mount a directory with configuration files to a container at startup:
diff --git a/content/unit/news/2023/unit-1.30.0-released.md b/content/unit/news/2023/unit-1.30.0-released.md
index a65aab27f..2a2fedf99 100644
--- a/content/unit/news/2023/unit-1.30.0-released.md
+++ b/content/unit/news/2023/unit-1.30.0-released.md
@@ -85,7 +85,7 @@ lowercase using the built-in capabilities of JavaScript:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 The path portion of the incoming URI is the only part that is rewritten,
 and any original queries or arguments (anything following the `?`
 character) are preserved.
@@ -93,7 +93,7 @@ character) are preserved.
 The `$uri` and `$request_uri` variables are both updated during
 the rewrite process. When using custom log formatting, use the
 \$request_line variable to log the original URI.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Application Logging
 
diff --git a/content/unit/news/2024/fermyon-spin-rust-sdk.md b/content/unit/news/2024/fermyon-spin-rust-sdk.md
index ef8a96daa..d2ee2f65c 100644
--- a/content/unit/news/2024/fermyon-spin-rust-sdk.md
+++ b/content/unit/news/2024/fermyon-spin-rust-sdk.md
@@ -63,9 +63,9 @@ $ cargo component build --release
 
 To run the Wasm Component on NGINX Unit, start up Unit and use this initial configuration.
 
-{{< note >}}
+{{< call-out "note" >}}
 Make sure you point to the Wasm component by using an absolute path.
-{{< /note >}}
+{{< /call-out >}}
 
 ```json
 {
diff --git a/content/unit/news/2024/unit-1.33.0-released.md b/content/unit/news/2024/unit-1.33.0-released.md
index 5d19d1beb..c30761722 100644
--- a/content/unit/news/2024/unit-1.33.0-released.md
+++ b/content/unit/news/2024/unit-1.33.0-released.md
@@ -47,11 +47,11 @@ This release introduces three new configuration options:
 is a Rust-based CLI tool that allows you to deploy, manage, and configure Unit
 in your environment.
 
-{{< note >}}
+{{< call-out "note" >}}
 This is a "Technical Preview" release of **unitctl**. We welcome feedback and
 suggestions for this early access version. It is provided to test its features
 and should not be used in production environments.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Chunked request body support
 
diff --git a/content/unit/news/archived-news/2019.md b/content/unit/news/archived-news/2019.md
index 713cf30fc..98c4219a9 100644
--- a/content/unit/news/archived-news/2019.md
+++ b/content/unit/news/archived-news/2019.md
@@ -507,9 +507,9 @@ certified binaries published for the JSR-340 reference implementation
 available at https://javaee.github.io/glassfish/.
 
 
-{{< note>}}
+{{< call-out "note" >}}
 Java is a registered trademark of Oracle and/or its affiliates.
-{{< /note>}}
+{{< /call-out >}}
 
 ```none
 Changes with Unit 1.8.0                                          01 Mar 2019
diff --git a/content/unit/news/archived-news/2020.md b/content/unit/news/archived-news/2020.md
index 029ac9a55..0d5a2d171 100644
--- a/content/unit/news/archived-news/2020.md
+++ b/content/unit/news/archived-news/2020.md
@@ -569,11 +569,11 @@ Hi,
 
 I'm glad to announce a new release of NGINX Unit.
 
-{{< note >}}
+{{< call-out "note" >}}
 To all Unit package maintainers: please don't miss the new `--tmp`
 configure option.  It specifies the directory where the Unit daemon
 stores temporary files (i.e. large request bodies) at runtime.
-{{< /note >}}
+{{< /call-out >}}
 
 In this release, we continue improving the functionality related to proxying
 and static media asset handling.
diff --git a/content/unit/news/archived-news/2022.md b/content/unit/news/archived-news/2022.md
index 72b28c883..775fd97a3 100644
--- a/content/unit/news/archived-news/2022.md
+++ b/content/unit/news/archived-news/2022.md
@@ -253,12 +253,12 @@ The `status` object contains three nested objects:
 The `requests` object holds the total number of requests to all exposed
 listeners since the last restart.
 
-{{< note >}}
+{{< call-out "note" >}}
 
 Both `connections` and `requests` count requests to Unit's
 listeners, NOT the config API itself.
 
-{{< /note >}}
+{{< /call-out >}}
 
 - The `applications` section follows the `/config/applications`
   tree in the API; again, there's no special setup required because Unit
diff --git a/content/unit/scripting.md b/content/unit/scripting.md
index 4ae97d76d..bcf9f2f60 100644
--- a/content/unit/scripting.md
+++ b/content/unit/scripting.md
@@ -41,9 +41,9 @@ shipped with the [official packages]({{< relref "/unit/installation.md#installat
 or
 [built from source]({{< relref "/unit/installation.md#installation-source" >}}).
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Unit 1.32.0 and later require [njs 0.8.2](https://nginx.org/en/docs/njs/changes.html).
-{{< /warning >}}
+{{< /call-out >}}
 
 Some request properties are exposed as `njs` objects or scalars:
 
@@ -108,10 +108,10 @@ curl -X PUT -d '"http"' # Module name to be enabled
    http://localhost/config/settings/js_module
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 Please note that the **js_module** option
 can be a string or an array; choose the appropriate HTTP method.
-{{< /note >}}
+{{< /call-out >}}
 
 Now, the **http.route()** function can be used with Unit-supplied header field values:
 
diff --git a/content/unit/statusapi.md b/content/unit/statusapi.md
index e4548cd8d..86318b968 100644
--- a/content/unit/statusapi.md
+++ b/content/unit/statusapi.md
@@ -117,11 +117,11 @@ Example:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For details of instance connection management,
 refer to
 [Configuration Settings]({{< relref "/unit/configuration.md#configuration-stngs" >}}).
-{{< /note >}}
+{{< /call-out >}}
 
 ---
 
@@ -207,8 +207,8 @@ Example:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 For details of per-app process management,
 refer to
 [Process management]({{< relref "/unit/configuration.md#configuration-proc-mgmt" >}}).
-{{< /note >}}
+{{< /call-out >}}
diff --git a/content/unit/troubleshooting.md b/content/unit/troubleshooting.md
index c4a6d86fc..fa9b0c4fc 100644
--- a/content/unit/troubleshooting.md
+++ b/content/unit/troubleshooting.md
@@ -5,10 +5,10 @@ toc: true
 nd-docs: DOCS-1703
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 The commands in this document starting with a hash (#) must be run as root or
 with superuser privileges.
-{{< /note >}}
+{{< /call-out >}}
 
 ## Logging {#troubleshooting-log}
 
@@ -47,11 +47,11 @@ Available log levels:
 - **[info]**: General-purpose reporting.
 - **[debug]**: Debug events.
 
-{{< note >}}
+{{< call-out "note" >}}
 Mind that our Docker images forward their log output to the
 [Docker log collector](https://docs.docker.com/config/containers/logging/)
 instead of a file.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Router events {#troubleshooting-router-log}
 
@@ -96,10 +96,10 @@ curl --unix-socket /path/to/control.unit.sock http://localhost/config/routes/2
 Unit's log can be set to record **[debug]**-level events; the steps to enable this
 mode vary by install method.
 
-{{< warning >}}
+{{< call-out "warning" >}}
 Debug log is meant for developers; it grows rapidly, so enable it only for
 detailed reports and inspection.
-{{< /warning >}}
+{{< /call-out >}}
 
 {{< tabs name="debug-log" >}}
 {{% tab name="Installing From Our Repos" %}}
@@ -160,9 +160,9 @@ For builds from
 we maintain debug symbols in special packages; they have the original packages'
 names with the **-dbg** suffix appended, such as **unit-dbg**.
 
-{{< note >}}
+{{< call-out "note" >}}
 This section assumes you're running Unit as **root** (recommended).
-{{< /note >}}
+{{< /call-out >}}
 
 {{< tabs name="core-dumps" >}}
 {{% tab name="Linux: systemd" %}}
diff --git a/content/unit/unitctl.md b/content/unit/unitctl.md
index 02dda382f..7d744b87c 100644
--- a/content/unit/unitctl.md
+++ b/content/unit/unitctl.md
@@ -5,11 +5,11 @@ toc: true
 nd-docs: DOCS-1696
 ---
 
-{{< note >}}
+{{< call-out "note" >}}
 **unitctl** is currently being provided as a "Technical Preview". We welcome
 feedback and suggestions for this early access version. It is provided to test
 its features and should not be used in production environments.
-{{< /note >}}
+{{< /call-out >}}
 
 Unit provides a [Rust SDK](https://github.com/nginx/unit/tree/master/tools/unitctl)
 to interact with its [control API]({{< relref "/unit/controlapi.md" >}}), and a command line
@@ -159,14 +159,14 @@ $ unitctl apps restart wasm
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This command supports operating on multiple instances of Unit at once. To do
 this, use the **-s** option multiple times with different values:
 
 ```console
 $ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock app list
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Fetch active listeners
 
@@ -184,14 +184,14 @@ No socket path provided - attempting to detect from running instance
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This command supports operating on multiple instances of Unit at once. To do
 this, use the **-s** option multiple times with different values:
 
 ```console
 $ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock listeners
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Check the status of Unit
 
@@ -213,14 +213,14 @@ requests:
 applications: {}
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This command supports operating on multiple instances of Unit at once. To do
 this, use the **-s** option multiple times with different values:
 
 ```console
 $ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock status
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Send configuration payloads to Unit
 
@@ -249,14 +249,14 @@ $ echo '{
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This command supports operating on multiple instances of Unit at once. To do
 this, use the **-s** option multiple times with different values:
 
 ```console
 $ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock execute ...
 ```
-{{< /note >}}
+{{< /call-out >}}
 
 ### Edit current configuration
 
@@ -281,9 +281,9 @@ changes. Once you save and close the editor, you see the following output:
 }
 ```
 
-{{< note >}}
+{{< call-out "note" >}}
 This command does not support operating on multiple instances of Unit at once.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Importing the configuration from a folder
 
@@ -325,13 +325,13 @@ $ unitctl export -f - | tar xf - config.json
 $ unitctl export -f - > config.tar
 ```
 
-{{< warning >}}
+{{< call-out "warning" >}}
 The exported configuration omits certificates.
-{{< /warning >}}
+{{< /call-out >}}
 
-{{< note >}}
+{{< call-out "note" >}}
 This command does not support operating on multiple instances of Unit at once.
-{{< /note >}}
+{{< /call-out >}}
 
 ### Wait for a socket to be available
 
diff --git a/data/f5-sites.yaml b/data/f5-sites.yaml
new file mode 100644
index 000000000..b77b18d0f
--- /dev/null
+++ b/data/f5-sites.yaml
@@ -0,0 +1,15 @@
+- title: F5
+  url: https://f5.com/
+  description: Deliver and secure every app
+
+- title: DevCentral
+  url: https://community.f5.com/
+  description: Connect & learn in our hosted community
+
+- title: MyF5
+  url: https://my.f5.com/
+  description: Your key to everything F5, including support, registration keys, and subscriptions
+
+- title: NGINX
+  url: https://nginx.org/
+  description: Learn more about NGINX Open Source and read the community blog
diff --git a/data/nap-waf/schema/policy.json b/data/nap-waf/schema/policy.json
index 8669dbf19..b15ac481c 100644
--- a/data/nap-waf/schema/policy.json
+++ b/data/nap-waf/schema/policy.json
@@ -2368,7 +2368,7 @@
                            },
                            "blockRequests" : {
                               "default" : "policy-default",
-                              "description" : "Specifies how the system responds to blocking requests sent from this IP address list.\n- **Policy Default:** Specifies that the policy enforcementMode will be used for requests from this IP address list.\n- **Never Block:** Specifies that the system does not block requests sent from this IP address list, even if your security policy is configured to block all traffic.\n- **Always Block:** Specifies that the system blocks requests sent from this IP address list.\nOptional,  if absent Policy Default is used.",
+                              "description" : "Specifies how the system responds to blocking requests sent from this IP address list.\n- **Policy Default:** Specifies that the policy enforcementMode will be used for requests from this IP address list.\n- **Never Block:** Specifies that the system does not block requests sent from this IP address list, even if your security policy is configured to block all traffic.\n- **Always Block:** Specifies that the system blocks requests sent from this IP address list.\nOptional, if absent Policy Default is used.",
                               "enum" : [
                                  "always",
                                  "never",
@@ -2397,7 +2397,7 @@
                               "type" : "array"
                            },
                            "matchOrder" : {
-                              "description" : "Specifies the order matching index between different IP Address Lists. If unspecified, the order is implicitly as the lists appear in the policy. IP Address Lists with a lower matchOrder will be checked for a match prior to items with higher matchOrder.",
+                              "description" : "Specifies the order matching index between different IP Address Lists. If unspecified, the order is implicitly as the lists appear in the policy.\nIP Address Lists with a lower matchOrder will be checked for a match prior to items with higher matchOrder.",
                               "type" : "integer"
                            },
                            "name" : {
@@ -2406,11 +2406,11 @@
                            },
                            "neverLogRequests" : {
                               "default" : false,
-                              "description" : "Specifies when enabled that the system does not log requests or responses sent from this IP address list, even if the traffic is illegal, and even if your security policy is configured to log all traffic. Optional, if absent default value is false.",
+                              "description" : "Specifies when enabled that the system does not log requests or responses sent from this IP address list, even if the traffic is illegal, and even if your security policy is configured to log all traffic.\nOptional, if absent default value is false.",
                               "type" : "boolean"
                            },
                            "setGeolocation" : {
-                              "description" : "Specifies a geolocation to be associated for this IP address list. This will force the IP addresses in the list to be considered as though they are in that geolocation. This applies to blocking via \"disallowed-geolocations\" and to logging. Optional",
+                              "description" : "Specifies a geolocation to be associated for this IP address list.\nThis will force the IP addresses in the list to be considered as though they are in that geolocation. This applies to blocking via \"disallowed-geolocations\" and to logging. \nOptional",
                               "type" : "string"
                            }
                         },
@@ -3046,7 +3046,7 @@
                               "type" : "string"
                            },
                            "condition" : {
-                              "description" : "Specifies the condition under which the override rule should be applied.\n\nExample: \"clientIp != '10.0.0.5' and userAgent.lower().contains('WebRobot')\"\n\nCondition Syntax:\n\n- The condition consists of one or more clauses separated by **and** or **or**.\n\n  Example: \"clientIp == '10.0.0.5' and (host.startsWith('internal') or uri.contains('api'))\"\n\n- Each clause can optionally start with **not** - to negate the expression.\n\n  Example: \"not clientIp == '127.0.0.1'\"\n\n- **not** can also be used to negate a parenthesized expression.\n\n  Example: \"not (method == 'GET' or method == 'PUT')\"\n\n- A clause can be a simple comparison between two value expressions, or a boolean function applied to a literal value.\n\nSupported comparison operators:\n\n  - **==** - Checks for equality between two value expressions.\n  - **!=** - Checks for inequality between two value expressions.\n\n  Example: \"clientIp != '10.0.0.5'\" (equivalent to \"not clientIp == '10.0.0.5'\")\n\nSupported boolean functions:\n\n  - **matches**: Performs an exact match of a value expression, equivalent to **==**.\n  - **startsWith**: Checks if a value expression starts with a specific substring.\n  - **contains**: Checks if a value expression contains a specific substring.\n\n  Example: \"uri.startsWith('/api')\"\n\n**Note**: Functions \"startsWith\" and \"contains\" are not applicable to the \"clientIp\" attribute. Regular expressions are not supported.\n\n- Value expressions can be a request attribute, literal value, or a value function.\n- A literal can be a string value enclosed in single quotes, or can be the keyword \"null\" without quotes.\n\n  Example: \"userAgent == null\"\n\nSupported value functions:\n\n  - **lower**: Any boolean function applied on the resulting string will be **case insensitive**. Applicable to ANSI characters only.\n\n  Example: \"uri.lower().contains('BaR')\" will match the URI \"/Foo/bAr\"\n\nRequest Attributes:\n\n- **clientIp**: Client IP address in canonical IPv4 or IPv6 format or ip-address-list. Use CIDR notation for subnet definition. Example: *192.168.1.2* or *fd00:1::/48*. If *trustXff* (X-Forwarded-For) is enabled in the containing policy, then the value is taken from the configured header (XFF or other). The only supported boolean function for the clientIP attribute is *matches*.\n- **host**: The value of the Host header\n- **method**: The HTTP method in the request\n- **uri**: The URI (path part) of the request\n- **userAgent**: The value of the User-Agent header, or *null* (without quotes) if not present\n- **geolocation**: The geolocation of the client IP address. The value is the ISO 3166 two-letter code of the respective country.\n- **parameters['<name>']**: (map-type) The value of the specified parameter name (limited to query string parameters). Example: \"parameters['id'] == '11'\"\n- **cookies['<name>']**: (map-type) The value of the specified cookie name. Example: \"cookies['Path'].contains('product')\"\n- **headers['<name>']**: (map-type) The value of the specified header name. Example: \"headers['Accept'].startsWith('application')\"\n\n**Note**: \n - The \"headers['<name>']\" attribute does not support 'Cookie' as a header name.\n - Attribute \"clientIp\" supports using \"ipAddressLists\" in condition: \"clientIp.matches(ipAddressLists['<name>'])\"",
+                              "description" : "Specifies the condition under which the override rule should be applied.\n\nExample: \"clientIp != '10.0.0.5' and userAgent.lower().contains('WebRobot')\"\n\nCondition Syntax:\n\n- The condition consists of one or more clauses separated by **and** or **or**.\n\n  Example: \"clientIp == '10.0.0.5' and (host.startsWith('internal') or uri.contains('api'))\"\n\n- Each clause can optionally start with **not** - to negate the expression.\n\n  Example: \"not clientIp == '127.0.0.1'\"\n\n- **not** can also be used to negate a parenthesized expression.\n\n  Example: \"not (method == 'GET' or method == 'PUT')\"\n\n- A clause can be a simple comparison between two value expressions, or a boolean function applied to a literal value.\n\nSupported comparison operators:\n\n  - **==** - Checks for equality between two value expressions.\n  - **!=** - Checks for inequality between two value expressions.\n\n  Example: \"clientIp != '10.0.0.5'\" (equivalent to \"not clientIp == '10.0.0.5'\")\n\nSupported boolean functions:\n\n  - **matches**: Performs an exact match of a value expression, equivalent to **==**.\n  - **startsWith**: Checks if a value expression starts with a specific substring.\n  - **contains**: Checks if a value expression contains a specific substring.\n\n  Example: \"uri.startsWith('/api')\"\n\n**Note**: Functions \"startsWith\" and \"contains\" are not applicable to the \"clientIp\" attribute. Regular expressions are not supported.\n\n- Value expressions can be a request attribute, literal value, or a value function.\n- A literal can be a string value enclosed in single quotes, or can be the keyword \"null\" without quotes.\n\n  Example: \"userAgent == null\"\n\nSupported value functions:\n\n  - **lower**: Any boolean function applied on the resulting string will be **case insensitive**. Applicable to ANSI characters only.\n\n  Example: \"uri.lower().contains('BaR')\" will match the URI \"/Foo/bAr\"\n\nRequest Attributes:\n\n- **clientIp**: Client IP address in canonical IPv4 or IPv6 format or ip-address-list. Use CIDR notation for subnet definition. Example: *192.168.1.2* or *fd00:1::/48*. If *trustXff* (X-Forwarded-For) is enabled in the containing policy, then the value is taken from the configured header (XFF or other). The only supported boolean function for the clientIP attribute is *matches*.\n- **host**: The value of the Host header\n- **method**: The HTTP method in the request\n- **uri**: The URI (path part) of the request\n- **userAgent**: The value of the User-Agent header, or *null* (without quotes) if not present\n- **geolocation**: The geolocation of the client IP address. The value is the ISO 3166 two-letter code of the respective country.\n- **parameters['<name>']**: (map-type) The value of the specified parameter name (limited to query string parameters). Example: \"parameters['id'] == '11'\"\n- **cookies['<name>']**: (map-type) The value of the specified cookie name. Example: \"cookies['Path'].contains('product')\"\n- **headers['<name>']**: (map-type) The value of the specified header name. Example: \"headers['Accept'].startsWith('application')\"\n\n**Note**: \n- The \"headers['<name>']\" attribute does not support 'Cookie' as a header name.\n- Attribute \"clientIp\" supports using \"ipAddressLists\" in condition: \"clientIp.matches(ipAddressLists['<name>'])\" ",
                               "type" : "string"
                            },
                            "name" : {
diff --git a/data/product-selector.yaml b/data/product-selector.yaml
new file mode 100644
index 000000000..f2bbf5310
--- /dev/null
+++ b/data/product-selector.yaml
@@ -0,0 +1,29 @@
+- productGroup: NGINX One
+  products:
+    - title: "NGINX One Console"
+      url: "nginx-one"
+    - title: "NGINX Plus"
+      url: "nginx"
+    - title: "NGINX Instance Manager"
+      url: "nginx-instance-manager"
+    - title: "NGINX Ingress Controller"
+      url: "nginx-ingress-controller"
+    - title: "NGINX Gateway Fabric"
+      url: "nginx-gateway-fabric"
+    - title: "NGINX Open Source"
+      url: "https://nginx.org/en/docs/"
+      extUrl: true
+    - title: "NGINX Agent"
+      url: "nginx-agent"
+
+- productGroup: NGINX App Protect
+  products:
+    - title: "NGINX App Protect WAF"
+      url: "nginx-app-protect-waf"
+    - title: "NGINX App Protect DoS"
+      url: "nginx-app-protect-dos"
+
+- productGroup: NGINX as a Service
+  products:
+    - title: "NGINX as a Service for Azure"
+      url: "nginxaas/azure/"
diff --git a/documentation/README.md b/documentation/README.md
index 6cae42e2e..169a891f5 100644
--- a/documentation/README.md
+++ b/documentation/README.md
@@ -19,4 +19,5 @@ If you're interested in contributing to the [NGINX documentation website](https:
 - [Managing content with Hugo](/documentation/writing-hugo.md)
 - [Proposals](/documentation/proposals/README.md)
 - [Set up pre-commit](/documentation/pre-commit.md)
+- [Using include files](/documentation/include-files.md)
 - [Writing style guide](/documentation/style-guide.md)
diff --git a/documentation/closed-contributions.md b/documentation/closed-contributions.md
index cc0970362..207bb5439 100644
--- a/documentation/closed-contributions.md
+++ b/documentation/closed-contributions.md
@@ -11,6 +11,19 @@ We work in public by default, so this process should only be used on a case by c
 
 For standard content releases, review the [Contributing guidelines](/CONTRIBUTING.md).
 
+## Referencing internal information
+
+During the last stage of this process, or while making any public pull request, you may need to reference something internal.
+
+As mentioned in our pull request template checklist, you should not link to internal resources: they are considered "sensitive content", defined previously.
+
+Instead, include the key outputs of the internal resource as part of describing context:
+
+> "Following an internal discussion, the instructions for foo have been clarified"  
+> "The phrasing of bar has been changed based on an internal requirement"
+
+This allows you to retain the necessary context for a change without exposing a potentially important resource to the public.
+
 ## Overview
 
 This repository (https://github.com/nginx/documentation) is where we work by default. It has a one-way sync to an internal repository, used for closed content.
@@ -18,11 +31,13 @@ This repository (https://github.com/nginx/documentation) is where we work by def
 The process is as follows:
 
 - Add the closed repository as a remote
+   - The closed repository is also known as `internal`
 - Create a remote branch with the prefix `internal/` in the closed repository
 - Open a pull request in the closed repository to get previews and request feedback
 - Once all stakeholders are happy with changes, close the pull request in the closed repository
 - Merge the changes from the remote (Closed) repository branch with a new branch in the open repository
 - Open a new pull request in the open repository, where it can be merged
+   - You do not have to get approvals a second time
 
 You can get the URL through our internal communication channels: it will be represented in the following steps as `<closed-URL>`.
 
@@ -36,6 +51,12 @@ git remote add internal git@github.com:<closed-url>.git
 git fetch --all
 ```
 
+You can verfiy access to the closed repository in your `.git/config` file. Look for the code block that corresponds to:
+
+```
+[remote "internal"]
+```
+
 Check out the remote `main` branch, and use it to create a feature branch. **Ensure that you prefix all branch names with `internal/`**
 
 ```shell
@@ -51,7 +72,7 @@ git commit
 git push internal
 ```
 
-Open a pull request when you are ready to receive feedback from stakeholders.
+Open a pull request when you are ready to receive feedback from stakeholders. You'll see the pull request in the internal repository.
 
 After any iterative work, close the pull request. Since the closed repository is a mirror of the open one, we do not merge changes to it.
 
@@ -64,4 +85,9 @@ git merge internal/internal/feature
 git push origin
 ```
 
+This allows you to open a _new_ pull request in the open repository. To verify that pull request reflects the changes made in the closed
+repository, check the commit messages.
+
+If you are a maintainer of https://github.com/nginx/documentation, you can merge the changes without additional approvals.
+
 Once the content changes have been merged in the open repository, they will synchronize back to the closed repository.
diff --git a/documentation/include-files.md b/documentation/include-files.md
new file mode 100644
index 000000000..096ba4661
--- /dev/null
+++ b/documentation/include-files.md
@@ -0,0 +1,43 @@
+# Using Include files
+
+_Include files_, often referred to as _includes_, are Markdown files with self-contained text fragments used by Hugo for content re-use.
+
+They enable contributors to maintain a single source of truth for information that is often repeated, such as how to download credential files.
+
+We use them to [avoid repeating ourselves](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself), and create consistency in similar instructional steps.
+
+Include files are designed to be context-agnostic and should not rely on or assume any prior content.
+
+The files are located in the [content/includes](https://github.com/nginxinc/docs/tree/main/content/includes) folder, and are implemented using the Hugo `include` shortcode:
+
+```text
+{{< include "use-cases/docker-registry-instructions.md" >}}
+```
+
+Putting the previous example in any Markdown file would embed the contents of `content/includes/use-cases/docker-registry-instructions.md` wherever the shortcode was used.
+
+For guidance on other Hugo shortcodes, read the [Managing content with Hugo](/documentation/writing-hugo.md) document.
+
+## Guidelines for include files
+
+To make sure includes are effective and easy to maintain, follow these guidelines:
+
+- **Only use includes for repeated content**: Create an include only if the content appears in at least **two locations**. Using an include for single-use content adds unnecessary complexity and makes maintenance harder.
+- **Keep includes small and modular**: Write narrowly scoped snippets to maximize flexibility and reuse.
+- **Avoid nesting includes**: If there’s another way to achieve the same outcome, avoid nesting includes. While possible, it complicates reviews and maintenance. A flat structure is simple.
+- **Don't include headings**: Do not include headings in include files. These headings won't appear in a document's table of contents and may break the linear flow of the surrounding content. Add headings directly to the document instead.
+- **Don't start documents with includes**: The opening of most documents is the introduction which explains its purpose. Includes are reused text, so starting multiple documents with identical content could look odd, especially in search results.
+- **Do not add the F5 prefix to product names in includes**: The brand name is required only on [the first mention in a document](/documentation/style-guide.md#f5-brand-trademarks-and-product-names).
+
+## Include file index
+
+To aid in discoverability of include files, this index is maintained to offer contributors a reference for existing entries.
+
+When viewing an include file, you may also see the `files`: parameter in the frontmatter, which shows where the file is currently in use.
+
+| **_File name_** | **_Description_** |
+| ----------------| ------------------ |
+| [_licensing-and-reporting/download-jwt-from-myf5.md_](/content/includes/licensing-and-reporting/download-jwt-from-myf5.md) | Instructions for downloading a JSON Web Token from MyF5 |
+| [_licensing-and-reporting/download-certificates-from-myf5.md_](/content/includes/licensing-and-reporting/download-certificates-from-myf5.md) | Instructions for downloading certificate files from MyF5 |
+| [_use-cases/credential-download-instructions.md_](/content/includes/use-cases/credential-download-instructions.md) | Parallel tabbed instructions for downloading credential files from MyF5 |
+| [_use-cases/docker-registry-instructions.md_](/content/includes/use-cases/docker-registry-instructions.md) | Parallel tabbed instructions for listing Docker images from the F5 Registry |
\ No newline at end of file
diff --git a/documentation/nginx-org-source.md b/documentation/nginx-org-source.md
new file mode 100644
index 000000000..e7e9bbd28
--- /dev/null
+++ b/documentation/nginx-org-source.md
@@ -0,0 +1,45 @@
+# nginx.org content
+
+This document describes the process by which https://github.com/nginx/nginx.org are ingested by the `nginx/documentation` repository, and rendered as markdown.
+
+## Source of truth
+The https://github.com/nginx/nginx.org repository remains the source of truth for a subset of content in `/content/nginx`. Primarily, this includes is the `module reference`, and the https://github.com/nginx/nginx.org/blob/main/yaml/nginx_api.yaml.
+
+Any modifications to these autogenerated files will be blocked during the pull request process.
+If modifications are required, they will be made in the source xml in https://github.com/nginx/nginx.org repository.
+
+All files that are autogenerated from this source, will have the warning:
+
+```md
+********************************************************************************
+🛑 WARNING: AUTOGENERATED FILE - DO NOT EDIT 🛑 This Markdown file was
+automatically generated from the source XML documentation. Any manual
+changes made directly to this file will be overwritten. To request or
+suggest changes, please edit the source XML files instead.
+https://github.com/nginx/nginx.org/tree/main/xml/en
+********************************************************************************
+```
+
+## Markdown generation flow
+
+A GitHub Action running as a cron job in the `nginx/documentation` repository detects changes in the documentation within `nginx/nginx.org`, generates new markdown files when changes are found, and creates a PR with these changes.
+
+Only PRs generated by this GitHub Action can be merged.
+
+The markdown files are generated using a markdown-specific XSLT file, which targets only the XML sources intended for inclusion in the nginx/documentation repository.
+
+```mermaid
+flowchart TD
+    Start([Cron Job Triggered]) --> CheckChanges{Changes detected in 'en' docs of nginx/nginx.org?}
+    CheckChanges -- Yes --> CloneRepo[Clone nginx/nginx.org repository]
+    CloneRepo --> RunMake["Execute make target: 'make hugo-md'"]
+    RunMake --> MoveFiles["Move generated markdown files to '/content/nginx' directory"]
+    MoveFiles --> OpenPR["Create PR in nginx/documentation repository"]
+    OpenPR --> Finish([End])
+
+    CheckChanges -- No --> FinishNoAction([End - No updates detected])
+
+    style Finish stroke:#27ae60,stroke-width:2px
+    style OpenPR stroke:#2980b9,stroke-width:2px
+    style CheckChanges stroke:#7f8c8d,stroke-width:2px
+```
diff --git a/documentation/style-guide.md b/documentation/style-guide.md
index 560ec05cf..4b4a7e616 100644
--- a/documentation/style-guide.md
+++ b/documentation/style-guide.md
@@ -101,7 +101,6 @@ The table provides guidelines about the terms you should and should not use for
 | cookie/cookies (noun) | | |
 | covers | As in, "this section/topic/chapter covers the following...". Instead, use a phrase such as, "This topic deals with..." or "This topic provides the following information...". More options: communicates, presents, offers, introduces, explains, describes. | |
 | curly brackets `{}` | The name for the curved `{}` parenthetical markings is "braces". They are not called curly brackets. | |
-| CVSS v3.0 | Do not spell out. (Articles with CVSS metrics should include the CVSS link.) | |
 | daemon | Avoid using this term in generic documentation because it is UNIX-oriented. Instead, we use "agent", "utility", or "application". However, we do refer to specific UNIX daemons, like `named` and `sod`, when daemon is part of the name. | |
 | data center | Write this as two words. | |
 | domain name | example.com, example.net, example.org, or localhost per [RFC 2606](https://www.rfc-editor.org/rfc/rfc2606.html). | |
@@ -147,7 +146,6 @@ The table provides guidelines about the terms you should and should not use for
 | Forwarding (IP) | See virtual server types. | |
 | Forwarding (Layer 2) | See virtual server types. | |
 | forwards | Use backward and forward, not backwards and forwards. | |
-| FTP | Do not spell out. | |
 | fu, fubar | Do not use; always replace with specific text. Watch for these in code samples. | |
 | future releases and TBD | Do not use TBD in any content, including release notes. Do not reference future releases, such as This OID will be disabled in future releases. | |
 | G | Abbreviation for "giga", but in computer terminology represents 230, or 1,073,741,824. Correct: 4G | |
@@ -190,7 +188,7 @@ The table provides guidelines about the terms you should and should not use for
 | IPv4-in-IPv6 vs. IPv4 in IPv6 | You can hyphenate IPv4-in-IPv6 when used as an adjective, such as IPv4-in-IPv6 tunnels. Note that the internal v in IPv4 and IPv6 should remain in lowercase format. | |
 | ISO 9001:2015 certification | For example: ISO 9001:2015 certified" or ISO 9001:2015 certification Don't use: ISO certified or ISO certification (Per: ISO - Certification, for questions about the use of ISO Certificate terms and logo, please contact the GS quality team at *qmt) | |
 | it | Avoid ambiguous pronouns. Be explicit: "Check the status of the server. Restart ~~it~~ the server" | |
-| jargon | Jargon is the technical terminology or characteristic idiom of a special activity or group. Try hard to avoid it. Think about explaining something to a member of your family or a friend who doesn't know what you know. F5 products are highly technical, but strive to be as plainspoken as possible when describing or instructing. Spell out abbreviations on first use, use the clearest and easiest word to understand that will still accomplish the job, and so on. | |
+| jargon | Jargon is technical language used by people in a specific group or field. Avoid it whenever you can. Imagine you’re explaining the topic to a friend or family member who doesn’t know the technology. F5 products are technical, but your writing should still be clear and simple. Spell out acronyms the first time you use them. Use words that are easy to understand and still get the job done. For exceptions, see the [Acronyms](#acronyms) section.  | |
 | JWT license file | Include the word "license" when referring to the JSON Web Token that users download as part of their F5 NGINX subscription. | |
 | kill | Avoid this term except in command line syntax, where it is a UNIX command for stopping processes. (It's actually an IEEE POSIX standard command.) Alternatives for describing the action are: § End the process § Interrupt the process § Quit the process § Shut down the process § Stop the process | |
 | known issue | Abbreviate as "KI" when using in public-facing documentation. | |
@@ -296,8 +294,6 @@ The table provides guidelines about the terms you should and should not use for
 | space | Do not use when referring to an input field or checkbox where the user needs to enter info. Recast to identify as a box. | |
 | SPDY | Correct: a SPDY profile (pronounced speedy). | |
 | spin up/spin down, spinning up/spinning down | Jargon, but becoming more widely used because of AWS. Do not use in our documentation without adding context on first reference. For example You can spin up (create additional virtual instances) or spin down (remove virtual instances) . . . . | |
-| SSH | Do not spell out. | |
-| SSL | Do not spell out. | |
 | SSLi/SSL Intercept | For the SSL Intercept iRule. Spell out. Do not abbreviate except to match UI label. | |
 | Sync-Failover (and Sync-Only) | Title capitalize and hyphenate to Sync-Failover unless referencing the option in tmsh; then lowercase and hyphenate as sync-failover. These guidelines apply to Sync-Only as well. | |
 | tap | Describes action of touching the hardware touchscreens in hardware documentation. Do not use in software documentation; use "select" instead. | |
@@ -314,7 +310,6 @@ The table provides guidelines about the terms you should and should not use for
 | Traffic Management Microkernel (TMM) | First mention: the Traffic Management Microkernel (TMM)Subsequent references: the TMM | |
 | Traffic Management Operating System (TMOS) | Do not use. See TMOS. | |
 | typically vs. normally | When describing a predictable and expected action in technical content, write in terms of what is typical rather than normal for clarity. Normal implies judgment. Avoid particularly when applying to user actions, practices, or behaviors. Use typical instead. | |
-| UDP | User Datagram Protocol. Do not spell out. | |
 | UI/GUI/WebGUI | Don't use these terms in documentation. For UI, call it the browser interface or user interface if necessary. Don't use GUI, or WebGUI. | |
 | unsecure and non-secure | Use unsecure and not insecure when describing a lack of security regarding something technical or technology-related in our documentation. If preferred and internally consistent with what you are documenting, non-secure may be OK, but defer to your editor. | |
 | update | Use when moving from one minor version of a product to another. For example, from NGINX Instance Manager 2.1 to 2.2. For example: Before updating your system, you should read the release notes to understand any new issues. For example: OIDC-authenticated users can't view the Users list after updating to NGINX Instance Manager 2.9.1. | |
@@ -328,8 +323,6 @@ The table provides guidelines about the terms you should and should not use for
 | virtual address | Use instead of virtual IP address or VIP. | |
 | virtual address vs. virtual IP address | Although this refers to the IP address part of a virtual server destination address, only use virtual address (which also reflects the GUI). | |
 | virtual edition/Virtual Edition | Use virtual edition as a generic term. For Virtual Edition, see VE. | |
-| Virtual Local Area Network (VLAN) | Do not spell out unless necessary to context. | |
-| Virtual Private Network (VPN) | Do not spell out unless necessary to context. | |
 | walk | Don't use. Anthropomorphism. Instead, try guides, leads, conducts, directs, shows… Example: The Setup utility guides you through a series of pages. | |
 | warning/caution | Caution is less severe than Warning. Use Caution when alerting that damage may occur, such as data loss. Use Warning as the severest form of advisory, reserved for when there's a hazard to personnel (such as you're being directed to install a server rack and there's a chance it may fall on you). | |
 | wget | command.| |
@@ -345,6 +338,42 @@ The table provides guidelines about the terms you should and should not use for
 | Wizard and wizard | When documenting the GUI, you can capitalize Wizard if appropriate, such as for the Network Access Setup Wizard. When writing about wizards in general, or when a page title of a dialog box or GUI does not show Wizard in uppercase format, you can leave wizard in lowercase format. | |
 | WWW or www | Do not include www. in web addresses In text, do not use WWW, but use Internet instead. Of course, you can use www as part of a URL. Although we're moving away from that, too. | |
 
+## Acronyms
+
+The following acronyms do not need to be spelled out:
+
+| Acronym | Definition |
+|---------|------------|
+| API     | Application Programming Interface |
+| CIDR    | Classless Inter-Domain Routing |
+| CPU     | Central Processing Unit |
+| CVE     | Common Vulnerabilities and Exposures |
+| CVSS    | Common Vulnerability Scoring System |
+| DHCP    | Dynamic Host Configuration Protocol |
+| DNS     | Domain Name System |
+| FQDN    | Fully Qualified Domain Name |
+| FTP     | File Transfer Protocol |
+| GPU     | Graphics Processing Unit |
+| gRPC    | gRPC Remote Procedure Call |
+| HTTP    | Hypertext Transfer Protocol |
+| HTTPS   | Hypertext Transfer Protocol Secure |
+| IP      | Internet Protocol |
+| JSON    | JavaScript Object Notation |
+| JWT     | JSON Web Token |
+| NAT     | Network Address Translation |
+| PEM     | Privacy Enhanced Mail (file format) |
+| RAM     | Random Access Memory |
+| SMTP    | Simple Mail Transfer Protocol |
+| SSH     | Secure Shell |
+| SSL     | Secure Sockets Layer |
+| TCP     | Transmission Control Protocol |
+| TLS     | Transport Layer Security |
+| UDP     | User Datagram Protocol |
+| VLAN    | Virtual Local Area Network |
+| VPN     | Virtual Private Network |
+| WAF     | Web Application Firewall |
+| YAML    | YAML Ain't Markup Language |
+
 
 ## Topic types and templates
 
@@ -434,27 +463,6 @@ Ensure content and screenshots are anonymized and don't contain sensitive inform
 - Limit the use of links to external (non-F5) sources. When necessary, only link to reputable sources and foundational sites, such as GitHub.com, Google.com, and Microsoft.com.
   - This helps minimize the risk of prompt injection.
 
-## Guidelines for `includes`
-
-In an ideal world, we'd "write once, publish everywhere." To support this goal, we follow the principle of [Don't repeat yourself](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) in our documentation. This principle shapes how we create and use `includes`, which pull reusable content from files in the [content/includes](https://github.com/nginxinc/docs/tree/main/content/includes) directory.
-
-For example:
-
-```text
-{{< include "controller/helper-script-prereqs.md" >}}
-```
-
-This entry automatically incorporates content from the `helper-script-prereqs.md` file in the `content/includes/controller` subdirectory.
-
-To make sure includes are effective and easy to maintain, follow these practices:
-
-- **Use includes only for reusable content**: Create an include only if the content appears in at least **two locations**. Using an include for single-use content adds unnecessary complexity and makes maintenance harder.
-- **Keep includes small and modular**: Write narrowly scoped snippets to maximize flexibility and reuse.
-- **Avoid branded product names in includes**: Use the full product name (e.g., "NGINX Instance Manager"), but avoid including the branded version (e.g., "F5 NGINX Instance Manager"). The branded name is required only on the first mention in a document; this is a context-specific rule. Includes, however, are designed to be context-agnostic—they should not rely on or assume any prior content—so including the branded name could repeat information unnecessarily in locations where it has already been introduced.
-- **Don't include headers**: Avoid adding H2 or other headers inside includes. These headers won't appear in the document's table of contents (TOC) and may not fit well with the surrounding content hierarchy. Add headers directly in the document instead.
-- **Avoid nesting includes**: If there’s another way to achieve the same outcome, avoid nesting includes. While technically possible, it complicates reviews and maintenance. Use a flat structure for simplicity.
-- **Don't start documents with includes**: The opening of a document is usually the introduction, which explains its purpose. Includes are reused text, so starting multiple documents with identical content could look odd, especially in search results.
-
 ## Guidelines for command-line operations
 
 ### Restarting vs. reloading NGINX
diff --git a/documentation/writing-hugo.md b/documentation/writing-hugo.md
index 00f7d6448..aab79712a 100644
--- a/documentation/writing-hugo.md
+++ b/documentation/writing-hugo.md
@@ -87,53 +87,58 @@ To install <integation>, refer to the [integration instructions]({{< ref "/integ
 
 ### How to use Hugo shortcodes
 
-[Hugo shortcodes](https://github.com/nginxinc/nginx-hugo-theme/tree/main/layouts/shortcodes) are used to format callouts, add images, and reuse content across different pages.
+[Hugo shortcodes](https://github.com/nginxinc/nginx-hugo-theme/tree/main/layouts/shortcodes) are used to provide extra functionality and special formatting to Markdown content.
 
-For example, to use the `note` callout:
+This is an example of a call-out shortcode:
 
 ```md
-{{< note >}} Provide the text of the note here .{{< /note >}}
+{{< call-out "note" >}} Provide the text of the note here .{{< /call-out >}}
 ```
 
-The callout shortcodes support multi-line blocks:
+Here are some other shortcodes:
+
+- `include`: Include the content of a file in another file: read the [Re-use content with includes](#re-use-content-with-includes) instructions
+- `tabs`: Create mutually exclusive tabbed window panes, useful for parallel instructions
+- `table`: Add scrollbars to wide tables for browsers with smaller viewports
+- `icon`: Add a [Lucide icon](https://lucide.dev/icons/) by using its name as a parameter
+- `link`: Link to a file, prepending its path with the Hugo baseUrl
+- `ghcode`: Embeds the contents of a code file: read the [Add code to documentation pages](#add-code-to-documentation-pages) instructions
+- `openapi`: Loads an OpenAPI specification and render it as HTML using ReDoc
+
+#### Add call-outs to documentation pages
+
+The call out shortcode support multi-line blocks:
 
 ```md
-{{< caution >}}
+{{< call-out "caution" >}}
 You should probably never do this specific thing in a production environment.
 
 If you do, and things break, don't say we didn't warn you.
-{{< /caution >}}
+{{< /call-out >}}
 ```
 
-Supported callouts:
+The first parameter determines the type of call-out, which defines the colour given to it.
+
+Supported types:
 - `note`
 - `tip`
 - `important`
 - `caution`
 - `warning`
 
-You can also create custom callouts using the `call-out` shortcode `{{< call-out "type position" "header" "font-awesome icon >}}`. For example:
+An optional second parameter will add a title to the call-out: without it, it will fall back to the type.
 
 ```md
-{{<call-out "important side-callout" "JWT file required for upgrade" "fa fa-exclamation-triangle">}}
-```
+{{< call-out "important" "This instruction only applies to v#.#.#" >}}
+These instructions are only intended for versions #.#.# onwards.
 
-By default, all custom callouts are displayed inline, unless you add `side-callout` which places the callout to the right of the content.
-
-Here are some other shortcodes:
+Follow <these-instructions> if you're using an older version.
+{{< /call-out >}}
+```
 
-- `fa`: Inserts a Font Awesome icon
-- `collapse`: Make a section collapsible
-- `tab`: Create mutually exclusive tabbed window panes, useful for parallel instructions
-- `table`: Add scrollbars to wide tables for browsers with smaller viewports
-- `link`: Link to a file, prepending its path with the Hugo baseUrl
-- `openapi`: Loads an OpenAPI specification and render it as HTML using ReDoc
-- `include`: Include the content of a file in another file; the included file must be present in the '/content/includes/' directory
-- `raw-html`: Include a block of raw HTML
-- `readfile`: Include the content of another file in the current file, which can be in an arbitrary location.
-- `bootstrap-table`: formats a table using Bootstrap classes; accepts any bootstrap table classes as additional arguments, e.g. `{{< bootstrap-table "table-bordered table-hover" }}`
+Finally, you can use an optional third parameter to add a [Lucide icon](https://lucide.dev/icons/) using its name.
 
-### Add code to documentation pages
+#### Add code to documentation pages
 
 For command, binary, and process names, we sparingly use pairs of backticks (\`\<some-name\>\`): `<some-name>`.
 
@@ -145,22 +150,9 @@ You can also use the `ghcode` shortcode to embed a single file directly from Git
 
 An example of this can be seen in [/content/ngf/get-started.md](https://github.com/nginx/documentation/blob/af8a62b15f86a7b7be7944b7a79f44fd5e526c15/content/ngf/get-started.md?plain=1#L233C1-L233C128), which embeds a YAML file.
 
+#### Re-use content with includes
 
-### Add images to documentation pages
-
-Use the `img` shortcode to add images to documentation pages. It has the same parameters as the Hugo [figure shortcode](https://gohugo.io/content-management/shortcodes/#figure).
-
-1. Add the image to the `/static/img` directory.
-2. Add the `img` shortcode:
-  - `{{< img src="<img-file.png>" alt="<Alternative text>">}}`
-  - Do not include a forward slash at the beginning of the file path or it will [break the image](https://gohugo.io/functions/relurl/#input-begins-with-a-slash).
-
-> **Important**: We have strict guidelines for using images. Review them in our [style guide](/documentation/style-guide.md#guidelines-for-screenshots).
-
-
-### How to use Hugo includes
-
-Hugo includes are a custom shortcode that allows you to embed content stored in the [`/content/includes` directory](https://github.com/nginx/documentation/tree/main/content/includes).
+The includes are a custom shortcode that allows you to embed content stored in the [`/content/includes` directory](https://github.com/nginx/documentation/tree/main/content/includes).
 
 It allows for content to be defined once and display in multiple places without duplication, creating consistency and simplifying the maintenance of items such as reference tables.
 
@@ -180,12 +172,13 @@ This particular include file is used in the following pages:
 
 View the [Guidelines for includes](/templates/style-guide.md#guidelines-for-includes) for instructions on how to write effective include files.
 
-## Linting
+#### Add images to documentation pages
 
-To use markdownlint to check content, run the following command:
+Use the `img` shortcode to add images to documentation pages. It has the same parameters as the Hugo [figure shortcode](https://gohugo.io/content-management/shortcodes/#figure).
 
-```shell
-markdownlint -c .markdownlint.yaml </content/path>
-```
+1. Add the image to the `/static/img` directory.
+2. Add the `img` shortcode:
+  - `{{< img src="<img-file.png>" alt="<Alternative text>">}}`
+  - Do not include a forward slash at the beginning of the file path or it will [break the image](https://gohugo.io/functions/relurl/#input-begins-with-a-slash).
 
-The content path can be an individual file or a folder.
+> **Important**: We have strict guidelines for using images. Review them in our [style guide](/documentation/style-guide.md#guidelines-for-screenshots).
diff --git a/go.mod b/go.mod
index a026366c2..2c30be622 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,4 @@ module github.com/nginxinc/docs
 
 go 1.19
 
-require github.com/nginxinc/nginx-hugo-theme v0.43.5 // indirect
+require github.com/nginxinc/nginx-hugo-theme v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 22a5ad0ff..65e845dc7 100644
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,2 @@
-github.com/nginxinc/nginx-hugo-theme v0.43.4 h1:fnUGTcpR/pwwgBIy2dv0fOkeT++cqv1T6G1LKqQRAFg=
-github.com/nginxinc/nginx-hugo-theme v0.43.4/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
-github.com/nginxinc/nginx-hugo-theme v0.43.5 h1:OCsB4Y5mWN0fDzev+rie62zVXciR89vgsQ5Ss8mxUn8=
-github.com/nginxinc/nginx-hugo-theme v0.43.5/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
+github.com/nginxinc/nginx-hugo-theme v1.0.0 h1:ufoXHaOcFUMAl6DSFgSeU+FKM5Oz+KCgxjPNhDJywu4=
+github.com/nginxinc/nginx-hugo-theme v1.0.0/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
diff --git a/layouts/_default/nms-eos-list.html b/layouts/_default/nms-eos-list.html
deleted file mode 100644
index e0f713e70..000000000
--- a/layouts/_default/nms-eos-list.html
+++ /dev/null
@@ -1,10 +0,0 @@
-{{ define "main" }}
-<div class="row flex-xl-nowrap">
-  <nav class="sidenav overflow-auto col-md-3 d-none d-xl-block d-print-none">
-    {{ partial "sidebar.html" . }}
-  </nav>
-  <main class="content col-xl-9 d-block" role="main">
-    {{ partial "acm-eos/list-landing.html" . }}
-  </main>
-</div>
-{{ end }}
diff --git a/layouts/catalogs/single.html b/layouts/catalogs/single.html
index ca27eff9f..b1fb68f10 100644
--- a/layouts/catalogs/single.html
+++ b/layouts/catalogs/single.html
@@ -1,10 +1,7 @@
 
 {{ define "main" }}
 <div class="row flex-xl-nowrap">
-  <nav class="sidenav overflow-auto col-md-3 d-none d-xl-block d-print-none align-top">
-    {{ partial "sidebar.html" . }}
-  </nav>
-  
+
     {{ .Content }}
 
 <!-- If there is a script defined in the page metadata, load it  -->
@@ -14,4 +11,3 @@
 {{end }}
 
 {{ end }}
-
diff --git a/layouts/index.html b/layouts/index.html
index c4834aa1c..303e1dfad 100644
--- a/layouts/index.html
+++ b/layouts/index.html
@@ -1,426 +1,3 @@
 {{ define "main" }}
-<div data-mf="false">
-<div class="page col-md-12 col-xl-12 pl-md-5" id="site-home">
-
-    <div class="justify-content-left" style="margin-left: 1.5em;">
-        {{ if eq .Title "NGINX Product Documentation" }}
-        <h2 style="font-weight: 300; font-size: 2em; margin-top: 25px">NGINX Product Documentation</h2>
-        {{ end}} {{ if .Description }}
-        <h2 class="bd-lead" style="font-weight: 300; font-size: 1.3em;">{{ .Description | markdownify }}</h2>
-        {{ end}} {{ if .Content }}
-        <p class="bd-lead">{{ .Content }}</p>
-        {{ end }}
-    </div>
-
-</div>
-
-<div class="col-md-12 col-xl-12 py-md-3 pl-md-5">
-    <div class="justify-content-left" style="margin-left: 1.5em;">
-        <h2 style="font-weight: 400; font-size: 1.5em; margin-top: 0px; margin-bottom: 0px;">NGINX One</h2>
-    </div>
-</div>
-
-<div class="container-fluid" style="margin-left: 1%;">
-    <section class="col-md-12 col-xl-12 py-md-3 pl-md-5" id="nginx-products">
-        <div class="row justify-content-center">
-            <div class="card-deck">
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-one" class="products-card" alt="NGINX One Console">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-One-product-icon.png"> NGINX One Console</h3>
-                        <div class="card-description">
-                            <p>Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console.</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx" class="products-card" alt="NGINX Plus">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Plus-product-icon-RGB.png"> NGINX Plus</h3>
-                        <div class="card-description">
-                            <p>The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-instance-manager" class="products-card" alt="NGINX Instance Manager">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Instance-Manager-product-icon.png"> NGINX Instance Manager</h3>
-                        <div class="card-description">
-                            <p>Track and control NGINX Open Source and NGINX Plus instances.</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-ingress-controller" class="products-card" alt="NGINX Ingress Controller">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Ingress-Controller-product-icon.png"> NGINX Ingress Controller</h3>
-                        <div class="card-description">
-                            <p>Kubernetes traffic management with API gateway, identity, and observability features</p>
-                        </div>
-                    </a>
-                </div>
-
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-gateway-fabric" class="products-card" alt="NGINX Gateway Fabric">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Gateway-Fabric-product-icon.png"> NGINX Gateway Fabric</h3>
-                        <div class="card-description">
-                            <p>Next generation Kubernetes connectivity using the Gateway API.</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="https://nginx.org/en/docs/" class="products-card" alt="NGINX Open Source">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png"> NGINX Open Source</h3>
-                        <div class="card-description">
-                            <p>The open source all-in-one load balancer, content cache, and web server</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-agent" class="products-card" alt="NGINX Agent">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png"> NGINX Agent</h3>
-                        <div class="card-description">
-                            <p>A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}solutions" class="products-card" alt="NGINX Solutions">
-                        <div class="saas-card">
-                            <div class="saas-icon"><img style="width: auto; height: auto;" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png"></div>
-                            <div class="saas-description">
-                                <h3 class="saas-title">Subscription Licensing & Solutions</h3>
-                                <p>Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs.</p>
-                            </div>
-                        </div>
-                    </a>
-                </div>
-
-            </div>
-        </div>
-    </section>
-</div>
-
-<div class="col-md-12 col-xl-12 py-md-3 pl-md-5">
-    <div class="justify-content-left" style="margin-left: 1.5em;">
-        <h2 style="font-weight: 400; font-size: 1.5em; margin-top: 0px; margin-bottom: 0px;">NGINX App Protect</h2>
-    </div>
-</div>
-
-
-<div class="container-fluid" style="margin-left: 1%;">
-    <section class="col-md-12 col-xl-12 py-md-3 pl-md-5" id="nginx-products">
-        <div class="row justify-content-center">
-            <div class="card-deck">
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-app-protect-waf" class="products-card" alt="NGINX App Protect WAF">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-WAF-product-icon.png"> NGINX App Protect WAF</h3>
-                        <div class="card-description">
-                            <p>Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs</p>
-                        </div>
-                    </a>
-                </div>
-
-                <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                    <a href="{{ .Site.BaseURL }}nginx-app-protect-dos" class="products-card" alt="NGINX App Protect DoS">
-                        <h3 class="card-title"><img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-DoS-product-icon.png"> NGINX App Protect DoS</h3>
-                        <div class="card-description">
-                            <p>Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs</p>
-                        </div>
-                    </a>
-                </div>
-
-            </div>
-        </div>
-    </section>
-</div>
-
-<div class="col-md-12 col-xl-12 py-md-3 pl-md-5">
-   <div class="justify-content-left" style="margin-left: 1.5em;">
-       <h2 style="font-weight: 400; font-size: 1.5em; margin-top: 0px; margin-bottom: 0px;">NGINX as a Service</h2>
-   </div>
-</div>
-
-<div class="container-fluid" style="margin-left: 1%;">
-   <section class="col-md-12 col-xl-12 py-md-3 pl-md-5" id="nginx-products">
-       <div class="row justify-content-center">
-           <div class="card-deck">
-            <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                <a href="{{ .Site.BaseURL }}nginxaas/azure" class="products-card" alt="NGINX as a Service for Azure">
-                    <div class="saas-card">
-                        <div class="saas-icon"><img style="width: auto; height: auto;" src="{{ .Site.BaseURL }}/images/icons/NGINX-for-Azure-product-icon.png"></div>
-                        <div class="saas-description">
-                            <h3 class="saas-title">NGINX as a Service for Azure</h3>
-                            <p>Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack</p>
-                        </div>
-                    </div>
-                </a>
-            </div>
-         </div>
-      </div>
-   </section>
-</div>
-
-<div class="col-md-12 col-xl-12 py-md-3 pl-md-5">
-    <div class="justify-content-left" style="margin-left: 1.5em;">
-        <h2 style="font-weight: 400; font-size: 1.5em; margin-top: 0px; margin-bottom: 0px;">More NGINX Products</h2>
-    </div>
- </div>
-
- <div class="container-fluid" style="margin-left: 1%;">
-    <section class="col-md-12 col-xl-12 py-md-3 pl-md-5" id="nginx-products">
-        <div class="row justify-content-center">
-            <div class="card-deck">
-             <div class="col-xs-12 col-sm-6 col-lg-4 card-holder">
-                 <a href="{{ .Site.BaseURL }}nginx-unit" class="products-card" alt="NGINX Unit">
-                     <div class="saas-card">
-                         <div class="saas-icon"><img style="width: auto; height: auto;" src="{{ .Site.BaseURL }}/images/icons/NGINX-Unit-product-icon-RGB.png"></div>
-                         <div class="saas-description">
-                             <h3 class="saas-title">NGINX Unit</h3>
-                             <p>Dynamic app server that can run beside NGINX, NGINX Plus, or on its own</p>
-                         </div>
-                     </div>
-                 </a>
-             </div>
-          </div>
-       </div>
-    </section>
- </div>
-</div>
-
-{{/*  mf homepage  */}}
-
-<div class="homepage" data-mf="true">
-    <div class="homepage-section">
-        <div class="homepage-heading">
-            NGINX Product Documentation
-        </div>
-        <div class="homepage-banner-text">
-            Learn how to deliver, manage, and protect your applications using F5 NGINX products.
-        </div>
-        <h1 class="homepage-heading">
-            NGINX One
-        </h1>
-        <a href="{{ .Site.BaseURL }}nginx-one" alt="NGINX One Console">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-One-product-icon.png">
-                </div>
-                <h1 class="homepage-item-text">
-                  NGINX One Console
-                </h1>
-              </div>
-              <div class="homepage-item-content">
-                Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console.
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx" alt="NGINX Plus">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Plus-product-icon-RGB.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Plus
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx-instance-manager" alt="NGINX Instance Manager">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Instance-Manager-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Instance Manager
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Track and control NGINX Open Source and NGINX Plus instances.
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx-ingress-controller" alt="NGINX Ingress Controller">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Ingress-Controller-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Ingress Controller
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Kubernetes traffic management with API gateway, identity, and observability features
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx-gateway-fabric" alt="NGINX Gateway Fabric">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Gateway-Fabric-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Gateway Fabric
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Next generation Kubernetes connectivity using the Gateway API.
-              </div>
-            </div>
-          </a>
-
-          <a href="https://nginx.org/en/docs/" alt="NGINX Open Source">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Open Source
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                The open source all-in-one load balancer, content cache, and web server
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx-agent" alt="NGINX Agent">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX Agent
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}solutions" alt="NGINX Solutions">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  Subscription Licensing & Solutions
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs.
-              </div>
-            </div>
-          </a>
-
-    </div>
-
-    <div class="homepage-section">
-        <div class="homepage-heading">
-            NGINX App Protect
-        </div>
-
-        <a href="{{ .Site.BaseURL }}nginx-app-protect-waf" class="products-card" alt="NGINX App Protect WAF">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-WAF-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX App Protect WAF
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs
-              </div>
-            </div>
-          </a>
-
-          <a href="{{ .Site.BaseURL }}nginx-app-protect-dos" class="products-card" alt="NGINX App Protect DoS">
-            <div class="homepage-item">
-              <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-DoS-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                  NGINX App Protect DoS
-                </div>
-              </div>
-              <div class="homepage-item-content">
-                Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs
-              </div>
-            </div>
-          </a>
-    </div>
-
-    <div class="homepage-section">
-        <div class="homepage-heading">
-            NGINX as a Service
-        </div>
-
-        <a  href="{{ .Site.BaseURL }}nginxaas/azure" alt="NGINX as a Service for Azure">
-        <div class="homepage-item">
-            <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                    <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-for-Azure-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                    NGINX as a Service for Azure
-                </div>
-            </div>
-
-            <div class="homepage-item-content">
-                Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack
-            </div>
-        </div>
-         </a>
-    </div>
-
-
-    <div class="homepage-section">
-        <div class="homepage-heading">
-            More NGINX Products
-        </div>
-
-        <a href="https://unit.nginx.org/" alt="NGINX Unit">
-        <div class="homepage-item">
-            <div class="homepage-item-heading">
-                <div class="homepage-item-logo">
-                    <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-One-product-icon.png">
-                </div>
-                <div class="homepage-item-text">
-                    NGINX Unit
-                </div>
-            </div>
-            <div class="homepage-item-content">
-                Dynamic app server that can run beside NGINX, NGINX Plus, or on its own
-            </div>
-        </div>
-         </a>
-    </div>
-
-</div>
-
-{{ end }}
+{{ partial "homepage.html" . }}
+{{end}}
diff --git a/layouts/partials/acm-eos/list-landing.html b/layouts/partials/acm-eos/list-landing.html
deleted file mode 100644
index 2845f62d3..000000000
--- a/layouts/partials/acm-eos/list-landing.html
+++ /dev/null
@@ -1,51 +0,0 @@
-<div class="list-page">
-    <div class="col-md-12 col-xl-12 py-md-3" style="margin-left: -1.75em;">
-        <div class="page-header list">
-            <h1 class="bd-title">
-                {{ .Title }}
-            </h1>
-            {{ if .Description }}
-                <p>
-                    {{ .Description | markdownify }}
-                </p>
-            {{ end}}
-            {{ if .Content }}
-                <p>
-                    {{ .Content | markdownify }}
-                </p>
-            {{ end }}
-        </div>
-    </div>
-
-    <section>
-        <div class="row">
-            <div class="card-deck">
-        {{ range .Pages.GroupBy "Section" }}
-            
-            {{ range .Pages.ByWeight }}
-            <div class="col-md-5 card">
-                <div class="card-body">
-                    <h3 class="card-title">
-                        <i class="fas fa-{{if eq .Kind "page"}}file-alt{{else}}book{{end}} fa-lg card-img-top"></i>
-                        <a href="{{ if .Params.url}}{{ .Params.url}}{{else}}{{ .Permalink }}{{end}}">{{ .Title }}</a>
-                    </h3>
-                    {{ if eq .Title "API Connectivity Manager" }}
-                    <p class="card-text">
-                        <div>
-                            <i class="fa-solid fa-triangle-exclamation"></i><strong>This product is End of Sale.</strong> See our <a href="https://my.f5.com/manage/s/article/K000137989">End of Sale announcement</a> for more details.
-                        </div> 
-                    </p>
-                    {{ end }}
-            
-            </div>
-            </div>
-
-            {{ end }}
-        </div> 
-    </div>  
-        {{ end }}
-
-
-    </section>
-    
-</div>
diff --git a/layouts/partials/acm-eos/list-main.html b/layouts/partials/acm-eos/list-main.html
deleted file mode 100644
index 523a32e72..000000000
--- a/layouts/partials/acm-eos/list-main.html
+++ /dev/null
@@ -1,51 +0,0 @@
-<div class="list-page">
-    <div class="col-md-12 col-xl-12 py-md-3" style="margin-left: -1.75em;">
-        <div class="page-header list">
-            <h1 class="bd-title">
-                {{ .Title }}
-            </h1>
-            {{ if .Description }}
-                <p>
-                    {{ .Description | markdownify }}
-                </p>
-            {{ end}}
-            <blockquote class="warning">
-                <div><i class="fa-solid fa-triangle-exclamation"></i><strong>End of Sale Notice:</strong><br><br> F5 NGINX is announcing the <strong>End of Sale (EoS)</strong> for NGINX Management Suite API Connectivity Manager Module, <strong>effective January 1, 2024</strong>.<br><br>F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. <strong>License renewals are not available after September 30, 2024.</strong><br><br>See our <a href="https://my.f5.com/manage/s/article/K000137989">End of Sale announcement</a> for more details.
-                </div>
-            </blockquote> 
-            {{ if .Content }}
-                <p>
-                    {{ .Content | markdownify }}
-                </p>
-            {{ end }}
-        </div>
-    </div>
-
-    <section>
-        <div class="row">
-            <div class="card-deck">
-        {{ range .Pages.GroupBy "Section" }}
-            
-            {{ range .Pages.ByWeight }}
-            <div class="col-md-5 card">
-                <div class="card-body">
-                    <h3 class="card-title">
-                        <i class="fas fa-{{if eq .Kind "page"}}file-alt{{else}}book{{end}} fa-lg card-img-top"></i>
-                        <a href="{{ if .Params.url}}{{ .Params.url}}{{else}}{{ .Permalink }}{{end}}">{{ .Title }}</a>
-                    </h3>
-                    {{/*}}<p class="card-text">
-                        {{ if .Description }}{{ .Description | markdownify }}{{ end }}    
-                    </p>{{*/}}
-            
-            </div>
-            </div>
-
-            {{ end }}
-        </div> 
-    </div>  
-        {{ end }}
-
-
-    </section>
-    
-</div>
\ No newline at end of file
diff --git a/layouts/partials/breadcrumb.html b/layouts/partials/breadcrumb.html
deleted file mode 100644
index ef7aeb391..000000000
--- a/layouts/partials/breadcrumb.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<nav aria-label="breadcrumb" class="breadcrumb navbar">
-    <div class="nav flex-md-row">
-        <ol class="breadcrumb">
-            {{ define "breadcrumb" }}
-            
-            {{ with .Parent }}
-                {{ template "breadcrumb" . }}
-                <li><a href="{{ .RelPermalink }}">{{if .IsHome}}Home{{else}}{{ .Title }}{{end}}</a><i class="fas fa-chevron-right"></i></li>
-                {{ end }}
-            {{ end }}
-            
-            {{ if not .IsHome }}
-            
-                {{ template "breadcrumb" . }}
-                {{.Title}}
-        </ol>
-    </div>
-</nav>
-{{ end }}
\ No newline at end of file
diff --git a/layouts/partials/sidebar.html b/layouts/partials/sidebar.html
deleted file mode 100644
index c37f997cd..000000000
--- a/layouts/partials/sidebar.html
+++ /dev/null
@@ -1,192 +0,0 @@
-{{ block "sidebar" . }}
-<!-- sidebar start -->
-<div id="sidebar-wrapper">
-     <div id="sidebar" class="sidebar" aria-label="Sidebar navigation">
-        <button id="sidebar-toggle-button" title="Toggle sidebar navigation" role="button" aria-controls="sidebar-content">
-           <i class="fa fa-chevron-right sidebar-visible-collapsed"></i>
-           <i class="fa fa-chevron-left sidebar-visible-expanded"></i>
-        </button>
-        <div id="sidebar-content">
-            <h3>
-                <a class="sidebar-title" href="{{.FirstSection.Permalink}}" alt="{{.FirstSection.Title}}">{{ if .Params.logo }}<img
-                        class="card-img-top" src="{{ .Site.BaseURL}}/images/icons/{{ .Params.logo }}"
-                        alt="{{.FirstSection.Title}}">{{end}}
-                    {{.FirstSection.Title}}</a>
-            </h3>
-            <ul>
-            <!-- Use FirstSection here to keep the current product as the top level of the nav -->
-            {{ range .FirstSection.Pages.ByWeight }}<!-- Level 1 Regular Pages -->
-                <!-- Create a regular list item for pages -->
-                {{if eq .Kind "page"}}
-                <li class="nginx-toc-link l1">
-                    <a data-menu-id="{{.RelPermalink}}" href="{{ .Permalink }}">{{ .Title }}</a>
-                </li>
-                <!-- Create an accordion group for sections -->
-                {{else}}
-                <div class="accordion" id="accordion1">
-                    <div class="accordion-group">
-                        <div class="accordion-heading">
-                            <li class="nginx-toc-link l1">
-                                    <a data-menu-id="{{.RelPermalink}}" class="accordion-toggle" aria-expanded="false"
-                                    data-toggle="collapse" href="#" data-target="#{{.Section | urlize}}--{{.Title | urlize}}" aria-controls="{{.Section | urlize}}--{{.Title | urlize}}">
-                                    <i class="fa fa-2xs fa-fw fa-chevron-right"></i><i
-                                        class="fa fa-2xs fa-fw fa-chevron-down"></i>{{ .Title }}</a>
-                            </li>
-                        </div>
-                        <div id="{{.Section | urlize}}--{{.Title | urlize}}" class="accordion-body collapse">
-                            <div class="accordion-inner">
-                                {{ range .Pages.ByWeight }}<!-- Level 2 Regular Pages -->
-                                <!-- Create a regular list item for pages -->
-                                    {{if eq .Kind "page"}}
-                                    <ul class="sidebar-reg-padding">
-                                        <div class="accordion" id="accordion2">
-                                            <div class="accordion-group sidebar-il-border">
-                                                <div class="accordion-heading">
-                                                    <ul>
-                                                        <li class="nginx-toc-link l2">
-                                                            <a data-menu-id="{{.RelPermalink}}"
-                                                                href="{{ .Permalink }}">{{ .Title }}</a>
-                                                        </li>
-                                                    </ul>
-                                                </div>
-                                            </div>
-                                        </div>
-                                    </ul>
-                                    <!-- Create an accordion group for Level 2 sections -->
-                                    {{ else }}
-                                    <div class="accordion" id="Accordion2">
-                                        <div class="sidebar-l1-padding">
-                                            <div class="accordion-group sidebar-il-border">
-                                                <div class="accordion-heading">
-                                                    <ul>
-                                                        <li class="nginx-toc-link l2">
-                                                            <a data-menu-id="{{.RelPermalink}}" class="accordion-toggle"
-                                                                aria-expanded="false" data-toggle="collapse"
-                                                                href="#{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}">
-                                                                <i class="fa fa-2xs fa-fw fa-chevron-right"></i><i
-                                                                    class="fa fa-2xs fa-fw fa-chevron-down"></i>{{ .Title }}</a>
-                                                        </li>
-                                                    <ul>
-                                                </div>
-                                                <div id="{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}" class="accordion-body collapse leaf">
-                                                    <div class="accordion-inner">
-
-                                                    {{ range .Pages.ByWeight }}<!-- Level 3 Regular Pages -->
-                                                        <!-- Create a regular list item for pages -->
-                                                        {{if eq .Kind "page"}}
-                                                        <ul class="sidebar-l2-padding">
-                                                            <li class="nginx-toc-link l3 sidebar-il-border">
-                                                                <a data-menu-id="{{.RelPermalink}}" href="{{ .Permalink }}">{{ .Title }}</a>
-                                                            </li>
-                                                        </ul>
-                                                        <!-- Create an accordion group for Level 3 sections -->
-                                                        {{else}}
-                                                        <div class="accordion" id="Accordion3">
-                                                            <div class="sidebar-l2-padding">
-                                                                <div class="accordion-group sidebar-il-border">
-                                                                    <div class="accordion-heading">
-                                                                        <ul>
-                                                                            <li class="nginx-toc-link l2">
-                                                                                <a data-menu-id="{{.RelPermalink}}" class="accordion-toggle"
-                                                                                    aria-expanded="false" data-toggle="collapse"
-                                                                                    href="#{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}">
-                                                                                    <i class="fa fa-2xs fa-fw fa-chevron-right"></i><i
-                                                                                        class="fa fa-2xs fa-fw fa-chevron-down"></i>{{ .Title }}</a>
-                                                                            </li>
-                                                                        <ul>
-                                                                    </div>
-                                                                    <div id="{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}" class="accordion-body collapse leaf">
-                                                                        <div class="accordion-inner">
-                                                                        {{ range .Pages.ByWeight }}<!-- Level 4 Regular Pages -->
-                                                                        <!-- Create a regular list item for pages -->
-                                                                        {{if eq .Kind "page"}}
-                                                                            <ul class="sidebar-l2-padding">
-                                                                                <li class="nginx-toc-link l3 sidebar-il-border ">
-                                                                                    <a data-menu-id="{{.RelPermalink}}"
-                                                                                        href="{{ .Permalink }}">{{ .Title }}</a>
-                                                                                </li>
-                                                                            </ul>
-                                                                        <!-- Create an accordion group for Level 4 sections -->
-                                                                        {{else}}
-                                                                            <div class="accordion" id="Accordion4">
-                                                                                <div class="sidebar-l2-padding">
-                                                                                    <div class="accordion-group sidebar-il-border">
-                                                                                        <div class="accordion-heading">
-                                                                                            <ul>
-                                                                                                <li class="nginx-toc-link l2">
-                                                                                                    <a data-menu-id="{{.RelPermalink}}" class="accordion-toggle"
-                                                                                                        aria-expanded="false" data-toggle="collapse"
-                                                                                                        href="#{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}">
-                                                                                                        <i class="fa fa-2xs fa-fw fa-chevron-right"></i><i
-                                                                                                            class="fa fa-2xs fa-fw fa-chevron-down"></i>{{ .Title }}</a>
-                                                                                                </li>
-                                                                                            <ul>
-                                                                                        </div>
-                                                                                        <div id="{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}" class="accordion-body collapse leaf">
-                                                                                            <div class="accordion-inner">
-                                                                                                {{ range .Pages.ByWeight }}<!-- Level 5 Regular Pages -->
-                                                                                                <!-- Create a regular list item for pages -->
-                                                                                                {{if eq .Kind "page"}}
-                                                                                                <ul class="sidebar-l2-padding">
-                                                                                                    <li class="nginx-toc-link l3 sidebar-il-border ">
-                                                                                                        <a data-menu-id="{{.RelPermalink}}"
-                                                                                                            href="{{ .Permalink }}">{{ .Title }}</a>
-                                                                                                    </li>
-                                                                                                </ul>
-                                                                                                <!-- Create an accordion group for Level 5sections -->
-                                                                                                {{else}}
-                                                                                                <div class="accordion" id="Accordion5">
-                                                                                                    <div class="sidebar-l2-padding">
-                                                                                                        <div class="accordion-group sidebar-il-border">
-                                                                                                            <div class="accordion-heading">
-                                                                                                                <ul>
-                                                                                                                    <li class="nginx-toc-link l2">
-                                                                                                                        <a data-menu-id="{{.RelPermalink}}" class="accordion-toggle"
-                                                                                                                            aria-expanded="false" data-toggle="collapse"
-                                                                                                                            href="#{{.Section | urlize}}--{{.Parent.File.ContentBaseName}}--{{.Title | urlize}}">
-                                                                                                                            <i class="fa fa-2xs fa-fw fa-chevron-right"></i><i
-                                                                                                                                class="fa fa-2xs fa-fw fa-chevron-down"></i>{{ .Title }}</a>
-                                                                                                                    </li>
-                                                                                                                <ul>
-                                                                                                            </div>
-                                                                                                        </div>
-                                                                                                    </div>
-                                                                                                </div>
-                                                                                                {{ end }}
-                                                                                                {{ end }}
-                                                                                            </div>
-                                                                                        </div>
-                                                                                    </div>
-                                                                                </div>
-                                                                            </div>
-                                                                            {{ end }}
-                                                                            {{ end }}
-                                                                        </div>
-                                                                    </div>
-                                                                </div>
-                                                            </div>
-                                                        </div>
-                                                        {{ end }}
-                                                    {{ end }}
-                                                    </div>
-                                                </div>
-                                            </div>
-                                        </div>
-                                    </div>
-                                    {{ end }}
-                                {{ end }}
-                            </div>
-                        </div>
-                    </div>
-                </div>
-
-                {{end}}
-
-            {{ end }}
-
-            </ul>
-        <!-- close sidebar div-->
-        </div>
-    </div>
-</div>
-{{ end }}
\ No newline at end of file
diff --git a/layouts/shortcodes/before-you-begin.html b/layouts/shortcodes/before-you-begin.html
deleted file mode 100644
index ad41f5bba..000000000
--- a/layouts/shortcodes/before-you-begin.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<blockquote class="tip">
-  <div><strong>Before you begin:</strong><br/> {{ .Inner | markdownify }}</div>
-</blockquote>
\ No newline at end of file
diff --git a/layouts/shortcodes/catalogs-dimensions.html b/layouts/shortcodes/catalogs-dimensions.html
index 1b38e46f4..2b88e9701 100644
--- a/layouts/shortcodes/catalogs-dimensions.html
+++ b/layouts/shortcodes/catalogs-dimensions.html
@@ -1,13 +1,12 @@
 {{/* This shortcode **requires** that the document uses the _default/catalogs.html layout */}}
-<main class="content col-xl-6 d-block align-top" role="main">
+<main class="content col-xl-6 d-block align-top catalog" role="main">
     <h1>NGINX Management Suite Dimensions Catalog</h1>
     <p>Information about all of the Dimensions collected by NGINX Agent</p>
     &nbsp;
     {{ range .Site.Data.nms.catalogs.dimensions }}
     <a name="{{.name}}"></a>
-    <h2>{{.name}}<a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"><i class="fas fa-link fa-xs"
-                aria-hidden="true"></i></a></h2>
-    <table>
+    <h2>{{.name}}<a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"></a></h2>
+    <table class="catalog__table">
         <tbody>
             <tr>
                 <td style="width: 200px; padding-bottom:5px">description</td>
@@ -19,6 +18,5 @@ <h2>{{.name}}<a class="headerlink float-right" href="#{{.name}}" title="{{.name}
             </tr>
         </tbody>
     </table>
-    <hr>
     {{ end }}
 </main>
diff --git a/layouts/shortcodes/catalogs-events.html b/layouts/shortcodes/catalogs-events.html
index 7d7b384bc..6c8dff26e 100644
--- a/layouts/shortcodes/catalogs-events.html
+++ b/layouts/shortcodes/catalogs-events.html
@@ -1,15 +1,14 @@
 {{/* This shortcode **requires** that the document uses the _default/catalogs.html layout */}}
-<main class="content col-xl-6 d-block align-top" role="main">
+<main class="content col-xl-6 d-block align-top catalog" role="main">
     <h1>NGINX Management Suite Events Catalog</h1>
     <p>Information about all of the Events collected by NGINX Agent</p>
     &nbsp;
     {{ range .Site.Data.nms.catalogs.events }}
     <a name="{{.name}}"></a>
     <h2 id={{.name}}>{{.name}}
-      <a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"><i class="fas fa-link fa-xs"
-          aria-hidden="true"></i></a>
+      <a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"></a>
     </h2>
-    <table>
+    <table class="catalog__table">
       <tbody>
         <tr>
           <td style="width: 200px; padding-bottom:5px">description</td>
@@ -55,6 +54,5 @@ <h2 id={{.name}}>{{.name}}
         </tr>
       </tbody>
     </table>
-    <hr>
     {{ end }}
-  </main>
\ No newline at end of file
+  </main>
diff --git a/layouts/shortcodes/catalogs-metrics.html b/layouts/shortcodes/catalogs-metrics.html
index bf7f3353c..5d1ee4d27 100644
--- a/layouts/shortcodes/catalogs-metrics.html
+++ b/layouts/shortcodes/catalogs-metrics.html
@@ -1,15 +1,14 @@
 {{/* This shortcode **requires** that the document uses the _default/catalogs.html layout */}}
-<main class="content col-xl-6 d-block align-top" role="main">
+<main class="content col-xl-6 d-block align-top catalog" role="main">
   <h1>NGINX Management Suite Metrics Catalog</h1>
   <p>Information about all of the Metrics collected by NGINX Agent</p>
   &nbsp;
   {{ range .Site.Data.nms.catalogs.metrics }}
   <a name="{{.name}}"></a>
   <h2 id={{.name}}>{{.name}}
-    <a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"><i class="fas fa-link fa-xs"
-        aria-hidden="true"></i></a>
+    <a class="headerlink float-right" href="#{{.name}}" title="{{.name}}"></a>
   </h2>
-  <table>
+  <table class="catalog__table">
     <tbody>
       <tr>
         <td style="width: 200px; padding-bottom:5px">description</td>
@@ -55,6 +54,5 @@ <h2 id={{.name}}>{{.name}}
       </tr>
     </tbody>
   </table>
-  <hr>
   {{ end }}
-</main>
\ No newline at end of file
+</main>
diff --git a/layouts/shortcodes/nic-helm-version.html b/layouts/shortcodes/nic-helm-version.html
index e3a4f1933..7e541aec6 100644
--- a/layouts/shortcodes/nic-helm-version.html
+++ b/layouts/shortcodes/nic-helm-version.html
@@ -1 +1 @@
-2.2.0
\ No newline at end of file
+2.2.2
\ No newline at end of file
diff --git a/layouts/shortcodes/nic-operator-version.html b/layouts/shortcodes/nic-operator-version.html
index a4f52a5db..06eda28ac 100644
--- a/layouts/shortcodes/nic-operator-version.html
+++ b/layouts/shortcodes/nic-operator-version.html
@@ -1 +1 @@
-3.2.0
\ No newline at end of file
+3.2.3
\ No newline at end of file
diff --git a/layouts/shortcodes/nic-version.html b/layouts/shortcodes/nic-version.html
index acf69b48b..3bff05917 100644
--- a/layouts/shortcodes/nic-version.html
+++ b/layouts/shortcodes/nic-version.html
@@ -1 +1 @@
-5.1.0
\ No newline at end of file
+5.1.1
\ No newline at end of file
diff --git a/layouts/shortcodes/openapi.html b/layouts/shortcodes/openapi.html
deleted file mode 100644
index 8e6f7b5f8..000000000
--- a/layouts/shortcodes/openapi.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<api-container>
-  <redoc spec-url="{{ .Get "spec" | relURL }}" menu-toggle required-props-first show-extensions="x-f5-experimental" disable-search hide-loading sort-operations-alphabetically></redoc>
-</api-container>
diff --git a/layouts/shortcodes/rn-styles.html b/layouts/shortcodes/rn-styles.html
deleted file mode 100644
index 4704d019d..000000000
--- a/layouts/shortcodes/rn-styles.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<style>
-   hr {
-     margin-top: 40px; 
-     margin-bottom: 40px;
-     }
-   main h2 {
-        margin-top: 30px;
-        margin-bottom: 10px;
-    }
-    main h3 {
-        margin-top: 25px;
-        margin-bottom: 10px;
-        font-weight: 300;
-        font-size: 1.5em;
-    }
-    main h4 {
-      margin-top: 30px;
-      font-weight: bold; 
-    }
-    td hr {
-        margin-top: 10px;
-        margin-bottom: 10px;
-    }
-    summary {
-        margin-bottom: 20px;
-        font-weight: 300;
-        font-size: 15px;
-        color: green;
-    }
-    ol > li {
-        padding-bottom: 0px!important;
-    }
-    ol > li > ul {
-        padding-bottom: 0px!important;
-    }
- </style>
\ No newline at end of file
diff --git a/layouts/shortcodes/version-ngf.html b/layouts/shortcodes/version-ngf.html
index f93ea0ca3..7c3272873 100644
--- a/layouts/shortcodes/version-ngf.html
+++ b/layouts/shortcodes/version-ngf.html
@@ -1 +1 @@
-2.0.2
\ No newline at end of file
+2.1.1
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index df8cfa951..6e464f1ee 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,12 +8,10 @@
       "name": "documentation",
       "version": "1.0.0",
       "dependencies": {
-        "axios": "^1.8.2",
         "lighthouse": "^12.2.2",
         "puppeteer": "^23.8.0"
       },
       "devDependencies": {
-        "@playwright/test": "^1.48.0",
         "hugo-bin": "^0.111.3"
       }
     },
@@ -96,22 +94,6 @@
       "integrity": "sha512-KxWFdRNbv13U8bhYaQvH6gLG9CVEt2jKeosyOOYILVntWEVWhovbgDrbOiZ12pJO3vjZs0Zgbd3/Zgde98woEA==",
       "license": "BSD-3-Clause"
     },
-    "node_modules/@playwright/test": {
-      "version": "1.48.0",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.48.0.tgz",
-      "integrity": "sha512-W5lhqPUVPqhtc/ySvZI5Q8X2ztBOUgZ8LbAFy0JQgrXZs2xaILrUcNO3rQjwbLPfGK13+rZsDa1FpG+tqYkT5w==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "playwright": "1.48.0"
-      },
-      "bin": {
-        "playwright": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/@puppeteer/browsers": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-2.4.1.tgz",
@@ -488,11 +470,6 @@
         "node": ">=4"
       }
     },
-    "node_modules/asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
-    },
     "node_modules/axe-core": {
       "version": "4.10.2",
       "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.10.2.tgz",
@@ -502,17 +479,6 @@
         "node": ">=4"
       }
     },
-    "node_modules/axios": {
-      "version": "1.8.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.2.tgz",
-      "integrity": "sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg==",
-      "license": "MIT",
-      "dependencies": {
-        "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.0",
-        "proxy-from-env": "^1.1.0"
-      }
-    },
     "node_modules/b4a": {
       "version": "1.6.4",
       "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.4.tgz",
@@ -794,17 +760,6 @@
       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
       "license": "MIT"
     },
-    "node_modules/combined-stream": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
-      "dependencies": {
-        "delayed-stream": "~1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/commander": {
       "version": "2.20.3",
       "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
@@ -1004,14 +959,6 @@
         "node": ">= 14"
       }
     },
-    "node_modules/delayed-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/devtools-protocol": {
       "version": "0.0.1367902",
       "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1367902.tgz",
@@ -1335,38 +1282,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
-      "funding": [
-        {
-          "type": "individual",
-          "url": "https://github.com/sponsors/RubenVerborgh"
-        }
-      ],
-      "engines": {
-        "node": ">=4.0"
-      },
-      "peerDependenciesMeta": {
-        "debug": {
-          "optional": true
-        }
-      }
-    },
-    "node_modules/form-data": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
-      "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
-      "dependencies": {
-        "asynckit": "^0.4.0",
-        "combined-stream": "^1.0.8",
-        "mime-types": "^2.1.12"
-      },
-      "engines": {
-        "node": ">= 6"
-      }
-    },
     "node_modules/form-data-encoder": {
       "version": "2.1.4",
       "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz",
@@ -1390,21 +1305,6 @@
         "node": ">=14.14"
       }
     },
-    "node_modules/fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
-      "dev": true,
-      "hasInstallScript": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-      }
-    },
     "node_modules/get-caller-file": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
@@ -2056,17 +1956,7 @@
       "version": "1.52.0",
       "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
       "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "dependencies": {
-        "mime-db": "1.52.0"
-      },
+      "dev": true,
       "engines": {
         "node": ">= 0.6"
       }
@@ -2381,38 +2271,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/playwright": {
-      "version": "1.48.0",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.48.0.tgz",
-      "integrity": "sha512-qPqFaMEHuY/ug8o0uteYJSRfMGFikhUysk8ZvAtfKmUK3kc/6oNl/y3EczF8OFGYIi/Ex2HspMfzYArk6+XQSA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "playwright-core": "1.48.0"
-      },
-      "bin": {
-        "playwright": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "optionalDependencies": {
-        "fsevents": "2.3.2"
-      }
-    },
-    "node_modules/playwright-core": {
-      "version": "1.48.0",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.48.0.tgz",
-      "integrity": "sha512-RBvzjM9rdpP7UUFrQzRwR8L/xR4HyC1QXMzGYTbf1vjw25/ya9NRAVnXi/0fvFopjebvyPzsmoK58xxeEOaVvA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "bin": {
-        "playwright-core": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/progress": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
diff --git a/package.json b/package.json
index 6ef73422f..240394886 100644
--- a/package.json
+++ b/package.json
@@ -10,11 +10,9 @@
     "buildTags": "extended"
   },
   "devDependencies": {
-    "@playwright/test": "^1.48.0",
     "hugo-bin": "^0.111.3"
   },
   "dependencies": {
-    "axios": "^1.8.2",
     "lighthouse": "^12.2.2",
     "puppeteer": "^23.8.0"
   }
diff --git a/playwright.config.ts b/playwright.config.ts
deleted file mode 100644
index 0a6065adb..000000000
--- a/playwright.config.ts
+++ /dev/null
@@ -1,35 +0,0 @@
-import { defineConfig, devices } from '@playwright/test';
-
-export default defineConfig({
-    testDir: 'tests',
-    fullyParallel: true,
-    workers: 1,
-    outputDir: 'tests/test-results',
-    reporter: [['html', {  outputFolder: 'tests/playwright-report' }]],
-    projects: [
-        {
-            name: 'chromium',
-            use: { ...devices['Desktop Chrome'] },
-        },
-        {
-            name: 'firefox',
-            use: { ...devices['Desktop Firefox'] },
-        },
-        {
-            name: 'webkit',
-            use: { ...devices['Desktop Safari'] },
-        },
-        {
-            name: 'Mobile Chrome',
-            use: { ...devices['Pixel 5'] },
-        },
-    ],
-    use: {
-        // Base URL to use in actions like `await page.goto('/')`.
-        baseURL: 'https://docs.nginx.com',
-        // Set Geolocation to Cork, Ireland
-        geolocation: { longitude: -8.486316, latitude: 51.896893 },
-        permissions: ['geolocation'],
-        video: 'retain-on-failure'
-      },
-})
\ No newline at end of file
diff --git a/static/ngf/img/src/README.md b/static/ngf/img/src/README.md
deleted file mode 100644
index 02c93c4d4..000000000
--- a/static/ngf/img/src/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Diagram Source Files
-
-This directory contains the source files for the diagrams used in the docs. Source files are named after the image name.
diff --git a/static/ngf/img/src/advanced-routing.mermaid b/static/ngf/img/src/advanced-routing.mermaid
deleted file mode 100644
index dda2c7888..000000000
--- a/static/ngf/img/src/advanced-routing.mermaid
+++ /dev/null
@@ -1,38 +0,0 @@
-%% mermaid source for advanced-routing.png diagram
-graph LR
-    users[Users]
-    ngfSvc["Public Endpoint\nfor\ncafe.example.com"]
-    subgraph cluster [Kubernetes Cluster]
-        subgraph clusterPadding [" "]
-            subgraph clusterPadding2 [" "]
-                subgraph gwNS [Namespace\nnginx-gateway]
-                    ngfPod[Pod\nnginx-gateway]
-                end
-            end
-        end
-        subgraph appNs [Namespace\ndefault]
-            subgraph nsPadding [" "]
-                coffeeV1Pod[Pod\ncoffee v1]
-                coffeeV2Pod[Pod\ncoffee v2]
-                teaPod[Pod\ntea]
-                teaPostPod[Pod\ntea-post]
-            end
-        end
-    end
-  ngfSvc --> ngfPod
-  ngfPod --/coffee--> coffeeV1Pod
-  ngfPod --/coffee\nheader: version=v2\nOR\n/coffee?TEST=v2--> coffeeV2Pod
-  ngfPod --GET /tea--> teaPod
-  ngfPod --POST /tea--> teaPostPod
-  users --> ngfSvc
-  class clusterPadding,nsPadding,clusterPadding2 noBorder
-  class gwNS,appNs namespace
-  class ngfSvc,ngfPod nginxNode
-  class coffeeV1Pod,coffeeV2Pod coffeeNode
-  class teaPod,teaPostPod teaNode
-  classDef noBorder stroke:none,fill:none
-  classDef default fill:#FFFFFF,stroke:#000000
-  classDef namespace fill:#FFFFFF,stroke:#036ffc,stroke-dasharray: 5 5,text-align:center
-  classDef nginxNode fill:#b4e0ad,stroke:#2AA317
-  classDef coffeeNode fill:#edbd8c,stroke:#D9822B
-  classDef teaNode fill:#ff8f6a,stroke:#e5805f
diff --git a/static/ngf/img/src/route-all-traffic-app.mermaid b/static/ngf/img/src/route-all-traffic-app.mermaid
deleted file mode 100644
index bc2d4d706..000000000
--- a/static/ngf/img/src/route-all-traffic-app.mermaid
+++ /dev/null
@@ -1,13 +0,0 @@
-%% mermaid source for route-all-traffic-app.png diagram
-graph TB
-  subgraph cluster [Kubernetes Cluster]
-    style cluster fill:#FFFFFF,stroke:#000000
-    svc[Service\ncoffee]
-    pod1[Pod\ncoffee]
-    pod2[Pod\ncoffee]
-  end
-
-  svc --> pod1 & pod2
-
-  class pod1,pod2,svc appNode
-  classDef appNode fill:#edbd8c,stroke:#D9822B
diff --git a/static/ngf/img/src/route-all-traffic-config.mermaid b/static/ngf/img/src/route-all-traffic-config.mermaid
deleted file mode 100644
index d2e0a4ffc..000000000
--- a/static/ngf/img/src/route-all-traffic-config.mermaid
+++ /dev/null
@@ -1,42 +0,0 @@
-%% mermaid source for route-all-traffic-config.png diagram
-graph LR
-    subgraph config [Namespace default]
-      subgraph padding [" "]
-          direction LR
-          style config fill:#FFFFFF,stroke:#000000
-          subgraph gw[Gateway cafe]
-              subgraph gwPadding [" "]
-                  gwContents[HTTP/80]
-              end
-          end
-          subgraph hr[HTTPRoute coffee]
-              subgraph hrPadding [" "]
-                  hrContents[cafe.example.com]
-                  subgraph describeMatchAll [Match all\ntraffic]
-                      subgraph describeMatchPadding [" "]
-                          matchAll[Host: *\nPath: *]
-                      end
-                  end
-                  subgraph describeService [Group matching\npods within a Service]
-                      subgraph describePadding [" "]
-                          coffeeSvc[Service\ncoffee]
-                      end
-                  end
-              end
-          end
-      end
-    end
-
-  gwContents --> hrContents --> matchAll --> coffeeSvc
-  class padding,gwPadding,hrPadding,describeMatchAll,describeService,describePadding,describeMatchPadding noBorder
-  class gw gateway
-  class hr httpRoute
-  class matchAll,hrContents,coffeeSvc appDevNode
-  class gwContents clusterOppNode
-
-  classDef noBorder stroke:none,fill:none,text-align:center
-  classDef default fill:#FFFFFF,stroke:#000000
-  classDef gateway fill:#FFFFFF,stroke:#2AA317,stroke-dasharray: 3 3,text-align:center
-  classDef httpRoute fill:#FFFFFF,stroke:#D9822B,stroke-dasharray: 3 3,text-align:center
-  classDef appDevNode fill:#edbd8c,stroke:#D9822B
-  classDef clusterOppNode fill:#b4e0ad,stroke:#2AA317
diff --git a/static/ngf/img/src/route-all-traffic-flow.mermaid b/static/ngf/img/src/route-all-traffic-flow.mermaid
deleted file mode 100644
index f53d35ae5..000000000
--- a/static/ngf/img/src/route-all-traffic-flow.mermaid
+++ /dev/null
@@ -1,42 +0,0 @@
-%% mermaid source for route-all-traffic-flow.png diagram
-graph LR
-  clients[Clients]
-  ngfSvc["Public IP Address\nfor\ncafe.example.com"]
-
-    subgraph cluster [Kubernetes Cluster]
-        style cluster fill:#FFFFFF,stroke:#000000
-        subgraph clusterPadding [" "]
-            subgraph clusterPadding2 [" "]
-                subgraph gwNS [Namespace\nnginx-gateway]
-                    ngfPod[Pod\nnginx-gateway]
-                end
-            end
-        end
-
-        subgraph appNs [Namespace\ndefault]
-            subgraph nsPadding [" "]
-                coffeePod1[Pod\ncoffee]
-                coffeePod2[Pod\ncoffee]
-            end
-        end
-    end
-
-
-
-  ngfSvc --> ngfPod
-  ngfPod --> coffeePod1 & coffeePod2
-  clients --> ngfSvc
-
-  class clusterPadding,nsPadding,clusterPadding2 noBorder
-  class gwNS,appNs namespace
-  class ngfPod,ngfSvc nginxNode
-  class coffeePod1,coffeePod2 coffeeNode
-  class clients clientNode
-
-
-  classDef noBorder stroke:none,fill:none
-  classDef default fill:#FFFFFF,stroke:#000000
-  classDef namespace fill:#FFFFFF,stroke:#036ffc,stroke-dasharray: 5 5,text-align:center
-  classDef nginxNode fill:#b4e0ad,stroke:#2AA317
-  classDef coffeeNode fill:#edbd8c,stroke:#D9822B
-  classDef clientNode fill:#D3D3D3
diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json
index 3dcfbf8f4..00154c9a0 100644
--- a/static/nginx-one/api/one.json
+++ b/static/nginx-one/api/one.json
@@ -53,8 +53,14 @@
     },
     {
       "name": "Staged Configs",
+      "description": "The `StagedConfigs` object represents a NGINX staged config which users can save to publish at a later time.\n",
       "x-displayName": "Staged Configs"
     },
+    {
+      "name": "Control Planes",
+      "description": "The `Control Planes` object represents an external control plane such as NGINX Ingress Controller or NGINX Gateway Fabric.\nFrom this endpoint, you can get detailed information about each control plane, including its NGINX instances, configurations, security advisories, and operational status.\n",
+      "x-displayName": "Control Planes"
+    },
     {
       "name": "Metrics",
       "x-displayName": "Metrics"
@@ -63,6 +69,11 @@
       "name": "Settings",
       "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n",
       "x-displayName": "Settings"
+    },
+    {
+      "name": "NGINX App Protect",
+      "description": "Manage and publish security policies on your NGINX data plane instances.\n",
+      "x-displayName": "NGINX App Protect"
     }
   ],
   "paths": {
@@ -1197,6 +1208,11 @@
               "application/json": {
                 "schema": {
                   "$ref": "#/components/schemas/ConfigSyncGroupDetails"
+                },
+                "examples": {
+                  "ConfigSyncGroupDetails": {
+                    "$ref": "#/components/examples/ConfigSyncGroupDetails"
+                  }
                 }
               }
             }
@@ -1720,7 +1736,7 @@
           "Config Sync Groups"
         ],
         "summary": "Retrieves stored NGINX configurations for a NGINX config sync group",
-        "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 5 are kept on the NGINX One Console for a NGINX config sync group.",
+        "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.",
         "operationId": "listConfigSyncGroupConfigurations",
         "responses": {
           "200": {
@@ -1894,14 +1910,156 @@
         }
       ]
     },
+    "/control-planes": {
+      "get": {
+        "tags": [
+          "Control Planes"
+        ],
+        "summary": "List control planes",
+        "operationId": "listControlPlanes",
+        "description": "Returns a paginated list of control planes.\n",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/Paginated"
+          },
+          {
+            "$ref": "#/components/parameters/Limit"
+          },
+          {
+            "$ref": "#/components/parameters/Offset"
+          },
+          {
+            "$ref": "#/components/parameters/SortDirection"
+          },
+          {
+            "$ref": "#/components/parameters/SortNameControlPlanes"
+          },
+          {
+            "$ref": "#/components/parameters/FilterOperands"
+          },
+          {
+            "$ref": "#/components/parameters/FilterValues"
+          },
+          {
+            "$ref": "#/components/parameters/FilterFieldControlPlanes"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully retrieved the list of control planes.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ControlPlaneListResponse"
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
+          }
+        }
+      }
+    },
+    "/control-planes/{controlPlaneObjectID}": {
+      "delete": {
+        "x-nginx-one-action": "delete",
+        "x-nginx-one-entity": "Control Plane",
+        "tags": [
+          "Control Planes"
+        ],
+        "summary": "Delete a control plane",
+        "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n",
+        "operationId": "deleteControlPlane",
+        "responses": {
+          "204": {
+            "description": "Successfully deleted the control plane"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "$ref": "#/components/responses/NotFound"
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
+          }
+        }
+      },
+      "get": {
+        "tags": [
+          "Control Planes"
+        ],
+        "summary": "Retrieve a control plane",
+        "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n",
+        "operationId": "getControlPlane",
+        "responses": {
+          "200": {
+            "description": "Successfully retrieved the details of the control plane.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ControlPlaneDetails"
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "$ref": "#/components/responses/NotFound"
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
+          }
+        }
+      },
+      "parameters": [
+        {
+          "$ref": "#/components/parameters/ControlPlaneParamObjectID"
+        }
+      ]
+    },
+    "/control-planes/summary": {
+      "get": {
+        "tags": [
+          "Control Planes"
+        ],
+        "summary": "Retrieve a summary for all Control Planes.",
+        "description": "Retrieves details for all control planes, including:\n  * Number of control planes for each product name/version\n",
+        "operationId": "getControlPlaneSummary",
+        "responses": {
+          "200": {
+            "description": "Successfully retrieved the summary of control planes.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ControlPlaneSummary"
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
+          }
+        }
+      }
+    },
     "/cves": {
       "get": {
         "tags": [
           "CVEs"
         ],
-        "summary": "List of all CVEs affecting the instances",
+        "summary": "List of all CVEs affecting any instance or control plane",
         "operationId": "listNginxCVEs",
-        "description": "Returns a list of all CVEs that affect at least one instance under the tenant\n",
+        "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n",
         "parameters": [
           {
             "$ref": "#/components/parameters/Paginated"
@@ -2040,7 +2198,7 @@
         ],
         "responses": {
           "200": {
-            "description": "Successfully retrieved the list of instances affected by the CVE",
+            "description": "Successfully retrieved the list of instances affected by the CVE.",
             "content": {
               "application/json": {
                 "schema": {
@@ -2377,7 +2535,7 @@
           "Instances"
         ],
         "summary": "Retrieve an instance",
-        "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n",
+        "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n",
         "operationId": "getInstance",
         "parameters": [
           {
@@ -2829,7 +2987,7 @@
           "Instances"
         ],
         "summary": "Retrieves the stored NGINX configurations for an instance",
-        "description": "Returns a list of all configurations for a NGINX instance. Only the last 5 are kept on the NGINX One Console for a NGINX instance.",
+        "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.",
         "operationId": "listInstanceConfigurations",
         "responses": {
           "200": {
@@ -3223,59 +3381,6 @@
           }
         }
       },
-      "patch": {
-        "x-nginx-one-action": "bulk",
-        "x-nginx-one-entity": "NGINX staged configs",
-        "x-feature-flag": "staged-configs-phase-2",
-        "tags": [
-          "Staged Configs"
-        ],
-        "summary": "Bulk operation on multiple staged configs",
-        "operationId": "bulkStagedConfigs",
-        "description": "Performs bulk operation on one or more staged configs, only delete is supported.",
-        "requestBody": {
-          "required": true,
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/StagedConfigBulkRequest"
-              }
-            }
-          }
-        },
-        "responses": {
-          "200": {
-            "description": "Batch request completed.",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/StagedConfigBulkResponse"
-                }
-              }
-            }
-          },
-          "401": {
-            "description": "Access denied.",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/Error"
-                }
-              }
-            }
-          },
-          "500": {
-            "description": "An unexpected error occurred on the server. Please try the request again later.",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/Error"
-                }
-              }
-            }
-          }
-        }
-      },
       "post": {
         "x-feature-flag": "staged-configs",
         "x-nginx-one-action": "create",
@@ -3782,37 +3887,49 @@
         }
       }
     },
-    "/staged-configs/{stagedConfigObjectID}/export": {
-      "get": {
-        "parameters": [
-          {
-            "$ref": "#/components/parameters/StagedConfigParamObjectID"
-          }
-        ],
+    "/monitor/metrics_query_topx": {
+      "post": {
         "tags": [
-          "Staged Configs"
+          "Metrics"
         ],
-        "x-feature-flag": "staged-configs-phase-2",
-        "x-nginx-one-action": "export",
-        "x-nginx-one-entity": "NGINX staged config",
-        "summary": "Export staged configuration",
-        "description": "Exports staged configuration as a gzipped tar archive. Does not include sensitive data such as SSL certificates. [Learn more](https://docs.nginx.com/nginx-one/how-to/staged-configs/import-export-staged-config/).\n",
-        "operationId": "exportStagedConfig",
+        "summary": "Retrieve system metrics for instances with series limit",
+        "operationId": "queryMetricsInputTopX",
+        "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/MetricTopXQueryRequest"
+              },
+              "example": {
+                "start_time": "now-1h",
+                "end_time": "now",
+                "resolution": "1m",
+                "metrics": [
+                  {
+                    "aggregate": "sum",
+                    "name": "nginx.http.request.count"
+                  }
+                ],
+                "series_limit": 1,
+                "group_series_by": "instance_object_id"
+              }
+            }
+          }
+        },
         "responses": {
           "200": {
-            "description": "Successfully exported the staged configuration.",
+            "description": "Successfully retrieved system metrics.",
             "content": {
-              "application/gzip": {
+              "application/json": {
                 "schema": {
-                  "type": "string",
-                  "format": "binary",
-                  "example": "my-staged-config-2025-01-01T20_25_03.tar.gz"
+                  "$ref": "#/components/schemas/MetricQueryResultEx"
                 }
               }
             }
           },
-          "401": {
-            "description": "Access denied",
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
             "content": {
               "application/json": {
                 "schema": {
@@ -3822,7 +3939,7 @@
             }
           },
           "404": {
-            "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.",
+            "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.",
             "content": {
               "application/json": {
                 "schema": {
@@ -3844,54 +3961,657 @@
         }
       }
     },
-    "/staged-configs/import": {
-      "post": {
+    "/settings/instance-cleanup": {
+      "get": {
         "tags": [
-          "Staged Configs"
+          "Settings"
         ],
-        "x-feature-flag": "staged-configs-phase-2",
-        "x-nginx-one-action": "import",
-        "x-nginx-one-entity": "NGINX staged config",
-        "summary": "Import staged configuration\n",
-        "description": "Imports a gzipped tar archive (.tar.gz) containing configuration and aux files into NGINX One. \nOnly non-hidden files are included in the import.\n\nMaximum compressed archive size: **5 MB**\nMaximum uncompressed individual file size: **10 MB**\n\nIf `parse_only` is set to `true`, the configuration is only validated and not staged.\nBy default, validation is performed and a staged configuration is created upon success.\n",
-        "parameters": [
-          {
-            "$ref": "#/components/parameters/StagedConfigImportParseOnly"
+        "summary": "Retrieve settings",
+        "description": "Retrieves settings for NGINX Instance cleanup\n",
+        "operationId": "getSettingInstanceCleanup",
+        "responses": {
+          "200": {
+            "description": "Successfully retrieved the setting for NGINX Instance cleanup.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/SettingsInstanceCleanup"
+                }
+              }
+            }
+          },
+          "400": {
+            "$ref": "#/components/responses/InvalidRequest"
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
           }
+        }
+      },
+      "put": {
+        "x-nginx-one-action": "update",
+        "x-nginx-one-entity": "NGINX Instance Cleanup Setting",
+        "tags": [
+          "Settings"
         ],
-        "operationId": "importStagedConfig",
+        "summary": "Update settings",
+        "description": "Update settings for NGINX Instance cleanup\n",
+        "operationId": "updateSettingInstanceCleanup",
         "requestBody": {
           "required": true,
           "content": {
-            "multipart/form-data": {
+            "application/json": {
               "schema": {
-                "$ref": "#/components/schemas/StagedConfigImportRequest"
-              },
-              "encoding": {
-                "file": {
-                  "contentType": "application/gzip, application/x-gzip"
-                }
+                "$ref": "#/components/schemas/SettingsInstanceCleanup"
               }
             }
           }
         },
         "responses": {
           "200": {
-            "description": "Return if `parse_only` is `true`: Returns data matching `StagedConfigCreateRequest` that can be used to create the staged config later.  \n",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/StagedConfigCreateRequest"
-                }
-              }
-            }
-          },
-          "201": {
-            "description": "Return if `parse_only` is `false` or omitted: Confirms the import parsed successfully and the staged config was created.\n",
+            "description": "Successfully updated settings for NGINX Instance cleanup.",
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/StagedConfigCreateResponse"
+                  "$ref": "#/components/schemas/SettingsInstanceCleanup"
+                }
+              }
+            }
+          },
+          "500": {
+            "$ref": "#/components/responses/InternalServerErr"
+          }
+        }
+      }
+    },
+    "/app-protect/policies": {
+      "get": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "List NGINX App Protect policies",
+        "description": "Returns a list of NGINX App Protect policies along with deployment details.",
+        "operationId": "listNapPolicies",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/Paginated"
+          },
+          {
+            "$ref": "#/components/parameters/Limit"
+          },
+          {
+            "$ref": "#/components/parameters/Offset"
+          },
+          {
+            "$ref": "#/components/parameters/SortDirection"
+          },
+          {
+            "$ref": "#/components/parameters/SortNameNapPolicies"
+          },
+          {
+            "$ref": "#/components/parameters/FilterOperands"
+          },
+          {
+            "$ref": "#/components/parameters/FilterValues"
+          },
+          {
+            "$ref": "#/components/parameters/FilterFieldNapPolicy"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully returned NGINX App Protect policies.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyListResponse"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      },
+      "patch": {
+        "x-nginx-one-action": "bulk",
+        "x-nginx-one-entity": "NGINX App Protect Policies",
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "Bulk operation on multiple Nap policy",
+        "operationId": "bulkNAPPolicy",
+        "description": "Performs bulk operation on one or more Nap policy, only delete is supported.",
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/NapPolicyBulkRequest"
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "Batch request completed.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapBulkResponse"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      },
+      "post": {
+        "x-nginx-one-action": "create",
+        "x-nginx-one-entity": "NGINX App Protect Policies",
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "Create NGINX App Protect policy",
+        "description": "Creates NGINX App Protect policy.",
+        "operationId": "createNapPolicy",
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/NapPolicy"
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Successfully created NGINX App Protect policy.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyMetadata"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/app-protect/policies/{nap_policy_object_id}": {
+      "delete": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "x-nginx-one-action": "delete",
+        "x-nginx-one-entity": "NGINX App Protect Policies",
+        "summary": "Delete NGINX App Protect policy",
+        "description": "Deletes NGINX App Protect policy.",
+        "operationId": "deleteNapPolicy",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Successfully deleted NGINX App Protect policy."
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      },
+      "get": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "Get NGINX App Protect policy details",
+        "description": "Returns NGINX App Protect policy summary.",
+        "operationId": "getNapPolicy",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully returned NGINX App Protect policy details.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyObject"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "x-nginx-one-action": "update",
+        "x-nginx-one-entity": "NGINX App Protect Policies",
+        "summary": "Update NGINX App Protect policy details",
+        "description": "Update NGINX App Protect policy details.",
+        "operationId": "updateNapPolicy",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          }
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/NapPolicy"
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Successfully created an NGINX App Protect policy version.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyMetadata"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/app-protect/policies/{nap_policy_object_id}/deployments": {
+      "get": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "List NGINX App Protect deployments",
+        "description": "Returns NGINX App Protect deployments, providing details such as:\n  * Target of the deployment\n  * Time of deployment\n  * Enforcement mode\n  * Policy version\n  * Threat campaign\n  * Attack signature\n  * Bot signature\n",
+        "operationId": "listNapPolicyDeployments",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          },
+          {
+            "$ref": "#/components/parameters/Paginated"
+          },
+          {
+            "$ref": "#/components/parameters/Limit"
+          },
+          {
+            "$ref": "#/components/parameters/Offset"
+          },
+          {
+            "$ref": "#/components/parameters/SortDirection"
+          },
+          {
+            "$ref": "#/components/parameters/SortNameNapPolicyDeployments"
+          },
+          {
+            "$ref": "#/components/parameters/FilterOperands"
+          },
+          {
+            "$ref": "#/components/parameters/FilterValues"
+          },
+          {
+            "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully returned NGINX App Protect deployments.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/app-protect/policies/{nap_policy_object_id}/version": {
+      "get": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "Get the latest NGINX App Protect policy version details",
+        "description": "Returns the latest NGINX App Protect policy version details.",
+        "operationId": "getLatestNapPolicyVersion",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully returned NGINX App Protect policy version details.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyVersionDetails"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/app-protect/policies/{nap_policy_object_id}/versions": {
+      "get": {
+        "tags": [
+          "NGINX App Protect"
+        ],
+        "summary": "List NGINX App Protect policy versions",
+        "description": "Returns NGINX App Protect policy versions.",
+        "operationId": "listNapPolicyVersions",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          },
+          {
+            "$ref": "#/components/parameters/Paginated"
+          },
+          {
+            "$ref": "#/components/parameters/Limit"
+          },
+          {
+            "$ref": "#/components/parameters/Offset"
+          },
+          {
+            "$ref": "#/components/parameters/SortDirection"
+          },
+          {
+            "$ref": "#/components/parameters/SortNameNapPolicyVersions"
+          },
+          {
+            "$ref": "#/components/parameters/FilterOperands"
+          },
+          {
+            "$ref": "#/components/parameters/FilterValues"
+          },
+          {
+            "$ref": "#/components/parameters/FilterFieldNapPolicyVersion"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successfully returned the NGINX App Protect policy versions.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NapPolicyVersionsListResponse"
                 }
               }
             }
@@ -3907,7 +4627,17 @@
             }
           },
           "401": {
-            "description": "Access denied",
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.",
             "content": {
               "application/json": {
                 "schema": {
@@ -3929,49 +4659,30 @@
         }
       }
     },
-    "/monitor/metrics_query_topx": {
-      "post": {
+    "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": {
+      "delete": {
+        "x-nginx-one-action": "delete",
+        "x-nginx-one-entity": "NGINX App Protect Policy Version",
         "tags": [
-          "Metrics"
+          "NGINX App Protect"
         ],
-        "summary": "Retrieve system metrics for instances with series limit",
-        "operationId": "queryMetricsInputTopX",
-        "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n",
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/MetricTopXQueryRequest"
-              },
-              "example": {
-                "start_time": "now-1h",
-                "end_time": "now",
-                "resolution": "1m",
-                "metrics": [
-                  {
-                    "aggregate": "sum",
-                    "name": "nginx.http.request.count"
-                  }
-                ],
-                "series_limit": 1,
-                "group_series_by": "instance_object_id"
-              }
-            }
+        "summary": "Delete NGINX App Protect policy version",
+        "description": "Deletes the NGINX App Protect policy version.",
+        "operationId": "deleteNapPolicyVersion",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          },
+          {
+            "$ref": "#/components/parameters/NapPolicyVersionParamObjectID"
           }
-        },
+        ],
         "responses": {
-          "200": {
-            "description": "Successfully retrieved system metrics.",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/MetricQueryResultEx"
-                }
-              }
-            }
+          "204": {
+            "description": "Successfully deleted the NGINX App Protect policy version."
           },
-          "400": {
-            "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+          "401": {
+            "description": "Access denied.",
             "content": {
               "application/json": {
                 "schema": {
@@ -3981,7 +4692,7 @@
             }
           },
           "404": {
-            "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.",
+            "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.",
             "content": {
               "application/json": {
                 "schema": {
@@ -4001,67 +4712,62 @@
             }
           }
         }
-      }
-    },
-    "/settings/instance-cleanup": {
+      },
       "get": {
         "tags": [
-          "Settings"
+          "NGINX App Protect"
+        ],
+        "summary": "Get the specified NGINX App Protect policy version details",
+        "description": "Returns the specified NGINX App Protect policy version details.",
+        "operationId": "getNapPolicyVersion",
+        "parameters": [
+          {
+            "$ref": "#/components/parameters/NapPolicyParamObjectID"
+          },
+          {
+            "$ref": "#/components/parameters/NapPolicyVersionParamObjectID"
+          }
         ],
-        "summary": "Retrieve settings",
-        "description": "Retrieves settings for NGINX Instance cleanup\n",
-        "operationId": "getSettingInstanceCleanup",
         "responses": {
           "200": {
-            "description": "Successfully retrieved the setting for NGINX Instance cleanup.",
+            "description": "Successfully returned NGINX App Protect policy version details.",
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/SettingsInstanceCleanup"
+                  "$ref": "#/components/schemas/NapPolicyVersionDetails"
                 }
               }
             }
           },
-          "400": {
-            "$ref": "#/components/responses/InvalidRequest"
-          },
-          "500": {
-            "$ref": "#/components/responses/InternalServerErr"
-          }
-        }
-      },
-      "put": {
-        "x-nginx-one-action": "update",
-        "x-nginx-one-entity": "NGINX Instance Cleanup Setting",
-        "tags": [
-          "Settings"
-        ],
-        "summary": "Update settings",
-        "description": "Update settings for NGINX Instance cleanup\n",
-        "operationId": "updateSettingInstanceCleanup",
-        "requestBody": {
-          "required": true,
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/SettingsInstanceCleanup"
+          "401": {
+            "description": "Access denied.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
               }
             }
-          }
-        },
-        "responses": {
-          "200": {
-            "description": "Successfully updated settings for NGINX Instance cleanup.",
+          },
+          "404": {
+            "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.",
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/SettingsInstanceCleanup"
+                  "$ref": "#/components/schemas/Error"
                 }
               }
             }
           },
           "500": {
-            "$ref": "#/components/responses/InternalServerErr"
+            "description": "An unexpected error occurred on the server. Please try the request again later.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Error"
+                }
+              }
+            }
           }
         }
       }
@@ -4290,22 +4996,61 @@
         "description": "A globally unique identifier for a Publication.\n",
         "required": true
       },
+      "SortNameControlPlanes": {
+        "name": "sort_control_planes",
+        "in": "query",
+        "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "name"
+            ],
+            "x-enum-varnames": [
+              "sort_name_control_plane_name"
+            ]
+          }
+        }
+      },
+      "FilterFieldControlPlanes": {
+        "name": "filter_fields",
+        "in": "query",
+        "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "$ref": "#/components/schemas/FilterNameControlPlanes"
+          }
+        }
+      },
+      "ControlPlaneParamObjectID": {
+        "name": "controlPlaneObjectID",
+        "in": "path",
+        "schema": {
+          "$ref": "#/components/schemas/ControlPlaneObjectID"
+        },
+        "description": "A globally unique identifier for the control plane.\n",
+        "required": true
+      },
       "SortNameCVEs": {
         "name": "sort_cves",
         "in": "query",
-        "description": "Sort CVEs by the number of instances affected by that CVE.\n",
+        "description": "Sort CVEs by the number of instances or control planes affected by that CVE.\n",
         "schema": {
           "type": "array",
           "items": {
             "type": "string",
             "enum": [
               "instance_count",
+              "control_plane_count",
               "severity",
               "cve_id",
               "published_at"
             ],
             "x-enum-varnames": [
               "sort_instance_count",
+              "sort_control_plane_count",
               "sort_cve_severity",
               "sort_cve_id",
               "sort_published_at"
@@ -4362,102 +5107,220 @@
         "description": "A globally unique identifier for an event.\n",
         "required": true
       },
-      "FilterFieldInstances": {
+      "FilterFieldInstances": {
+        "name": "filter_fields",
+        "in": "query",
+        "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "$ref": "#/components/schemas/FilterNameInstances"
+          }
+        }
+      },
+      "SortNameInstances": {
+        "name": "sort_instances",
+        "in": "query",
+        "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "hostname",
+              "status",
+              "last_reported"
+            ],
+            "x-enum-varnames": [
+              "sort_name_instance_hostname",
+              "sort_name_instance_status",
+              "sort_name_instance_last_reported"
+            ]
+          }
+        }
+      },
+      "InstanceParamObjectID": {
+        "name": "instanceObjectID",
+        "in": "path",
+        "schema": {
+          "$ref": "#/components/schemas/InstanceObjectID"
+        },
+        "description": "A globally unique identifier for the NGINX instance.\n",
+        "required": true
+      },
+      "InstanceConfigurationParamObjectID": {
+        "name": "instanceConfigurationObjectID",
+        "in": "path",
+        "schema": {
+          "$ref": "#/components/schemas/NginxConfigObjectID"
+        },
+        "description": "A globally unique identifier for the NGINX instance configuration.\n",
+        "required": true
+      },
+      "FilterFieldStagedConfigs": {
+        "name": "filter_fields",
+        "in": "query",
+        "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "$ref": "#/components/schemas/FilterStagedConfigs"
+          }
+        }
+      },
+      "SortNameStagedConfigs": {
+        "name": "sort_staged_configs",
+        "in": "query",
+        "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "name"
+            ],
+            "x-enum-varnames": [
+              "sort_name_staged_config_name"
+            ]
+          }
+        }
+      },
+      "StagedConfigParamObjectID": {
+        "name": "stagedConfigObjectID",
+        "in": "path",
+        "schema": {
+          "$ref": "#/components/schemas/StagedConfigObjectID"
+        },
+        "description": "A globally unique identifier for the NGINX staged config.\n",
+        "required": true
+      },
+      "SortNameNapPolicies": {
+        "name": "sort_nap_policies",
+        "in": "query",
+        "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "schema": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "name",
+              "deployment_count",
+              "enforcement_mode",
+              "last_deployed"
+            ],
+            "x-enum-varnames": [
+              "sort_name_nap_policies_name",
+              "sort_name_nap_policies_deployment_count",
+              "sort_name_nap_policies_enforcement_mode",
+              "sort_name_nap_policies_last_deployed"
+            ]
+          }
+        }
+      },
+      "FilterFieldNapPolicy": {
         "name": "filter_fields",
         "in": "query",
-        "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
+        "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
         "schema": {
           "type": "array",
           "items": {
-            "$ref": "#/components/schemas/FilterNameInstances"
+            "$ref": "#/components/schemas/FilterNameNapPolicy"
           }
         }
       },
-      "SortNameInstances": {
-        "name": "sort_instances",
+      "NapPolicyParamObjectID": {
+        "name": "nap_policy_object_id",
+        "in": "path",
+        "schema": {
+          "$ref": "#/components/schemas/NapPolicyObjectID"
+        },
+        "description": "A globally unique identifier for the App Protect policy.\n",
+        "required": true
+      },
+      "SortNameNapPolicyDeployments": {
+        "name": "sort_nap_deployments",
         "in": "query",
-        "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
         "schema": {
           "type": "array",
           "items": {
             "type": "string",
             "enum": [
-              "hostname",
+              "name",
+              "type",
+              "policy_version",
               "status",
-              "last_reported"
+              "deployed_on",
+              "threat_campaign_version",
+              "attack_signature_version",
+              "bot_signature_version"
             ],
             "x-enum-varnames": [
-              "sort_name_instance_hostname",
-              "sort_name_instance_status",
-              "sort_name_instance_last_reported"
+              "sort_name_nap_policy_deployments_name",
+              "sort_name_nap_policy_deployments_type",
+              "sort_name_nap_policy_deployments_policy_version",
+              "sort_name_nap_policy_deployments_status",
+              "sort_name_nap_policy_deployments_deployed_on",
+              "sort_name_nap_policy_deployments_threat_campaign_version",
+              "sort_name_nap_policy_deployments_attack_signature_version",
+              "sort_name_nap_policy_deployments_bot_sigature_version"
             ]
           }
         }
       },
-      "InstanceParamObjectID": {
-        "name": "instanceObjectID",
-        "in": "path",
-        "schema": {
-          "$ref": "#/components/schemas/InstanceObjectID"
-        },
-        "description": "A globally unique identifier for the NGINX instance.\n",
-        "required": true
-      },
-      "InstanceConfigurationParamObjectID": {
-        "name": "instanceConfigurationObjectID",
-        "in": "path",
-        "schema": {
-          "$ref": "#/components/schemas/NginxConfigObjectID"
-        },
-        "description": "A globally unique identifier for the NGINX instance configuration.\n",
-        "required": true
-      },
-      "FilterFieldStagedConfigs": {
+      "FilterFieldNapPolicyDeployment": {
         "name": "filter_fields",
         "in": "query",
         "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
         "schema": {
           "type": "array",
           "items": {
-            "$ref": "#/components/schemas/FilterStagedConfigs"
+            "$ref": "#/components/schemas/FilterNameNapPolicyDeployment"
           }
         }
       },
-      "SortNameStagedConfigs": {
-        "name": "sort_staged_configs",
+      "SortNameNapPolicyVersions": {
+        "name": "sort_nap_policy_versions",
         "in": "query",
-        "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
+        "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n",
         "schema": {
           "type": "array",
           "items": {
             "type": "string",
             "enum": [
-              "name"
+              "created_at",
+              "deployment_status",
+              "deployment_count",
+              "enforcement_mode"
             ],
             "x-enum-varnames": [
-              "sort_name_staged_config_name"
+              "sort_name_nap_policy_versions_created_at",
+              "sort_name_nap_policy_versions_deployment_status",
+              "sort_name_nap_policy_versions_deployment_count",
+              "sort_name_nap_policy_versions_enforcement_mode"
             ]
           }
         }
       },
-      "StagedConfigParamObjectID": {
-        "name": "stagedConfigObjectID",
-        "in": "path",
+      "FilterFieldNapPolicyVersion": {
+        "name": "filter_fields",
+        "in": "query",
+        "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n",
         "schema": {
-          "$ref": "#/components/schemas/StagedConfigObjectID"
-        },
-        "description": "A globally unique identifier for the NGINX staged config.\n",
-        "required": true
+          "type": "array",
+          "items": {
+            "$ref": "#/components/schemas/FilterNameNapPolicyVersion"
+          }
+        }
       },
-      "StagedConfigImportParseOnly": {
-        "name": "parseOnly",
-        "in": "query",
+      "NapPolicyVersionParamObjectID": {
+        "name": "nap_policy_version_object_id",
+        "in": "path",
         "schema": {
-          "type": "boolean",
-          "default": false
+          "$ref": "#/components/schemas/NapPolicyVersionObjectID"
         },
-        "description": "Optional flag to control how the request is processed.\n  - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n  - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n",
-        "required": false
+        "description": "A globally unique identifier for the App Protect policy version.\n",
+        "required": true
       }
     },
     "schemas": {
@@ -4579,6 +5442,10 @@
           "instances_count": {
             "type": "integer",
             "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count"
+          },
+          "control_planes_count": {
+            "type": "integer",
+            "description": "The number of observed control planes using this data plane key."
           }
         }
       },
@@ -5507,7 +6374,7 @@
       },
       "ConfigSyncStatus": {
         "type": "string",
-        "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All Nginx instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some Nginx instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all Nginx instances in config sync group is in progress.\n",
+        "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n",
         "enum": [
           "unknown",
           "in_sync",
@@ -5560,6 +6427,7 @@
         "required": [
           "object_id",
           "name",
+          "created_at",
           "instances_count",
           "config_status"
         ],
@@ -5568,11 +6436,16 @@
             "$ref": "#/components/schemas/ConfigSyncGroupObjectID"
           },
           "name": {
-            "description": "Name of the Nginx config sync group.",
+            "description": "Name of the NGINX config sync group.",
             "type": "string"
           },
+          "created_at": {
+            "description": "The date and time when the config sync group was created.",
+            "type": "string",
+            "format": "date-time"
+          },
           "instances_count": {
-            "description": "Number of instances in the Nginx config sync group.",
+            "description": "Number of instances in the NGINX config sync group.",
             "type": "integer"
           },
           "config_status": {
@@ -5590,7 +6463,7 @@
           },
           {
             "type": "object",
-            "description": "List of Nginx config sync groups.",
+            "description": "List of NGINX config sync groups.",
             "required": [
               "items"
             ],
@@ -5614,6 +6487,7 @@
             {
               "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw",
               "name": "test-config-sync-group",
+              "created_at": "2023-12-05T22:30:20.220114Z",
               "config_status": "in_sync",
               "instances_count": 1
             }
@@ -5621,14 +6495,14 @@
         }
       },
       "ConfigSyncGroupCreateRequest": {
-        "description": "Body to create a Nginx config sync group.",
+        "description": "Body to create a NGINX config sync group.",
         "required": [
           "name"
         ],
         "properties": {
           "name": {
             "type": "string",
-            "description": "A name to uniquely identify the Nginx config sync group in a given tenant namespace.",
+            "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.",
             "minLength": 1,
             "maxLength": 256
           }
@@ -5638,7 +6512,7 @@
         }
       },
       "ConfigSyncGroupCreateResponse": {
-        "description": "Response to a create Nginx config sync group request.",
+        "description": "Response to a create NGINX config sync group request.",
         "required": [
           "object_id",
           "name"
@@ -5648,7 +6522,7 @@
             "$ref": "#/components/schemas/ConfigSyncGroupObjectID"
           },
           "name": {
-            "description": "Name of the Nginx config sync group.",
+            "description": "Name of the NGINX config sync group.",
             "type": "string"
           }
         },
@@ -5707,26 +6581,33 @@
         "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n",
         "required": [
           "object_id",
-          "name"
+          "name",
+          "created_at"
         ],
         "properties": {
           "object_id": {
             "$ref": "#/components/schemas/ConfigSyncGroupObjectID"
           },
           "name": {
-            "description": "Name of the Nginx config sync group.",
+            "description": "Name of the NGINX config sync group.",
             "type": "string"
           },
           "last_publication": {
             "description": "The date and time of the most recent config sync group publication.",
             "type": "string",
             "format": "date-time"
+          },
+          "created_at": {
+            "description": "The date and time when the config sync group was created.",
+            "type": "string",
+            "format": "date-time"
           }
         },
         "example": {
           "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw",
           "name": "test-config-sync-group",
-          "last_publication": "2023-12-06T22:37:24.120114Z"
+          "last_publication": "2023-12-06T22:37:24.120114Z",
+          "created_at": "2023-12-05T22:30:20.220114Z"
         }
       },
       "InstanceObjectID": {
@@ -5761,8 +6642,8 @@
           }
         }
       },
-      "NginxAppProtectDetails": {
-        "description": "Information regarding NGINX App Protect.\n",
+      "NginxAppProtectVersions": {
+        "description": "Version information regarding NGINX App Protect.\n",
         "type": "object",
         "required": [
           "engine_version"
@@ -5778,6 +6659,54 @@
           }
         }
       },
+      "NginxAppProtectDeploymentCounts": {
+        "type": "object",
+        "description": "Summary count of NAP policy version deployment statues.",
+        "required": [
+          "total",
+          "deployed",
+          "deploying",
+          "failed"
+        ],
+        "properties": {
+          "total": {
+            "description": "Total count of NAP policy versions across the NGINX data plane.",
+            "type": "integer"
+          },
+          "deployed": {
+            "description": "The number of NAP policy versions that have deployed.",
+            "type": "integer"
+          },
+          "deploying": {
+            "description": "The number of NAP policy versions that are deploying.",
+            "type": "integer"
+          },
+          "failed": {
+            "description": "The number of NAP policy versions that have failed deployment.",
+            "type": "integer"
+          }
+        }
+      },
+      "NginxAppProtectSummary": {
+        "description": "Summary information regarding NGINX App Protect.\n",
+        "type": "object",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/NginxAppProtectVersions"
+          },
+          {
+            "type": "object",
+            "required": [
+              "deployments"
+            ],
+            "properties": {
+              "deployments": {
+                "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts"
+              }
+            }
+          }
+        ]
+      },
       "CveSeverityType": {
         "type": "string",
         "description": "Severity ratings:\n  * `high` - High severity.\n  * `medium` - Moderate severity.\n  * `low` - Least severe.\n  * `none` - Not severe.\n  * `other`  - Severity that does not fit the other categories.\n",
@@ -5846,6 +6775,40 @@
           }
         }
       },
+      "ControlPlaneObjectID": {
+        "description": "A globally unique identifier for the control plane.",
+        "type": "string",
+        "format": "object_id",
+        "pattern": "^ecp_.*",
+        "x-go-type": "objects.ID"
+      },
+      "ControlPlaneBaseInfo": {
+        "type": "object",
+        "description": "Base information of a control plane, which includes name, product version and optionally an object ID.",
+        "required": [
+          "name",
+          "product_version",
+          "created_at"
+        ],
+        "properties": {
+          "object_id": {
+            "$ref": "#/components/schemas/ControlPlaneObjectID"
+          },
+          "name": {
+            "description": "Control plane name.",
+            "type": "string"
+          },
+          "product_version": {
+            "description": "Control plane product name and version.",
+            "type": "string"
+          },
+          "created_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "The date and time when the control plane was created."
+          }
+        }
+      },
       "Instance": {
         "type": "object",
         "description": "Summary information about a NGINX instance.",
@@ -5890,7 +6853,7 @@
             "example": "ubuntu_jammy"
           },
           "nginx_app_protect": {
-            "$ref": "#/components/schemas/NginxAppProtectDetails"
+            "$ref": "#/components/schemas/NginxAppProtectSummary"
           },
           "registered_at": {
             "description": "The date and time when the NGINX instance first registered with NGINX One.",
@@ -5928,6 +6891,9 @@
             "items": {
               "$ref": "#/components/schemas/IssueDetails"
             }
+          },
+          "control_plane": {
+            "$ref": "#/components/schemas/ControlPlaneBaseInfo"
           }
         }
       },
@@ -5986,57 +6952,187 @@
         "properties": {
           "name": {
             "type": "string",
-            "description": "A friendly name for the certificate."
+            "description": "A friendly name for the certificate."
+          },
+          "object_id": {
+            "$ref": "#/components/schemas/CertificateObjectID"
+          },
+          "cert_type": {
+            "$ref": "#/components/schemas/CertificateType"
+          },
+          "cert_paths": {
+            "type": "array",
+            "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n",
+            "example": [
+              "/etc/ssl/cert.pem",
+              "/etc/ssl/cert.crt"
+            ],
+            "items": {
+              "type": "string"
+            }
+          },
+          "key_paths": {
+            "type": "array",
+            "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n",
+            "example": [
+              "/etc/nginx/key.pem",
+              "/etc/ssl/server.key"
+            ],
+            "items": {
+              "type": "string"
+            }
+          },
+          "deployment_status": {
+            "$ref": "#/components/schemas/CertificateDeploymentStatus"
+          },
+          "subject_name": {
+            "type": "string",
+            "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n",
+            "example": "nginx.com"
+          },
+          "cert_status": {
+            "$ref": "#/components/schemas/CertificateStatus"
+          },
+          "not_before": {
+            "type": "string",
+            "format": "date-time",
+            "description": "the effective date of the certificate."
+          },
+          "not_after": {
+            "type": "string",
+            "format": "date-time",
+            "description": "The expiration date for the certificate."
+          }
+        }
+      },
+      "NapPolicyObjectID": {
+        "description": "A globally unique identifier for the App Protect policy.",
+        "type": "string",
+        "format": "object_id",
+        "pattern": "^pol_.*",
+        "x-go-type": "objects.ID",
+        "x-go-type-import": {
+          "name": "objects",
+          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
+        }
+      },
+      "NapPolicyVersionObjectID": {
+        "description": "A globally unique identifier for the App Protect policy version.",
+        "type": "string",
+        "format": "object_id",
+        "pattern": "^pv_.*",
+        "x-go-type": "objects.ID",
+        "x-go-type-import": {
+          "name": "objects",
+          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
+        }
+      },
+      "PublicationObjectID": {
+        "description": "A globally unique identifier for the publication.",
+        "type": "string",
+        "format": "object_id",
+        "example": "pub_72pGHoGsSICL_THZrs964g",
+        "pattern": "^pub_.*",
+        "x-go-type": "objects.ID",
+        "x-go-type-import": {
+          "name": "objects",
+          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
+        }
+      },
+      "NapPolicyEnforcementMode": {
+        "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n",
+        "type": "string",
+        "enum": [
+          "blocking",
+          "transparent"
+        ],
+        "x-enum-varnames": [
+          "nap_enforcement_mode_blocking",
+          "nap_enforcement_mode_transparent"
+        ]
+      },
+      "NapDeploymentStatus": {
+        "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n",
+        "type": "string",
+        "enum": [
+          "deployed",
+          "not_deployed",
+          "deploying",
+          "failed"
+        ],
+        "x-enum-varnames": [
+          "nap_deployment_status_deployed",
+          "nap_deployment_status_not_deployed",
+          "nap_deployment_status_deploying",
+          "nap_deployment_status_failed"
+        ]
+      },
+      "NapAssociation": {
+        "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.",
+        "required": [
+          "name",
+          "version",
+          "policy_object_id",
+          "policy_version_object_id",
+          "paths",
+          "deployment_status",
+          "publication_object_id",
+          "deployed_on",
+          "enforcement_mode"
+        ],
+        "properties": {
+          "name": {
+            "type": "string",
+            "description": "Name of the policy at the time of the deployment."
           },
-          "object_id": {
-            "$ref": "#/components/schemas/CertificateObjectID"
+          "version": {
+            "type": "string",
+            "description": "Version of the policy at the time of the deployment."
           },
-          "cert_type": {
-            "$ref": "#/components/schemas/CertificateType"
+          "policy_object_id": {
+            "$ref": "#/components/schemas/NapPolicyObjectID"
           },
-          "cert_paths": {
-            "type": "array",
-            "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n",
-            "example": [
-              "/etc/ssl/cert.pem",
-              "/etc/ssl/cert.crt"
-            ],
-            "items": {
-              "type": "string"
-            }
+          "policy_version_object_id": {
+            "$ref": "#/components/schemas/NapPolicyVersionObjectID"
           },
-          "key_paths": {
+          "publication_object_id": {
+            "$ref": "#/components/schemas/PublicationObjectID"
+          },
+          "enforcement_mode": {
+            "$ref": "#/components/schemas/NapPolicyEnforcementMode"
+          },
+          "paths": {
             "type": "array",
-            "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n",
+            "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n",
             "example": [
-              "/etc/nginx/key.pem",
-              "/etc/ssl/server.key"
+              "/etc/nginx/default_policy.tgz",
+              "/etc/nginx/default_policy_server_2.tgz"
             ],
             "items": {
               "type": "string"
             }
           },
           "deployment_status": {
-            "$ref": "#/components/schemas/CertificateDeploymentStatus"
-          },
-          "subject_name": {
-            "type": "string",
-            "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n",
-            "example": "nginx.com"
-          },
-          "cert_status": {
-            "$ref": "#/components/schemas/CertificateStatus"
-          },
-          "not_before": {
-            "type": "string",
-            "format": "date-time",
-            "description": "the effective date of the certificate."
+            "$ref": "#/components/schemas/NapDeploymentStatus"
           },
-          "not_after": {
+          "deployed_on": {
+            "description": "Date and time of the deployment.",
             "type": "string",
-            "format": "date-time",
-            "description": "The expiration date for the certificate."
+            "format": "date-time"
           }
+        },
+        "example": {
+          "name": "default_policy",
+          "version": "2025.05.01",
+          "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw",
+          "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ",
+          "publication_object_id": "pub_72pGHoGsSICL_THZrs964g",
+          "paths": [
+            "/etc/nginx/default_policy.tgz"
+          ],
+          "deployment_status": "deployed",
+          "enforcement_mode": "transparent",
+          "deployed_on": "2023-12-06T22:37:24.120114Z"
         }
       },
       "ConfigSyncGroup": {
@@ -6071,6 +7167,20 @@
                 "items": {
                   "$ref": "#/components/schemas/CertAssociation"
                 }
+              },
+              "nginx_app_protect": {
+                "type": "object",
+                "required": [
+                  "deployments"
+                ],
+                "properties": {
+                  "deployments": {
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/components/schemas/NapAssociation"
+                    }
+                  }
+                }
               }
             }
           }
@@ -6078,7 +7188,7 @@
         "example": {
           "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw",
           "name": "test-config-sync-group",
-          "last_reported": "2023-12-06T22:37:24.120114Z",
+          "created_at": "2023-12-06T22:37:24.120114Z",
           "config_status": "in_sync",
           "config_version": "uvR3F2TQGm18jnl7bpaGw",
           "instances": [
@@ -6476,34 +7586,24 @@
           }
         ]
       },
-      "PublicationObjectID": {
-        "description": "A globally unique identifier for the publication.",
-        "type": "string",
-        "format": "object_id",
-        "example": "pub_72pGHoGsSICL_THZrs964g",
-        "pattern": "^pub_.*",
-        "x-go-type": "objects.ID",
-        "x-go-type-import": {
-          "name": "objects",
-          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
-        }
-      },
       "PublicationStatusCause": {
         "description": "Cause of the failure, provided only if the status is `failed`.",
         "type": "object",
         "properties": {
           "cause": {
-            "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n",
+            "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n",
             "type": "string",
             "enum": [
               "unknown",
               "timeout",
-              "remote"
+              "remote",
+              "payload"
             ],
             "x-enum-varnames": [
               "publication_instance_status_cause_unknown",
               "publication_instance_status_cause_timeout",
-              "publication_instance_status_cause_remote"
+              "publication_instance_status_cause_remote",
+              "publication_instance_status_cause_payload"
             ]
           },
           "message": {
@@ -6597,17 +7697,19 @@
             "description": "A hash that uniquely identifies the contents of the config object in the publication.\n"
           },
           "status": {
-            "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n",
+            "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n",
             "type": "string",
             "enum": [
               "pending",
               "failed",
-              "succeeded"
+              "succeeded",
+              "succeeded_with_warnings"
             ],
             "x-enum-varnames": [
               "publication_instance_status_pending",
               "publication_instance_status_failed",
-              "publication_instance_status_succeeded"
+              "publication_instance_status_succeeded",
+              "publication_instance_status_succeeded_with_warnings"
             ]
           },
           "status_cause": {
@@ -6644,103 +7746,402 @@
             "description": "File where the issue is detected.",
             "type": "string"
           },
-          "line": {
-            "description": "Line number in the configuration where the issue is found.",
+          "line": {
+            "description": "Line number in the configuration where the issue is found.",
+            "type": "integer"
+          }
+        }
+      },
+      "NginxConfigReport": {
+        "type": "object",
+        "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.",
+        "properties": {
+          "rule": {
+            "description": "The name of the configuration rule that was violated.",
+            "type": "string"
+          },
+          "info": {
+            "description": "A detailed description of the issue.",
+            "type": "string"
+          },
+          "severity": {
+            "description": "The severity level of the issue.",
+            "type": "string"
+          },
+          "category": {
+            "description": "Classification category of the issue.",
+            "type": "string"
+          },
+          "documentation": {
+            "description": "Links to documentation that can assist in resolving the identified issue.",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "where": {
+            "description": "Specific locations in the configuration where issues were detected.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/NginxConfigProblem"
+            }
+          }
+        }
+      },
+      "NginxConfigReports": {
+        "type": "array",
+        "items": {
+          "$ref": "#/components/schemas/NginxConfigReport"
+        }
+      },
+      "NginxConfigMeta": {
+        "type": "object",
+        "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n",
+        "required": [
+          "object_id",
+          "config_version",
+          "created_at",
+          "modified_at",
+          "config_source"
+        ],
+        "properties": {
+          "object_id": {
+            "$ref": "#/components/schemas/NginxConfigObjectID"
+          },
+          "config_version": {
+            "type": "string",
+            "description": "A hash that uniquely identifies the contents of the config object.\n"
+          },
+          "created_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "The date and time when the NGINX configuration object was created for the instance."
+          },
+          "modified_at": {
+            "type": "string",
+            "format": "date-time",
+            "description": "The date and time when the NGINX configuration object was last modified for the instance."
+          },
+          "config_source": {
+            "type": "string",
+            "enum": [
+              "NGINX One",
+              "Other",
+              "Unspecified"
+            ],
+            "x-enum-varnames": [
+              "config_source_nginx_one",
+              "config_source_other",
+              "config_source_unspecified"
+            ],
+            "description": "The source from which the config was created:\n-  `NGINX One`: The config was created from NGINX One.\n-  `Other`: The config was created from data plane.\n-  `Unspecified`: The source of the config is unspecified.\n"
+          }
+        },
+        "example": {
+          "object_id": "nc_AamgWtYSSb6OWGljx3wNDA",
+          "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V",
+          "created_at": "2023-08-10T16:59:15Z",
+          "modified_at": "2023-08-10T16:59:15Z",
+          "config_source": "NGINX One"
+        }
+      },
+      "FilterNameControlPlanes": {
+        "type": "string",
+        "description": "Keywords for control plane filters.\n",
+        "enum": [
+          "name",
+          "product_version",
+          "object_id",
+          "cve_severity"
+        ],
+        "x-enum-varnames": [
+          "filter_name_control_plane_name",
+          "filter_name_control_plane_product_version",
+          "filter_name_control_plane_object_id",
+          "filter_name_control_plane_cve_severity"
+        ]
+      },
+      "ListControlPlaneObject": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/ControlPlaneBaseInfo"
+          },
+          {
+            "type": "object",
+            "description": "Summary information about a control plane.",
+            "required": [
+              "object_id",
+              "instances_count",
+              "online_instances_count"
+            ],
+            "properties": {
+              "object_id": {
+                "$ref": "#/components/schemas/ControlPlaneObjectID"
+              },
+              "instances_count": {
+                "description": "Total number of instances in the control plane.",
+                "type": "integer"
+              },
+              "online_instances_count": {
+                "description": "Total number of online instances in the control plane.",
+                "type": "integer"
+              },
+              "cve_severity": {
+                "type": "array",
+                "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.",
+                "items": {
+                  "$ref": "#/components/schemas/CveDetails"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "ControlPlaneListResponse": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/PaginationResponse"
+          },
+          {
+            "type": "object",
+            "description": "List of control planes.",
+            "required": [
+              "items"
+            ],
+            "properties": {
+              "items": {
+                "description": "An array of control plane objects.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/ListControlPlaneObject"
+                }
+              }
+            }
+          }
+        ],
+        "example": {
+          "total": 10,
+          "count": 1,
+          "start_index": 1,
+          "items_per_page": 100,
+          "items": [
+            {
+              "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A",
+              "name": "nginx-ingress-001",
+              "product_version": "nginx-ingress-controller-4.0.1",
+              "created_at": "2023-12-06T22:37:24.120114Z",
+              "instances_count": 5,
+              "online_instances_count": 3,
+              "cve_severity": [
+                {
+                  "count": 6,
+                  "type": "medium"
+                },
+                {
+                  "count": 1,
+                  "type": "high"
+                }
+              ]
+            },
+            {
+              "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA",
+              "name": "ngf-deployment",
+              "created_at": "2023-12-06T22:37:24.120114Z",
+              "product_version": "nginx-gateway-fabric-2.0.1",
+              "instances_count": 3,
+              "online_instances_count": 1,
+              "cve_severity": [
+                {
+                  "count": 2,
+                  "type": "medium"
+                },
+                {
+                  "count": 3,
+                  "type": "high"
+                }
+              ]
+            }
+          ]
+        }
+      },
+      "StatusSummary": {
+        "description": "An overview of the status for each NGINX instance, indicating availability.",
+        "type": "object",
+        "required": [
+          "online",
+          "offline",
+          "unavailable"
+        ],
+        "properties": {
+          "online": {
+            "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n",
+            "type": "integer"
+          },
+          "offline": {
+            "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n",
+            "type": "integer"
+          },
+          "unavailable": {
+            "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n",
             "type": "integer"
           }
         }
       },
-      "NginxConfigReport": {
+      "ControlPlane": {
         "type": "object",
-        "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.",
+        "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n",
+        "required": [
+          "object_id",
+          "cluster_uuid",
+          "deployment_uuid",
+          "kubernetes_namespace"
+        ],
         "properties": {
-          "rule": {
-            "description": "The name of the configuration rule that was violated.",
+          "object_id": {
+            "$ref": "#/components/schemas/ControlPlaneObjectID"
+          },
+          "cluster_uuid": {
+            "description": "The Kubernetes UID assigned to the cluster that the product is running in.",
             "type": "string"
           },
-          "info": {
-            "description": "A detailed description of the issue.",
+          "deployment_uuid": {
+            "description": "The Kubernetes UID assigned to the control plane.",
             "type": "string"
           },
-          "severity": {
-            "description": "The severity level of the issue.",
+          "key_object_id": {
+            "$ref": "#/components/schemas/DataPlaneKeyObjectID"
+          },
+          "kubernetes_namespace": {
+            "description": "The kubernetes namespace that the product is running in.",
             "type": "string"
           },
-          "category": {
-            "description": "Classification category of the issue.",
+          "cert_summary": {
+            "$ref": "#/components/schemas/CertificateInstanceSummary"
+          },
+          "statuses": {
+            "$ref": "#/components/schemas/StatusSummary"
+          }
+        }
+      },
+      "ControlPlaneDetails": {
+        "type": "object",
+        "description": "Detailed information of control plane.",
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/ControlPlaneBaseInfo"
+          },
+          {
+            "$ref": "#/components/schemas/ControlPlane"
+          }
+        ],
+        "example": {
+          "name": "foo",
+          "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw",
+          "product_version": "nginx-ingress-controller-1.0.0",
+          "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7",
+          "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3",
+          "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg",
+          "kubernetes_namespace": "nginx-ingress-controller",
+          "created_at": "2023-12-06T22:37:24.120114Z",
+          "cert_summary": {
+            "total": 9,
+            "valid": 1,
+            "expired": 5,
+            "expiring": 3,
+            "not_ready": 0
+          },
+          "statuses": {
+            "offline": 0,
+            "online": 3,
+            "unavailable": 0
+          }
+        }
+      },
+      "SummaryDisplayCount": {
+        "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.",
+        "type": "object",
+        "required": [
+          "name",
+          "count"
+        ],
+        "properties": {
+          "name": {
+            "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.",
             "type": "string"
           },
-          "documentation": {
-            "description": "Links to documentation that can assist in resolving the identified issue.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
+          "count": {
+            "description": "The number of resources matching the given type.",
+            "type": "integer"
           },
-          "where": {
-            "description": "Specific locations in the configuration where issues were detected.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/NginxConfigProblem"
-            }
+          "display": {
+            "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.",
+            "type": "string"
           }
         }
       },
-      "NginxConfigReports": {
+      "ControlPlaneProductVersionSummary": {
+        "description": "An array of control plane product names/versions.",
         "type": "array",
         "items": {
-          "$ref": "#/components/schemas/NginxConfigReport"
+          "$ref": "#/components/schemas/SummaryDisplayCount"
         }
       },
-      "NginxConfigMeta": {
+      "CveControlPlaneSummary": {
+        "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.",
         "type": "object",
-        "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n",
         "required": [
-          "object_id",
-          "config_version",
-          "created_at",
-          "modified_at",
-          "config_source"
+          "severity",
+          "count",
+          "affected_control_planes"
         ],
         "properties": {
-          "object_id": {
-            "$ref": "#/components/schemas/NginxConfigObjectID"
-          },
-          "config_version": {
-            "type": "string",
-            "description": "A hash that uniquely identifies the contents of the config object.\n"
+          "severity": {
+            "$ref": "#/components/schemas/CveSeverityType"
           },
-          "created_at": {
-            "type": "string",
-            "format": "date-time",
-            "description": "The date and time when the NGINX configuration object was created for the instance."
+          "count": {
+            "description": "The number of CVEs at each severity level.",
+            "type": "integer"
           },
-          "modified_at": {
-            "type": "string",
-            "format": "date-time",
-            "description": "The date and time when the NGINX configuration object was last modified for the instance."
+          "affected_control_planes": {
+            "description": "The number of control planes affected by each CVE.",
+            "type": "integer"
+          }
+        }
+      },
+      "ControlPlaneSummary": {
+        "description": "A summary of control planes including their product names/version details.",
+        "type": "object",
+        "properties": {
+          "product_versions": {
+            "$ref": "#/components/schemas/ControlPlaneProductVersionSummary"
           },
-          "config_source": {
-            "type": "string",
-            "enum": [
-              "NGINX One",
-              "Other",
-              "Unspecified"
-            ],
-            "x-enum-varnames": [
-              "config_source_nginx_one",
-              "config_source_other",
-              "config_source_unspecified"
-            ],
-            "description": "The source from which the config was created:\n-  `NGINX One`: The config was created from NGINX One.\n-  `Other`: The config was created from data plane.\n-  `Unspecified`: The source of the config is unspecified.\n"
+          "cves": {
+            "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.",
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/CveControlPlaneSummary"
+            }
           }
         },
         "example": {
-          "object_id": "nc_AamgWtYSSb6OWGljx3wNDA",
-          "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V",
-          "created_at": "2023-08-10T16:59:15Z",
-          "modified_at": "2023-08-10T16:59:15Z",
-          "config_source": "NGINX One"
+          "product_versions": [
+            {
+              "count": 10,
+              "name": "nginx-ingress-controller-1.0.0"
+            }
+          ],
+          "cves": [
+            {
+              "affected_control_planes": 3,
+              "count": 13,
+              "severity": "medium"
+            },
+            {
+              "affected_control_planes": 2,
+              "count": 2,
+              "severity": "high"
+            }
+          ]
         }
       },
       "NginxCVEObject": {
@@ -6768,6 +8169,10 @@
             "description": "Number of instances impacted by the security advisory",
             "type": "integer"
           },
+          "control_planes_impacted": {
+            "description": "Number of control planes impacted by the security advisory",
+            "type": "integer"
+          },
           "published_at": {
             "description": "The date and time when the cve was published",
             "type": "string",
@@ -6800,15 +8205,19 @@
       },
       "NginxProduct": {
         "type": "string",
-        "description": "NGINX product :\n  * `noss` - NGINX Open Source.\n  * `nplus` - NGINX PLUS.\n",
+        "description": "NGINX product :\n  * `noss` - NGINX Open Source.\n  * `nplus` - NGINX PLUS.\n  * `nic` - NGINX Ingress Controller.\n  * `ngf` - NGINX Gateway Fabric.\n",
         "enum": [
           "noss",
           "nplus",
+          "nic",
+          "ngf",
           "unknown"
         ],
         "x-enum-varnames": [
           "nginx_product_noss",
           "nginx_product_nplus",
+          "nginx_product_nic",
+          "nginx_product_ngf",
           "nginx_product_unknown"
         ]
       },
@@ -6874,6 +8283,20 @@
                     "1.20.2",
                     "1.19.9"
                   ]
+                },
+                {
+                  "name": "nic",
+                  "versions": [
+                    "1.0.0",
+                    "2.1.0"
+                  ]
+                },
+                {
+                  "name": "ngf",
+                  "versions": [
+                    "1.6.2",
+                    "2.0.1"
+                  ]
                 }
               ],
               "info": "Memory disclosure in the ngx_http_mp4_module",
@@ -6895,7 +8318,7 @@
             "$ref": "#/components/schemas/NginxProduct"
           },
           "version": {
-            "description": "version of the Nginx product installed on the instance.",
+            "description": "version of the NGINX product installed on the instance.",
             "type": "string"
           }
         }
@@ -7020,12 +8443,14 @@
             "enum": [
               "instance_cleanup",
               "certificates",
-              "publications"
+              "publications",
+              "nap_compilation_jobs"
             ],
             "x-enum-varnames": [
               "event_type_instance_cleanup",
               "event_type_certificates",
-              "event_type_publications"
+              "event_type_publications",
+              "event_type_nap_compilation_jobs"
             ]
           },
           "object_id": {
@@ -7248,6 +8673,77 @@
           }
         ]
       },
+      "NapSignatureVersion": {
+        "description": "The version of the NGINX App Protect resource.",
+        "type": "string",
+        "example": "2023.12.06"
+      },
+      "NapInstanceAssociation": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/NapAssociation"
+          },
+          {
+            "type": "object",
+            "required": [
+              "threat_campaign_version",
+              "attack_signature_version",
+              "bot_signature_version"
+            ],
+            "properties": {
+              "threat_campaign_version": {
+                "$ref": "#/components/schemas/NapSignatureVersion"
+              },
+              "attack_signature_version": {
+                "$ref": "#/components/schemas/NapSignatureVersion"
+              },
+              "bot_signature_version": {
+                "$ref": "#/components/schemas/NapSignatureVersion"
+              }
+            }
+          }
+        ],
+        "example": {
+          "name": "default_policy",
+          "version": "2025.05.01",
+          "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw",
+          "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ",
+          "publication_object_id": "pub_72pGHoGsSICL_THZrs964g",
+          "paths": [
+            "/etc/nginx/default_policy.tgz"
+          ],
+          "deployment_status": "deployed",
+          "enforcement_mode": "transparent",
+          "deployed_on": "2023-12-06T22:37:24.120114Z",
+          "threat_campaign_version": "2025.01.23",
+          "attack_signature_version": "2025.01.19",
+          "bot_signature_version": "2025.01.19"
+        }
+      },
+      "NginxAppProtectDetails": {
+        "description": "Information regarding NGINX App Protect. Includes version and deployments.\n",
+        "type": "object",
+        "required": [
+          "engine_version",
+          "deployments"
+        ],
+        "properties": {
+          "release_version": {
+            "description": "The release version of NGINX App Protect.",
+            "type": "string"
+          },
+          "engine_version": {
+            "description": "The version of the App Protect enforcement engine.",
+            "type": "string"
+          },
+          "deployments": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/NapInstanceAssociation"
+            }
+          }
+        }
+      },
       "InstanceDetails": {
         "type": "object",
         "description": "Detailed information about an NGINX instance.",
@@ -7270,6 +8766,12 @@
               },
               "config_sync_group": {
                 "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta"
+              },
+              "nginx_app_protect": {
+                "$ref": "#/components/schemas/NginxAppProtectDetails"
+              },
+              "control_plane": {
+                "$ref": "#/components/schemas/ControlPlaneBaseInfo"
               }
             }
           }
@@ -7293,6 +8795,12 @@
           ],
           "hostname": "4d116619f106",
           "key": "key_wN3IhLCmR3qmwybG_6ptEg",
+          "control_plane": {
+            "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA",
+            "name": "nginx-ingress-001",
+            "product_version": "nginx-ingress-controller-4.0.1",
+            "created_at": "2023-12-06T22:37:24.120114Z"
+          },
           "last_reported": "2023-12-06T22:37:24.120114Z",
           "nginx_build": {
             "conf_path": "/etc/nginx/nginx.conf",
@@ -7361,63 +8869,18 @@
           }
         }
       },
-      "SummaryDisplayCount": {
-        "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.",
-        "type": "object",
-        "required": [
-          "name",
-          "count"
-        ],
-        "properties": {
-          "name": {
-            "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.",
-            "type": "string"
-          },
-          "count": {
-            "description": "The number of resources matching the given type.",
-            "type": "integer"
-          },
-          "display": {
-            "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.",
-            "type": "string"
-          }
-        }
-      },
       "OperatingSystemVersionSummary": {
-        "description": "An array summarizing the operating systems and their versions on the NGINX data plane.",
-        "type": "array",
-        "items": {
-          "$ref": "#/components/schemas/SummaryDisplayCount"
-        }
-      },
-      "NGINXVersionSummary": {
-        "description": "An array summarizing the versions of NGINX installed across the NGINX data plane.",
+        "description": "An array of operating systems and their versions on the NGINX data plane.",
         "type": "array",
         "items": {
           "$ref": "#/components/schemas/SummaryDisplayCount"
         }
-      },
-      "StatusSummary": {
-        "description": "An overview of the status for each NGINX instance, indicating availability.",
-        "type": "object",
-        "required": [
-          "online",
-          "offline",
-          "unavailable"
-        ],
-        "properties": {
-          "online": {
-            "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n",
-            "type": "integer"
-          },
-          "offline": {
-            "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n",
-            "type": "integer"
-          },
-          "unavailable": {
-            "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n",
-            "type": "integer"
-          }
+      },
+      "NGINXVersionSummary": {
+        "description": "An array of NGINX versions installed across the NGINX data plane.",
+        "type": "array",
+        "items": {
+          "$ref": "#/components/schemas/SummaryDisplayCount"
         }
       },
       "CveSummary": {
@@ -7536,7 +8999,7 @@
         ],
         "properties": {
           "total": {
-            "description": "Total count of certificates used as `payloads` in Nginx config.",
+            "description": "Total count of certificates used as `payloads` in NGINX config.",
             "type": "integer"
           },
           "expired": {
@@ -7689,51 +9152,6 @@
           "object_id": "sc_Tet21AeYTHCj7taOwVfzyw"
         }
       },
-      "StagedConfigBulkRequestData": {
-        "type": "object",
-        "description": "Part of bulk operation on a staged config, only `delete` is supported.",
-        "required": [
-          "action",
-          "object_id"
-        ],
-        "properties": {
-          "object_id": {
-            "$ref": "#/components/schemas/StagedConfigObjectID"
-          },
-          "action": {
-            "$ref": "#/components/schemas/BulkRequestAction"
-          }
-        },
-        "example": {
-          "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw",
-          "action": "delete"
-        }
-      },
-      "StagedConfigBulkRequest": {
-        "type": "array",
-        "items": {
-          "$ref": "#/components/schemas/StagedConfigBulkRequestData"
-        },
-        "minItems": 1,
-        "maxItems": 50,
-        "example": [
-          {
-            "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw",
-            "action": "delete"
-          },
-          {
-            "object_id": "sc_PL0c1XodRemmzVEjiXSsTg",
-            "action": "delete"
-          }
-        ]
-      },
-      "StagedConfigBulkResponse": {
-        "description": "The staged config bulk outcome.",
-        "type": "array",
-        "items": {
-          "$ref": "#/components/schemas/BulkRequestObjectStatus"
-        }
-      },
       "StagedConfigResponse": {
         "description": "Get an NGINX staged config.",
         "required": [
@@ -7812,35 +9230,6 @@
           }
         }
       },
-      "StagedConfigImportRequest": {
-        "type": "object",
-        "description": "Body to import a NGINX staged config",
-        "required": [
-          "name",
-          "file",
-          "conf_path"
-        ],
-        "properties": {
-          "name": {
-            "$ref": "#/components/schemas/StagedConfigName"
-          },
-          "file": {
-            "type": "string",
-            "format": "binary",
-            "example": "my-staged-config.tar.gz",
-            "maxLength": 5242880
-          },
-          "conf_path": {
-            "$ref": "#/components/schemas/ConfigPath"
-          }
-        },
-        "example": {
-          "name": "my-nginx-config",
-          "file": "my-staged-config.tar.gz",
-          "conf_path": "/etc/nginx/nginx.conf",
-          "parse_only": true
-        }
-      },
       "MetricQueryResultEx": {
         "type": "object",
         "required": [
@@ -8039,7 +9428,7 @@
       "MetricDimension": {
         "type": "string",
         "default": "display_name",
-        "description": "Static list of all metric dimensions.\n  * `display_name` - The display name of the NGINX instance.\n  * `file_path` - Path to a desired file.\n  * `parent_hostname` - The hostname of the NGINX Plus instance.\n  * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n  * `location_zone` - The name of an HTTP location zone.\n  * `mount_point` - A filesystem mount point.\n  * `namespace` - The Namespace associated with the metric data.\n  * `network_interface` - A server network interface.\n  * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n  * `server_zone` - The name of an HTTP or Stream server zone.\n  * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n  * `tenant` - The Tenant associated with the metric data.\n  * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n  * `mode` - Variant value associated with metric `system.cpu.utilization`.\n  * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n  * `io_direction` - Variant value associated with metric `system.network.io`.\n  * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n",
+        "description": "Static list of all metric dimensions:\n  * `display_name` - Display name of the NGINX instance.\n  * `file_path` - Path to the file.\n  * `parent_hostname` - Hostname of the NGINX Plus instance.\n  * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n  * `location_zone` - Name of an HTTP location zone.\n  * `mount_point` - Filesystem mount point.\n  * `namespace` - Namespace for the metric data.\n  * `network_interface` - Server network interface.\n  * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n  * `server_zone` - Name of an HTTP or Stream server zone.\n  * `system_id` - Unique ID of the operating system running nginx-agent.\n  * `tenant` - Tenant for the metric data.\n  * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n  * `mode` - Variant value for metric `system.cpu.utilization`.\n  * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n  * `io_direction` - Variant value for metric `system.network.io`.\n  * `status_range` - Variant value for metric `nginx.http.response.count`.\n  * `logical_number` - Variant value for metrics that return a processor number.\n  * `outcome` - Variant value for metrics that return an outcome.\n",
         "enum": [
           "display_name",
           "file_path",
@@ -8057,7 +9446,9 @@
           "mode",
           "state",
           "io_direction",
-          "status_range"
+          "status_range",
+          "logical_number",
+          "outcome"
         ],
         "x-enum-varnames": [
           "metric_dimension_display_name",
@@ -8076,13 +9467,17 @@
           "metric_dimension_mode",
           "metric_dimension_state",
           "metric_dimension_io_direction",
-          "metric_dimension_status_range"
+          "metric_dimension_status_range",
+          "metric_dimension_logical_number",
+          "metric_dimension_outcome"
         ]
       },
       "BaseMetricQueryRequest": {
         "type": "object",
         "required": [
-          "metrics"
+          "metrics",
+          "start_time",
+          "resolution"
         ],
         "properties": {
           "metrics": {
@@ -8380,12 +9775,15 @@
           },
           {
             "$ref": "#/components/schemas/MetricNginxHttpResponseCount"
+          },
+          {
+            "$ref": "#/components/schemas/MetricNginxHttpConnectionCount"
           }
         ]
       },
       "MetricSystemCpuUtilization": {
         "type": "string",
-        "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n  * system.cpu.system\n  * system.cpu.user\n\nAggregation(s) supported:\n  * min\n  * max\n  * sum\n  * avg\n  * rate\n\nCatalog dimension filter differentiator:\n  * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n  * instance_object_id\n  * csg_object_id\n  * system_id\n  * parent_hostname\n  * display_name\n  * nginx_id\n",
+        "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n  * system.cpu.system\n  * system.cpu.user\n\nSupported aggregations:\n  * min\n  * max\n  * sum\n  * avg\n  * rate\n\nCatalog dimension filter:\n  * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n  * instance_object_id\n  * csg_object_id\n  * system_id\n  * parent_hostname\n  * display_name\n  * nginx_id\n  * logical_number\n",
         "enum": [
           "system.cpu.utilization"
         ]
@@ -8411,6 +9809,13 @@
           "system.cpu.logical.count"
         ]
       },
+      "MetricNginxHttpConnectionCount": {
+        "type": "string",
+        "description": "Number of connections grouped by outcome ('ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nSupported aggregations:\n  * min\n  * max\n  * sum\n  * avg\n  * rate\n\nSupported catalog dimensions:\n  * instance_object_id\n  * csg_object_id\n  * system_id\n  * parent_hostname\n  * display_name\n  * nginx_id\n  * outcome\n",
+        "enum": [
+          "nginx.http.connection.count"
+        ]
+      },
       "MetricSystemNetworkIo": {
         "type": "string",
         "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n  * system.net.bytes_rcvd\n  * system.net.bytes_sent\n\nAggregation(s) supported:\n  * min\n  * max\n  * sum\n  * avg\n  * rate\n\nCatalog dimension filter differentiator:\n  * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n  * instance_object_id\n  * csg_object_id\n  * system_id\n  * parent_hostname\n  * display_name\n  * nginx_id\n  * network_interface\n",
@@ -8626,39 +10031,6 @@
           "k8s.cluster.nodes"
         ]
       },
-      "NapPolicyEnforcementMode": {
-        "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n",
-        "type": "string",
-        "enum": [
-          "blocking",
-          "transparent"
-        ],
-        "x-enum-varnames": [
-          "nap_enforcement_mode_blocking",
-          "nap_enforcement_mode_transparent"
-        ]
-      },
-      "NapDeploymentStatus": {
-        "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n",
-        "type": "string",
-        "enum": [
-          "deployed",
-          "not_deployed",
-          "deploying",
-          "failed"
-        ],
-        "x-enum-varnames": [
-          "nap_deployment_status_deployed",
-          "nap_deployment_status_not_deployed",
-          "nap_deployment_status_deploying",
-          "nap_deployment_status_failed"
-        ]
-      },
-      "Version": {
-        "description": "The version of the NGINX App Protect resource.",
-        "type": "string",
-        "example": "2023.12.06"
-      },
       "VersionsList": {
         "type": "object",
         "required": [
@@ -8669,21 +10041,18 @@
             "description": "An array of versions.",
             "type": "array",
             "items": {
-              "$ref": "#/components/schemas/Version"
+              "$ref": "#/components/schemas/NapSignatureVersion"
             }
           }
         }
       },
       "ThreatCampaignVersionsListResponse": {
-        "description": "List of Threat Campaign versions.",
         "$ref": "#/components/schemas/VersionsList"
       },
       "AttackSignatureVersionsListResponse": {
-        "description": "List of Attack Signature versions.",
         "$ref": "#/components/schemas/VersionsList"
       },
       "BotSignatureVersionsListResponse": {
-        "description": "List of Bot Signature versions.",
         "$ref": "#/components/schemas/VersionsList"
       },
       "NapPolicy": {
@@ -8778,7 +10147,7 @@
                   "latest": {
                     "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw",
                     "version": "2023-12-06 22:37:24",
-                    "created_on": "2023-12-06T22:37:24.120114Z",
+                    "created_at": "2023-12-06T22:37:24.120114Z",
                     "deployment_status": "deployed",
                     "enforcement_mode": "blocking"
                   }
@@ -8839,7 +10208,7 @@
                 "$ref": "#/components/schemas/NapDeploymentStatus"
               },
               "deployed_on": {
-                "description": "Date and time.",
+                "description": "Date and time of the deployment.",
                 "type": "string",
                 "format": "date-time"
               }
@@ -8944,13 +10313,13 @@
             "type": "object",
             "properties": {
               "threat_campaign_version": {
-                "$ref": "#/components/schemas/Version"
+                "$ref": "#/components/schemas/NapSignatureVersion"
               },
               "attack_signature_version": {
-                "$ref": "#/components/schemas/Version"
+                "$ref": "#/components/schemas/NapSignatureVersion"
               },
               "bot_signature_version": {
-                "$ref": "#/components/schemas/Version"
+                "$ref": "#/components/schemas/NapSignatureVersion"
               }
             }
           }
@@ -9018,19 +10387,19 @@
           "object_id",
           "version",
           "enforcement_mode",
-          "created_on"
+          "created_at"
         ],
         "properties": {
           "object_id": {
             "$ref": "#/components/schemas/NapPolicyVersionObjectID"
           },
           "version": {
-            "$ref": "#/components/schemas/Version"
+            "$ref": "#/components/schemas/NapSignatureVersion"
           },
           "enforcement_mode": {
             "$ref": "#/components/schemas/NapPolicyEnforcementMode"
           },
-          "created_on": {
+          "created_at": {
             "description": "The date and time when the NGINX App Protect policy version was created.",
             "type": "string",
             "format": "date-time"
@@ -9045,7 +10414,7 @@
           "object_id",
           "version",
           "enforcement_mode",
-          "created_on"
+          "created_at"
         ],
         "allOf": [
           {
@@ -9108,7 +10477,7 @@
                 {
                   "version": "2023-12-06 22:37:24",
                   "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw",
-                  "created_on": "2023-12-06T22:37:24.120114Z",
+                  "created_at": "2023-12-06T22:37:24.120114Z",
                   "enforcement_mode": "blocking",
                   "latest": false
                 }
@@ -9156,31 +10525,524 @@
               }
             }
           }
-        ]
+        ]
+      },
+      "NapLogProfileMetadata": {
+        "type": "object",
+        "required": [
+          "name",
+          "object_id"
+        ],
+        "properties": {
+          "name": {
+            "type": "string",
+            "description": "The name of the NGINX App Protect log profile."
+          },
+          "object_id": {
+            "$ref": "#/components/schemas/NapLogProfileObjectID"
+          },
+          "description": {
+            "description": "Optional field to describe the NGINX App Protect log profile.",
+            "type": "string",
+            "minLength": 5,
+            "maxLength": 256
+          }
+        }
+      },
+      "NapGlobalSettingsListResponse": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/PaginationResponse"
+          },
+          {
+            "type": "object",
+            "required": [
+              "items"
+            ],
+            "properties": {
+              "items": {
+                "description": "An array of NGINX App Protect global settings.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/NapGlobalSettingMetadata"
+                }
+              }
+            }
+          }
+        ]
+      },
+      "NapGlobalSettingGetResponse": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/NapGlobalSettingMetadata"
+          },
+          {
+            "type": "object",
+            "required": [
+              "config"
+            ],
+            "properties": {
+              "config": {
+                "description": "The NGINX App Protect global setting configuration.",
+                "type": "string"
+              }
+            }
+          }
+        ]
+      },
+      "NapGlobalSettingMetadata": {
+        "type": "object",
+        "required": [
+          "name",
+          "object_id"
+        ],
+        "properties": {
+          "name": {
+            "type": "string",
+            "description": "The name of the NGINX App Protect global setting object."
+          },
+          "description": {
+            "description": "Optional field to describe the NGINX App Protect global setting object.",
+            "type": "string",
+            "minLength": 5,
+            "maxLength": 256
+          },
+          "object_id": {
+            "$ref": "#/components/schemas/NapGlobalSettingObjectID"
+          }
+        }
+      },
+      "NapPolicyBulkRequest": {
+        "type": "array",
+        "items": {
+          "$ref": "#/components/schemas/NapPolicyBulkRequestData"
+        },
+        "minItems": 1,
+        "maxItems": 50,
+        "example": [
+          {
+            "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw",
+            "action": "delete"
+          },
+          {
+            "object_id": "pol_PL0c1XodRemmzVEjiXSsTg",
+            "action": "delete"
+          }
+        ]
+      },
+      "NapPolicyBulkRequestData": {
+        "type": "object",
+        "description": "Part of bulk operation on a Nap policy, only `delete` is supported.",
+        "required": [
+          "action",
+          "object_id"
+        ],
+        "properties": {
+          "object_id": {
+            "$ref": "#/components/schemas/NapPolicyObjectID"
+          },
+          "action": {
+            "$ref": "#/components/schemas/BulkRequestAction"
+          }
+        },
+        "example": {
+          "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw",
+          "action": "delete"
+        }
+      },
+      "NapBulkResponse": {
+        "description": "The Nap policy bulk outcome.",
+        "type": "array",
+        "items": {
+          "$ref": "#/components/schemas/BulkRequestObjectStatus"
+        }
+      },
+      "NapSignatureMeta": {
+        "required": [
+          "signature_id",
+          "name",
+          "attack_type"
+        ],
+        "properties": {
+          "name": {
+            "type": "string"
+          },
+          "signature_id": {
+            "type": "integer"
+          },
+          "attack_type": {
+            "type": "string"
+          }
+        }
+      },
+      "NapSignature": {
+        "allOf": [
+          {
+            "$ref": "#/components/schemas/NapSignatureMeta"
+          },
+          {
+            "type": "object",
+            "required": [
+              "description",
+              "signature_type",
+              "risk",
+              "accuracy",
+              "has_cve",
+              "modified_at",
+              "systems"
+            ],
+            "properties": {
+              "accuracy": {
+                "default": "low",
+                "enum": [
+                  "high",
+                  "low",
+                  "medium"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_accuracy_high",
+                  "nap_signature_accuracy_low",
+                  "nap_signature_accuracy_medium"
+                ],
+                "type": "string"
+              },
+              "description": {
+                "type": "string"
+              },
+              "has_cve": {
+                "default": false,
+                "type": "boolean"
+              },
+              "modified_at": {
+                "type": "string",
+                "format": "date-time",
+                "description": "The date and time when the signature was last modified."
+              },
+              "references": {
+                "items": {
+                  "required": [
+                    "type",
+                    "value"
+                  ],
+                  "properties": {
+                    "type": {
+                      "default": "nessus",
+                      "enum": [
+                        "bugtraq",
+                        "cve",
+                        "nessus",
+                        "url"
+                      ],
+                      "x-enum-varnames": [
+                        "nap_signature_references_type_bugtrag",
+                        "nap_signature_references_type_cve",
+                        "nap_signature_references_type_nessus",
+                        "nap_signature_references_type_url"
+                      ],
+                      "type": "string"
+                    },
+                    "value": {
+                      "type": "string"
+                    }
+                  },
+                  "type": "object"
+                },
+                "type": "array"
+              },
+              "risk": {
+                "default": "low",
+                "enum": [
+                  "high",
+                  "low",
+                  "medium"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_risk_high",
+                  "nap_signature_risk_low",
+                  "nap_signature_risk_medium"
+                ],
+                "type": "string"
+              },
+              "signature_type": {
+                "default": "request",
+                "enum": [
+                  "request",
+                  "response"
+                ],
+                "type": "string",
+                "x-enum-varnames": [
+                  "nap_signature_signature_type_request",
+                  "nap_signature_signature_type_response"
+                ]
+              },
+              "systems": {
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              }
+            }
+          }
+        ],
+        "example": {
+          "signature_id": 123456789,
+          "name": "Example Signature",
+          "description": "This is an example signature.",
+          "signature_type": "request",
+          "attack_type": "SQL Injection",
+          "risk": "high",
+          "accuracy": "medium",
+          "has_cve": true,
+          "modified_at": "2023-10-01T12:00:00Z",
+          "references": [
+            {
+              "type": "cve",
+              "value": "CVE-2023-12345"
+            }
+          ],
+          "systems": [
+            "System A"
+          ]
+        }
       },
-      "NapLogProfileMetadata": {
+      "NapSignatureSet": {
         "type": "object",
         "required": [
+          "id",
           "name",
-          "object_id"
+          "signature_count",
+          "default_alarm",
+          "default_block",
+          "default_learn",
+          "modified_at"
         ],
         "properties": {
+          "id": {
+            "type": "string"
+          },
           "name": {
-            "type": "string",
-            "description": "The name of the NGINX App Protect log profile."
+            "type": "string"
           },
-          "object_id": {
-            "$ref": "#/components/schemas/NapLogProfileObjectID"
+          "signature_count": {
+            "type": "integer"
           },
-          "description": {
-            "description": "Optional field to describe the NGINX App Protect log profile.",
+          "assign_to_policy_by_default": {
+            "default": false,
+            "type": "boolean"
+          },
+          "category": {
+            "default": "User-defined",
+            "type": "string"
+          },
+          "default_alarm": {
+            "default": true,
+            "type": "boolean"
+          },
+          "default_block": {
+            "default": true,
+            "type": "boolean"
+          },
+          "default_learn": {
+            "default": true,
+            "type": "boolean"
+          },
+          "filter": {
+            "properties": {
+              "accuracy_filter": {
+                "default": "ge",
+                "enum": [
+                  "all",
+                  "eq",
+                  "ge",
+                  "le"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_accuracy_filter_all",
+                  "nap_signature_set_accuracy_filter_eq",
+                  "nap_signature_set_accuracy_filter_ge",
+                  "nap_signature_set_accuracy_filter_le"
+                ],
+                "type": "string"
+              },
+              "accuracy_value": {
+                "default": "all",
+                "enum": [
+                  "all",
+                  "high",
+                  "low",
+                  "medium"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_accuracy_value_all",
+                  "nap_signature_set_accuracy_value_high",
+                  "nap_signature_set_accuracy_value_low",
+                  "nap_signature_set_accuracy_value_medium"
+                ],
+                "type": "string"
+              },
+              "attack_type": {
+                "properties": {
+                  "name": {
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "has_cve": {
+                "default": "all",
+                "enum": [
+                  "all",
+                  "no",
+                  "yes"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_have_cve_all",
+                  "nap_signature_set_filter_have_cve_no",
+                  "nap_signature_set_filter_have_cve_yes"
+                ],
+                "type": "string"
+              },
+              "modified_at_filter": {
+                "default": "all",
+                "enum": [
+                  "after",
+                  "all",
+                  "before"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_modified_at_filter_after",
+                  "nap_signature_set_filter_modified_at_filter_all",
+                  "nap_signature_set_filter_modified_at_filter_before"
+                ],
+                "type": "string"
+              },
+              "modified_at_value": {
+                "default": "1970-01-01",
+                "type": "string"
+              },
+              "risk_filter": {
+                "default": "eq",
+                "enum": [
+                  "all",
+                  "eq",
+                  "ge",
+                  "le"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_risk_filter_all",
+                  "nap_signature_set_filter_risk_filter_eq",
+                  "nap_signature_set_filter_risk_filter_ge",
+                  "nap_signature_set_filter_risk_filter_le"
+                ],
+                "type": "string"
+              },
+              "risk_value": {
+                "default": "low",
+                "enum": [
+                  "all",
+                  "high",
+                  "low",
+                  "medium"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_risk_value_all",
+                  "nap_signature_set_filter_risk_value_high",
+                  "nap_signature_set_filter_risk_value_low",
+                  "nap_signature_set_filter_risk_value_medium"
+                ],
+                "type": "string"
+              },
+              "signature_type": {
+                "default": "request",
+                "enum": [
+                  "all",
+                  "request",
+                  "response"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_signature_type_all",
+                  "nap_signature_set_filter_signature_type_request",
+                  "nap_signature_set_filter_signature_type_response"
+                ],
+                "type": "string"
+              },
+              "user_defined_filter": {
+                "default": "all",
+                "enum": [
+                  "all",
+                  "no",
+                  "yes"
+                ],
+                "x-enum-varnames": [
+                  "nap_signature_set_filter_user_defined_filter_all",
+                  "nap_signature_set_filter_user_defined_filter_no",
+                  "nap_signature_set_filter_user_defined_filter_yes"
+                ],
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "modified_at": {
             "type": "string",
-            "minLength": 5,
-            "maxLength": 256
+            "format": "date-time",
+            "description": "The date and time when the signature-set was last modified."
+          },
+          "systems": {
+            "items": {
+              "type": "object",
+              "required": [
+                "name"
+              ],
+              "properties": {
+                "name": {
+                  "type": "string"
+                }
+              }
+            },
+            "type": "array"
+          },
+          "type": {
+            "default": "filter-based",
+            "enum": [
+              "filter-based",
+              "manual"
+            ],
+            "x-enum-varnames": [
+              "nap_signature_set_type_filter_based",
+              "nap_signature_set_type_manual"
+            ],
+            "type": "string"
           }
+        },
+        "example": {
+          "default_block": true,
+          "default_learn": true,
+          "signature_count": 0,
+          "filter": {
+            "accuracy_value": "all",
+            "accuracy_filter": "all",
+            "attack_type": {
+              "name": "XML External Entities (XXE)"
+            },
+            "risk_filter": "all",
+            "has_cve": "all",
+            "user_defined_filter": "all",
+            "risk_value": "all",
+            "modified_at_filter": "all",
+            "signature_type": "request"
+          },
+          "assign_to_policy_by_default": false,
+          "default_alarm": true,
+          "type": "filter-based",
+          "name": "XML External Entities (XXE) Signatures",
+          "id": "sigset_-ZMshmi83MBL97dr5d0a9w",
+          "category": "User-defined",
+          "modified_at": "2023-08-10T16:59:15Z",
+          "systems": []
         }
       },
-      "NapGlobalSettingsListResponse": {
+      "NapSignatureListResponse": {
         "allOf": [
           {
             "$ref": "#/components/schemas/PaginationResponse"
@@ -9192,78 +11054,87 @@
             ],
             "properties": {
               "items": {
-                "description": "An array of NGINX App Protect global settings.",
+                "description": "An array of NGINX App Protect signatures.",
                 "type": "array",
                 "items": {
-                  "$ref": "#/components/schemas/NapGlobalSettingMetadata"
+                  "$ref": "#/components/schemas/NapSignature"
                 }
               }
             }
           }
         ]
       },
-      "NapGlobalSettingGetResponse": {
+      "NapSignatureSetListResponse": {
         "allOf": [
           {
-            "$ref": "#/components/schemas/NapGlobalSettingMetadata"
+            "$ref": "#/components/schemas/PaginationResponse"
           },
           {
             "type": "object",
             "required": [
-              "config"
+              "items"
             ],
             "properties": {
-              "config": {
-                "description": "The NGINX App Protect global setting configuration.",
-                "type": "string"
+              "items": {
+                "description": "An array of NGINX App Protect signature sets.",
+                "type": "array",
+                "items": {
+                  "$ref": "#/components/schemas/NapSignatureSet"
+                }
               }
             }
           }
         ]
       },
-      "NapGlobalSettingMetadata": {
-        "type": "object",
-        "required": [
+      "FilterNameNapPolicy": {
+        "type": "string",
+        "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n  * blocking\n  * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n",
+        "enum": [
           "name",
-          "object_id"
+          "enforcement_mode",
+          "object_id",
+          "deployment_enforcement_mode",
+          "deployment_status"
         ],
-        "properties": {
-          "name": {
-            "type": "string",
-            "description": "The name of the NGINX App Protect global setting object."
-          },
-          "description": {
-            "description": "Optional field to describe the NGINX App Protect global setting object.",
-            "type": "string",
-            "minLength": 5,
-            "maxLength": 256
-          },
-          "object_id": {
-            "$ref": "#/components/schemas/NapGlobalSettingObjectID"
-          }
-        }
+        "x-enum-varnames": [
+          "filter_name_nap_policy_name",
+          "filter_name_nap_policy_enforcement_mode",
+          "filter_name_nap_policy_object_id",
+          "filter_name_nap_policy_deployment_enforcement_mode",
+          "filter_name_nap_policy_deployment_status"
+        ]
       },
-      "NapPolicyObjectID": {
-        "description": "A globally unique identifier for the App Protect policy.",
+      "FilterNameNapPolicyDeployment": {
         "type": "string",
-        "format": "object_id",
-        "pattern": "^pol_.*",
-        "x-go-type": "objects.ID",
-        "x-go-type-import": {
-          "name": "objects",
-          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
-        }
+        "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n  * instance\n  * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n  * deployed\n  * deploying\n  * failed\n",
+        "enum": [
+          "name",
+          "type",
+          "policy_version",
+          "status",
+          "object_id"
+        ],
+        "x-enum-varnames": [
+          "filter_name_nap_deployment_name",
+          "filter_name_nap_deployment_type",
+          "filter_name_nap_deployment_policy_version",
+          "filter_name_nap_deployment_status",
+          "filter_name_nap_deployment_object_id"
+        ]
       },
-      "NapPolicyVersionObjectID": {
-        "description": "A globally unique identifier for the App Protect policy version.",
+      "FilterNameNapPolicyVersion": {
         "type": "string",
-        "format": "object_id",
-        "pattern": "^pv_.*",
-        "x-go-type": "objects.ID",
-        "x-go-type-import": {
-          "name": "objects",
-          "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
-        }
+        "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n  * deployed\n  * not_deployed\n  * deploying\n  * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n  * blocking\n  * transparent\n",
+        "enum": [
+          "deployment_status",
+          "enforcement_mode",
+          "object_id"
+        ],
+        "x-enum-varnames": [
+          "filter_name_nap_policy_version_deployment_status",
+          "filter_name_nap_policy_version_enforcement_mode",
+          "filter_name_nap_policy_version_object_id"
+        ]
       },
       "NapLogProfileObjectID": {
         "description": "A globally unique identifier for the App Protect log profile.",
@@ -9303,7 +11174,8 @@
               "revoked": false,
               "name": "my-data-plane-key",
               "object_id": "key_wN3IhLCmR3qmwybG_6ptEg",
-              "instances_count": 3
+              "instances_count": 3,
+              "control_planes_count": 1
             },
             {
               "expires_at": "2023-12-01T00:00:00Z",
@@ -9312,7 +11184,8 @@
               "revoked": false,
               "name": "my-data-plane-key",
               "object_id": "key_Tet21AeYTHCj7taOwVfzyw",
-              "instances_count": 3
+              "instances_count": 3,
+              "control_planes_count": 1
             }
           ]
         }
@@ -9339,13 +11212,57 @@
           "revoked": false,
           "name": "my-data-plane-key",
           "object_id": "key_wN3IhLCmR3qmwybG_6ptEg",
-          "instances_count": 3
+          "instances_count": 3,
+          "control_planes_count": 1
+        }
+      },
+      "ConfigSyncGroupDetails": {
+        "value": {
+          "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw",
+          "name": "test-config-sync-group",
+          "config_status": "in_sync",
+          "config_version": "uvR3F2TQGm18jnl7bpaGw",
+          "created_at": "2023-12-06T22:37:24.120114Z",
+          "instances": [
+            {
+              "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw",
+              "hostname": "816e3c194d59",
+              "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8",
+              "agent_version": "v2.33.0",
+              "registered_at": "2024-05-16T18:26:40.556048Z",
+              "last_reported": "2023-12-06T22:37:24.120114Z",
+              "status": "unavailable",
+              "nginx_build": {
+                "conf_path": "/etc/nginx/nginx.conf",
+                "version": "1.25.3"
+              },
+              "os_version": "Ubuntu 22.04",
+              "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437",
+              "config_status": "in_sync",
+              "config_version": "abc123def456"
+            }
+          ],
+          "certs": [
+            {
+              "subject_name": "test.com",
+              "name": "client",
+              "cert_type": "cert_key",
+              "not_after": "2024-01-06T00:01:30Z",
+              "not_before": "2023-12-07T00:01:30Z",
+              "cert_paths": [
+                "/etc/nginx/client.pem"
+              ],
+              "cert_status": "expiring",
+              "deployment_status": "latest",
+              "object_id": "cert_Tet21AeYTHCj7taOwVfzyw"
+            }
+          ]
         }
       }
     },
     "responses": {
-      "InvalidRequest": {
-        "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+      "Unauthorized": {
+        "description": "Client is not authorized to perform the requested operation.",
         "content": {
           "application/json": {
             "schema": {
@@ -9363,6 +11280,26 @@
             }
           }
         }
+      },
+      "NotFound": {
+        "description": "Requested resource was not found.",
+        "content": {
+          "application/json": {
+            "schema": {
+              "$ref": "#/components/schemas/Error"
+            }
+          }
+        }
+      },
+      "InvalidRequest": {
+        "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.",
+        "content": {
+          "application/json": {
+            "schema": {
+              "$ref": "#/components/schemas/Error"
+            }
+          }
+        }
       }
     },
     "securitySchemes": {
@@ -9388,7 +11325,8 @@
         "Certificates",
         "CVEs",
         "Events",
-        "Staged Configs"
+        "Staged Configs",
+        "Control Planes"
       ]
     },
     {
@@ -9402,6 +11340,12 @@
       "tags": [
         "Settings"
       ]
+    },
+    {
+      "name": "NGINX One App Protect",
+      "tags": [
+        "NGINX App Protect"
+      ]
     }
   ]
 }
\ No newline at end of file
diff --git a/static/nginx-one/images/ai-assistant.png b/static/nginx-one/images/ai-assistant.png
new file mode 100644
index 000000000..df28268b1
Binary files /dev/null and b/static/nginx-one/images/ai-assistant.png differ
diff --git a/static/nginx-one/images/config-recommendation.png b/static/nginx-one/images/config-recommendation.png
new file mode 100644
index 000000000..e02179d20
Binary files /dev/null and b/static/nginx-one/images/config-recommendation.png differ
diff --git a/static/nginx-one/images/config-sync-edits.png b/static/nginx-one/images/config-sync-edits.png
new file mode 100644
index 000000000..f8a47580c
Binary files /dev/null and b/static/nginx-one/images/config-sync-edits.png differ
diff --git a/static/nginx-one/images/config-sync-status.png b/static/nginx-one/images/config-sync-status.png
new file mode 100644
index 000000000..272f36963
Binary files /dev/null and b/static/nginx-one/images/config-sync-status.png differ
diff --git a/static/nginx-one/images/unavailable-instances.png b/static/nginx-one/images/unavailable-instances.png
new file mode 100644
index 000000000..8414825dc
Binary files /dev/null and b/static/nginx-one/images/unavailable-instances.png differ
diff --git a/static/nginx/images/nginx-plus-dashboard-r35-overview.png b/static/nginx/images/nginx-plus-dashboard-r35-overview.png
new file mode 100644
index 000000000..86503c6d9
Binary files /dev/null and b/static/nginx/images/nginx-plus-dashboard-r35-overview.png differ
diff --git a/static/scripts/license_usage_offline.sh b/static/scripts/license_usage_offline.sh
index be2cd3a65..f94391c9d 100755
--- a/static/scripts/license_usage_offline.sh
+++ b/static/scripts/license_usage_offline.sh
@@ -4,6 +4,26 @@
 set -euo pipefail
 IFS=$'\n\t'
 
+# Debug mode
+if [[ "${DEBUG:-false}" == "true" ]]; then
+  set -x  # Enable command tracing
+  echo "Debug mode enabled"
+  echo "Running in directory: $(pwd)"
+  echo "Script arguments: $*"
+  env | grep -E 'JWT_FILE|NIM_IP|USERNAME|PASSWORD|USE_CASE'
+fi
+
+# Set timeouts for operations
+CURL_TIMEOUT=${CURL_TIMEOUT:-30}
+API_POLL_TIMEOUT=${API_POLL_TIMEOUT:-60}
+
+# Function to log with timestamp
+log() {
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
+}
+
+log "Script started"
+
 # Function to display usage
 usage() {
   echo "Usage: $0 -j <JWT file> -i <NIM IP> -u <username> -p <password> -s <initial|telemetry>"
@@ -44,7 +64,6 @@ if [ ! -d "/tmp" ]; then
   mkdir -p /tmp || { echo "Failed to create /tmp directory. Exiting."; exit 1; }
 fi
 
-
 # Read JWT contents
 if [ ! -f "$JWT_FILE" ]; then
   echo -e "JWT file '$JWT_FILE' not found.$" >&2
@@ -84,17 +103,22 @@ is_ipv4() {
     return 1
   fi
 }
+echo "Checking connectivity to NGINX Instance Manager using Curl ..."
+if ! curl -sk --output /dev/null --silent --fail --max-time $CURL_TIMEOUT "https://$NIM_IP"; then
+  echo -e "The NGINX Instance Manager UI is not reachable on $NIM_IP"
+  exit 1
+fi 
+echo "Checking connectivity to F5 licensing server..."
+SERVER_RESPONSE=$(curl -v --max-time $CURL_TIMEOUT https://product.apis.f5.com 2>&1)
 
-if is_ipv4 "$NIM_IP"; then
-  check_ping "$NIM_IP"
+# Check if the server is reachable by verifying connection was established
+if echo "$SERVER_RESPONSE" | grep -q "Connected to product.apis.f5.com" && echo "$SERVER_RESPONSE" | grep -q "server accepted"; then
+  echo -e "The licensing server is reachable on product.apis.f5.com"
 else
-  echo "Checking connectivity to NGINX Instance Manager using Curl ..."
-  if ! curl -sk --output /dev/null --silent --fail "https://$NIM_IP"; then
-    echo -e "The NGINX Instance Manager UI is not reachable on $NIM_IP"
-    exit 1
-  fi  
-fi
-check_ping "product.apis.f5.com"
+  echo -e "The licensing server is not reachable on product.apis.f5.com"
+  echo -e "Connection details: $SERVER_RESPONSE"
+  exit 1
+fi 
 
 # NGINX Instance Manager Version check 
 VERSION_JSON=$(curl -sk -X GET "https://$NIM_IP/api/platform/v1/modules/versions" \
@@ -102,7 +126,6 @@ VERSION_JSON=$(curl -sk -X GET "https://$NIM_IP/api/platform/v1/modules/versions
   --header "Authorization: Basic $AUTH_HEADER")
 NIM_VER=$(echo "$VERSION_JSON" | sed -E 's/.*"nim"[ \t]*:[ \t]*"([0-9]+\.[0-9]+)(\.[0-9]+)?".*/\1/')
 echo "Current version of NGINX Instance Manager is $NIM_VER"
-JWT_CONTENT=$(<"$JWT_FILE")
 
 # Construct JSON payload
 JSON_PAYLOAD=$(cat <<EOF
@@ -145,16 +168,9 @@ fi
 ORIGIN="https://$NIM_IP"
 REFERER="$ORIGIN/ui/settings/license"
 
-
-
 if [[ "$USE_CASE" == "initial" ]]; then
-  # Read JWT content
-  if [ ! -f "$JWT_FILE" ]; then
-    echo -e "JWT file '$JWT_FILE' not found." >&2
-    exit 1
-  fi
-  # Step 1: Apply JWT license (only if use case is 'initial' or 'intial_only')
   echo "Applying JWT license"
+  sleep 5  
   RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
     -H "Origin: $ORIGIN" \
     -H "Referer: $REFERER" \
@@ -165,12 +181,9 @@ if [[ "$USE_CASE" == "initial" ]]; then
   HTTP_BODY=$(echo "$RESPONSE" | sed '$d')
   HTTP_STATUS=$(echo "$RESPONSE" | tail -n1)
   if [ "$HTTP_STATUS" -ne 202 ]; then
-    echo -e "HTTP request failed with status code $HTTP_STATUS.
-          Response: $HTTP_BODY$" >&2
+    echo -e "HTTP request failed with status code $HTTP_STATUS.\nResponse: $HTTP_BODY$" >&2
     if echo "$HTTP_BODY" | jq -r '.message' | grep -q "failed to register token. already registered"; then
-      echo -e "NGINX Instance Manager already registered and licensed.
-      If needed, terminate the current license manually in the NGINX Instance Manager UI and re-run the script with the correct license.
-      https://docs.nginx.com/nginx-instance-manager/disconnected/add-license-disconnected-deployment/"
+      echo -e "NGINX Instance Manager is already licensed.\nTo use a different license, remove the current one in the NGINX Instance Manager UI, then re-run the script.\nSee https://docs.nginx.com/nginx-instance-manager/disconnected/add-license-disconnected-deployment/ for details."
     fi
     exit 1
   fi
@@ -179,12 +192,11 @@ fi
 if [[ "$NIM_VER" < "2.18" ]]; then
   echo "NGINX Instance Manager version $NIM_VER is not supported by this script. Please use NGINX Instance Manager 2.18 or later"
   exit 1
-
 elif [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
   echo "NGINX Instance Manager version $NIM_VER detected."
   ORIGIN="https://$NIM_IP"
 
-# Send the PUT request and separate body and status code
+  # Send the PUT request and separate body and status code
   PUT_RESPONSE_CODE=$(curl -k -s -w "%{http_code}" -o /tmp/put_response.json --location --request PUT "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
     --header "Origin: $ORIGIN" \
     --header "Referer: https://$NIM_IP/ui/settings/license" \
@@ -223,7 +235,6 @@ elif [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
 fi
 
 if [[ "$USE_CASE" != "telemetry" ]]; then
-
   RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
     -H "Origin: $ORIGIN" \
     -H "Referer: $REFERER" \
@@ -237,8 +248,7 @@ if [[ "$USE_CASE" != "telemetry" ]]; then
   echo -e "License applied successfully in DISCONNECTED mode."
 fi
 
-
-
+sleep 5
 # Continue with further steps for version >= 2.20...
 echo "Executing telemetry tasks "
 # Step 2: Download the usage report
@@ -263,27 +273,25 @@ if [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
       --header 'accept: */*' \
       --header 'authorization: Basic $AUTH_HEADER' \
       --output \"$report_save_path\""
+    
     if [ "$USE_CASE" == "telemetry" ]; then
       echo "Running telemetry stage: "
-
       # Run the saved command and store the response
       response=$(eval $prepare_usage_command)
-
       sleep 2
       # Validate if the response contains "Report generation in progress"
-     if echo "$response" | grep -q '"telemetry":"Report generation in progress"'; then
+      if echo "$response" | grep -q '"telemetry":"Report generation in progress"'; then
         echo -e "Success: Report generation is in progress."
       else
         echo -e "Failure: Report generation not in progress or unexpected response."
         exit 1
-     fi
-
-    echo "Running command: $download_usage_command"
-    eval $download_usage_command
-  else
-    echo "Running command: $download_usage_command"
-    eval $download_usage_command
-  fi
+      fi
+      echo "Running command: $download_usage_command"
+      eval $download_usage_command
+    else
+      echo "Running command: $download_usage_command"
+      eval $download_usage_command
+    fi
   fi
 else
   # Perform the request and capture the status code and output
@@ -296,24 +304,19 @@ else
   # Extract the HTTP status code (last line)
   HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tail -n1)
 
-  # Check the status code
+  # Check the status code  
   if [ "$HTTP_STATUS" -ne 200 ]; then
     echo -e "Failed to download usage report from NGINX Instance Manager. HTTP Status Code: $HTTP_STATUS" >&2
     echo "Please verify that NGINX Instance Manager is reachable and the credentials are correct." >&2
     echo "(or) Verify that NGINX Instance Manager is licensed before using the 'telemetry' flag (run it with 'initial' first)."
-    # Optionally, remove the partial or corrupt file
-    rm -f /tmp/response.zip
     exit 1
   fi
 fi
 
 echo -e "Usage report downloaded successfully as '/tmp/response.zip'."
-
 # Step 3: Upload the usage report to F5 server
 echo "Uploading the usage report to F5 Licensing server"
-
 TEEM_UPLOAD_URL="https://product.apis.f5.com/ee/v1/entitlements/telemetry/bulk"
-
 # Capture both response body and status code
 UPLOAD_RESULT=$(curl -sS -w "\n%{http_code}" --location "$TEEM_UPLOAD_URL" \
   --header "Authorization: Bearer $JWT_CONTENT" \
@@ -338,7 +341,6 @@ fi
 
 # Extract the statusLink
 STATUS_LINK=$(echo "$UPLOAD_BODY" | jq -r '.statusLink // empty')
-
 if [ -z "$STATUS_LINK" ]; then
   echo -e "Failed to extract statusLink from the upload response. Response: $UPLOAD_BODY$" >&2
   exit 1
@@ -425,7 +427,6 @@ echo -e "Report validated successfully. All conditions met."
 # Step 5: Download the report from F5
 
 echo "Downloading report from F5 License server..."
-
 DOWNLOAD_URL="https://product.apis.f5.com/ee/v1/entitlements/telemetry/bulk/download/$STATUS_ID"
 DOWNLOAD_RESPONSE=$(curl -sS -w "%{http_code}" --location "$DOWNLOAD_URL" \
   --header "Authorization: Bearer $JWT_CONTENT" \
@@ -442,7 +443,6 @@ echo -e "Report downloaded successfully from F5 as '/tmp/response_teem.zip'."
 
 # Step 6: Upload the acknowledgement report to NGINX Instance Manager
 echo "Uploading the license acknowledgement to NGINX Instance Manager..."
-
 UPLOAD_URL="https://$NIM_IP/api/platform/v1/report/upload"
 UPLOAD_RESPONSE=$(curl -k -sS --location "$UPLOAD_URL" \
   --header "Authorization: Basic $AUTH_HEADER" \
@@ -468,3 +468,4 @@ if [ "$UPLOAD_MESSAGE" != "Report uploaded successfully." ] || [ "$HTTP_STATUS"
 fi
 echo -e "Acknowledgement uploaded successfully to NGINX Instance Manager."
 
+
diff --git a/static/workshops/nginx-one/lab2/compose.yaml b/static/workshops/nginx-one/lab2/compose.yaml
new file mode 100644
index 000000000..65f2d30cb
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/compose.yaml
@@ -0,0 +1,187 @@
+# NGINX Plus / OSS with NGINX Agent
+# NGINX webservers with ingress-demo pages
+# NGINX One Console Instance Registration
+# NGINX Basics, Dec 2024
+# Chris Akker, Shouvik Dutta, Adam Currier
+#
+services:
+  plus1: # Alpine NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey From One Console
+      # NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+    hostname: $NAME-plus1
+    container_name: $NAME-plus1
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613 # CVE - From Nginx Private Registry
+    volumes: # Sync these folders to container
+      - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - 80:80 # Open for HTTP
+      - 443:443 # Open for HTTPS
+      - 9000:9000 # Open for stub status page
+      - 9113:9113 # Open for Prometheus Scraper page
+    restart: always
+  #
+  plus2: # Alpine NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+      # NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+    hostname: $NAME-plus2
+    container_name: $NAME-plus2
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 # CVE - From Nginx Private Registry
+    volumes: # Sync these folders to container
+      - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+      - '9000' # Open for API / Dashboard page
+      - '9113' # Open for Prometheus Scraper page
+    restart: always
+  #
+  plus3: # RHEL UBI NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+      # NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+    hostname: $NAME-plus3
+    container_name: $NAME-plus3
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522 # From Nginx Private Registry
+    volumes: # Sync these folders to container
+      - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+      - '9000' # Open for API / Dashboard page
+      - '9113' # Open for Prometheus Scraper page
+    restart: always
+  #
+  # plus4: # Debian R34 NGINX Plus Web / Load Balancer
+  #   environment:
+  #     NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+  #     NGINX_AGENT_SERVER_GRPCPORT: '443'
+  #     NGINX_AGENT_TLS_ENABLE: 'true'
+  #     NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+  #     NGINX_LICENSE_JWT: $JWT
+  #     NGINX_AGENT_INSTANCE_GROUP: $NAME-sync-group
+  #   hostname: $NAME-plus4
+  #   container_name: $NAME-plus4
+  #   image: private-registry.nginx.com/nginx-plus/agent:debian # From NGINX Private Registry R34
+  #   volumes: # Sync these folders to container
+  #     - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+  #     - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+  #     - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+  #     - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+  #   ports:
+  #     - '80' # Open for HTTP
+  #     - '443' # Open for HTTPS
+  #     - '9000' # Open for API / Dashboard page
+  #     - '9113' # Open for Prometheus Scraper page
+  #   restart: always
+  #
+  oss1: # Debian NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+    hostname: $NAME-oss1
+    container_name: $NAME-oss1
+    image: docker-registry.nginx.com/nginx/agent:mainline # From Docker Public Registry
+    volumes: # Sync these folders to container
+      - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+      - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+      - '9000' # Open for stub status page
+      - '9113' # Open for Prometheus Scraper page
+    restart: always
+  #
+  oss2: # Alpine NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+    hostname: $NAME-oss2
+    container_name: $NAME-oss2
+    image: docker-registry.nginx.com/nginx/agent:alpine # From Docker Public Registry
+    volumes: # Sync these folders to container
+      - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+      - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+      - '9000' # Open for stub status page
+      - '9113' # Open for Prometheus Scraper page
+    restart: always
+    #
+  oss3: # Older Alpine NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Data plane key from NGINX One Console
+    hostname: $NAME-oss3
+    container_name: $NAME-oss3
+    image: docker-registry.nginx.com/nginx/agent:1.26-alpine # From Docker Public Registry
+    volumes: # Sync these folders to container
+      - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+      - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+      - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+      - '9000' # Open for stub status page
+      - '9113' # Open for Prometheus Scraper page
+    restart: always
+  #
+  web1:
+    hostname: $NAME-web1
+    container_name: $NAME-web1
+    platform: linux/amd64
+    image: nginxinc/ingress-demo # Image from Docker Hub
+    ports:
+      - '80' # Open for HTTP
+      - '443' # Open for HTTPS
+  web2:
+    hostname: $NAME-web2
+    container_name: $NAME-web2
+    platform: linux/amd64
+    image: nginxinc/ingress-demo
+    ports:
+      - '80'
+      - '433'
+  web3:
+    hostname: $NAME-web3
+    container_name: $NAME-web3
+    platform: linux/amd64
+    image: nginxinc/ingress-demo
+    ports:
+      - '80'
+      - '443'
+
diff --git a/static/workshops/nginx-one/lab2/generate_certs.sh b/static/workshops/nginx-one/lab2/generate_certs.sh
new file mode 100755
index 000000000..4ea736e4f
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/generate_certs.sh
@@ -0,0 +1,7 @@
+echo "Generate 1-day cert."
+openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout nginx-oss/etc/ssl/nginx/1-day.key -out nginx-oss/etc/ssl/nginx/1-day.crt -subj "/CN=$NAME-NginxOneWorkshop"
+echo "Generate 30-day cert."
+openssl req -x509 -nodes -days 30 -newkey rsa:2048 -keyout nginx-oss/etc/ssl/nginx/30-day.key -out nginx-oss/etc/ssl/nginx/30-day.crt -subj "/CN=$NAME-NginxOneWorkshop"
+echo "copy certs to lab5 for future labs"
+cp nginx-oss/etc/ssl/nginx/1-day.* ../lab5/nginx-oss/etc/ssl/nginx/
+cp nginx-oss/etc/ssl/nginx/30-day.* ../lab5/nginx-oss/etc/ssl/nginx/
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/cafe.example.com.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/cafe.example.com.conf
new file mode 100644
index 000000000..3af707162
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/cafe.example.com.conf
@@ -0,0 +1,27 @@
+# cafe.example.com HTTP
+server {
+    # Listening on port 80 on all IP addresses on this machine
+    listen 80;
+
+    server_name cafe.example.com;
+
+    # status_zone cafe-VirtualServer;
+
+    # Server specific logging
+    access_log  /var/log/nginx/cafe.example.com.log main_ext; 
+    error_log   /var/log/nginx/cafe.example.com_error.log info; 
+
+    location / {
+
+        proxy_buffering off;
+        
+        # Including best-practice headers are bonus points
+        include includes/proxy_headers.conf;
+        include includes/keepalive.conf;
+        
+        # status_zone /;
+
+        proxy_pass http://nginx_cafe;
+    }
+
+}
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/stub_status.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/stub_status.conf
new file mode 100644
index 000000000..f8d249650
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/stub_status.conf
@@ -0,0 +1,19 @@
+# ngx_http_stub_status_module (Available in NGINX OSS)
+# provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
+
+server {
+	listen 9000 ssl;              # Listener for Stub Status
+
+	ssl_certificate /etc/ssl/nginx/30-day.crt;
+	ssl_certificate_key /etc/ssl/nginx/30-day.key;
+	
+	location /basic_status {
+		stub_status;
+	}
+
+	   # Redirect requests for "/" to "/basic_status"
+   location / {
+       return 301 /basic_status;
+   }
+
+}
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/tls-cars.example.com.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/tls-cars.example.com.conf
new file mode 100644
index 000000000..183534dd9
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/tls-cars.example.com.conf
@@ -0,0 +1,54 @@
+# cars.example.com HTTP/HTTPS
+# NGINX Basics Workshop
+# Nov 2024, Chris Akker, Shouvik Dutta, Adam Currier
+#
+server {
+
+    listen 443 ssl;   # Uncomment to change to port 443, add "ssl" parameter for terminating TLS on all IP addresses on this machine
+
+    server_name cars.example.com;   # Set hostname to match in request
+
+# Update the following lines for NGINX cert and key directives and file locations
+
+    ssl_certificate /etc/ssl/nginx/cars.crt;
+    ssl_certificate_key /etc/ssl/nginx/cars.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:3DES;
+    ssl_prefer_server_ciphers on;
+
+    access_log  /var/log/nginx/cars.example.com.log main;
+    
+    error_log   /var/log/nginx/cars.example.com_error.log info;
+
+    root /usr/share/nginx/html;         # Set the root folder for the HTML and JPG files
+
+    location / {
+        
+        default_type text/html;
+        return 200 "Let's go fast, you have reached cars.example.com, path $uri\n";
+    }
+    
+    location /gtr {
+        
+        try_files $uri $uri.html;         # Look for filename that matches the URI requested
+    }
+    
+    location /nsx {
+        
+        try_files $uri $uri.html;
+    }
+    
+    location /rcf {
+        
+        try_files $uri $uri.html;
+    }
+
+    location /browse {                   # new URL path
+        
+        alias /usr/share/nginx/html;     # Browse this folder
+        index index.html;                # Use this file, but if it does *not* exist
+        autoindex on;                    # Perform directory/file browsing
+    }
+
+} 
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/upstreams.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/upstreams.conf
new file mode 100644
index 000000000..8570729c4
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/conf.d/upstreams.conf
@@ -0,0 +1,34 @@
+# NGINX Basics, Plus Proxy to three upstream NGINX containers
+# Nov 2024 - Chris Akker, Shouvik Dutta, Adam Currier
+# nginx_cafe servers
+#
+upstream nginx_cafe {         # Upstream block, the name is "nginx_cafe"
+
+    # Uncomment the zone directive below to add metrics to the Dashboard
+    # zone nginx_cafe 256k;
+
+    # Load Balancing Algorithms supported by NGINX
+    # - Round Robin (Default if nothing specified)
+    # - Least Connections
+    # - IP Hash
+    # - Hash (Any generic Hash)
+
+    # Load Balancing Algorithms supported by NGINX Plus
+    # - Least Time Last Byte / Header
+    # - Random Two     
+
+    # Uncomment for Least-Time Last-Byte algorithm      
+    # least_time last_byte;
+
+    # From Docker-Compose:
+    server web1:80;
+    server web2:80;
+    server web3:80;
+
+    # Uncomment for Cookie persistence
+    # sticky cookie srv_id expires=1m domain=.example.com path=/;
+
+    # Uncomment for keepalive TCP connections to upstreams
+    keepalive 16;
+
+}
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/keepalive.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/keepalive.conf
new file mode 100644
index 000000000..a9fbcf4ad
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/keepalive.conf
@@ -0,0 +1,9 @@
+# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+proxy_http_version 1.1;
+
+# Remove the Connection header if the client sends it,
+# it could be "close" to close a keepalive connection
+proxy_set_header Connection "";
+
+# Host request header field, or the server name matching a request
+proxy_set_header Host $host;
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/log_formats/main_ext.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/log_formats/main_ext.conf
new file mode 100644
index 000000000..296ea7bfc
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/log_formats/main_ext.conf
@@ -0,0 +1,20 @@
+# Extended Log Format
+# Nginx Basics
+log_format  main_ext    'remote_addr="$remote_addr", '
+                        '[time_local=$time_local], '
+                        'request="$request", '
+                        'status="$status", '
+                        'http_referer="$http_referer", '
+                        'body_bytes_sent="$body_bytes_sent", '
+                        'Host="$host", '
+                        'sn="$server_name", '
+                        'request_time=$request_time, '
+                        'http_user_agent="$http_user_agent", '
+                        'http_x_forwarded_for="$http_x_forwarded_for", '
+                        'request_length="$request_length", '
+                        'upstream_address="$upstream_addr", '
+                        'upstream_status="$upstream_status", '
+                        'upstream_connect_time="$upstream_connect_time", '
+                        'upstream_header_time="$upstream_header_time", '
+                        'upstream_response_time="$upstream_response_time", '
+                        'upstream_response_length="$upstream_response_length", ';
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/proxy_headers.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/proxy_headers.conf
new file mode 100644
index 000000000..23a83d1dc
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/includes/proxy_headers.conf
@@ -0,0 +1,12 @@
+## Set Headers to the proxied servers ##
+
+# client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
+proxy_set_header X-Real-IP $remote_addr;
+
+# X-Forwarded-For client request header field with the $remote_addr variable appended to it,
+# separated by a comma. If the “X-Forwarded-For” field is not present in the client request header,
+# the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable.
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+# request scheme, “http” or “https”
+proxy_set_header X-Forwarded-Proto $scheme;
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/nginx.conf b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/nginx.conf
new file mode 100644
index 000000000..a3b502b64
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/nginx/nginx.conf
@@ -0,0 +1,33 @@
+user  nginx;
+worker_processes 1;
+
+error_log  /var/log/nginx/error.log info;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    include /etc/nginx/includes/log_formats/*.conf; # Custom Access logs formats found here
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+
+}
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.crt b/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.crt
new file mode 100644
index 000000000..4eb6334ff
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIUEQHIC+pN7UA+PwpufAGW4sFczqowDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPTmdpbnhQbHVzQmFzaWNzMB4XDTI1MDEwMjIyMDY0OVoX
+DTI1MDEwMzIyMDY0OVowGjEYMBYGA1UEAwwPTmdpbnhQbHVzQmFzaWNzMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17iXl8xC2AApcMaoPEu5w42U++ai
+ZPPtgEoDGE/tgNZmWwHsmfdkKbhvcFX8vLwI1OD+mKPW0RcB56x0I29KRk8HGwwX
+XXUuALmWuYVYNE71O2cBE/8JpgLlFgkbjYyFZekQeyb9QHeYxI47vCQqptBzQoCx
+Bs/zi4lh+wgRYyXmHdTQ60183Gvxs4ujIDWnOC4/PGLr/ZLjySyBDM4+rtoz5xia
+HZVBFA8HINTz4vjMkP1zrN4RsgSQQop8vuxlZsLlJCSWDMgkidu/uCvXxo+gHLMs
+nrvDloEJuU1zx2va4i0e8Zr/eV/zVRIghKx9g/mBFFPnEdu0x7B48EfTnwIDAQAB
+o1MwUTAdBgNVHQ4EFgQUDQzkk+0qMyn/nczCV7vJVlpFLnAwHwYDVR0jBBgwFoAU
+DQzkk+0qMyn/nczCV7vJVlpFLnAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAWXBbXqEckARXPGQtasa5+uVqwokH4TJwbnQLfZsQV766OltS4Bv/
+MFDqmFxFLvsuM2jf1vodtJTq+cuUWtn1o+0MCDFWy3lTifk0wpQyg3xF6boHdBi4
+oGFKn7oPwWaTU8yjJzbvH6A5mfjO57YklAXlmZwWsEylsgR9D9jPTUkX82P+8Ad6
+UjWmFsopTwjit1rBAnBOL/oIGl2IFE5L4Vv8tcFsfpDGpCK/h9D3G25uQY36c0av
+Q10lfV2+1eTQz//In+Li8zgGZa+XHtCxFPCEdcFQeEF3VkefgN7aL8qxmPgmSrqd
+P13gMgo7HwFPoxvuUD3vN2DKIeqfa/H7Mg==
+-----END CERTIFICATE-----
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.key b/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.key
new file mode 100644
index 000000000..3777400b3
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/etc/ssl/nginx/cars.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXuJeXzELYAClw
+xqg8S7nDjZT75qJk8+2ASgMYT+2A1mZbAeyZ92QpuG9wVfy8vAjU4P6Yo9bRFwHn
+rHQjb0pGTwcbDBdddS4AuZa5hVg0TvU7ZwET/wmmAuUWCRuNjIVl6RB7Jv1Ad5jE
+jju8JCqm0HNCgLEGz/OLiWH7CBFjJeYd1NDrTXzca/Gzi6MgNac4Lj88Yuv9kuPJ
+LIEMzj6u2jPnGJodlUEUDwcg1PPi+MyQ/XOs3hGyBJBCiny+7GVmwuUkJJYMyCSJ
+27+4K9fGj6Acsyyeu8OWgQm5TXPHa9riLR7xmv95X/NVEiCErH2D+YEUU+cR27TH
+sHjwR9OfAgMBAAECggEAGspO8UgpyP+EJgBV5l8VK+cKaJpE8rqkdTk71yod+dEm
+lwjPJHPn2ZKRLGdRYvMLObzTgYtfY0ozL11ocvogREkOPdqrkCy8UNS7lkCsKprf
+s8fgB2a2AQr8/laVOGgKLRTbuh+mdfokW8y6OGxZa6wZlFm9InZy7ZJbO7zNw/03
+jkAnDAzcAD4T9AgbR0zCVrRxehR6wGR220VWG8kw6gXswBvGvQaVAnwmjlTrh3pp
+EhZGC+iZ2el05JfGw6MlM7g6NKBK18KgrGYkhvKiML7BsOJPJD0vMId1jiVsejJR
+9xaPoBEaeTOLVWFisBfO5EZtkSZPF7nHwZGHSqZvoQKBgQDttK94ItRS33Uv/HAk
+2W+WKGSagSJeqHG9Hi3DEVLPE355QsOxgx/3h5EXnqHRVnu+CXqMHqEhf9afUZsJ
+0iMYVShYYELauRhcL8+XSrg+jFXp7Tvokv4XVbkwUyFnY+fM+coQ1rvamd5+1deX
+x1x629e/QtOtnaqkuvr9Xn8ArwKBgQDoUsKa3Eq8rx0vzI6KV4F6WncShObiKqkV
+0TR79SaNawT0vEhdDOhHuO5BNaiOI3+mbx/CRwnVedIicoi99cDgZrQPncaisnkC
+KZVcQpNMoFM8+ZYGyeYDo86sBi05WQRI/vxGKrOIUcaSsdieBLpS3E2btcNGkaLY
+pilcnRW4EQKBgQC2rR4QaEvd6GbJ2ulgGE3eCurNpiIAtti56wBmIeEOzL9sdzen
+KssdUmzZxwo6s4jjUauBFWTlNrZ8t507XeekooUf7dJS/t5OsluJvF19jCHWZX+d
+y6FD05g/IBPSvf99EhYM/MlfRNKtjK9jsE1NCbhy/utoSHvEnwGWR9G4dwKBgQCa
+fbZ1frqgYJ67E39SVcB/WbtG8GQM0Cuim30YVTyu3BTunmpMnnG0iDC/4mvVIZwY
+VFs9OTo74IexapKuJ8d8Mi/ZFqVpud8oZfix4n/Le+3+ZUaz+vzfPMYJtQ3LzftA
+g3fFPU4n/6FaGbQf2KsCwQdG3Yce3Wf6Q/zLXpZ70QKBgEseUKnmYKvFjmyVdO94
+nesTUuu7DITx4M7I3ssdKz/9KdqjmnVQn3yiNEEHEvItvKEZvFMAKB7uJFmY/oGr
+5DvP29lsr45FDTz2UWElz/LhsOkSBzRYQpXDkuaCl+lz7YE76S6F45vAy7RSY8TU
++57833tZa5uHl5GKhytuhGyQ
+-----END PRIVATE KEY-----
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.html b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.html
new file mode 100644
index 000000000..1b1bdfcd1
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx GTR !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx GTR !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="gtr.jpg" alt="GTR" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.jpg b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.jpg
new file mode 100644
index 000000000..be39ffe4a
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/gtr.jpg differ
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/index.html b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/index.html
new file mode 100644
index 000000000..5d2b3044c
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/index.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+html { color-scheme: light dark; }
+    body { width: 35em; margin: 0 auto;
+    font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.html b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.html
new file mode 100644
index 000000000..fc1de05d1
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx NSX !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx NSX !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="nsx.jpg" alt="NSX" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.jpg b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.jpg
new file mode 100644
index 000000000..f3c27f59e
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/nsx.jpg differ
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.html b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.html
new file mode 100644
index 000000000..468ddae0b
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx RCF !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx RCF !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="rcf.jpg" alt="RCF" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.jpg b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.jpg
new file mode 100644
index 000000000..40faef6dc
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-oss/usr/share/nginx/html/rcf.jpg differ
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/conf.d/default.conf b/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/conf.d/default.conf
new file mode 100644
index 000000000..013d7b423
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/conf.d/default.conf
@@ -0,0 +1,64 @@
+server {
+    listen       80 default_server;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+     location /test_header {
+        add_header X-Test-App true;
+        return 200 'HTTP/1.1 200 OK\nContent-Type: text/html\n\n<html><body>Welcome to Lab 4 of the NGINX One Console Workshop!</body></html>';
+    }
+        
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+
+    # enable /api/ location with appropriate access control in order
+    # to make use of NGINX Plus API
+    #
+    #location /api/ {
+    #    api write=on;
+    #    allow 127.0.0.1;
+    #    deny all;
+    #}
+
+    # enable NGINX Plus Dashboard; requires /api/ location to be
+    # enabled and appropriate access control for remote access
+    #
+    #location = /dashboard.html {
+    #    root /usr/share/nginx/html;
+    #}
+}
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/nginx.conf b/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/nginx.conf
new file mode 100644
index 000000000..f0ece9626
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/etc/nginx/nginx.conf
@@ -0,0 +1,75 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log  notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
+
+
+# TCP/UDP proxy and load balancing block
+#
+#stream {
+    # Example configuration for TCP load balancing
+
+    #upstream stream_backend {
+    #    zone tcp_servers 64k;
+    #    server backend1.example.com:12345;
+    #    server backend2.example.com:12345;
+    #}
+
+    #server {
+    #    listen 12345;
+    #    status_zone tcp_server;
+    #    proxy_pass stream_backend;
+    #}
+#}
+
+# NGINX Plus Usage Reporting
+#
+# By default, every 30 minutes, NGINX Plus will send usage information
+# to NGINX Instance Manager, resolved by a "nginx-mgmt.local" DNS entry.
+# Alternate settings can be configured by uncommenting the "mgmt" block
+# and optional directives.
+#
+#mgmt {
+    #usage_report endpoint=nginx-mgmt.local interval=30m;
+    #resolver DNS_IP;
+
+    #uuid_file /var/lib/nginx/nginx.id;
+
+    #ssl_protocols TLSv1.2 TLSv1.3;
+    #ssl_ciphers DEFAULT;
+
+    #ssl_certificate          client.pem;
+    #ssl_certificate_key      client.key;
+
+    #ssl_trusted_certificate  trusted_ca_cert.crt;
+    #ssl_verify               on;
+    #ssl_verify_depth         2;
+#}
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/dashboard.html b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/dashboard.html
new file mode 100644
index 000000000..5f1d00bf1
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/dashboard.html
@@ -0,0 +1,1929 @@
+<!doctype html><html><head><meta charset="UTF-8"><title>NGINX Plus Dashboard</title><style type="text/css">@font-face {
+	font-family: 'Open Sans';
+	font-weight: 300;
+	font-style: normal;
+	src: url(data:font/woff;base64,d09GRgABAAAAAPV8ABIAAAABo8QAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABlAAAABwAAAAcXdIoWkdERUYAAAGwAAAAHgAAACAD3gADR1BPUwAAAdAAAAAgAAAAIGyRdI9HU1VCAAAB8AAAAb8AAAKKSI+4209TLzIAAAOwAAAAXgAAAGCgzZtdY21hcAAABBAAAAMiAAAEfs0qHI1jdnQgAAAHNAAAADQAAAA0BpEJhmZwZ20AAAdoAAABsQAAAmUPtC+nZ2FzcAAACRwAAAAIAAAACAAAABBnbHlmAAAJJAAAzNUAAV8g7tJpMGhlYWQAANX8AAAAMwAAADb6NK1saGhlYQAA1jAAAAAhAAAAJA2ECS5obXR4AADWVAAABvcAAA68SMFN32xvY2EAAN1MAAAHOgAAB2SpvQNAbWF4cAAA5IgAAAAgAAAAIATnArRuYW1lAADkqAAAAPkAAAHCJU5AnHBvc3QAAOWkAAAPFgAAH3APmSRLcHJlcAAA9LwAAADAAAABO+rQtYYAAAABAAAAAMmJbzEAAAAAyUIU2wAAAADLBqRNeNpjYGRgYOADYgkGEGBiAPKZNwBJFjCPAQAL8QDlAAAAAQAAAAoAHAAeAAFsYXRuAAgABAAAAAD//wAAAAAAAHjaXVJNaxNRFD1vTpM0g4tAkqqxFHFRsijFKmTZlRRSkkwRKV0FgtCiTBNlJkaEfmptq7b18wfEfqlV202LS3+DC7dSiiAiIhKki0J638uAKMOcc9+95368OwMFwMYVfIZyS34Z7YjByju5s0hfdvKCQLOJqKgUiDaEEEZEVFHjt43f+i9iu9fGSuh3y9VxXHIrV10MVrQ9dEPjiFdyfRQ973wfRgUvoCx4Eb6vo3dMxVa/iMF2Qcv00Kc2c9LWX9avxpZPz2GjA13oRi8y6McAChhGMdAOBTwa8IeAPwb8LeAfATcCPmyxSpgZlEpJrxhCfMt3fM9t7kg8hEF8wT4O8FWivUhwgpOc4jRnOMu7vMc53uc8F7jIB3zIR3zKZ3zOF5KbQA+WsYLHeILv0v0nfuE3Guq6qql5tav2rLI1YTWsP6INc0XqK8TRae6cgs2XXOM6N7jJV3zNN9ziqtlaXB4gKUrFOuuyW52/ZPaV0PbRTV1L8rfMPcNHno6J0tRFXKyk7PMkTuG0eM5IpX/0zU/6H1AF5QhnzBcL4YTU7sQ5pHlbZsjCYc1wjrck22FVMEdfMGsmyR4DxINgFwB42mNgZpnMqMPAysDAOovVmIGBUR5CM19kSGN8w8HExM3MxszKwsTE8oCB6b0Dg0I0AwODBhAzGDoGOwMphf9/2eT/iTC0cPQyRSgwMM4HybHYs24DyTEwAwC7Ow9ZAAB42s3SXVBWRRzH8e+e/wPiSz0ogiZ13HNIrDQ1KUhEQCQUU8p84QEUtDDzNVSydEq0lMwUzUqbygbC0tIAx96zZvKipi6aqQvHxsE853DdNONVL885beA4TV10287s/vd/sTufnf0BwsC8EWVWrGbTqf4+ZiVMPcQOUhnBdtWiDqkO1aN+UZGVbRVYZ62vrW+sXuuKKBEZLHHJkb2yTzrkO/lBzsdaUzJsZZfYu+1fx87XQ3WmtrWrc/UUnacLdZEu1w26SW/VLfqYPq5POSlOhpPlaMd1cp1JTr1rualu3B3hjnFtd4I7x13urhz37WV+j4VRlIwiY9O0G1O76jam36zR/aavjOmCMXHNtMuY2qRTvjcmYnts7GJ7h91uTOh0PUprY5qsp+pp10zNxtRpTCf/Yaq7ahr+N1Njvwlj+iOKoiA6F/VEndHhqDqqivKj7PBI2BbuD1vCNWF9uCxMhAvD0uTl5E/JS8ne5MXkhWR3sqvvXF9rX0XfxODHYHyQE7iBE9hBVpAZpAfxIM3/2b/kX/TP+2f8036Xv8Sv9Gf7xf4Mv9DP8wd5jd4Kr8ZLeAu8Kq/My/Xi3rDeEzmb05pj22T7wJ/+z0aqNeSvoviXTmFd3Vn/ccfASSFGiknnINIYzBCGMozruJ446Qw3mc1gJJlkMYrR3MAYsk2qb8JmrEmOg0sONzOOXMZzC7dyGxOYyO1MYjJTuIOp5HEnd5FPAXczjUKmU8QMiimhlJmUMYty7qGC2cyhkrncyzzmU8V93M8CHmAhi1jMEqpJUEMtdSxlGfU0sJwVxt/KszzH87zIK7xBJ29yjLd5i+O8w0ne5RTv0U0XPZzmDB/wPh/yMR9xls/4nC9kJptoZCWrZRZP0EETa6WBLayRR9nDq7KOzdIkG1nF4/KwrJZH1FFZzzqeVK2c4FN28hAbZK0qkw2yivU8JeU8yNPs5ogaqTIlXwqkWEqkUKbziWziS1Uo86RWKmWuPCZbpIytUiSlUsEu9vEM+9nLAQ7yAm28zGHzwpd4naO8xhW1SNWxUVWrhKphm1qqatXiPwFf+f3NAAD+FAAABD8FtgBaADkATgBUAFYAXgBjAHEAwQBmADMAQQBJAFQAYgBmAGsAbwCBAFgAUgBMeNpdUbtOW0EQ3Q0PA4HE2CA52hSzmZAC74U2SCCuLsLIdmM5QtqNXORiXMAHUCBRg/ZrBmgoU6RNg5ALJD6BT4iUmTWJojQ7O7NzzpkzS8qRqndpveepcxZI4W6DZpt+J6TaRYAH0vWNRkbawSMtNjN65bp9v4/BZjTlThpAec9bykNG006gFu25fzI/g+E+/8s8B4OWZpqeWmchPYTAfDNuafA1o1l3/UFfsTpcDQaGFNNU3PXHVMr/luZcbRm2NjOad3AhIj+YBmhqrY1A0586pHo+jmIJcvlsrA0mpqw/yURwYTJd1VQtM752cJ/sLDrYpEpz4AEOsFWegofjowmF9C2JMktDhIPYKjFCxCSHQk45d7I/KVA+koQxb5LSzrhhrYFx5DUwqM3THL7MZlPbW4cwfhFH8N0vxpIOPrKhNkaE2I5YCmACkZBRVb6hxnMviwG51P4zECVgefrtXycCrTs2ES9lbZ1jjBWCnt823/llxd2qXOdFobt3VTVU6ZTmQy9n3+MRT4+F4aCx4M3nfX+jQO0NixsNmgPBkN6N3v/RWnXEVd4LH9lvNbOxFgAAAAABAAH//wAPeNqsvQl8E9X2ADx3ZjJZmqQzWZrubZouYIFCQqkFSisiIkuBWkqpUKFAQVYB2URFRURAREBwAVERURExk1ZARAVxV+T5/IMPl4e414e7TxGa4Tvn3pk0xfre+37fB780k5ubO/eee+7ZzxmO5w5xnGgz7eEEzsx15yIc4QpV0dYSIQJcmG0tJGwpCnPHVdHREhZl1UQKVcHRolpJIde9R0jxK3l+xX9IuCKaxS+OrjDtOTt4qvgVx3Pbz58mA2FcM5fA1XIRCcfl7S0RC4xLwnYcs1lM4lLFQv2tySZylkI1IbElnFCk2hJbmjITLM5C1eptUR1wV1uC4lIlvrSUUy284grbSrv3KOkZCno9gRx3SAhsH1FVNSJpYUZZZUNDg+mtc4c5+Mdzy4UdfKW+vt6wPrh9WAw1C3bOIhaGpSBdn3Bc5eG+vKya4U5SIl2faobbqESEO3bvgXcg8Fq+1F9GOsMf057oj7wc/RHvUQIw/BXukcZlkZFcJAnWGvGmpIZCoYgZ7hexJNjhupkjSWZHYROvpGfk+kIqJ7U0eXzJabm+YLNJpF8JcmYWfmWCrySrzQFfkXB2UTj1uJqitIRT2PwsSkvEbLEVNlWYRWth2CKrSdDqhVZvErZ63dDqldUEaLUrLaqfFIZ7pe7v98kv5zlvoW1/v2O//B0vwqlyE59qdsN96V8J/8JNmqwpFrhIkptsSQluHKrJ4bVDB5n+VehfD/7FPj7aB36VTH8FY6YZ46Qb42Rgn6ZMo2cWtgsVMi/gImUFoZCekZnV7YJ/4YpUBH2x3+2HV0igL6+fvgJufJXAVyWkcKj2ASmpuWoMmVlbU0sytPeHkiLtYE1drXZfTW1NI5leqW0kh4eTu0aQ17Te+BqhzR2ulZHD+IJ2xBUBcHalcFJycdlcAdeNu5MLZxaF00KqKLaEOwUjmSICNzMDgOspCueF1ERotwcjiR5sT3RYAa+LisLW46rf0xL2y2oGKYyI9txgMKimw+Y4PZ3gMpwuq4WwMcmA1t3xvRCQzKUgWouZgNZcadijPEusruTcbrm+0nCiK6wgphdnkpDSjS/u2aukOORN8pnzC5RM4vVIZm+guBtxe5J8ipOQfqS4Z37B9iHvjVl3Z8ULD4989QH/GvXYw689M3Lsicvm3rRwMbnk+jU3rdw/JTdIWrvULqq54UnPwRet5XX9bFpq/y03LX8i6fQ3fGfhxppZ+eRVeVHrZMcNDaNmdwL4mLg551sk0fQ2nGg4sVw+0IsHuIgPsL0px5cLR/UisSWSjAgvIPHwiC3N1kSf4IAzDJeZ3ehlpggkpQclKXYXwE9WFTxycCnJahpcFsBlgax2gUu/q0UNwrtiV1xNVsGXCgBRuxTAh+TM3BT4wKnWi+BTmr+gC37lAQBG7IpUWgoQc/fsFQomAYACOfklnqRQUOmZH8iR3CRkJX/6SoZv5tx95+r7Nq1Zfm9D3fhDE+vH120TCse3HiM/bli98r571tyxCdsPja8T+ZPf/vSPz/7108f7nyfz9z333LmBSPbInlPf/Hjis3/98uFzz5G5ZM5ehlNLzp82rTAdAZwqBDpxIxdJQeqQieQwF8BlQ0gVI0wupjDxOyjq4DHvAljURaYAcMClQ1Y9eMwBJqXwHuyiuJ61CZm5nWS6dAfAQfGlFiDOeJVwCsCmOFdx7TE7AG6diqCZgqSkoBtgiL58M6BLSQjeAgVO3oBFrxLi5BGdKCoBXJZseHNI/4qXHtn87J17yStlNdnjy9cT24pDY+9+auZ7P0zd/9jNx6ZoGXcsLlk/4tqHbrhh2txlZN6ql2dUXX7H4LVPbFt7zTPTtZJBO6/7rVn79dW6K7u8+8LabaOnkC8HTV7A/3347dNH3XN1/fzrAFYEaTURKa3OYpRaJ9MkLBo0GhmQTo6X61SYo7+t0g6QH+G3di6Zo/hHwg4KUbOnRXWyH8kuWC2vyCSQz1dtXj/nnq2k++wND/A9iJW8u3uPFjrPaRnajJ3kNTZmGYz5kTEmZ4xpA2bYNmYoyaXIvDnAwd+yORse2Lx+Num+1bTnGa2H9gf87/0EuYd8Tgg5wsacym8TWiUP5+Q4d4lJCAl5PpPbnEAK3FPdZF3B+jyy0avN//2Gl5pv/FmctGwq2ahNn7qsQNt1OVmiLb+cVMMYs7mzYkDcDeewigtzRWFzSCXmlrApCOwbaRFnsxZGCIeXRLAydms7HuaDqhW4iBiMWG34ndUM3WxWvLRx1kLksozcKsDXvX4loMwm4SoS0Sqr+J3sXRtBwmwdA7QzJMR9z0lcBs6hmbdzVtwpc1GYBwAltagWNhzA3MebBwzzz7cPmQg/cn/u1X7/Bx1jLM/xJXwVQDYHx8BF4Au3W+UI7H4SjmlsebHfO5Z8xHNVVfjbbSBfDIBfmbmiOOnCuNCllvYShi60GELDNhQYUFigc0kBRr6N4l42k4KoBEQxD8bhkzhzbCYhEiIpfPY10ZN47oH/zzt/WsyCM57A+bj+XMSKkwDmwMigFw93MiN4HkrwXEjwgPynwLsLSJtqFZD8exOB/EulFE9DQcSqQA4ffz3v69Nf//yv77/8fkbk2ReefvqFF3byJ8lN5FptmbZWW6rdRW4kC7Rd2vNkBLmCDCAjtDCs43VY105Yl40r5iKisS4QtogFVpdQFBaPqwLQFDsKdiIKPGacDLHBZMw4GWA7AaVniZOYXidrahrsidnaR+Ia0vnsYLHzui2J6V8yfJgDMhDyhmSuUpcik6zA8xACVoRASlFYOq4qjpaIIiHGKcmAfJKClxIiXyqAVk3i4K6kNGxVmqQEu0KJVqiY9OMpJTIXMLrFm4nX751Dlm+/rd+ulXsf77X35EsfbTisrRSctWTTzubtdcu2L7/sgXea1mk/va4tFcfj/OphjziYXyfuWi5SQKVc2KFUnJ/b0tJsTyhIBe5kt8JUO8OJOq7mAiXOlcMZ2ccVVYaNk4vUDE9LRM7AKcsJMOWLcMpiAWPaCYpKcktLw3aXmu2Hd7cSSfJlUE5EeXewF6yhkBSzCyCr5oJ+RCfDXmTkoj+nvvq9sZ/88/OPtz6859jTd85svrbHqB+XvPXxU3eH92kt2tmT5RO7BJseXbdl/NP3XL+hbPCll1/50u479qdKSc33HTkFeFgIezDf9CLstYurZ3gY4XGFMqyQS7DyDpR9Vc7SQgVfNworIMGoFmC5QjBioaTAIsHGWKl4acWNQaZjscIiZUCLBLZBeBoBL0LeAOAGKABySUAyF/LHFre21kdX8IudFs8UMv9SUWp11Giryfwaso10O5J3L+zDWtgHGfAxnbuBi6Qa+0DxRLG2NHtsqU7YB48F9iGD7oMPtI1MJsGWv3x2DhVcnd2cYcdBE6DTH86w6yCnOlzdupEmh1Nx6XIjUX1mQOZEmQpWqWyPbEqE2H0X7AnilRslSkAuEbYB+ODaGU9cffCbz16+9a6+vfmD0a1dt9R+SxzaN7/NfKV8Sknh208/ur+ggH9wfLQ147PXTp0tRB1gGawrADQgGeSiBqYDqBmwMpGeADOQJqpQgSAkB5JEWKKMhK6A0oUUpAtBFO+zAdhuWHAneM9OUVzNokNOkqikE8gADs853HbGymVXbijo88L0OSGkYxIQCa7E07YwJ1m2mWS8WV95xZTfte8Ux9BXZh75+pd3/6mdnznxycbte5o3Nz4zlZ9NMsjyA77aNG2Ltqth0rfvfqpFyZXPzT6y6N2XnjhQt5Gd75mAW1mwbxLQ6ojJoCMqhwfGXESJvUoQO4RSRqtJgMwUItHt8/k6U834K85uMNWgPLQY4OQxHQU45XI9uKk6pNJBlC4CrQ8pRZDBxIH6TjgPj58E11KRmkeb1CwGo3AX/MoBwAqhsJRHxaGk9ByZQqsoHT5LDreQ0zkm+qDkEztzVHaOyTwoNDtBiM4kMbFn8Y7dj9w27aX5+z9fs/XgluixT043Pv/E9jce/HTfA13LF9756F1Prl/zFFm47LWBQ59ccM1DNS9uu3bXFcMP3P7sP96KrLrvkVU3bB51+S5+xcDpo3uX3zd90Z2rmT46G9ZvBzxJBUo0i4sk4OoVs84r8gE9kjMTUE5ONjNKBKBIg8WmyWoOHAJPkMozQHnUNAC26nACqclRmhMUb7JAF66Amhx2lIaTlbCzVM1Hidjs9egSMfCSJJdX5gHJC+gB4NwBJzGggCvvBp+k2X+8fvc/5t+rnTwytbZwcfbvJFm2X/HWrLc/b9y9bfIzU8Y9PnPrAeHUx0S+V/v4De1T7Yb9qTXORDKZ1Iyf8un/7W6u2zhs/jvzjtH1Uj4tdgU+rXChNk4dToTdRj7twiWGLUGdR8M5MLi1ux23Vug77hjl2yOqigI53ZB7CycbGoq7dcN7DQXxwrhXTy7+FpbjzXY2vimILFhIAopXhLdQ7QLA0ZbItPxeTFpxx242NKN/IgouXnZD7cwE0nkGCjDi+/ptUR4jNpDHDsHZ4IAueq3EO1tobn1TKOF3lpEPr9amaw+Op3tPPhEDwuvUFpFqSDwo7JjMVGLRBRR6euCFgwwVmsknVVXkPpR6/nQvKynGe5XAvZqJbTyZSDZereWX4b1Kz58WPMDvskCXnc5F8hHuOXYdz9KRvHYqCivHVVlpaUpVsp2FzbkMQLJMBRPQyNTO8C4rAJ6cfECzXEUV0uE9BXQsb0IpEtb0HEAvSc6CD2FBARILk9dPmJM3O/kMEgBlo5wYZ0oHbCCndNbG4Xv/nnvJ2IsrLsuqGjL5qkH9Hr9j+KoRO3BvTUu6Z7+6a0Dj6JFFvcY0THDmLdkyZnjZosqlmwIF5wJUYONBF+0j7TDtAqmmgruFi3SH9YVDRWpXICSw3wkhtRRAmxUM9ytSk6WWcH6RKuKiL6En6iJgeBfJqhfW1wsOVy96uNCuovaH95xeiqvCmiC6kvO7dg/1pceqawiOVY9StV8p6FQWLtHrzLkIVS04Zqkxciy6KA3OL2CHqhjPm0/w6hSGzw3kiLxX5vygY3mlQDZH4JvsNIKQmXOCrDn7ARnS9OzmMbNB6N02455tP7286p6kgSOnLNuqfXTgK+2RF0glCY176Y6339ce1a7nLbMWcudd8vC5G8OgwXDk/s8i2rMffqGdnjFu0uRDu98ipLPWPXPqNS3Pv0xyH3xdu+e09qL2SG7PiSPIOnLr2rtJHQmkHUFYwj/xiOkAYKWT68Kkt7AQogS+WbJwBMiRhJQZDpRM6bwFgGGHZfcASTgg+AW3X8gvkMz80Ev4inlvR3e/8xOf8HpKIC3bdODsAF6MtvLj+cR+s8ZXMp34KNxvHfCSRC4J8HOKLi/Kom51zAIq6Euit/XhbbPpnsmwUb4goic9tV6gicgATB5q4FLTZBSkLYiVSTKdXtingOACmJnlCptKqbEyO07cCuT5sxW5Mxw0xi39RwEsidrmjc88pv36m7aDgCypVWsvkv7vPv/+e9oJ0559+5c+mSylPnnvWx/WkcGka93K9etvwzN5C9D0fXDWkrhLuIiHSv/WliZXoscCtD0mA+BSfEwPAOE/GQFphcMV4cx2PD+iwoT/npSxm/MBPxTEFYYqtzxJyv5+/MnOD4e177RXyEXEu++BdSe0d7St/MmTpPq5EWNHaA9r72qvazuK6kLUoMUjnE15AGcLJ3MX61C2GlCWcT4KnY8VQGuVqQpggqm5cGoyinwG2OhMCkIAL64zOUpWk3oyU7tJW3XmZ36tdkh7W/vFtEdbrz2i3a2tqONXk96kDOEC9xe+h/sncJcbd7fqdxdB1jMx1DKhCGGPTQTVU6q6WkHGBp2V6am6csoUU/Y6KmRFL+fXR2fxz5n21Ec/qI+uqWc0Eu+LtgAr0IY2XY7e02Ki97TgPW0d3BPUZf2GCRfc8Kjgj17G3xOdgTe75+roPHYv2HtTZ8rPF3GRZEPzM3a82e1JRmHPjfdLMzbfsHoloTZETbaKG+6Yrpu6IqI1GTEiSVHNEiJ0YjLsRVKp6nEDjtu5UlSQQDkLi66/QBnFD0q8BPt2y14y6pMfXuz84jvaSe1p0p9c/NYabRif9n/a79oObS1/4iQZc6B2bK22WXtP26M1lfL8+OjkOrLCgKP4M92/cp0qmBlVCJtCzYKNQlJo270EgCQfDCfIKA0CTFWzoyW2b+gqQE0SANko1EyZ0gpKaXQhv/LsYP5otEds30gx1cH9f9bBqdsBX6bYiEcbqQKOvz0/SFtLf5vAdQX5FOdoLVJ5fXKg4xpzgTYAZkJp2MT4lRmIcwroMrI/p2Bf5eU/N2o7x/bRPMRiOnh2sLY2zYDDDmoH0j0kYUsMDoaZyU4XT61CVA5WBVtpKZtmCZocA8QM893Gl90afZKfcmP06GFYv2UbXxPd1NosiLuiT7ThLp4Zk0GJEcI6HCQDDhGBYqtgAqwxtwHYe7QRz8LZneNjY0kpMJabq9HHMjtCcTP30PHcwAzddM8okJApulGQTywNW5QIb3IgLppdaoKdGgbgq4iQkFiqrw44ADMQBGCJgSSvcnQrL0m89MAUuyX6ySXRkxYLzOisSTo7WKy+7oazB0wDb7j13L4Yfv1G+YBuMwhb9dmZYXYynV0izC5RViWYlRVEEjw2iRzbQUlReRseBlQ6DKgnxOaVX4wIx+bUKEyQrBOntG612GE2PzZvE/afHWxyfbOgdSjQSTzDW3T7zQDDfmM17De2NvuNt2P7jWA17DcqJ1FJG04hO4vZXPz1LeRq0p0ESZ22HWj1UW37bJJMJGIhPtTvtXPal/xJMo6s02YCh9+uTScbyVjtNe1JUk3KSF8yUttl0HWxnNI3F9qb2iicCyiOhZ1LC5J3d4zC2YJI4QE7VRFm7kEsdaGJR9QpvOIR/YGUmJniKGnkbSDZn/nszd8//tuHQAS0sf/3WXQ73/zo3icfxTncom2nMJNBkx/KRZwIMw/AjBodKOBSbUyHhxkoADhFVn064ECdV33A+poEm8NKxatUz59gx5vxzAT+AoCtJ8mwHdpX/qz/BsUPtaW9tO1kMP8fYLkBYOkA7n1VeyxUkwCcdicFp72Ne4PKGXYG0R7v0hlmMiKCA1aQAPIHEhYbLMkJmBG2IBWPsVGR2twDxJ9C/DFAjyUyETdvJWuu11ZoG4nvuXfe+Azg/eZbG97qEm3kb4wu44899sjj96HsDzL9byBn5HLjuUjAoA1yzMqYVxR2HFeTPS3hZHZiskE4ykegAwN5VkiQvRkBFFqzFdXlRpQVAsww4lWaiMOdjd/JrrCL2keY0NqNUIeBzl9yJC+qyJk8yk/Zs7f+u/n9gVvv//QpQt5699m8PTu2Hexz+6NP7Rqu/XJS+7Wg8dLHbr9yZl3PYU0btx+trB266ZaRU6/s3Wf2mkl7j9PzbwPYF1AfcW+mGcZsCmGBOWal46oJyJ2JmgxNApoMTTGTYZu2hLZqm5ih5U0x1Ywff3Ynmhpg/BfhXPMwvsKVcJFEhJekSz9hW0hXPZGchgWZOnyBhlPh0ipQ8oeDAwlh4jtecP4c7sUp3x5/76tG7WPAM+1z3iLsbq18/19fHxEOtFa2al+QDLgvytNbqc0V+JgN18UZRC2hCMUsTuWMwweUKsnXqwQF6Znk2uoMTx+yfnb0kzrTntaMU3OGbBWHIocjoDtzEso0aeQOLpKGY7o91MNM/SQEveO5PrhBOl0UARwgTMhwwaIymP3s5bIfSqj9jJPDaQed0CMsHdxfduSH8dhqCtu6OcPWg2qy7w9TOPXg/peXfj+UdvdAu++gardCewL84J0frsJ2J5zpcOJBU9glh93QPf+Hu6A5AYZt4omEbmX6V6R/Tfh3f9n//bCA9kmUm+REBVpenvh9mLb45Cavz4N9dn3/JW1JlZtSUpPdhREYLXtV9qqA5FRcoGiC4AOnrDQCX7Y1R+DHcZ9g8LZPXIWDt9q9PkE0SYlycko7JzOpcPNWW4Ld7fH6UtM67BLzRhPYuDQ452YnpVQhkin4eqUR3MJ+BLeQoBmJBELTCZeY6lXMyZVn55C8UJKjM8meos2o1l7q5JH7aB/VwPZWlU4YNbzTHcQrLGyVwjMGbRO7AI+cunrM6M/OfUfxF/Gokso0+W1yB29wb3uRLtAg3xOptNHDiqIGShtWQk5rl8wDUX3dTK0P+Xa+NkIbxJ/lD0Tv4udGB0ZFfme0xrhHKdURQLYxx3BVgBtYqf1VAhpiQxpiBozlgWhw7AJRF+5F4OjNJzvJrllayjWwqk+F7Nal0bf5ruiTg7EHUz7VzZA/rLpsLDABnErZqplZlVVR0D0goWLiRyOI31sl1LYeFfa37hDmDDXZxg89+5su2+zWDvB1lHb04GLiPZpUqDrBYlZMLiAdVFIymakuYZAMXajfTXZpe8hg7YB0tv6Pw1f/2Q8kGPDo0A8E+x9IaeQDU5gUCmdUO0BOGnMylonWUU6fEzmOdpUIoeSM4JwEY04+PxXa/SGYzx6YV/WXUln9HxKdUy3fA/aI2XwQy6ygm743gLwzSZuvzeV7CHe3Xiv4WluoHNyq/SZUnh8Ek/ZxaOLizC34oj41Nm0zLF4Uqlp376viCFkpnhAskh/2qBMHU0U/ngP9eFQ5ajYlcQki04VU3qzb/klxCJiAN9ANfn1X6rqBl41/TpKV7geGysOfozy1AfjUBrEKYJnLLeAiLoSizzCIO3i4sFhamoUcnwMVCDPjXLBfqUC1Upl+L2YHg6oMsh/o+y4ZbTqUkblTQWqwOBJ8VGrIyUD12QOsrFS1CDQmKOxQQDREnSi3nMR7jZRAQZyps1cZMTtJA7GeO3rTnfduy2t6pkm9IsVS9fSChyPX3Dh395svfnmY+B8Km6RBm7dW11TvfzXaddc1o7evaZzzujrdkrCYrnMP6P1DJQ/nBTqvWzEiMq4zBT37uM5MvMikHlaCjtgcus4kF9UVvIkt4SSZqn0OOGQB1Ai9SF1gQeF0RbVR50UmugHMDrdHYu4wZESJhJr8mV8wvyBgdjMmBUqM5N0zURTM/Z5Z8sXXv3x83f5e1vS8p/dGmrUtB3dIHm1x7eBRDWO1U9pp7Sftw/G123n5t+N/fEU++DjKztVC2LvlYjWsqYyLuHExTvRk0k1DGSPJUPVQmgMpB1TSsEI1BU6SqR2QmQ1AamuTGWByaMbI4RYS1/drbklbM/WNd9997p6lU59s0c7wKcRJuvaoLfr9m4//KB4bIvkI24VoJwfYurks9BI4ELYKYUIZmw4ik0C9cYINYcvMRB5g5x5qwgybg0aIiQMg7SiidqIUkDSbJCFRoRiUkQTA5czORMnwqgCu+HTVoSAgUQ+sH9GF2i8Xnj61YNcASWq4JMVywzenvp9Kpuzb9eQLkSZeJqnkopqpNy0mK/44vWM/CKROLXj8N6X1k7PM7o9w/R7g6uHSuEZ2JtQEYymAL81eiwvt/lSQY0zcAkvxBo34LqTDGYgiFqqAuRDWoAE50XKtJrgMhS3sBHHOxUyxuAWuDOKnHqESL6I/5/azlRDuxMF/tv7EH3lp3JoZY7fUf6f9Pot/ePu6B1/kfUQkpdqvX4349HRqYV2nDJJL6l44dpThRwYs5piUBfgxgdm6IgmCLlglwlLCfEh1WYAQB0EqUImJYYyHBh+goukMgtyCe+ZWQJjzuPHSg8IcxaYEdIFbcV0gOaNoV0JjVRgawUKooJfx1obH6+p8I4ZfN4Fw57mJQkvvvOo3nk+rSVn5wOSaVp/QgjbGrppHlADenUFyKucOc5ECDqbZxQzyMkK8zAQ0JRhx0muppTmYXYB+x6CtpbkkmV6WSDD3iqJwwnG1p6Ol6aKeCRYQTT2Ux1zkaWmSaEOG0hLuKau9MTIHt0tWu8FlLsisud1wbbkuWNsl0NQbaFWFTXDKyRZ/QZeSMj1Oxw2bh6E8ai6adbIVlG6SXaqUAZ9KEArhMlArvMjcfboLq0SP4PH5vWYWxAQyB5yxPgTt7qIfSRwodKhdZLsN7xbAr+vqhT36rL562tHw9D5k7Km698KDM/v0Gz7uRfUA6E3akVPXkGFk1+2bItqxK++/+Y51G2+/deOha+9J8w4Lzryy4PEZj77qvcx57e0PHpayqot6dl97567nt276lCgNtfxzN61etWz16o2AH3uA5zvh3Hq4kbrMkhCKWHjdvmuRqYuZ0kIvO6+UFuKRRfNjAqj4iOx21AdN1JorU/HGZBhTzEj5slNIgIVzeZU9E03msv2ryNyGVesOPwskTlndUKvNi5byh7ZvfPUTZlfhOXgjaKezgqbXR5fKqW/cYm+JJPDI4p3UFWULqqakFtUBM8H3RKTOOAXewlxEPY3QMdQNnijPCgSyyp0TTTPHB7t17Xn2V7H83CG43/mtmofezw565RVwP8Q+Hg8J1dbgniZ6Tx8ap8KOoGqG+7mSmC5pxjiMRC+unrcxW7ZurRJgO6kqgrtOYlNpuKzvvROXzh9RQmxsQtoyT9iUffb7FetTzBV0ZhzbG+Ek7I0DY0EMTVdqWzsuGg+qsWYg5JwqUfgbZhUFBEPdmrVnotnEFy7Sqsl7C7WJEcnT+qt2jG/QukfX8XnbtBsZvYB7khS4p8Cls3vGzHmwYHy1mfP2TJQ8f5xmv5Ea4ezmYKwGlRuVVLRbwUwjZiQyjhBy1nASKIkBOlgODMTDUcxhMYSpDipIoH6uwDe56B/IQUONGY5VKnBWdAu40E8K/JVDQ4RotRns1UcxzKc71ZUYogVolCAgXJVX6rpjEiFXiMVNcyORhhtufvzhya1PbRHLN44cc2jcpBePAvK9+dD6fa+C7v41cb/+EUVC/WzAulxoMYlZGnBVuAnIaA2TjUtfD9BQm275wjgMmwsXQW3CTmrtEkuNOffytzsU1W5pGknUDwVMbGf7E8H4aynMBWPbDJuXbPCjJD1iR7d2OJhMJgHTT6XO91jMErpaAENKDW6DZhqQSPiSOLqzkPCnPuXOg7a89sPrpr7a3Pzq683Nh3k/sZHO2vvaWe037dgqwj/56blzn5468zvKVUC7h8LckPdfzUXsODcfau4xUGG8AFdk8HxkLJ4gBZhbplO06l4hN0aKO3HPI4JkZz5LH4ZVWIVEJ2P5FHiGLFUQ8CV5U0i8NAWQvPa3j7/+5e/n5pkF8alDj+/VdrwY0TxS4eawdhLkqF+1EweqB9dqDaL1/IdnTpKT751G+MIa7HSvs7gxHBMLUXRB/I3JLyBlx9bgoJOH3Y6YHSkYM4ybjmuwuanE4pRjEkuTZHI62gQWX6hEN8FSeYVOXtFhf/rj0/MlV3WDJC04d/z01KYnX3ty5/7wXt5D3KTr7vv/OEa2Xn/TiySd2L5s+ZAQ+78/PBM7t/xvMH+Zu8ywMBrHD41hESte2KwxH5LMMJaeOZlXmEnWdgGS4pHSZUJAUZv50vtmXDbcPeCK1RGx/JVFE5xXK6eb9bNSDfJSLdw/gLauHGrrEnXeTUWkXGbrcsRsXVkwgbyYrcsme9NzkMdmxWxdOfG2rqwObF35BTS+Ok5spZYuAGr19j2PPL78vkdvu/TIvvDWvIdXLt+yOLzh9kv/+c6HRdOrpo+purZXn1HTh11/V/+6/rWVoxrLi0fNuGL9g1SfPH+aX2waCPLSIo4JsAg9k64EoZxkoXJShFiMeM0IT0kylZti7ilPLGLTYzWEJjTpCk4ayYCmVcGja+h2JU4aRDGqnDA/VkwQBwE35ZFgiJRrh2rr6wcOqr97JYhRXX/T/qiJjrhxkTwi+YHH+Bdx/juBTvBiOeDxkHgpXNKPIzWkuQ2CrhvSkJ/ZdZKFtjTVSePbiYSXiaWlF9jVUND2Z+8EUvXy3oZqlzQNVJM1ZDH/WrRi+8ZXPuFrzx3atFO3VQi7YC4JIIWyyBnMVMHAt7ClzSCi29RCzKjWSFIuTpc6F5KURm3sJLE8mnHXtDvm8qeQS+OYWRxn2gljphGJxaNFXO60UCgELI9G9+PozcRilZU/m9dk5C9x5rXh3/92gXmNP7i/rOd3Q5h5zdLNGTYfVH3JzLx2OOn01bS7G9o9B+EwQbv14P5+uT/uZuY1mZnXFDnsOri/7z9O5xtmseRUn7uwKQX/RuBvnHEsuZTby5ttiR5fmw2LVDh5s8VqS3S5sTk1rUO7lkh9jGjVcFPg6e9p1MUPOmYiEQJZ03aXuaU+aZ/WHRskS5ZBOyZpJ6Z+78uVvF1/bgDYrvp21rfD+Huj0/819BKSxl977hD/weC1g9dFCymsS2D/XqX7F2/P4v/anhWKs2eVkFXa8rlkALlkpraa3D1P26k9wRfxstaLvBX9Mfoe+VJLQxzRPBRHkjHayIlSl1tEyhpWaCCnJQ5fUopY1CmHIS5icik1abld+qIxIr4AKUM/vqTxq2vSpYuu/qpRS+kzYvrQ0oG9Lw1Vll9phyVv1b5uuIVw/NhzygMzenlr5O6TP/Iz25dQB/OIs32hX5hnhOx/s33xy6M7+Q+iC/nV5cITteWttbWxuHR+tWkPnIJajmYYoWoeTi5CJkmjilB1wdyV4+iFRQk7IRjxpFGykWylinEWXTiwQtWdBrIQUWioZNgCUredHtDifqRYkfNAafQqeswEnFifF0lHz7LrZ5Cpq26obZgwZuHaw4/x8gi+YSKpJ4VSnWnaVO3orTd7LZ6lS7QXGycLV23aQkZi8DshrZrE10op1DbVsRhIgByQ1rGaZHH/zmygg2Ctm2CtmbhW6urAtJvMIkBYtmRcaxamB8Ai1TT0ZQYjAl2rkAlrTQxiUCWnJlOswrViWAjKgYmgWLmpYoVLxbyabvieX1CMYh+uVcKlBwatWTxmwoQxS1bv3j9z8VePHW7hJ08h/Zcs9Vg8Ny8jPaZMN9Vt3qRtmzSBHyEe0Z7ZfC+L0+KnigGhDOh+MY1Es5hhZkVo7YJ5InFnGq+FOg0VGjCsEjuzn1CnfjGarXxJMc29AHnS7Bk3ls2YfFP9xdP7dZ9zxXUP3DChxwJ+Tv2stC69yyrG96gYVFoG6L1DW0kGAe9EXQdkOzxhqhkj4ZwdpN0l0LQ7O823szlB8PcypceO+XZmPqb0sHg4OBnuHSwWzpNRliH8TKPgzr4j9jv3Ml33+8C3j5jeBtycqdNTaghNTpWzD9JsKpfYAtyDfhJCzK+WyTy9DurphSOJVlHMdzMFgbrhTqZ4QYumKOvCUAhvadiuRDibh9pA0GJAgyAwMepCm1Mh8QaK8/n3j+yvci67O+v2Kc+//WbzsjtmPWiv2n+Eb/mGFPp37yipDv379Kk/eo+9+J2/Z5Icuo5KkNV7mN4EvJutn990KxD9YMROQ5XFlmbJzNkdhWFvSJXMGJpE0VDEWEYavOqBydOMsZRMjClJ8QHrFlOwQeSwQZRgTRQ1FTNj13bGrkP06AWKQ0qcLMLYt2T2eytnLXn//Vf2PrM58OCqNSvJZm3ywEqhc7U3soLwVaTzO/8cUNN/2y7t/arz3HUPd6dxh0uJTZTFrVwaV8DN4vDUZEkt4bwi1SaxOEDhOGaoYWoaxsEpCgv9S0fWbU6jEaZ7TRZ7ojsplaDchIGnVDvNgt1QPWi5yFP2EhPtYcEeNtAKmI+kJL+4Z0lBiQ+XUuJDg4XZZy5A9dUcb5xYurqubnWfVVMe3HzNyj70euWsTfdPXzX4hRW3v/Di8ttfJAPXTNu0YfaavneNG3dX3zWzN9x7Dbsmb95x8KWVd7z8MqONGAM/CehFEncd80ob/oxmWXFyDlS5MPQaDmGzx0sbTCHVAw3mINXGncfDriBNuLIEIw4n7pcDA5GkYMTpwE9O2UrjcFFRx4BzKnF5PbpPxE19IrBZXmasAlKO/wt1F8kIkqbtJlXa7mu0Z8hIeCWZ9rR+IaS3nq46UqUdJT3gjdor4milGc6SnqWK5JzHVDn6pnsOMP4CI1iAbo4dS/ioaPLxrVGRxjW0CitgjO5cP+5WLtKNStHmlkg6dW6j3b2cStE9AF17yOEs5JA0GqQIpWloUi8muHI1H4ScQmhJDqoVsOyLs6gtK0FOSs/t1K0YIyTDhSznTOjGpOx05VniTilk3yW5QC75k0+5V8yQZaZRx8y1TABBjNjsWDw2/MJJbtmzadvO4NKlb9w9ubam8u3dzzwSuGrFsNvXhhbdfPDu/TU1n702dmtW+T3hqtqK+x8eObH86sqJV5Vc0r/bFSsnX7k6v2jWyPnLK0bkpI4Z0uuyfoUVKxufnnzRjKoV6zKFrEsqB5V3nlvRb8TgoO9agP0Ik08YajrMWTiF68uyycL2ULPZzvXBANkgbdE/Gm5kUxLQK+ZGdia16MHLNNEQ413zjAsyIiu7oqKc3EjfTDO7daqpqcE/aLOcdP60NABoZyJIpcXcEl3z9RjxZKD0RjohLQ8A9Ql1swcchWoI6WcvQwNDbwmmEBQC+hbKFEUtgCclep7pXrtHTA/kdQ9RTbIbC2kNd1KetcjJXH533KqAK5wXCymj8axiICcX9HmXGArmuowoVlM7NclQKia9QerfwtfL2ra/HdW2HR6nku6RCCmKPKUdeTasHY2QTv/cv3BGXsPYux7ZuL56buO059/mP6K/0ra99aq2429HSd1rEe29CP5wN+m2T9XeefZvf/S8susLO/dHCmu7foX0rFLw8wNMr8MZ93MLQSuhEhBQNA8IdBIVDkQkbMzZ4gPC5qPJuHh6EhXmaPGhOGBLAMqVoTRZHC5PLNdWD0ZRUBzKVFTOVUoD7XiqTqGDyaU7mHrFO5jQvyS19y5VPvzI1UMHjJ7pnz/3iwEp1QuuvrZuYFndNbXXXS98MmmKRSwcNqTHFRd/oJUNqm6o79Vv0tgKk1RGbZVV3I1CV+EJTgL+jRHlPsFt1t+qSHE/TesXIr3KNK2MF9PIykJto7apkKyIXepx4k7RybdyJjj9eqS5kR0oWlksGWZ+KYhbBlPSY8kwAzCgzBYewrQ/zUW2/H/L1RPb4XVXwOwtHWB2c5dudoyU7CK1RLpQ03mXbCC0nYPN/mL6hd/SEaZ3BdLVLRjuyvJkMUMkrz3eB7sqrmftnnSxsBNucZ4Svggt7OHOeAK6KK5mxH36VbHyP6E+iKgsg8QdEIyIqULyP6D+Q++v3Tps0HeL//7EtVdNfXXWf8X76P3CtTfcMnxxjraQTNXuI/vGjdnFYh3PSh5RkhqZj/eCvWAbIMAGSOg/gw3gudXCfP4Uzdum+YksrA1YnrVITTS3RbcpbdFtSofZiYal78L0aZ2Hr376ppuefvqmW5+su350zZJFY+oWig/f9vjjt932+I7lV910w7ixN94M0z9/HiQqgvmrcoEwjeOio2UJs2EBx4r5wfx8mKcP7aPsVFuoQmPkUJro3kdkGgMko0Rlog4FEyJvCspSXj2D0KI0mWwJMjOSFZf0a+cL9jh5YNHFP99YP27YjJk9Ft57w52pva7U/k1e4gdXfrf47mGXX1l1yZSls4uqR4/TWmvp3DrzpfwtMLcAZtb5aLAdzC0HJHpLC1XmzMwoJR1Xs1CQRV6aCnNNpAJsog0mmIcTNMxQNhD3s4C0JLjCGaVhlxLxeFNZlo5hjYpLFjTmLekOn8533Dpv4cKFy1ZcM61+xM0Lim59dOm62iv2qw/dzc+v7dcw+srK6tHDLh1ZObB+0ZTK6Uldd9y6lrvQ188VNYvtfP1SzNdPbf5o/EdfP6aIgwJiJiuvWJu6JvfpqeIJefhz3ZWeu0ZTO6HmEZ1U375Stw+5LrAPUUMtMyYnM2dPcjsrEbXXoiDpdBlWoogTvR8d2ImoB78gCb0+q+5m1qLgG/MnrgyZ0CAbZy8aNq6kdGylxnJ752itYpXkAfoziKMFSGjcnIXSPYsDhXEL7A+oGzTo1GYExDdzNNoDM6ytzMZoctAIVJpL3iuEVBL/4zmY8+E3fNakLyZVVP3jbdFFRO3MN9L+PwYKIddZhvPb+NlkgBCSMTeJ45cxWVXzkJVwpXCdYV4Iu0TdTUSlChMtkUBFCVbyBFMu3Aw7CkpChvOvMLNfZdWhceP7P7Fi8YBUbaHt4p71abvn562cNDmBycRD+cFkP43DyeH0UGJbLPE3oV3iL9wgjxmTJfNQ4hrbYE89anJtb72HD0y83Xc986UNBP67FfhvAmi3Bj1xS5SeOKVYjIBOT2Q9mQgtlHIbPXE7O6YnslGoYeCWdXc9+PDatQ/UvffepJkzJ4nzt4V3b3+kadcT2hliWbZ0KZvLIOCVAYNXlriFEuIleextEHBIUqy9TQqBY+LFE2QamV6oLU7TFha2XbL96cNxpmtNe+R8bskPHFCmoXw5x8lmYTh/MroXvgdQmpaw71+i35Nf8XvuOkGi33eG7z8wvQ3fz+fY7z9gvxcGRvfCPAdr84U80Mkz4ewt4CJ+lOPy7aBzAXWzxFL9XC7q88FY7AQAX4LclJoQcBY2Z7HcrKyi5gBLjruIWrzhpJicImrBFkX1plNyovrzKb1OB4RJKQ3ng6JM0wnQgQxnuR9fRkIA60RCncahYDnx0VNFYjr+4E7Dlldcllk1fELdFf22r75xRkXe7I2V+94js5jinzZwxvjZxVdNmJCYd+NDo4aXLRx+w33d0oZ3z35N3MuS4gAeNKfIPM+Vz+VSOF16/g1S1UH7ApBUOmgn1VxGXHtarP0qToxr98bGmcZlxbVnxPqPAZnjAY4/r8H+nKGx5m6M80X5I8yF2hJS3DTotNkp2zHc1ylieoo9lp7iKQrbj4eVYMwcb6fmeB6ohs3IUPFSwhAgbRkq8BIIUAmeXyPMjN7PV0QP8lOiIS3vc2InkUmxrBU9Q+oMwu0WoKf7TG/D/PPpuq7nJYqfNC+AwqeTDk+VrvfC9gXcwI7aAZ5yXLs31n8a58L284eAUFTQ/l3Y+NrFtP9LcMj6xbUvON+L9v8U2vPb2km19iztb0LllY7P+k/DdsD/Ij0XCf2NU3TrvcOokYClYjiCea9oTsH4XzSnpGDwBfqjHcyc4kig2jiy/QSqiiegD8TBSIzZ28KsuTQNwCwzVmokL3UmiltPX8J9KXq4LYdJ29YYy2Iim7Rp/I56PmIkM/E7os0snyn6RL2xD+JvFB976Pg4n66b5hBQeAQZ/LiZHbYvIHkdtcP+HIprT4u1X8U9HNfujY0zDftjvBYBJUDcjvTJXWIlPisxW0kBWVhK7iP399amkk29tWu0aaVkozgNP96HH6fCt/QPy8dj+Q+n4WSkgXwzk/HxsBxSM40kiBQbk24wYMNLA6yoZ9LLXG4ejgWB+ZW9kuCQXRZfOjMChc3oYHewb1OUvZzFZnIlJtEgdEGvL4EJS9QyhBH+OQXmgpJ8t+wjmMwEvA53r4BG/X/z8IxBs1/CxInTD9UMrjswezX/+fI3Mdr/neVHMPh/NYv6X3xf3/uPgh60XZu+aFGfpW+Q2dobT4m2Rm1X68PTaPB/n6cAnjQ2nML/Yn2/SimcL2xfwP3YUTvs17q4dm+s/zS9ncbV0v599XE603Ng5G4kcB6MC4nlbkQ8umug2WbnMBCM5sJ7Y9F2vD1IU6tkPYciCXHdYzecBkpHSRyNhLswi+MM5nFou8gulsdBaAzjACmL68ndps+GRmpi4GJ3gVVnIOFiOo2eLhrrVMAi5ZG3d2U5Q2EzwwcPsPleWMKpJyaxpaE8G7Yral53eO/qetYq+zJzadasWaGKNoZehFNLw92ViNmTpmcU6cKAGdmTnmuATKkgVrBBNx4ZOcUgCx594cDh1SP7ZAy+ZNpVXcNbr36o6JLHL5u7uHLW0vGXDB58yZ23rdsm7nn6wLpVq2dXXFHQpXv/rkMmTr90y1N5mdPzu8+cduX1Q0Yvquk7qXfphN7jJq1aeq4/7B+NYZX8sH8DdHq7gJ7/9u0StyCD66idVP8trt30Zqz9qqfj2w/Hxpn2Vvw4y2L9x/ydnVFolzAmAulOCXeQi+TiGc0KYdGtcHKQhtWGlRDVmHoFm4NJuRhcG4Qvg3JYQG2kyByrMlXgoTW2ujKbSBLsICBXkkwrKXg8rMBUgZ5l1VVpsjlyLcyOpyZibZOQElGSadK3x6WmpaO4cVEu9E7HbJcmLs1Pq1AVucLdS1UhqOjGE5pk37H5JBvNwxipKPt1d0e2cGGwbh4GLmY3nG19c8nKex7Me/ppYqqYfXrf+9FiMnbUrTPHrq/VTjQOeOO+LbuuuX7mky8//9EB/gA/dvMK7QvifyBi0QN53z+m/fLlCK1ncte6zumEW77ksTuNkN4jB44D/BdqHox/BfgPZPyXDKb7QuM36f4Oovt16WNch+0L+nTYTqp/j2un+876TztH28//Ew7jONr/F53/jqL9p0P7t3HtC7TPaP/XgM/a29qB/26m7f+C/l/T8X/R+e9mKifPxxpFoAOlA98fpFdeyRZpYjz1RzL5MwNQIUNmFjK9zgTWHWkWEtyeVGo1zM/GihI+Ka6ihK+ELzAB2S4oSaKEHCtMBHLaxQDNj/5jxkOXiRVHtJ97/Fozp+uGyad6vPXA/WdOHT839YXdTc+/vPO5ZvLBF0ToX84T5wsPDlvfr3TkZUNXVi++V5vxpXZae4+IJ/cf/e2n9Y+9yeBIY6nouRrJztX5GHzFUgqXKrZPr3XcvmBah+2k2hbXTsdn7Vd9F99+ODbONBs7n7OJLAbETXDl4HxwRjHTR7K3GEUevEWg/DAjhng87Aw2W5hE7wpSu4Ve9CEmgrdVu5gtNEePMbmb/eV3VlVpb1I5m//3xIk9aQ0KAeb1iVgqTm3PwykZNyKMYwzc0cbAHW0MXJXRCwks3CQ4Ei0ug4WrEq0H1cbE91hsiS7ThTzc8O5g+Bfl4SUeHy1sYOirGAXWdP34wVOv1bTPn15QM2jc4qmVfFbDPc2HV9ff3fzqIBYQNvWGkpUbfsWQsIY5vRfd/8cb1/OH6n6Pbqw69+mLCxH+NB6F7lct29/H2b5c2L6gscN2Uu2Ma6f7yPpP09tp/ADtP5aN8ynTM2lMGo1rzeYm6tBN1uO5aCi6mYaim4m1kBo8/EZ0q8p7gzS+FQMTbXCocgyAm5AepinAQRHCGclwzky2RFk04tIU838MTJtoNs/V2gembT/0tOaxcNri31/sODTt73/E1kjXztY47XZ97ag7SStiulMN14PKMoxXFcd4Us13cf3N/lj/0boOxvofjfUf/U8Dtv3FU6YDsf51wjKWL6L1Fw6KVaBD9+Qe16tzdQWQYqRRLF8knFZEEzKFYEEsbYTJJRd5aDWPTCaBIKiRfondWQYJlUgyL0JLryOhoCsWSwygty63NCwrkaS0HBoVmJTG1OUCJeJJziylAks4pzQcBPU5N/A/JZigwBILr+pZ0qvkvyWcDLp8Wg9/p4rqiZ3yx/j+c+5J+ZxBs+zV8tWjB1526eUPtUtEYbqBuI/Kmvm6jmGh+0BzOSguD2S4HGL7cEF/kGV3d9Q/xrNY/6xY/1o+ra2/6YjBK0ktqe1w/FHczg7HH6WPT+tU0P4Fev8RRn9TH8kD7ZdTW8pd/AnaX9clXRK33sitEJ+QPNS/vY6LeBFtUtqRvzwRqwqHXSHVDsRYDkbsVJe0O9EV0oliUbqDOsD9NAAzCQMwEZkSgxGPnwbOuEDt9NMoPD/6gwHLMH8H6Dq6yv3pNEbTx4qS5mXCJ3OS74KkkjIM7MEYBSyb9tfJJVoBOdGwZctfp5hMr3rrrapzlguyTAzdnp7fTvr5zYjB/Xt6fpksUiNzcTYFf6z/aM4W1/9orP/oc/H9+Vj/WjKTFMf6H9H7Y3sl6w/n+nvYJ6N/HT+C8VBtCubCxPrX8ZVcXgc2i1FcGx7Hy1Kjforhpakz7X+RjsfHaH+a+0H7D2Z4/Hx8f3+s/+j4/nS9rP/ovfH9s2L9a/nyuP5H9P643gzWX+uDtUCM/sJakkXbL5iPcHd5DJ7iz3T+he10SirbmHdC+xC93UlWsjo9pkO0noOPm8uiG0DkpxFgWK8HA9vUhKRQSCXWFtVkDQabPbITbVgeKxM9XNScgiGLoicYjLho+UUXWlEUVhxAAl5FzS3tgh90EUUpNsp4sMJ/aP92+xU/Lehx9OiU1p2NcNW6UxxcD3j5M77qz+3B8h7iYO1zhBHol2l6fkg6em7T2AowGspJQ9fiSpnG1y/NoLFsMPVUoOeiBaaeSiO8UjEeNo16WNJwFXEx/8gNXKmYk+806LuaYNOtQnAIMUDjT7kkASVt80RyQitoSyl5tWmieAYP3M8sraSW37Z94yv/jL4unqHydgQI0Axqr2F2sKu0e6l9bCO0D6fy4y96+/W0/w/QnkrPKOtfo71F+/8fOvboGf1Fb3+G9v8e+vsozrL+o7W9sf5RirO/6O0PUpy6ROtPxtMz14Xich3PcK0A2gdS3BzK2r9h7S/DOJdSHGfj16Kd0MjbEMvja7Hw/zl5g2W+sHO/ViiltnJmA+zKi7T9Cc3DnzEdkdkczNwwcpSucZC2ls+l56Crrss00TVuhf5UxyFV8ToOjN8H67FA/27snHG3MJ1A64P5LdBeSc/Z2s6xWHbhJKzFgVWQbMzyS/MIwiT0H1NfbP9b6otYrr3ZLvWlHS0r0u2mY+jZvgP202zeBe3DdX3uPFnN1qTTyiI29/4MlhO0PqQTXdNwtlbteBstNu01xhfuIpbzjzLawQ+K9ZeEu76Ko92x8ZGW8dHpev8kySPr48P+fx69mOX50To0DoyAodZai7WFZkxRiCUcD5MgzVDEwqGUmaIPDeHHqbwF6xQ5WPwXAC7PZ6LWcHNGpJEMKNLW8M+1nlrJp10rFEa9R4Z+FT07ni+oYXtlgT+fAH1I4DJZVgot4GNlt6N1So06xTgy6BxwaM2W3RPvL3xl4i380nlCTjRjysBl0R78mpo2e+08w17LLeBOtdFYSpNHMtloPBfDrd8onHrouPW2gVuYu2P0F9aO4LgOxgeetaGj8ckoXb8g0F5Hz8bIoThOny/0Wj3aWloLJxmzXel5cxumQSCKqE3K1pZ4PypLe0AF0qo7UTHENezB7MkIn0Cr9uiVcWS9JiRHs0OJSxU87avkYPEjdDsrxfHlcrSd4/pUDvqpfdEcbW1arYegHZcWz+HafMDVgDMT9LkbgddxSSMpbZGeGXp2UwYrwYdJf1jU04sVTgWnmSW6oIMwLNNJo975pzySJC/LgiumKXFxeU+99l/75ss3Lhheelnf+9bd98LTYvnG0Ve+9npr4+0bUmo8YQHoN2ZkGTZ1SouDurx0zJA3QMcvjun+NVlt8sAWSouDuvxwOK7/0Vj/0fb4/m02/rHE09Y/zuYwtprpmLec/1GKmF4HHTMLaxrSnCEHnDrqUU+GC5Ogn0NqlM+wtTRb7TRr2GqN1cnzemkaKiKEwchTY4wclf5UzDEXMKwJVBks6mt3MDOsVVE5Lw0CD6fFLPNx3ixJL8YTLFHQOn8LGUeCldfw/4rO4adG7+PXRu1DJ7FyPCnENPOSfrO0s9pX/ElyFVmj6J4umdxNxmmvartd4s+yplK7xWlzFuBONvCKEHcvF8lA+uwLYXV8GmrHovWpmbNHsLmrIwPX2xWRqWd8xfwCvUx+V1qZB5NwE0DXLkZDph/Xm0HXq0qp8N7NFbHIWAcYqza7PSgf5GawswNd3KlU+1P9BfB+kV6VDy0cST6X/8J8aqz3cWHCm8kfy3u7943SWcR/8J9RiX81whKtt3xS0ue1+1kq3O49+3c1HxYG82u2r9u8m1lA7lxNfJh8/dVXNPl6xbKbV7HsuH9/9ekfv9//wrG/xejOBopbxTpdazDoDv8bxa1RjK691UbXNlC6VtyOZ87U+mCel94f+ctnHY0PdM1Jx3+03fjQfn4Ri+nB2kS0fy99PkxWpnlctH8Nm89xrqP+pPr8dx31J9X36/01D9Y+io1/PRlI26uhvZbOv4a1c6c7HH/U+W87HH+UbvuwAQ0roPAp0cfPo+0pIIMsNg2E9tH6+K+y/li7iI5foo//Dh0f8712UP47mvHfAVy7WkeJ3Dg9+ziu1lGzw24DOR2lXzjvbYEoYWebx9nWvj5hXOF++GuHs63ElUOKBR+zskikQds6RXuANGJ5pOjhq6MD+f1X82Xx+WkZ3D1Mc6ZZoP89P605Nc0rsHDqVAvLaQDinnw8nE4VCCalO5Ip5cHpJlOPbTKdbnIq89vquWtI+4VkPZJaBuoUdmPGJs3Na8tduzB/DQPkjRw2DO4w8tjWrTMy2bTXa7STejIbKaohpVzMX5cW8+Ndxc2h+8bsgW/G7IRX6Tom7U95xMU6j9gR17841r8mENef8oiLdR6xIa7/0Vj/0XJ8/2Ox/mPi+1M/EOs/pl3/Nj/kWO5EXP82O+fYWr2/1h9rYMX61/E+io87tf5iEcjEAfT7+Y2QLbsh6GPcFmhlSpvZWE/vw7BAvSYfLZmlZ12mYK6A5C8tVa0YKJiZRV1/ESUpg5rXlCRGXv1KJNGdoqdtZNC8I+x6QaBXB5Y0yZ+Tr2cItpnNCioVTBbc/1z7ZME4Y9llfdfvfI3CgdbPonDrzegNYfSJ5v9RuNXpuvbDMdtmnP8W6NPfmF+3vX2YVN/BxfX3xvy90/T+tAYSHadMp4u1RrtQR8cZx+jiL2wc1j/L6E9qQWqI9af62zhdTj8T1z82PtBpW0fjk1Gb2/J6t0tZINcX6bKaNebmjWlCTIy3cvQZEEZl2vb5KHs2PqYX4RC3vL2PFt84NxZrrgF8fja9DdL7XC6SblQ9iCXNeJPT7SznwiuicKKaTS3xiTOu+MSZuJSZWLIMj3FNmbTwMleqKt52qTNuKgsGOigbQkXFFyv7h48evX971eSUMZfPayQp2td33TGqRLvFdUJ09slb/+b+rJqMFVu21Z5r3fyo25DJTksput2/gWsTxagElolhEf54sQuN/IleejwseoQE2vvTvBiqJdCiLYkKyOKqzULdq5yamUzr+ieadGMh58/GnIeQz0lYTERHFRAH7xw5fKrDNm/69P9SSfIr712rXBt2BvZoP/1VQUlmP90nfk3rGE3Q15himE6zxFgoPTqK9YJFerKWsUY0uKcn4RpdQgdrzEqBr2CJpbFCAT4MK6VL9HZcMeCjWwZdLkyyJzSOr+qwcsCG5Dtud929LX/l+xfWD6B1/6QA7Fkq8GBWk7dd3b+0C+v+YeWWhCBuH6r/Cqwn3agCmAw4hkVpXEb+st1zIbnyGrvVrkDgmCuvsds33NpBncCj7jvvcj3+TEp0jlEvEGi3KSD+DLRoBpsvFYLjY2hVO8GMOZa0k31hunVykJaUSqA+fAwQcXlZ6QCafJ0CJFh1yZStcmoSLiIl9c+L4HERvDkWZbuzAZSn3Q39h/kn260VCydUu6Seexe8+bJBa1/7iK+9PqH/3FnuJbePVVrXbqqqfaUDm80o6n8Wz/8Kfz4w7+RcXAqXx3XDaOFEZokJK0U0+i5QpJoxerSIhqamKrSEB8b42xT2qLTsVPo8Kx/J79yNPRLDrbieFW0O4sughydA2j3cKq4yuRCHXSXFvVhEs50vHlC9aELDoqoBfOd5b0Tvfe8Mn3Y0OdfXafDQsn5DK/v2HTZiSu2aLpvLxT3K1Or6+dddPXKq59xgAjyVTyOv9WwcWEee6D9kSP+KIUNfV2Y/Ipc93BOfk0b9X7BWrH/WHfjBQIzX+K9V0MLditSeUku4d5HaCeFweXxNNOSxPRSak4VZDYUKTfD5i0ppgzAVIlVPcFFLemA5e4cvw9KtU9klA9EB5i6E8+jpfynlzX9ZRU3t3RPGKMwr/V/rqf1VYkBJLIj8P1dcW7xowoRF+Bo+tF+/IZV9+lZWdJ/uXxXYPOA/1mITvqmfv2DchOuum8D2YshJe3B9L2fXTcWAjzTuk/LHO3Tf2M+Gj1IaSvnjE3r7jRfo7A+0i9ej/nXaf3+7+IHZWp84vUQS1vo5XS/pE6eXQPvzhp7RJ07PgHYLp+sZfeL1DGHt+RtorgfWEUI7rB35dayKECse5GCVrV3sYWT/sVZQrEJQXGUget8M4RCxoy9N6ENztAvFE8IcyQ/yQSF9tpglFEsTYNnDliR8JBuTEEQWI2SkCST5vAE8baSw3+rODQN2D7x+4ow54gn50siliw7Kk6fNHce1u4ed64pxEnrNQfpMIkf8PdiqEvSncNLCg1grNeSVzIF8Ujhw7vQZcwbuHNQwVJKV+jlzxykHltyM4+eJnwsjTMX/KVfJEstVwidtkDy+UPy8CushlsDcxpuOcglcHw7zOkRzS0S0GRlSNEuUVTsnCq0BoT+Qkz6i1Ezo6aE5mcxGEALYk5Iq57ja2nGJIzLPRE1HRw8ZMvo3JotFTHYSojWpOnNtxaiMC6NAPVahwhcrSN9WfypSkZWTk1WhV57CsNt54kdCnrSM5vlUcDS9R6IuSkH6f5/lQ/7iMJN5xikdMYSe0n5DTOH2B3AorK1c60+wHL+MeIt1NAF92DMQWL0YWu+KSplOhrWConIJejpASSheBSgfMaguJvRrZwauutiQ8GG/0mDNx0xvAq0dFMvURDZJy4eH8MlLJJzKnigk08cHYZkxh9xCJTV7CpqGaJnFJCuunNYDINS86NN3kFl5aIaqmaTZplV3H3FRTkVGt37KUHna8NzKftll2V37usSPZi8N5qR3ueLK667PK07tdNlolsfLAz7dB7huoVWIaS5J24miqaPNiayoqFsvbR4xWZ2UMNPT5YidLsB6v3FB+KxBo+5YsZDY2TscMv/cx5S3ZupvTHZdEj3Bdz1/y/8/+PBXxH3Jn9BB230hOpw/33qneEJLkPwY2XZO4CjNi/aFtudp24JzTaytdaT40fkE05uomZ/rxdFzEvWI+7RJ0lqQHXpwKC3Q2A83y9RRWozC5phkYkWPjYCBTE4snkePN5t2IgkU6CGjUU/PkhmLn7CNsI0ZeWlld6m40n7VlXfmLo4kXtyle3eOb7XDvLbRPCk33tFcFJZDzQn6nnni9yyRxvHYaAnGP5dHzYtdtdpXDB2eM7B0I8lZMbwyGy6AZN1zc64cfG6o8sANOfAO65ymHYiePn8j3DeTw8cB8fYW9jDDdoQAFmWKEYHotAos+FbxOSMChHeJJ/jT0jwYI8PI8bKJsYQfrFaeoJM9gyfzroyLnQtddT0BiYZ8OFkZ9kUtJ5Bik0+YKjVzZjjByagV0LrD7lCzxLKg9QB9jj7rEZ8MjbWmvUktTXavgo9x9tLHONtZVL6agAlGFjhoqheRy+2jte0w08tilUsZuWEJ0jHpLKQ3kOKK8vKKE0M6zfdOCT6C16aZNfBP3r7B1XP/5TWYOh2LXbLFYosmab3P39tR3hXIBP+AvoMkm5zPdaqjfaOvYV9sNw2l7YUXtpPVtL1LTbt2kBWeoO1B+4XjdIb2ApD9fuRi3xj3Nv0bf0Nu98T/5t3zp/kRUjPIzZvoLyZr97ety3TAJeG6dLvsOhr7ktfuWSex50XEiiEbz4ugBdQ5o4B67HkRsWeamPbUn32Cju2BsW+kssCUdj5DCeMxDFsD/VzWFr9APxfG5RGw5yikcdUdPEmhOSXZivb7FGusyukFD1XI0AlQk2BNZhGnKcn4kCkXV/qfnqyAZs///nSF9/j7/9sDFrTtV1+trw2fJwJr6xJb6w76uVusNjc+MwlEsh565W8ky9U9+EHztKG+vIxMrT8+/Ugc3/faSYPPbdPHwOdxwBjd23yH9HMPCr/O8NmnP6s8AWUCWneEGI4ffH6N1cKZDH9PrN5VSH9gGL46C9+39hG2tO7hz9TXm2rr66OL6+sNudZ0BO4VjD1742taq7qo/ROfVKmtgLYe2y/+6aHv9DkuYnJjazPWvjbVnN1prKecrifE6hTp9b/tXE99LTaj/rcZb+IoYiKeTU/aNSsqb2Xp9gIthGLFFfkLrMTvLeO90TPCK9HFe3g++r2wsprfzs+oquej26Pj6w17PL13SZs9jn7uy+JzYf076fNJ/dxF3DWstjF9KGOzN90tOQrDOSGaFC0HVVGi5WksITULGjoDpStkEoSXShDIqE0ZoHVhaX1zTpCWus1nD6XC51Zzala6/qAeyjZz+xCM+srmgGKLtCBNICcXeKjYhygoUIWCuTRfY/adRGrKayzE0nyrtR9eSWh0HdJ+WTWLkH/JnT86wzcknibkx1OF/G9bzq1qbta+OrdbW3nq1B2/qZ+fEbb9Gq3644uPvjXWXknXTmV6bgnQnDX0+fTD2fO62UZbEkOh5hTJh54HWwgtPmFP0DiWunnEx+ooo+XHSs0LzraaZ7HnI/TBsk267RZOI82KzeaWNH77g6/R98O3+LCElrTGNO0b7RPhffK55v/suHBv6zXHPyMntQztdziZfcirxMSe4wxzPQU0xI8VSyheumg8E/oC6cOyU3V7lHRczfC2RDJoLfUMPz4aIsN4NAR6ljHf1AEdHD7qg8DwPR/1QfjwWUs0wh0VX5vMlxrPtVE92bQ+aERysKeEwsHCkoCuXMxD8vBYOb24l6sYE5Xgs8vnrSL3Ll839GFS+DopIWMfeYFsiL79wX7t4/PcOe0fz/6zfsGxc+veIN22Aa157T1t2876Qc+Q+q+AKHXX3tPOfaY9eWDQX+XM/QebMtrrtkigo+JzvmSJTMpjOmT9+dNCNW1fz9pVPVYe/fO0/R7Wrvuzd1CeMy/GcybpPAfaxTLKi7bR/pPlWA1rcQv183fGqow0essbomkEuDuxypYFuEUXUTTKBMTJpAG5IDGoThDRCjGnAB9LmSxgyg8IaqpEBaiCbCx0LvmSXe3CJukjylOIoQ0wq0P7wMmfPrs53EsSM2yDO9flpWUUr3dZynfO+6xlKpnYvPOpPU/u5dPgTOXPWdxzRert2nlNuSthkOtAQx3JJG6t4MS/A9/943cjxnuhlAV8sDO3XK/WmCy1RPJ1CznKU1mZClajyGpbIoaJemMR3rDEJrMzDUSggIPZtID9BsyIeIFMQDy6fA+WIE1QbMmUwaEFOOL0ogEGy1XSqiT5emS9EjNn6U+tyylIISwTSvYH2p4m7N3z86l3vlq3JrxTO/PZ3hdm7rzq+fe1RQumbd+5e+uefZpHCn76xzvP3vlcqpT8xvNvnpoUPcBv6t1tz3Yyo/bRB1dvefl56qPUPMIRsZxLpPX50PIohYDLUGek/TiN01Bo3Ti78ZzXEHGHsMyixJsDPV0ltinEfqNUQ+Qp2owuZaaJfQvF8ugS7fXv+b+d+/E67d35Y0neQi6Wj1IEsMaKII3M6491bViJN6vuMiDhbhTE2QDKbJaCr9dJzWdVftUieM93K649VlnwZQTwYa9Y4NdBn1UlB7C6u+RIbf8MWFpYzag5xGp88kCR454EK8z/6LutNzy/ccKzS7pe+9CVM5dOe27Hpsujn57QWqe+vUt9ec3j92wc24NEDp8pH/PIpOs3d+5bU3rR5OrqeTOuXrNj7pfa2T+O7HjjvVdWvDwqd/g1azj9+dNCNZydXPSL5OjPvGWFsTHZ2J2UY3HQR1EbD0PAhwKn6GULQYQLm4rY07Np7QvFA6iUj3uBj+AMZ9PHDGWVht2g/fDsUGEdPwzlYMHqJcX5xsJZ0R5/yGsU7+nF1Oz6Mx+82zT+wdF592y+azUZOO/OJ7fvfnDozbNWPP/WZyTr077W8vDyLVl51RXTJrxec+O11yxK7zlu2Db6zABttrBM8sDanuWYO8lmMTYwL/bwRpmF6Ce7WiLJ9JEIyXagyZnURZxpZevBMpo/3P1yHqt/mSOHsw+qHusf4aSD+09ffDgH6182wZzdwK3lJn9OtrswAh/jnvsCbfjAl2c9Od6kbL9e/7LdJ/pw6EwZZUpMXWPl7foJJRIcJ79X5Pi2tENzwKhWtTA0dvkz716jRb/ij5zntE9u6X3bbfcv7R0sHz+354Jp7+0jb0/a98wzB14x1ww5rT2pfbF5ztLhGf7eNZf2valm85QeJV08+X9rHyvlMWpAx4VIyUBi8Lh523JHlJYOS6ML5lhp9D+HRQX+FA3VEBcHdW6Y+DSLgNLzhk6LKVIh6ItOzovygUWvUYvGr0QLK1rY9uAHG42JD9uoIICykkkv7eBEzdtCjQaJeMmZSnUino0JLNlulz/bnee3IfFe+MMX5OjpFi3UYCcTyITEaID/yL5nd/gZwU7uIPe2fq7N0WYK9uhQvrmGDCJl2l4GO8qvgD45QYJjFYTQRWKjwYm2Fj1ANTEWoCrHiSjIPaglZ0fDuGmXVHiq8u5bQYoEufXs7bPlarPjYT2nDONEQW46S22vvwJsJMnP5Rj10pkzyS21sCoiVgm0aTSlAJnPpVU6gBI1k8T/h7UvgW+qWNs/c5KcLG3SnCxN9y1dKKWUNrSlICCrbCJWbkVELC2WRZFNqIiKiOCCgAiiIiIiIiIXk7TghgoioiIiLigioldR60Wv4go043/ed+acpAX13u/3/+5XaU5Ok5n3vDPzrs/jzcgU+YiCzmxnMUMIgukU7tt8rRUYZDjISDw5Wukv69ulU/fegf6j+peQ5Qm56ZlJGV269kvZUptqzLqMHjb2f/zqSzrGD1U7X33bmSVFRXFDnOcPJi0kacqVhyLV+vmO427EcVM2j70YM87VcHKNAvfUzAkLzYcQIMnBwYICEjtnJTXgZLu43EByunkVsuzKT/7TYOzd+tNDvcl0eTZdR8ln2lqfydZ6CexjgNEDfeIOpicpJSEfxGW6aI2ETeZ0yYJY7V61JezFI9CbAPUf3mRuokHnRC4bRin7t9Crup4xGmzZEGzDY9GXIrQbirLMXi00WM7bf5Ui8A38OcaYvUzDj4su23XL58zcvG5A0yh5rfMhevpucuOqVa+f6HPbhq03Ta+dUT5r8oHnycZ7DnS05S6duuDlImvNRWMfa6Ajdz1yReNQf37DuMb7H64v697Rk/+a3vtnHMnkXC2J2hkjYM16AaUcuTCwLczChI2Ym15LS8iolmFmMUqFARB7McwXcJoJjJSwgmhGilHjw/BaMKCMEEZssmq0KgJ9sOTHDd8fvbZjSl7x5RMi/64ztHRPq2n99aH4kc7rphuSOBMGnLVBph/lbM9RpQw2cr5gvBoabaqAUs/kTH0AQFIG7QBJgg8SMnCqpJGKh2xGWOKYzzY77AKkB0w1nYwmk2gWCt+Ggl8eO3r81MmRT/SRDYb+943b/dJTzzY9zobkZ+qv0i/pv5l7/ll5+dgX6Ify5p49//3zN/85+q2mawuxNrC/xC1LDCBn62yjcbzOEdDyIcueEgfQ31YnO9PBDnBB3YIUMmhMtoKShh38WaqmKw5i9mNYkK3URhL/6123pg5Y1JFOHrh28aO3JecFait7zF758JMXklY2p+6lo3xJ1LLkntr0nIlXdrpkyAVD7ijrMzA984a9un08H+vMkwE1nXO7a3l0n4UXdvFgtANIBJ2IkG2x82C0BxBx4hDcH8gROQMKIFZ4/YmqJ6aj1lmAOfIikkl20q1//OvTMxNfaQq9uu2iX3+QZZJC/DWv0+On6DGSfurgv795kxS+/j3fPz3MBhmBWN4XC8ZGqwXCp8E4MDLizUJtAdjKGOVvcSNPuMJsD0XV1DOsotulAu6WR9SdVbav0PKsl1fT6inXD72gauqDD6F2Ri5fMM8zMnHzo3KY7+fGnrh+qgXXkJ7yjg9oJ040zw1WRJPdabUUcV6fEixV8Wkc7opbg48KOmOy2y6A9A2wZ43qubHu8W0vPp+SXZeZ8dMPRw6TE/IlkfVvvE8sxDnvkzuu+/oe+go9dFrg9wP+fZLkl2ZK4USC0U9QwGByGcopHC+LHmpviVYkxaQUVLCqmbnL6Bkko2cAUa0EDy+V8kIGXmYnZSjdg6kPKZRlBXNEAlLVoKxy09pZ6UOEHp/KXB1Ao1Og1D1XMvWSxcJqfH1Ew5C33yGpjz9324/r65hdclqeeMueSYunjxotF5Kc37rd9cnco7+65M2kgX79SzM9tTKOdiAfqST747j5n65669vF8/C8OMHmajMOZ+dcH16zA5kTn6DK4URWpthjzpfGC4ZN6jZiTnAlZwswfdBYAzGAZc3PPBnoytwZstAJticbiIcc/TK1qz89r3OXDt06ddhDRk2lk3dVlHXN7Zif16P7xf26baZ1zBHpLgf6dbdcoKZ3r6UJ8oMRA+2waFS+dVhC6aQlZEsE+OU2Uo+pt+KSUqTJvG4CwXiNEKoIK2hXKlB6iAqVEAj6SvTaD5ce3FB47YQFgxvxgi8Ryj/iE3lpkYsXSaNeuXS98rH/Vrhg3whAkY4JH83Guk/ervvsa19ubW/6BT1Zx1zNX+Q8OSXy5dH/2E2vn+6mEtO3Nx9d/S/6G/2W7lJpPvk4HnrEOO+WaSJbC4VQAwIdsMGsAGCAAJx1siwY+TrGRuUg4yjy/mAXptu5b203Az+UsQB0yamG/LnAJO0KJ6dkYZwj2QY+kSPdnyt8Ihdzr2VvlORSkNWzefE+fsFmLzd279PQt3LRjVfPqJ917Y23VPad0LvH9k3Tb/HbChZM2vS8bHuUxN+xmv626sjx+5aQ/nTHHau/+ehBYnroNvrTBkrplxOunHAlSYJz1AB2HPQf87iDNJk2ReMOeH19tLder5efqdfLj/dJMXGKmXqcQruOssTrG3lcQ1qP+7ON3b+a2bqdmD33oBTOEhxcTKwh2QwNxkxLoKk72KUsGBCogxUlQb8GCBc0wT5ZwH4vKOE+mTNYDJcQtqskVOzCZBR7MOwT2OpGYI50DDqlp7CdEio37MXs8cR5+cPoGAc93/Z0fydYQTLP27sFAAoYNllq14JO3GV1uZmVI6qloCiSF2MQj9GUz56SYus1eMSohAQik+VG2kxXP3XvCz93WHqHibaebHremVDsLwA/vYSkZr18xzWNhqrMK6/oOvnqi6i8tVtXw7u7l22gL9J3RvcpoHfSKU8/3ev6xrzK0kTZ+fATcitJv1bSY97suTHfpULET7H1kG0W8VYOVuM+FHJ5uJ/icmtsFMBaLns4vD6pTCFQmudlg3cQKDcC9siyu+9u6JeZmZLccXDjkpFIIzmdnE9S6uJGK5d+R19/I/K5XMxtGXaGmU4i3mAnaRmvqgnGBZAQJo/vy6EkMLs6liHOIJ5gxSVBLzrUYS9WE3rB7Ep2YuFxjgtZgwr4QRy2FGArE1hg0EOAhWuupKIqBMEOJTjYvwXs+Zk64vNLSoO2ckeCN0sDmmRnIFs3HLGG18eUsxVmEDUyAVxnKltd2bJnk6mC/nLxBaGnJt/ZwZh324ynQpfUDbtpwZQZdXOubu1zSSRzCx6Zy2jrxqNf11179VXHjy0lhk2Rvc+FHrjt6NFFq8jkh0jKbfTIf4EP1g7vC2I9bC2cQA4BDSvCxVwoLMlKDYSctpY29emmFLuOhZZREkw7FErlZempadh8CVXhadiSmQayTeWNPYB2gI090HxpT+C+Nq9PL0tMJ3r7Dg/kIYmv4YVIK9n+0jNb1o3t0n3klNmL19IJSOpLk4PPrHtmj2u8a9nCdffe0PqDqUafN9b1kumivnY0zg970E37mCU2hse8Qy5rS5PX5bPE4M5ageA5wQcBPdRgbpuxgxqYPxIwZ5bgYKqQCqdefAJH7rSqWBQrYPoRLRaCKlmSgc3MBe0xXuiUmf8k6fnuoScL1wXZwbzXY7C0/qyQTiTh2dXLD9O36Fr52DEy8rkRY0bQt+kPY+kbNFwyOkCW6r0Lpn3Mz6iQzpWL+pN4MfRRivuKca1If7Qon7NnnMJsmB2irhPMfVLGnhAHBUq2Cl/WY21ptvmTLRryVC50C+NTtsLd+BwdHO8LgjS9x/x6CslLgNRE2WkKeWynHMHEncz6aTIrFncRO06bvIkeN9sjFEssTW+iBwI0TYrZm8iDMxaP9rvGRWJwoaRD/lRkb+pS2pOAlqQQd7YA32XKkm2Tmf7kaWBXPbv0H95/TC95+O7Tp1qP0z302guqL5xd18vw80tv7tzxSVAek9hA4uQAeTMyd8f+/UdMNdQU+YPSqdMf/eejSyWNC9zsZ/JySamQ8Rb1idjHBgm4IAk0G9QEk70omBLg1K56uoRZDYBs6sISUgBVgjilUgbOHRiocTyzKYVU2AzjfFpLKTZT6zNS86LQXfLBCa+cOsNm8mqkxNDtpTd27jgSNG2PzJUXwvjf+kR+L1I8+pGn2dB5b8kJ7Auv4V4HdIW3Wb7OuFgoQ/ZgVb58VRea8bB82zaDx4nl641tKtGDS3ypfhD5F3nlxS2Trl9Fh4k1uvnFyO+yY/l0vjzb9BGRN8T6XKftS7xvkuwV+GvD8DrsS83m/uz6u1gHt0TKxvUM/ZFfI27aIJEXMuMzCEsI4yrZrKJZklPJxKSwBIEanMxG4dPa9bblbJWnMw80GIY10Lw603ZgD4c2R9hP2uffBX5bNeY0vRrDIeIYaln3ZpMXCeNN0ZiZncvajvuJ3cB7X6BcwuoVLKpeu8pZLESrC9eIPE4S788+YCiPlJK81tZT39BXSdGel3Z+SFtM22sjR15++82PRz/y1ONLz64N0PZGeA1zYWN3MBm2Yk+vWxot/FOAClAcZWXsFUIq2tnwLGV8e1SFvtgPaUSqCZwGDnwcqwDZho0+IZ4dk8To4OHUygBfqRwiABACbMQxaeVndvnaVXVnPqw/YvDS6qS3agkx+Eiv05tpCZnO5H3Q+CvdE+nQvu6A2x1KT+Rx7y4kHucIcCbskMkS4FTuCciO4MBlxzFzgUioyWi2cxToUiSrDqi8h5uNjcjTI8F58rAGedi8yFZ5xu2RNQ2Rh+QWeX/kPPlV/OkeccrHI6nwg7lJiAeyMyUPMha5hD/wcLKAD22Oj8tN1k6SfIyxZXuZeQ7bbBqzPZx4VDqhDbMAiydz+XkSp4YIoKrFi7YZtxpO9KVhZKVSB72LAYNWzAUVoCFOk9cIiH851Vd+VPv6159/dvjz99987r6pz1/T/U1i2v8dPUiG0eOUnuw7sXPZP9c8sKZ23YqbVvW+cMTqV5+g/+qrXEC/eONzvRbgV+xNGxHlJTQbRH+8M9Zl0tgIQX0NEqIPApS1OQG7jUN2BFswY1WUXdvkPOYAEQR15ECdRTHUTqi3W1ofZmZe/4YfTK7TQwzb1+84fSKmn7q/ti+w9b+Cr3/YR9gYbcBTbhE9/EZtjHE8OI2bMHhxTLrQg26wamMQT53tqy/fHukpH1kcKWa7KT7niENuifhQz/5oMW7AfbSKR8macmwuB0eLRpqleLEgOEQ0bo4hg40/xngVq7/4UeVyY42ETQYTsGfXS8fNrJIPTIh8Xzim94C6of3YYfSR/BZ5E0on6D8j6yi9qcef1Ifo9TXtazjE+1/j+r5ZOqv+QsPhQTsiP9qzqNVICBuwmc3XBzLFeBDU4aPCqkCsZhAB46QSDq7OibLw8HIjxRq4FA6DxpNFKm1zyMv+NGMy2TCDFhVXj19U1zi4pnbQhFFsVK2bBwzpadh0prX+iev7Z0zIK51yi7B1oC6DzWGBdK7aBbbvmxbE7vvi4P37fd8YBafUtLbtvh/Q9v012raPW5HeJ2VcgnvOYEm0xRlwYTQnmBAXOMHWonF/iC9kegc9TIDW6RZBqWAChA5Moo7Tja32ZRWV+NVG5hxsn0AG1O58vKGBnnn9rY8MC+RA5A36q7+H/MXpIfLcCdskbX2ae6IMereVAR46JmvgL6aOUNLnOPICsBbWwv9rc4djT8ciMB/G/eDS6PeFzHFlutQdQuriy51//eUQp4W6EbtLg0+PHQd/DHws0ScRfRoy6u170TM3rs2Zy0ycZoMX7RstTxXHz1y5rB1OsCpwgqNnLubYy/UTN1t1a2eujTxDUvDEnTiBZOGR+zOzcSJz4cg11Zwx4qlrQOyq7bgvASrPJWL/9ASQ3BtVxsusRrekjy9Jj17LCOiawAcF4oJosM/ewhebO06MD2XVziIg+PxI6pnI79/SAyT7rWdeOkx/MqY2gImIRsHGDY/dEymE6izdtjWOFOPsq52iYohtxuc59/j4ZveXg2IDKmht/b2FvkKKUWBf89HsOyxMFNCtgWzPmc7O0BTwy5KFbjVJhmQLr3RzGXj6sdliTnbZEe0Ao3bKIYioetk5qni1yB7E6aSQxaxRgmG4jkd/gWsoS3Jnl2fLUjYembyEhy26gU/sIQ5S4Wg9bTAm0gP0txH3jSrc8BbpT6ZvpHv3f585NkCqSWAsSSSd/EVjhtNbaNN/6JqXhRz/OGF+1rSf+QjY4SjpWZ9EgSTOT4o0G9NK1W624/y07ErUS3AKL8GL1QzJoo0Oci1uJ6YrgskaMKBBhTIl7JoVcndF6x4N2SqJEu9K7BGsc5NhxEPyyFDaTD+mR2izTOtkO7GdPk1s9LdTv1N2pEQaSTcyUa+CXEZGRkrlo3Qv3UT+Qc4jPUg13cLnm8lssS/E2rs8ytqoGDjAR3OcU1LsqEq49IyHoOgKFhs0pqkIEcNLsYy8zN/KrJ24Kg2UhIC5EzTCxKB3y1kIhlk2AWawbKiNyyQPPbiJHaJjGtg451z46ovEe/LoXnl5xpsPkg1si7wpssDoW7deXvigjp1rrGZnR39e/850za+kSknMYnuRx/CRdddfgql2UwnaaVBrAXDGZRASUkhRU4biZod+lqclmFUScjMnqAB93mB+CgmZlM5vSCHF1PkN8ILj43aJUgUT86fB+Q1adrI9sMloMDEX2MJ8YYviBgo8U4wLzK6BC8wUxQgOsPgX6xKyoCHBmQjyAdzVsN0dL8pe8ypyK31mo1mRDZjnd2HRiuz2uGJK8cmyuwmpd11PP7zy9gfjlKvfvPr1938++tlv4y/bfP1T2x5dc91heYn8ar2/1F3j65ZRQD+if8ybQun3EXqcjCW9m+jJW788tO/Acravwfnnw1qgRKYDE8SO4bTy/Ewok+26vkTcNXxR7BEIR/vKICKNByCTYCqWrwg25lRgi7ZaNOJoUAcgY4SSz0yeotM2FV7tBHtLVnnXQlKubTHbyf7nX2iYuWDWgb30ATKN5NH9dC0Z/cBtd9xBVxt7L7plwiyfOWHO9IefHPvt61eMbbjyYg3/qZzNJaZGGuZgtERrpF1/WiO9XZ4X+dLYu6bVhzpVyHyoYszxuSByhmeRg52OkgI+lKONDyXz/B+m0KI+lJFT7IGXncDzvrHulAfRtfnSMCJeD+8+BbcKzcoYt0ouHHTHSqMct7yudWfds/IoujVp7Mvkd9KxNZOWok91wLAw8kUUdxhz14NwH1ag1p3No71PJf8vPlXgLJ9KIadp0Rzy3njy3hxaSFrnUcd46pCLZE/kB9nJfyIH5YLIYfhh39ufjasSca0naz4VO5WSMA9pRJ8qCXwqeFQF3KfS2HVS7S3hBIw5JgD8RYc/8anSM4DrXQ15gcgwiXPctvWrsnS3igfevRr/XP8Jq/6x8vG1a++/nRTccfOIuy7K27oh/Owrc649+urkpyvrS/03XTf9mpp94xry/NXDVy54sauSsfia+7cWavajD7lu++rxCmzbQ38lPtanAivJzK1TbMAMmXCDNMXw4AIYLPpQlWT7WEVeeNuVxshcY+/W7/cbjp3ZZbC/25otMKd8ppPMd/oaewuXJEfxz9azsbT1neT/0XfafhVpmUuTZdvCCDX2xkd5MnIAHyPmln81bGTf4WQ+O4+cWQJI2Y187XGi8cvK605cuL584DVonhJhAve4/dMX58rn1dF5GZfeOaVAHq2Qo7KTTfALOouO263JNci+xyMNFJUMEuitWZuNqJ3idVOa3Z+I0SxIQ2DdlNkGXVZA/ipQsBJ9lShdByHQQ1ygbl9Auucl9SJVd45NLKXvjqLvubM9TN6fjRv5tCGfDWhv79taW+XWzg09Wst1f6EYn3fv6PMmnNu42WDj9pWlRXv0cS7NvrJwS8B8lnsCy3x7vRyuq4sMN/amfnL0zC45PvJzTE4sphYFvh/6RNvW88vt6vld0Xp+V/t6/u2G+voIovgZPm/N1OqKhuF3XKLvIQvx9UDOicX0aiJ+J9tDFH1flSwQdMTvVMTWqmhba1gxaUXa4ut5bNGvFhp601V1hpaaGl64omFtYF3TGF6rxsZzXPGwPSuJnUmThJ7FcyyJZIEVpQQAJjiYyV4mIguw0Qq9h9oRBSaYi7sjBgS7BBTD5DJEjcKufzueVeyEApgsq6jhl8BlS5S8HgkyVvmSGzLATFt46Ugjcf5e9ytx0B9/qfuZnph4eO/+92T59fcPvSZnnyH5LrKTnu+iH585Qz9yQQLeQTpIf3zwS4IhqP4UGamefvvgLyrMV/Bjs/leLmoFlxlXoU79he8rt/V9XVEfzPU3vi9Trjvr7mVPvDUTnjgcGXy/2ADxN/a9bvB9kdPLxpdXs6rYbXZxqHliv9DOKx7iRUDQblA5l6JNESF8HWyAO7+YGttQt2hxXbi2vn78rmlPPCXvJdfTlXfdMPBC1HTjhX23cr1WUmPXle77yu1937OmbhFlk2f7vmzqGfD/2twNOh88k7myBe2ev/R95fa+7599+d/7vtpYltdFR6M9DRl7gppx/h7wfXHHi9esMAkABDw2onkZXgxNxePeErbFawBROg2XvT1vCPq+WWpb17eQbCG1ZN6hvXRMHam+575Fj9Nmti5pBX3voX8aWlpn3Thj8jiJ24gmF3Kcu5iVqPm+7gC2+aBietje55L08fn0GlJZqyENKR60f8BgTGQySkKWZ1s7XpN2ru/2ejKaDfB1uocMXfIAG98LhvuZ9PgIx86efc24SAvCkcr6OQxj7BvThQTDazM297nHhuVNfzkgNph5OJh1ZNrS+9lgVukjuf66a8YJG6eR2TgpwB2IJaRwMLpk3dNNQk/X2MbTtZ/t6SJIloT0KQRru70C+Qa83gSdYbeSeb1Yg1MAjgL3DPP7z3v41W/lyEp5orq/afK69G6bBvzM/MHjv45Zmzmm/NR7o/bsO+8yXz79jJ6iP9G3MrAf4o8TphNs3Gf7um2QHYG9U/N1LVFf19Xe17VHfV3PWb6u3XxuX7dCLy2UC5ivG9N4zORe62jZ/dZ3/3nn1f8Y6HryWujRR0Ph9Y8+Daflv4mZvkdPAzgMyT8d+VnO/uxM67HPTv3G1xQ7x8CGT9R9Wiu3ITAPGq9KZi2Q70OfVpTr2aKAm1Ae6TDyskgbp26XQmo8N9w9MT5tV04UqDm12TlKIRm0auHeTWRnHfPQDyQtv5f0petuvJN8kPZA48qnzuwib9BKg3HaFPL8dOnvuUfac4kAxjL2+3iY13s3t6nDHolD+rBn89dIy8wfzkWkZb+GtOzPxd4VKKTK9cOvubCj+Hm3CyAtQ+lEqp+5BXEOTyLv2IS6tsSqYK4a9IFr96fAy2cDeLZHYBY4nnfe2w6HuXWhQPNcsOG+PUcBjVnUb5cj9sy/OEbHj5JWW2VYzfQ4FdYfxpzcWlWmjemu3ZkMPal2o96TCu0K9rKwEwXjTGDrD5O37mQ+L6cKK88ueDyhGsDgioWJ5L0l0C3GK77hsJMaSfKPvR7tnt5jRZfn3lfl6ZHF8sfPPjyv86qa7+iPcjKxkrIU3yhvyrsvjTr8U/kYH6x4Da8QbS5e77CJTagQcwDD/pzvhePwiPsuFHUzvyoS0/lEKQuyPAloOXsDAXDfQ8TAHrQi3NVmS5ZX0SJv2eAEhnxwpJUBjXIqJ3+CclsplOUTpJS6JY95KeBYQ3ueb5FMGNkeT9aMu/LJzyR9/7N0DF1H96ZfevfUPEMJSVi9vNushfR3sPXfljNp52Wr6Q5m78+mY3dNnNk45B8Fgn+D2QETsXY1Daqt9dy8dtKYMDcPrYyp0dx8erudSMvNu9rk5u2IFs5z89guo5/QMZl5fSrsuB5aTwpe3X7wdXpfZJu8lSQtXdFt1g2UWUy0M3mXdl760KOPyY7IybFT5g69NJ89M4F5zp5Fi8ZdY1iPetrShkMKzyq8/jVf56/HcJKAX8cx5wxL7tBtFbT5/zInfk77sH1O3HWunDib6cP1dL4wks7s4jlxXltj7mvaL5VDj2YAvrdTAJLFUO6GEBz5zASwgQ2uMTY7vLh/4iHPQcRSseafczQD1G/YoASgyipRDZUAX1iqK+zP78TBA4GovASW2jbJ7Mkp7MKpZ0KKvyraJ8jXnOyFV2isY+WvzB17DJjxc5BXZUnzfz88+Lo+RYPGlFz9aM3x/Y9PaLi26dWPL1k9ofeVJUX9Z17wfgs9+dvUh4cbhz009TQ9Kf9ORpL56f6xub6V9IvddAddPYKcppZqMon02UXSV+Ukj81NowvoJrqc1heVlxeRh/SaOdOz7BmlQg90isgNGG1YYYSA/VYnWJFs33Fi9T3faSSjyiMVasCd6Ga7pdsQSCWBChdv0jCYHcTgn3iwYJySc/GKjQ0HVyrh4NjXPrzq1Yw819MTmHf+8mT67oWPk1TyVuRlOjpMWsgwNjLrYdnRpzqfPqXHdo0n2TkB9S7XiH5HtjMC04r1rw6JNKgIh0PCrQF9urF4xA2HhOrWKsO1BWbXil9S3VoirBx1DEsdjNDVGGN9ZpIRDeRzmkkyW4n8h3SCTmog2ft3vvop/dm4YCTpSXePpFt3v7n3qHHBmQ82bVi7IjqXOlMB8w1TwFZxioovTf9DksK9Bn0azSlWJ2z7KSLB4MQZubRjz4WtGC6YkROLZJwwIxevtY3nNcJSKMWl0fJqZ9vZ5nTmF3VkKZ2BRuJe2rOOTF96/11P0IcM31/8zTcX09vRqv6+dRoaizz/xtaXzbSPzekWYXUhXZe3TYaBWY6hpBREhfOBAZaRwmwWYICDzS+hTPN3M3nKIRNr0GHzc3mQ1cSFzdIuVYBCu9IF5n28QAAjqihI4fmGc5a4GbIhCbXOR2aRjm0q3X5SSBFRn129/GP6Dn3ESOsw49CVTNbL3fbRIJS7LSJXREolwUNoup2d0TnSAjFnbAn1tbE0oVNS9aTDRLMCcFZhnMGPE83hu3wOYsbBRIHnSi0Le7I0+hYoXg95ssREfYJ8kNlqyVUhh8rZ7ti0bbrp+eeHuQFCM2S8m8Qf7vlo1/SKu8rDB1R5UKRZfue5lTcVr7jkuz8kma5jJ0LBN0RJTWTn+vs7R33Az/V0Yo78IAk+D8W0g+3fLugXMeKZbA7w2q3meJuRcKjMeOGfWDhsEoSIzRZmcMkkgWOlk3jR9MChKLAB30qYE1DgIPLMUrluJv1yd93L9BMylKyqHpXuzAFoCjkcGQ4/Budr79d1HcXXkY2dTT/jmeKSztc8YByTzOP/wE8JTpPNzPtZzh5XmA2LVwIFYDgGHI7BnY0tbzayp47svurgsrqlb/+H9Lqug5JcAq4a+ZnGw488kGTecPFtWs5S+YLJx83W9HjBkC3FJQSEhODM9zgsiIehMkvGY+X6wGv83Vzx3dHuSazqh/o7owehv8OKKYn3/nsQ6VE89qgI2b/M5QAEQQdU5BmJj4lyBv3wmbowPTCVBGiePJXcNCcny5kNCi4vYzI9ECnVfgzFJO8fVwUu1ewXrO+HudTy/SksmeNgLiIqDLCizCN14nzsbD7ALO+Jzsf1t/Mx+ZKE3GEe7qjsIVtAuPyZ2jawJ/DK+KML6uZ92nCUvkjeJP4Z6fgYgHrozC7ZEzmBPxCvbyDJtSMWcN1IZnOYadrOvMFs6RifQ5OUkJiR6+PlQpgVMiU7YX2yU84ETaRlGnioQALwRU0Ap2iK8fOS0p49vqvlyTTJGSQ72c3B9J3Pv/Lad2P5VaczqO4MJjiD9p1Bu7PJYU9wF4XZf6OZNamZqOl2B2/6jfkdU2s+IGVSzKZMZLJUoWfa6QpbbNmoApkm3kZtVkMKD3y7e8mVCKqSIbvcfkNn2NGYLHMcxGxwW0ny4pKJj15PhxiH08FzHpk4pm7SiuJ7H/ZPyJlyY3XWijVkE/vfG2uXDDLI2TU1kWOGgXfRQ/Ql8sXKaZFk+euSKRNpumlU5KTsEPUNB5hupPNON1xzCYkiqh3KsHA73HcIAyTQ6JYIhnemYFBtNtk8SZmcVvUcg/fFDl7Bsdvmdxk9r5ZuMjxCN19x02UV8yct7HTTrLz6nMabim5/hFxORpFBN87ooZBZl1xCF5u7Xb2QPktGzRwZ+VzOHDmdbjS00NvIjdGa2elMJ3KlAtAJsMubJYc3HZVC4fVZoTzQbH8CeBVuX4AfUdYyjXkrl6/UXN4fLigoEwUuqwBldTA9KRR60l3TCKYhmTvZzcE0picHvuvDrzINce5k1ibTE6nJ7kzLRHXQf0NlSARSS5NizMkDuXnVYH5VMMEVNlsLUBvYssFDMA/fUFwhk0UPSJxLrKATfncvUpmtWuUDDYY82td4IR1y86MTOt09aUWnZY8yvZg1d3j6iomL0/qWU4l8RbaQx9ieMV8uZNpx0Nj/7pW0knxxT0OkQD5cPKmWppM3xi7qFClgOnJcThX+z2jE686XruZyDkveNNg/BJNNKBfhRGOkbGkJWfPKyjBzxuTs5zuIXwiX6VIH0CVw3Y0mJVdIIg+Ib3LVs+cMLcztdEmfM3MVZtMHDOvow+MXXhaYP3Fhx+vmFtUV3Xhd4e0N85MqOtK7yEIymozCLWYR06obyyfdCko1ZSgkkoZeTTeSQb2uyov8ENUtIlXTiUZF2Yc8ycH+JaFeTG0ugNRfd9CfEojjAX9pNpADslkOwVl2Y65GN44VUQZeB9zfydMSdnQCO8ABQAND2XvdEO/Fi1gJ5zuMBjUpJTu/sHNJea/+F4Ak2EPH1qlOauj8PqAT3fsznTi/KmTtBXCpZd3AWbGpoc4liNbRlJSRi0082WooBf0SH+coboPSAZ5IZX4BwFiCS4JdMIoZehNNPOloEriH2CKDhgdzWar3fHjiGTowWt455M36PpuHXnPL5TedV+hPSQ9MGrjtTXrwsSdb6bGHF79WPWXKhfOGdLpm0IhnLl/1yOLZ8+z2hStIkVb92f1i69DN6oU3T6+xj4wbMlbd+QAUg2ZuenDXs6p14LB7rRb/pBSPOofJ30/XGqpMg6QLpKAUHFCCYreVhOIsbcQ+CMVeydZqJRd7Kfu1dxmXfJGdSb4IJQ+Fr4PZ25WQQvZ4U1JBXEz4diZ8X1pGYXHnrj37DgB42iLokMzOZ4ItVUPAvsikP4Bd6t0XZR6WSnsieYcrVNwZpK82+TJyi1D6rrbSb5/grWQmUTvpG/WML1JOM7+xN8H3zCB7f3DP03fEZoCXz0s+745hM+dccWMPf2F6aqChLzG+Mvea1w6umXNp7fnvjhw4tF/9xR+W3bH09qsne9yTJ11TKxLEfeLSz79DHdl43SVM7gNHdzr+Ylcl7eaJyx9MdPboVdnFLmc2FMj2evD3BV6TSyELeZ8b73Nkrx9vh7MGaMr/aI+z5rO1NLvjEWfNHe1qAZw1d5mAWmN2BaKtpWpwj5DtlULu+CjcYyy4GhYcufOyZagxOhtmzUJ80h9EIj7LmT3GKjtt+e00/fYsoLUq+gEzNs4nna8kWaSU7pd0/IkqZvfHo2V0iZiLU4vPJTGL32PHuXhEfFxU1HswZedmc/GWYWYjDdFhdOhKj12NCcqJKLhcyVE98zBAjkDjn0l/CIBx42tPb92jRJzy9849Gx5/heOMa0Hku4h873s/fvfhqFff/1Dz6+NNu6VEqZhXFoXjRC+c04hhY57JcCayATmMaJ+h64vZ5opKdkDrXXBm4p9CGv6R2+ni4PkjrhzSpWPHDqW9egTo2rGm7a3dvp2z4XvZs/Pe8xNGO7rOXXnmiB5XMFAmt0R2IvDKJkCqlfS+ZDVmFOJbA7FfC/jYDcQ32KfkDb8pd8CwHhnp6WnF/QvoD3OMvSP+Fy659d/kuik3VlhGWcbNbj2i1eaa4qFnQ/ZjX2WdcZOGU2WgELeSc8X1cq6n1GPNFHiAXSBfq+tpFxBYPgSli4yAZB0shM2igyWKFBjOglMtKUCCpeeCCSxri1OalQAg+oorLQqir4MERhMIeYEUAigpULUs61XLvcl80o04iZd0pq/TH+kJ+s7U/3z1zY8/HP/mR+OChie3ehTbpcQ+gSaVV18zvGpg936BC3sVVjL9HkPupdPoOrqeTiF3k6vobrqFXET6Mh2/kIb9tBctH+H/Sd57Rl06u5u3xlky7upVgv/SYyk2jnTyflazNMY4X3ANbDIdVmAldJDqpGBCSXNyvKQai4K5Jc0m/E3j6fZ4sb4hQ9QNAk93hgdAE812lYfgQSB21YebbK7aJHlsiIlggnuy8zUx5cFBYwRRmSAUnwviAi52XwWIDLmNChR5PqkiXu/goV6SSCrom/Rb79DBXvoNfXPqr1+rF12kfvvTz19bK/wXqV+eYlLpRZakDxiQQa+jO+kuOiNjyJB0soxAR/Q/00cMT2cSyiQZZFh6x/wR6XQbx03YYqwzrmbzLpDGafN2sXn7cd4uo07SKrirMwR3deFfz9uvhtm04ajg087TW55hitCnKcMmX4DsAzhtns+Haw7S+NEux7ALXbsPHX7FPaS/56WjE9ctd18wxL3ykXX3eQf28963Vs7+jvjThw1Lpx9/+z39NH3QwHTS4dtXT6YPGpTx865dJzP69k37ke/X5r6WYqlMGiRdRpiFD+ofLAyAOx1MFDFTP4+ZppUFB5eEhphagr1KQuexJd3rPDg9ewWsRcwECvYLhCrZuduNnbuj+VbIqy0DTBKD1JbgIGdoGPv1UmdLeNil7A+lYRezP7yUp93ymapczo3oE8+/wvv3+nV2BM/faQp1Sz7lCHbf2VTVrbu7KNjP2dSn3/nuoqa+8N8wuxhTv8jeYf8E+zJ/qzuzjfpyf2s7+71bVd9+nWNglgJsD26yGZwQsQ0NGwTw/e5OxZXKYHidfCmzwROz/IXn4ZNzdmH7dScR5XVn5hdrUd6sqqpQryFsqV98KXuS56nBke2ivjLij1Tg1s5X+jlDvhryVyKgxZQQPADSibsc4vqyThsQDQxv2PHF/rH3Dxn56JWvfrR9zZ/EhYsnNZTV3jprZvy0ef1G9svr1vv2eem56R2yOlc0xMSMaTP9iD5P15zXs3d30kD6k3wy/BwRY9Nuy8SZKV1LqkuTsxK6D7XQnd3y+yclunwpmbkDqy6ZIM5L02bld6lIOl+qZnt7uBB0KS8QSuBYAVjWlaEBVQQrS0LlTIkqy0GJKjsxXTivJNgjEOpiATo1EryEb6523Fw7MR05nynR+c7QAPbrCKZEA0aAEg0Ywv5wBPcbcti6G9lOiXowJapiSlSaxJQosLOpjHmgRcEezqbuPaqY+rCXMerDrmEHaKCqrDvvAA1UlZZ17xGjN+d3gqgG1IUOUJ8xJ6gFhV2UPqAziSOYzrjTMvLKUWcSCpnOFEBRcbNkVlNzQGWMTGXS2F9WquE+Q0bA4i93BS/k6z7KX4M4JXoumZf+cbwDWP1yG10p0FUFtocYXWm89PFr51ZnVw9deHfzximTr712Y/DWG4ZXZ1bPnfjQJV+9f8v4ujmHviSjhYrYp9+8aoCfaUjVQKEiE+TkZiLdXlxT9Nu3J1r69Ws50fJ7UU3xIkqb6M/0WFUVSTfFWYVKVDGNsNJdlWqlPylRTUrOzBtYNbJB46gx9zUbpXKpn7T1bzIywT4lwfPYJsKUok8lKEWffswu794L3MT+f5OrGSByNdsMCrMlzueBlKaSLr16w6+prmZ/fqduPfHJ/FXOJlTZhz3eiqr/e/YG/FGzv8DPf/7HXA7ZawiMiK94s1t85b7y+P9LZsdUl5q6ZRb7PxHDfda0QUqVCqVRf57hARc8JxBKZ2IvwMh7QSEwGuWC2DvquZ+imNxPKL2ASSkts+pvskCGNrL405xQpqHrCHv5vkqYtP3vE0SmO7UpQr6PerCX3gcVSF7NhtM66IPuEh1MnhtpbgGjAmcOuBRhqzEB4yrADRZmKxVWpWCVim2gVzm5JKLHRtvn6Xf0VdKdpA3oPiGbbqWroo3z65j/8Sp9yhZ5iXxEFolcP/UgZlQiPA10ISxGAOcIekqgTjvsQAp3hxPyWL5YICmXALaFwg5XHCQkLRyG3wK4TJJSBRQFsThS0X0EwyFSI3F9v2R+6pKJr7/9wd5hF4wvOoV5fQcpLh1V8ts3x372RJ4lHyDcCxvnTEkxjjdJzOaR3JUmdx778RlM5jz8KXDPLCQl39H9RaR094g9pLyYHmghpQV0/57qPXKPIc3k/m2Dm8nwYhoMD2mmk5qHbKebi0kN+9wjxtWGB0zr2Of2kYBywaCwOWM62KFai8IGqFCXDGarjmTvSJRSmKnlwExwsw1faW3fULvCQQUhpYU1e0dKS8lzSl5Bhw6dKukgJT+/QwfjD6X+QGFeaefcQFEu8G8YjccNB0xvSF7pWYn3kSrM1rFAOkbQcUB9moQNx1IcDCWRA4yq2CsCR4vb9spXeLTInYMqO11kplVJp0xQNK8knXre3bDbAGCQ7HqTQVaYoWKC/wbdziaXW3UDDq0SPXLYUwuzy3jquA0mF7dX3LLBpKiuzrHIA2YoSDIiiH8ZBBACgFPhF+EDxU+MPW+YVtVQMf7q0b275Q++5+bpxtPVKcW+zOmTrdah3dVKzGWR48Zjclgpl5h9jc/AbtJpL+LYmRoHOUgpDijNeCG0RrXhkL0eCPuQ4xUlWQXskJjXMMG0vWpgbmaKz5WY1D+/W/oE+PwT7POf1T4fBCo+38A2b/b54hlbop/fzsYhJ27WjBTjsfYmhmSRCuku8y7TcsmOu1ql1J/5KbXSFHKZFOxaEipmXlrXYnh2XTtaAekGFv9F7LhhD3hQWTgJU8FJUCXpGTC0rKwMqAcm82xGPWA4a1WJYWVcA7ydXxK8IhDKZG/XlIXzM+Ht/DT2ds4ll8HbfUpC3dk39umOh1U39o092Z55LTd+nWj8AhRlWlko1Qlg3QBWYeZsFhoUl78MC8JzEIqL+UrMfA5Vspv7l0HIqpRd6FUW6sLu6FkW7IK2T/CSslA1u6O2LFjtDI1jHzeFvZqCxnVwdFloKLv5srLgUGdoAnuvgentVKiCgp3CBsheipkZvmpSJjhaodJKdrm4O7s8ZRy7fFHNFYPg8tBh7HL9ZI6KwilH/DzX2PaVoc0r0va9ij9/q+1Hxt5YaLpqwpiZygjTgB69+igN4pUyLMBeDWvzipw0jYeXF5mHBXr2MQ+N23PFdLN4QX7/iz+cGfcavDAPZS/MZN/oiQ1jAlVdzqPxzBq6oqpr6XmGI9pvZxIum9QwpirQ5TzF8cpVV8AvZyxn30aTX5k4Gt6UhI7OM99kek9SELc0TfJLHaVSqUqaJAVNJcFuTN/iWprKDCZLUXPXOCmb7XCEqU33kmD6IeZyhXISW5qSctItRaGUxJZgVlmoB0DTQhLcj0g/cO4GU1zBZHYAlJlwU0CGmkp2uasrGMCUf6LPa853V1T62EFsdlcyM6Ygn1RUBnzwYCoDitlvqmTvsleVPgDedZdXAh9IfuFX1zue6vDO5dXGwdsG+svv6lHtvpAcqXTOsnW4ZGjRiKHsN/KscdFL5e9cnsfeGlR+42xHzYs9v5J7D2NvWTpF3pnfr9rZ8ZJUU0nFpxdWGxecXsA+cU2zYly/9avrF7guuqBifr/WV9gbOyv2yo5ZNt+gtKGVIl9Dl5lmmfuz8yFLeiqmplPr9w9mlCDmtYDo9QCaT5mGuSiqhyDR61V1vsM09msaL5jlNUUCT9CLGH1xggJRQwvwqEDv6sVsW6oazKgKOeI5z2ScyowgzlpuFygCTSarTeWtRjqQQMDgd3MwAbfGsiRn5+QLZIF5S69bgOgCU0c5Jk2bNjl+lI9+eN8aHWtgExRWc7wBc/8pY2on0a8XcuzvZcZVppNSAtOlB4VcoLlLy84CvqmHycWDZNoeZj8gBUp6rFyc0c4uSHMmqcjSHq/XhAetIBebF6PoAP4BcQwVmuLSAD/Bp0I9gg3KE0Jmq6BONPGGK4tDl4JZl0ElMcRKgHcGzVs6C7uDHNr8vfSD+9aIXiFeV479QqaT+uxh/iWiPxhqga6N1gKh99BsTVWRZdzYwvwV+DVaGPT/pRpIr505qw27ZF0D2URHkaLTp39voWMaSPFrL+46RL82Lhh57NhIuhW6i40Lznz4yFMbluE8UrGGzoN1QNdE64Dg8Vmtf1HT9L9WAHnOUQGk1TS1rwCCktZauk6Uifeshzrxu56ga4zPVxML/b068gLUABmfP7NBqwGSNSwHtrulAe9olNkFqq3tCViCgRWr6TqeaEIZWHFgvxqFbiXBgWQ1c2vbwrTJDlkvbLhMUENmG/s3jds7oqrdzLYwpYgkQ6VLQaVPZFAOkAbZNu3qOQPuuGrlv/bPHzVr4ILqEe98fNK0nY655cXKTeU7siMb5GbvhsBzBUtnPPmYhqU/jNnhPqlAmiWeQ6pWzIOlprkCeJZH9qDENKkMAa99TtwwrDzlG/LJ2AHJduUmg2KPA0fSymEzEf863l6FG4mjKpjr2ma0xhncgkAAILEr0HXEaQF3gC/Rm4w15DC7CtWZDcj5I93KtF8/+XrLnIFzRzeemWk2GJ/aNWrg/AHz59KNL4WpRyl6KEiP0RN0172byreU7hg5ZBStM1r/+DjnmcD2uUQhxw6eiHLxKF9IZmYzxTwxBeq2lKiqteFWkYFMpE0vFvwckF+qB2YeUkxnATmP6GE13Rn72djcZTnnZ7v+4rO3y5m10NFKhtDaVsQ9KREcQnbg7EGsC4MYd7NE4sVyl0TO3gGmOiyUOGwLDcdhm0mcFYCd40xsscTHwYV46PBKEB1eUQZvv1qyDkiHyDN0cIO8cawcHhvZMjYyWt7IxuESfbox4xBzZNtOvGAbJxZe2xsdh+v/NA7XBmjsJdfSe+vJ6Rrynxo6oYYq5DTiX0hGdmKwlTejHacSWPNua0uT0+1gpoNqa2k2J+NSNEeXYhqHe0rDzSUN4J7S+J4RJ1ZlYhqCJzs5HifocFxiFXZ1mHQIKKa3RheCPWKWAsIf2TlmFZGgZl6zj+Q9QH/57Z4ZC+btepceob9fc6Vp+9hIs28t/XgP3Uk3ll7VjXQmTmImub7ICF4rbDN8gHWo17XrgQYaHmi1NSdFZ8LL4FNdHONP0jD+dGA/TgCDwH5hs5079y47B0yVADA1mMQsYe85ZiVhgJbD/vHYG1PIeyLvXXHV70R++5m7Lp02a9GKd96qqzH2rqFzUukh+hX9jX7cfXz/34/9+JufYu6LLmPm5nZm943ROWJ4RUQMJFQioFFiwSNHYnNF+7AQr94FO6GNo4vHYfYTepu3Gc1x8arnLMSoANaDnY0a5R9bHzgXbtS1cM7GYkcpzO4aj1jHZ41Z/l/GHLYAPwgytFrPMebAOcfcrit747V15efoy6YlOGjRmw18X7Qv4F258slriMW0lozE/FV/2hd6ttn1r/h1YDkTGG3H2HNxQp9FvKjQt7DdL96CS5G5+hqQnuYPO3ntj1MgzvHeYOYlQ4Ou2cJrLBDF2wSFhQZHgt4ZVBmdIlsXDevlnrdGnpSz59WNjBzYbdoesayXayKrIi40eIxbkO6A18wbXkIOgepYK0/vhk7Qj1O5TLT8YL8P2HY2qFM3KmYYllXFKlLgaGwymC123TyLkbzomCbh6+p6R3umabEmZg17ayPaXX10mSEiI47GfW5wQYeKHfnYmmaJFxyWQiyx7fgomBryNUhmwk3UWLMeBUPq6S+ERla1Nss76FwSXIbCifaJu6V+vO8Tx6JJxtOurFK0dSUw51exlZVxgBgLJOCB51wfjZf9rZcNx+tXC5hE5tcQ11w6kwQX0g9q5oNMFpPzjpEOdOQrtIT0/Yh0vRNxAUqFXDygSwlivWCK3cDOgDgk6DLxUwlOA8SeRfNNM0Jdbt18c6P55oaTANsfJQhDWu2ceJBbnwGvn2sUaJNfLV3bcPq0UKkJNzGFajCuGbtjx1iag1rV2owaZVwj+q2AN4LZnF5pIrd0gu4AZuE1c9NylrmJTABoNGvmptujG81RcgBc9m6P8AXiwVWwqW16qVRDIDpsMDTnM8fYJBddT0eSg420Plxv/LXm9ddrqIt+INfRLpHlct56epPxV44baSpAG7MPz80H4/XKWpAsrgY7Tw/JZWE7nrB2GJYTxQio5QawIkVJf4wAbWTLernX/MhmuQHFB9BJlljZIT4k7yE3jkSuij4Cm8Am+uaNAehvRbqKOA2fIBxn0wCdOHWchNsCVD2KMei6X0g2RPEKrjK01MQiFkCDOccWm4g4VzVtPD4N69OBXHvYHcq7fBO48idwrC/o2m+LL4bsSA440c2WNhCfsB+AWddgqJkwu25u62asF76Te6NQK6z382zA3uPLBI4n2z/NbP+MQ/KMuJh+HjY4mw4pIAbnaj8411mDO3tIiDDQWNeoYQxwD1HgDPD9SalE23A47z6GPUFICPb2ZkO8TZeSQ6/OkbE6J44PBIGV0RqzmHVrjA+E22JcMmQLfWGCJpra05ujcmF6OgXtwuHRbk2tahpJ1OP5k7JEx+BqPwbX344BREHW05063kJNq08IAm1C80msfZ4lmM8kgbGabsU4h8rMQocab0FkuGaTL1VHAc2MrX9O5cRVMLgUHkmxCuAnTwocevE86eADyGQr1HWbOB8ADPQcRiHYTyg/w8Hp175C0u6jP/y6fMaim3Z+SL89fd2VE1pbmThrfI/Qj1+lL9MnwC4sJioxkXxmFyJvI7cNFeiHTZMahXyTRL1/qhVpXJ3GtrimwtB1YdwnmZM6wYySeO7HwjvqQu4kxNmwV+l4T3Y0Dx0Q/wlZ3GfNro1x6MwWc9tuKLji4tNE2tl016Uzrr5tMR1/+eC6yFp4Rqn0E/oZ/YV+wuzD3z4j36RGfkfwCsiJbjG9ZNovFUnl0nop3AEx49gjyrB3AG42rVYOeIMCMNNEnUCId6xhlIZPpxN7XJ0wTgwY4tix1snNjn2Lwd4BvNFSdZviTDTlQ/FRMNkVysCKxQ5QQ5xdFbJnsCeZBcWMAXWbZHMnpwG9TciSyMNh0ZyS6LHBJFhFZT7wDnKYJ7POqQFObK6c5/QBCaE/R5lPBpLCWy9KHTqVGkkmMeVfmTrpuhcf++ezDy+67OohlR3HjVveY/wDr9IP18gvfXbb0tMzF8ofkElkWWptUmQSfYMG46x1pEvzLySB/nbmOfrcqP7eMb6eRR2eI5dspet3DSIZL5B1RwS3yT7jKubPF0kV0kohTyg5yIWQVqZWrmdhipJY3gGCRYmgKJWxGbYYWUL5VjLTkm6gJUDwbrDwWtuEDuzfMtc2xZSoCoGyj8/FEv0OTGL5VaFydno3xzE5lsTIUWSStawcturk6wkPs868VIA0FHmeRJ8gg2789v3q870DzlsfvHLbLcNLt9xz6y2LJo9LGtWhV3Gn3jfPqFmy/OPZcuVFQ4fXDv7HZtlHbCTgutx96tvF789IXN0afm1n821HBrjSHaMcw4qW0Dk3bOkT2HHz4mUcf5PZz4C/mQ/4m2AnQ90c1n/1RRyVfMBRQbt6FsfjZPt/AeI8ni/F4jdj86aNM/naTDqqg0mHDgqb0cA2A3aVPQZVhW/yNmM6zWusnwsQzWcssL3j4UsAywrxW/j3xUK3iO9z/Z++D5FcGutnI5bLLLS/W87ByUo0fBe2r3cRfIMWzjfo0PkGofY/DixcE/IOIfOgsSpa0Ajejl9tIMnd0pTCIpLcQEfXMaMyfenkO2bIn595kSaREzp3QRX6Jlfws5XDmxoCzXZHnGTHFCXbH4KWMnRN4g4FE8oApwAMNxueGzYLO36F/WHnubWQLU6QHEgO/AUGBh6YV5wp5dnls8hmsuVa5gX0oHsm0d2kJ7AbGLJa5/W7kk4hK67sIbWRhRsQCVzcDsKUmqgiANEklKAVnnAo6EYuzaCtLOxIwNwuUOklIPpYArT0gZPuSIiKzXW22PQRxgpvDAnQfXV0HymPEeKuGjqZrKrRxrnMOAttJoEbxgM1sgbB6uTWmoAIRvkoVRpumMXq0D1rq+4oWQk5QfvMJIvJ8im0B9lyVX0VHUEHyaflHZGl8ozIwEgd2iSbI2IMlUxvv0c7qe0Y5P9lDIF2Y6gkd9GFM0h/0mcKXUyGTWGD2Ew3ySWyk1aQNzXvmBynqdpaVeaiHK4S2LkmDJCFHSb9gRAOoKuvYjYuh+DjduiASOJ+scAUDkEEjdlam5caC8EuLLdstqhLIycRu/bMVlzYNg0xFRY3rm1TNcroL8Yni/FZ2ozP9Xfjc/0X4ys0lFNmxtUvr2tdwDcCDdWG297M1jUZMYZTL9AI4tiZnBCncS7ocLsmtwPtDpuOpy5wZp063G4sxg44TE7oYXVryLtqO+RdvknFou821s09G3+Xm+Y6Bu8GpvcQv/FJQyUNDol5nUA3pFW/iCyQqkMhaYjpQHsLVpJqQKRSgYrkao+KxAfWBhlpdl3jWdhIwkKP4iMhTnEyZG2cOk6xPdDsMzkJD5n6bFga6MMn6fNCFAZJkU1YBpISK1Qvp0SCdLkF0+Ug5fgy8Hw4C0Y7kcKoexGO6YQEVUKsCTWD77u1oWFruMYXlSuZQe8155ZwcONBSfR50ntbLN5UdA52gTflU5x2zk7t4+WNPkWfg4JzUCwxc3DpczDzOVjbzMEl5mBXYuYg6KsrtDkgPTc+ALlm6dL6+nvurvFHHwCppAeSr+MAVdckt57cGhvD8UCnki3GN2g2cS/NJMCZRAWzXKaD09mj4HQYTwIaTWERB9TcGDpPhwzBHOJ6Yf+HEzY+MnDOlIYAs+wXTt3xQmS/XHnXna6MPFckPYpdLWn4XVKMT92s8MSREsXviraVagE4ODvi3GLPTJBixtOWX9TMHCZUTiaqK7bBqdt6Yb+tG+jtZMpdN/QfQf1oN/b844TpOLPDM5kNdC+vj4NGXWSHDeUy/zFLTYlnjzg9EMoSxy/vVuP8Sti1zla5CmisyEsI3eoJXt67BslRduoG08GLCILHBJWf2Wo43pMCQboEVwhaYiX0rYJJ7BZApAnlZkFFl8yh3SoDWMVVwUm+eXt7hehv70xM2eCRSD29413Dq62PkYxtJJ4kntnHbFmSNPbpGU2f0efpEwnzF5GZhr2fHf6O/mBY0re4rKpv74Ok9z/pUnp/X7qHfpiRV9uPNJCx8nQv6UjK6Wsom/I/ThjXMZs6Q8qTlghkGhcwmsqcDLk5MyHZxsmmMciVHyuYNK7lEJLIRK8ffEg7R6vVBZMGgsHuiLDNlczjxiEv4su6BJhNAruQxhFY06FkHq0YIRYfoi+lk2yeZRa97yAV1IByJpXliaf37Py09Ud5/8tXLLlmzJqx/6a/yTfPJvXyIxuWr9shf9+nuKzbPOVzotCfvxrx2YmUotEd0kkWMZpn+1/84AOuI+wsOI6c7x2k50UNZTr2c4dTMCqWAvVAqDH5TGNy1DTQmMxAKEdoTGGsYDKjGpODGgONQansUBNcRUk8j+EXetQxRlyZuh4BaGiaGnJ1QCiSUDz4b0w2nrN0KT/nv9EloIf7r7SpPnIw7b9RJvoYGddVvrudPrEzCvQJ5NgkhdNAjsmBkMvcEk7DEGhaqlXw+eUz7cpJSAXtyhHadZYQhXbloHZh3IIJMQURV1MSmRBTuBBB584SYigV2JI6IBm3DYWHKLYhV1pU66DEJgfrQPL/TusAdFEu+EvFq61/8d2/VTwmtqvSSWKLUL5zcCsh14h5hCuf7BH8EwfJWHYd8XIRW/U4x+AZrWHlAz8M5AqnCVtUkFKcnSq0JEtGDVcpmipkm+858oPNRsXiAHAH6BsztckTWtSQYohisxJENj87U9ggfzA/MqSiM+lLqukPf9w+Y9HMNw/RI/SrZZezg6NQ/jAyLJ7uovvoi/RJCAt1JB6ikPjCyFxJyxe2YkxoqjYvYfTYSxD4W+GzUdrGg6KzgfS9Npsmo2JPwMQ9n4y7Taowma03mJii6icNmxbAtWP/UXmUTBaOHNkyl2awDSSnbvsNN19eMmHg0gf+/cWYETy7QjPpv+kPoTMLuo9P6/DjV59/m0I9ut9i6olcF715TSpvvinhgcsksHzBRgDbO66MI/AbEqFaGShNAPIrTKw80h1l+OBVOO1YPh5cMWvB3LOZPjZxv1tj++B8rGy99kYs256Cz1pyBzCqGoPIlWDktoP9EAzMgl4fT2NA5gdBWnT4LW1AsWC6MJ7ZbQF1hR0uQHW5DkNsU0fD0wK8UKfkRH6FaCScF00ncs1N5B2YPBKOpSduaHi0IXC90xYT8YtGnp1Qq8R1NZmImPivtHXY7EGLbnhnP8Z/58i3nz5Kt9FnvRljA8RNcuRekZIof3ox5lGvEGO1SVxK0dC4J4q2yz0GL9dML+99FWi74Cm4AOTVFq+xlgMiucT7NKOj1QOSWrR8ffPNl4675rbrMUycR46c+ZKepH9U1PU8fIT8O3JS59AwLY7l1PmfcgshI2TUzMi+9udZBf60uQRR7f4ir7AXfcFBbfMK0WRC3F8lE8RoXPpozh4DCmb1ylm38URCNhGlZrIt8qs+hiXo710ldB2w5OOxxir+v/L3hIcHMf2o68fz4giazel/z+XxwfERaOPxza1rPAfjCgCmy+kTtgl/D30Sn3Th3/h7wsODZHHU9UN/LwFpib1Vf+rx8YG18fga6xvPgYYLIyMbweMTuqWEcS8bJ+x7NcDVS2fCSdKLqnw8H2TT1QlGhuBHbkAPDcsmbMcwu0KA2sMkCJAiBrMlwa2ltEnbqkv2P+YEHFgrK4qsrEa9i7dEjvaJHLNYTNtPnzYpXP2MI6+78fQO08Abbz3zrJ57Nw1B7s7RgnNScrH9zgr0SlqWORkHLkontZLSuDIMOPCCUmD8jofMgmx2YWYBaiWbTAmJPn3AHM+bD/kcmN6rV163YOY5cL3FvtgW2/vcNoJxP3BUSbnCRkjHPmjkn0Ccvv7cRnhfirnfq90vTZYyY+7frd0vTX4T7/+DMlvjd/y+OyTBa6FwHO5NMVyf/TVOT/b9Mn4exwM9qeGBGpb8wmsJ5zEfLJvZ19Bh3yBqO31M6DasamKWiYeoYAl6rHqHvWgwZrKGJLWdVzuGPLAJQf0DM+vCRshEa+hJdtHQA+WrglSHbfPmcsD55LwrohVbcs8zludEvnvxi1uem0AGk8tW0S930e/ol1O/PvoFUR3yvp5y3eDxRel0Dl3xGd3yHJlJhtLD9A3Sh6RzjnXgMcCa74mCNTyZbf7Y9G6C9ANxx/P0Q5PFHW8p0qwT0cuWxmeUoNlaekFkGvMaYQ+BGXHq51C8SRywbg6oq+B8ymA+ik7HXtloYIPeedmKyaPvv+o7Yp390d0vfzrxsXsffslJjo449n1ax9EFmfQTemoLPXUXifv0+Q/f2cWeFT4T0Al5kdCJB2KeIdMJ+XauE19JMXapV7NL2f0H8X5ul+7W7FJp8mh+P3LV4f2v8fv/+ArvR74FvP8rcX2GpHHbOdiekgS5cJ/AvQ47DDxt1qxafQ47mrG4RBXUEFyKHgDr4FuHwacxpDKlqELmijisVHLq2MQckYNkA6BMFkD/ZedUv/bR2//6+fgDcnnEbZgROUgySAX9kv72e+8ptZsfuv/RGrmytjZy+NDuA0fYODOpxzCZ7SEp0N+VJAksZYfMKaHYOJMcGkB5Kh+ngIaIHWcSh35j45T0cYYcdo05PoYcgo80nni5LZo5etPobe8e/eZGciYy12CPnGF7i+XGz5ceXEZfKsr96LktW0fIPUcNjrxk+PjDlZ839o9yYP6q3K5x2pEaieMmcL6Gcg3vk9QUx9yPz26veNYrYu7freODTk6WorxwuL+Uift3abpkrML9pboNn7bOIydnt+USkHPafh68f67Pg/tiPg85nXC8nwidOqXrWiOOt5Xfv4jfj7xzKI93hTyKOY4E4pyWazinpObhmPvx898V40mPuX+3dn/bz0duUf75Y6Qp0fsRR5l//ph3o7irS/DzD4nPH4n3Y1wSx/9rG3xldv5ivayVyVsvDSXQ5xR1oC1xZ2XK4mJYZZD0DAph6+tN28eeUQT4Pq9PK0e88jIphqbGptHU/Jefjaw1dXXAWzOLfzbXK9N2nOfHYp4/aHplcuE8T4vrq3AsJWKeKYDzmqTF6LXaYGYpAiRls0SS2pUIs4WXHFsinIxR/WRIIcSJJgA2ejvGb+1YsGs3cYzzUBwSIKHJ5HXyuu8kaBhpW70b8OrI0T1JbElx45jRVR2LC+rnRkuLn/154kzvGNeNq+SNMCeXkG+KNEfSy4vFVKBcK6bCODoN1/+HaUhqOC7erZWc/dlUolXJs8eM7lFQXFDXGK1OHq9NBZ6TyMXdiXv2CN6Xq9VbimwcVvZa+Y7t4QmxFC3YrMRU7Hphhw7JCN0I9I5tMnRtxtcuVbe1UQxyePuEnS50nrSL5uySwJ5Gf8gbk7P7b0fKAwYypvF87dJ47QbaPp835nIc6VlZPV2mkNkjGv+kpEKdfUJsvZOF+Ukysj/HI7NNyGyD7m1XiWBGStAxONmZgSOCHCvK7CjdToroVCG3BlJCt5Ejs1Bmx0fLjSi0O0dHUlFaROMBYWPoGTMG+awxmDm+YrsRhEwGjaTvrJFUkpn0IPHTTUIwW0kh3UfmzEShOKrJMZAKza6OnOSJTlmaCniggjewO6/QAxhWFEmzQUX0zVjeQG+LIA3UggIxrcTgM+bkV2o4+FNbz5CCCXRMy+/XPvMWKabfHH6ZbHj7ZXnh6SGH923YKN+0TJw58YidfQHastOZLZyNOp8jzRSZ8kT0IYJpZWJU2S59VBwbNpmNKpkHNaNFe+DYQloLUGEzRTDcDCHeYDyPVWZbASIuuYpLFLltYSK5mPQC37IcfDlRVJLPrcFy1Z81nWQTy0sNRL2ucULT4yfGzvniwBfXPvXo0kf20GFk/rufygvP7KEHV60gR2jms/u2b3/3jTWPr11ErhZ1NieU3opHypSKpOslBMENJgUwSJvAGW5ChVBtU4jcNtg83QnnmMVmleVEfnaznn10CaC/YvZvXhZb34ohHby9eDWUAnxYLohkS6HCHNW1zay4PQjKpqMyBPLLNW9Vn6ofLF83zL4nwVhs44nPp62rVJT6G+6YcktdcNOpvsqUnz7/fiKZsPGR1f8MN8lOkkI6jq29eQ65/cxdoSdXrCUX0KYXXzt2jCQRBy379Hv15NenNRtUKTHtYzOfLbIhTu286cAOmuwsxOnPhn2CzTnvEPBzhPMwI5iXzXZlRUetwAkreeyppaYjpXIoPhlxoqCC1s6TRCGI5wU7uJolxesp4vPWmt0BEc7HzUAx8fwCAD6MgfKrnvb+za98smb5U6vi4mcvmtPYENz4cshqfvPoK6/s3b/5jgnhaabS6kGvPrGkOVPJe/qxp++49z62D2Tu2Lv73S2rax9ZefN9PS9icx7BbK1arKuaJuasasVUhRCjz8Y551j4nPMPtedLwYnmq4LnjE3UjhPNBqpeO8w9R0y00NUk5gk1Z9LZs5UDZcmET5a5y21max4x4qFRjz9bXzt9ktNeOfqKE3WbN1y3+EJPwm2rl01bsvLW6+c+bFT8RStvv3yuT0maPaNuWhdSyh9z3yWLp15ZM7H+ismDBKbjMmMte8Y50Fujiqq8sIo8rarTKlo4AEg2yeeU2dSTrHwZu3hhqYkzNTEhpJWE0/DP0nyc3hXxZF24oKVQkk9z7DLVsGTK4QdvRQy9oIi/tOPWrkbu7NX3PXVvY93cz798G0EXp71wtal09WuPL2nKUvwbH6KvYynIioceRFDF84exedWw8209e45ZgFSMLR3ANJlYEvIJ+FZVIwAMmqBkDmpAU0qwGCQF8/IpPk7UoxUMIMOCL1FE/YLpasiUVQVnH392Ua66dBI7EQ3rsAap6m4Y11g/e83aFRp8oVHhPHWZt1x7BOfQe8pEjk8o+K8V4IPOgSyc1SDqP9nYEzlkq4ODbSfrFX1OhNxDiQNoQ+/63zogaIO1syNo3mkKpdpOOYIZO9lu22QxW91FwQxnU1pGqruoKR3+G2YXY4CB2DUAa0irkprTzJb0DIErZU2NvhL4QFhLmgieXDb3OFPVMIHeYS0834sgBT1sXZpOs70s26BgaLxnWaB/l4GXdJYbb1h0uuGFx5/fQgfkZgyvnlXfVx6T2Hs6GSRnkkvPvPHE3aSQb9Kv7TMcpvQjqtJ3Z3MfwMPW7WHMjwwVUQgbW7epGrkPhu59IjfiRda7oAVpsoAkE0MPdouoUvHB6QKdLTGR/JjjJSuZiIi+J2Pm4nyZHQlT59f983G6lq7NuHTJ1GyI6r8rp0bK6HvLVpOLaNOOvWS53ECn0bqXdTz5QjwztU5Sl0aDpMejfS49Hi1CcHatpNd7zmMTw3BmTk4Ze0BqkeH2socwdfGEObefbnjmyWefbn2PR6rPvPzgvSSLfAVCfuN1Uh0p5VjwSi3aim3Ga42N8ftcesRajNfVfryu6Hhd7cZLzh6vM3az70kwpL2ijs6+se7px4PByBReEh6poAfuvxeE/OJrr+1bBsXhyIdhmsj2tHSoX0nV9nDEx4lje7g3MRUyZV6QbUYsxBJUfyexI8yThP0eXuY8ZEKkAtqMLMZUOKiTgF5GkNE5JA4jaQGQKx5lQ/AcDp8k4HNcUNLnRejD+dtI9acNn/+jYMQbtfRTGiQdiPWnb2iDrNBP6GG6lz4sHz1ORm7rmDvWX0w30DfpG3Q9ZFtqR9EQs1jvEdw5xvnIXXWN8AEh1YLUptAO7nInwdxcFj1yKLDEVG55hFXksFJdwjEChqSw2Qg45eB2gG3vdmlRIwABMLrawQLlGCGlnoXTgtUgNS4h9ucPPJa16vlvaes3h8k8upAc/fk/tJUelVP/SQx39h/V97cvv/yF3F7T/9cIKZB0rvstWKNzuehGtlhb2hbZYg8RL89z6+VvbpPWOwSeN9Ts2LWaHROa27wHJRQXLzpQvGdtOzZjNs2+ackPDc3rX9gOtXqthY+uZMcr21leeH3PWwbsAytk4xuI/DaXi3o4s7GlbVGuGw8RLM9T9fGpJr3B3sRZZOMFFL/VJPjnJTMkueKi42Obixge21ugUG8Vkf5Tz3aUh6FSL7KK7uGnN+4j1wi8Ija+cqbj+WCnIE9rJjSmiERqc2JybpwdSbC1+p00L3QHBN1w2JnZcW1GLuWwG1tZ3D6NsTUTGFtzsMxbAsbWRFfIaOAJV7vZwU/trhWV5cCkBcFkHXepB/HqAExeJTsrd+YbzRu3zHj3NqK+FNj29epXIp9sfLXl1CfvfB+8n56ip+m3ZP69e7OU9K13XvPPsVNHX7164bIHap985P61NVdddBDjI2P/OGEYCXEwcq+eM05lOpMFeRbMGSfrLcDApGWw6sjsombTK2oisX8dLBAHZqUANA0c10w1qAIMWlhKBDebTfpcWeW2EYF26eXGMZd368j82HOlmDVXtk2aWeSZ0xFf/kqB3yWlnZVnTjK26F4426US9TPLI+rCYGuCavuQ3VXVPngAZHRtM9HtJxGbktbmcFZaWpuAlpqGmF3ksHG/aYeWOyFXEBfPiUQOI9c3z52w61KzFuNSks2z2PUuGMuaTeaTkTzGpTRg7G+EuL4D7w+w6z9ArJB5t3C9n9SKMbFMSTJtxvtHcy6mUdI5759NNp7jfrgeH3O/V79/MukdvR9jl6NFzG294Hra0Wa+9cbn+XzpjjbzrTfWxOSWPtfvH2f8PJpbUpbp948zNsbcf1DPXa0yvqHf/5UyT7ufXZ95zvvvF/cPws+P3n9/7P2WIfr9D8R8/jfK7/r9D7S5v06//8GY+1eYnfr9D2r3g3xQ/nB/AZcPm99ILQcHcsLnAH+XT0a+o0sr5vvc+vetNu6Pkdcu/ftWGxef8/6H/uT+h9rcP0q/f03s/WZFv3/Nn9z/8J/c/7B2P84/W5//pZBLbK8npgP6/C/9tO38D7D3vzdt13KH7J3toidlB/KD89whXF8Vk2v8XL9/nPH5aJ4K9WuQuL415v5U/f7LRd6J57Xe0HKT5PJD0VxHMepXB6F3+ucbrahfg8R1Pp7l+PnR++837sD7r8bxRO+/Pzp+YynqYwehdzv0z49DfRwkrsfMF/Wxg9C7HdHxoz4OEtfXReWJ+thB6ON2oY9O/nfwvs7dyPTxN126+PcL2Qb9Acq3E5ejYTr+3TR2fSfK9ydxfQzev5PuIH3x+fH76w18H3icXQe+v3zgBcTrPUQP0g7M9YjcEKk31WnPG3M+AoOajWhLTO7nc/3+cabJ0dwPjqdaPO/mmPsPavcbVpmmxNw/7/8Vd+3xTRX5fuack5NH0zQnzz7oIw1taAOEJoRSoFQK1FIeQimltFBKgVp5lVoeQinIy4KIiIqgILIsolZkkzYCVq8runp98XFdLq4schVdV6ve9XWXRWhP7/xmTtJU2Xv3/nMv/YQkkzlzZub8Zub3/P7C9cnzO3XT+vv/Qf390fXp82P1D/Srfy1S/0C/+rWR+o9G16fPr1R5fqf65oc+Py97fjA/9PmdDT8/ch+Hcp2LzROh37I+Wxo5b8DWNF7Z9zMi9ztDc/kx2/6aJTevPx4tv2n98W9E178Srt/veZyB54En/Px5kPpJkfpV6EhffVh/rH1c9R8oPH4xQbRE6kfTxxnhi0j7Yfp4mcwXR+lvpFLfR8vbSH1OKCDlFUr9Y6w+eR4cpaeRSv9zaX/aSH84Sk8VSv9fDtcXnXR+JrL5VGxUpL7KSeeniM1nHbpp/fEo76b1xz8VXf9KuH50f0j9PUr9n/cnKVK/CjX21afzWcTm83sUnh/RSedz4s/nR+UUfoi0H54fGpdG6W8M63/vxpvYKqF8cGT/z6PzP0Zpp7FfrnSlPrlvWe+3kfavROovELZHtb8nUn+BkBPVn6RI/areYJSt9a1I/areO6C+3EPm4RPVOSNZPxNgXe2Vb6M851wOcblcKeJROlJAP+GFA4IniLA7xNuQVnAHVZHgobn4EodKS/8/ry3lEH+SXmv/xbV9F5Tyc+kFtL76n6ivpvXBJ4PVN4l8LvXz6ZaX8dN6zxtdqJDM2S7ylMl77xo6f8n8WawnsoeGcIoMhE2jh57jgJZBPNm6QBqFe4ww5fpETu1MTlvoHpcyMWY1f2EltlUtlt+sQP3aUkfaQkpbGgoaqrKFMaJoW3ZOnZx8i7RaP3khf7YGO++0yH//kOG+/IR96K/kKY9Grhsjf9lP0N2GxH795Pr6meuzmezOTC5ZvzpmYsq4QQtVRy2z5TfryrDE/JRIW1wJbUsCWxMFrtb7lIEHjNTUpYwdNDsg7BpJ86AK14KMywsMTDM8IRm/mBmck16bXZhSGBc1R5a7sKGqVj5f168PamSM9CHGp0xYODqUzRkI3BA0E2tTUGtUoHI29vWBTKSPvot9M9pNbr4qdmDtoL6prcVD6ix3y1dnK3PMNdI5LojMcTPhSZpEC4pBfhZfpAToBngvoAcEBG+HRqvTkB7EQbh+gCOyXRyoyiPBuSrex2dYM8xOczMuTVqdhG+XHyVvQurKAfhX8vwBKy03zgm+6HtZEYLLzKrItX0NSJJ8MtKMJCmN4dUr4/FEnBFP3h6XF5I3+ZL8Irw14d10HF+QlZnEHyHjGIoIeQBsg15wK29KhtqQaEMGUsjewgMIB3I70zO/mDFp0ozS4uJS7ps5VdXls2qq6b51lOxDZBWSfUiCcxpJNLeuGkn8eXJvNWrs7dK0qd4h97ahRATS4RhUhN5mvk4d6faBBndglC+YTaTgW7zt8XwYBM0idIW0cfYw/GHKUPgYmOALppCawwk53Mq0XqaI1ks0UQMNBEy4yEcXw9V3kI8OBiKQTz7mG4OFkAuJyNXFilqsQ8vbEyGkfbBLovmkEuBLYT4hqlHDKXp2tmQ6neRwDc7JzS+E3ywpkqldL4lhLUlkjqgtkkVpmcH++4ufADxAddPSxgfu23Xgkd3b99dW1pxdWF1TeZR313RfwN89tGvngYd373gEys/WVHLjH7oPCloPLGQFAvfxV99/+OnX33/U+SJefeaFF24UqU5dL8Gnrnz53cVPv/7xTy+8gO/Ejac72ffvP1K+Aw/MH8cC9XfUMZ6YP85No99VzGaEWvDr/NNIRA6EA2pKJiobiiELkqwATTj2RKALz4/tvFldiv1jZXksJyThnW55n/yIm7RTTNrp7N9OgPNCU4T++trB0E6umc/FVlwsy/nYL7/zNF6Cl7oBkGwtO+eP9X7Dfac6RehNoHQm4Dboq0y4MA7iDHiEIJOkHOLd1d0XYCbYHpfD5XGbCB3qCB0Wsh0zaNF0kZ04aNBE3OvB4ySGkZNKSTYvAUyChqPRbADrqFLSNDn6PUPFjJWDs/Y9sPfhx/bUVi2pnzevfkmVwOG3Pun6y2dXvnr59KnfvnjqFORz5Eq4vaqXSF8k0LRTrxHkgUj4GJEivyHq8YJoiCXZerU0REIjgTqynew4AKYiat3tWuqHpAVQHgr/oVUUjzFsNgOcRL7SR+OTfFan1enPcPiH5xpwAt5fs3lzJcSba8RUfvQYbmLPuWnffz/t8rZFeg999hPIfLWQ+UwCm3Asz3JDBRI8FE9a6wmaNQyuTmTZEZMVS9SlGyepJSp2qCGgf0VFLvrJEJBeQUG9BMkA9bFGqS8ZoKjYX1CQTwjrotsxBNswmN++NBFmh9XB9y2bCXe1LF27urGkwpeKL8nNppGT9j598sC4HVxTdeHtNbMWxLvwwQr5qmFP87aDaez5u8l4WlXvIRNKQbMQOB7ZNGDLDOrIm0Dx2sOIMQC1paahmQlKcDOE+CWYAfFIZ1RA4AjRBwfYIPuRJlYdyW9jN2C172fLWyEN93XZ+ervneo5967d99Td9z+1aNW8iuWLquY283vP4wG3Tc8Ltjbu37j15Auty1vWz6+qW8x4iHxCK/AcRCLnKmpzsG6pI1yVhi0h5kBOA3mA+cFOnM/dIu9bgZepqivGd/+Rt7C8Xz76XN+h+as8gPFF7Y1DIOWpJ5gID3VYxIVdBB0yZIm003hQgOkPZFOI4dguuqNmD5RMz2t5S6LDQLNPDEkk35GolxwuZUog81sYDkRNs71FT4sHG7C5DxNE9M2ZXT5u39p1e08sWvjEjh0HF94xZ17trGWWebcNmDSvfHrltMlzePfk9VmeqsLFmzfU7SjKvGtKw87NjbfOmjlpdEWW1lmD14+Y5kiZMbJg6lT23DPIeDer3kLxaCBYiOnZkq6mSMBxgPIAw4llFuMBMPoM5rhiijiumJg7TSaQQAT3NFUK6eLMNp6OOh0irdQoDH8Ko4XUgpEAllyaPKMfMWQc3Vq1Z+p756f4R0x9+CmtJmP9+C0Pz523YP6mtbVV9cLR1iNz2u6U/yL3SpXW588Mz3+ktWrZoqK6bQ2UJhr5IdwB1b8SWh6LIrk+DWJXBLdO6gpyxi4ArqPBzhIzTJg4SiCQPVEQGbekQLVGYoutUuPkGLFo97WqWbOWzSW32VO5+Lpcgw/Pm7Fig3yY3LueyCkW6qd1uxIzHoVZCom9CdcWRGSCY70hnZpm+taBatsUxvkFGybg1rXH0RiUuFhw4ItT0f+1gPkbF8b8pd5V/b32GHhG/fPc33sauKU9+/BqeVcddpcKedU9h6vlz0vlC+QamKNpoH8izz0T3atkdh2o7Qpgb7uRJjqDQDrCarIAaFENsbyhGB0tSCLbsBqS+FCLivBBUKP3eoMOiLMaQLrtEKB/jkzosCMVwjG97YIDygQEZQLZmSHqg1pZrDEs3sMo0SAUn38szsdOv88Pr+GRtDjJ4CdG/yyQ8Xraiubz5N/vTv/moPPxe3fvxAflxfAqmsZnlVnbW8tK/1h68t1/n1BeePREO/lcuurIsBqytkE2fkjh4zPRM6jdiVke23aH4qSYpmZOimAoDam1To4Bj4bsifAxYPKB20TQrOpqN1O8bbMNjiBmWNLQMJawNV2wkG2Tuj0Fk2JpNq2kDBrmm0CeYQYNVs0wKcilhCe2emjgeAbkWIFgXslOdtNYSKDMTMFpktHhTIj4f2N/AWbggJYwCJNfansN3+i5MGTUlfd/94dyruWIK/+rr4qmj/IOm/kZICLLt/Sc5NraOk8c6Tk82v3a+XJZt6RcX2rs4eKoXuWq8DToB9B5yjcUopcpnZT0fiNUqM6hbEAfd8F8OQTFvgZzhLArhtEE0HSyN6QWaYHNF1SrWZpoN2H8Pwhke4NJFrLOUgiJJHF0JpLBq4bOBAdmQpGmSIBZ1Hjak+jRnUSmF7hUFHQQ3jMwkDpaOvOCkprZeGJYBB9ZAZn+XEIyJpYZPVNJjK62Wuw/y49eckIQTpxx4bQ/VTw42bXt3pN/zsJXZU4Q8Fl5YsrXZx7eNWPXrX+Wu7I5Y2nm5LpSbMTe9EHlxTe+La2PH2crvfjjuOr0BByP9YS/2tN7TXVZdZbIJAkoA+Wgg4yiYPBZCkR5wO6j4FOeZCcsdQ/5aDDTjwYBbO0BI2ywEgjn3mgOC7wCMsnHTMalp5FDFlKpJcZAliOV0WyjTPjgTLKz2pOd8XSf9WQBoldiXh4R9iBCVKSArGEgr+E/SzJFgbtuyoUre/CeF59YNC951pR1m9e0LJpVvvzIiU8oz4hf/tV99z36+P33HVx4+4L5dYtrFi4W6p/oTK1I2bJh6/q0soxQ90jKYU87Gjr9xJFTp5/YsGXb+g1bttDzpqn3r/xycr4OICtwsxLRAV4JEnVXlixahvgfdKqBuOzqWEg9z4y3iVSwhJC2ZG97IkWCScRamiImjdkCKTJaDGFcjQyHIQ08FtSSPS8cQBZIgnD5Dl4Xm8wOI/+IXEkZP6dmi8lHTyO/JOaGj11r05K5LU2rtrzxLxV1zyZOUx3ctOee+ncO7J5x66QJnKVsQCa+/sD+R+97Sf6sXD5/z4bPH3zuyWM42X1i6qdH7lhS0wSqK5qP+jiNu0xCqWQ1nWRx8EGk9fmCyZquMChPKME5ADxIEgilmLPoRzMwNO5I+GNcP7QbI6MOcLHMVFzvgGAoPkYMxC4HOR3LXQCACxTTP5nmpiUMGzNrp6RSvOdkiVm4g1lO8slG+LggNkccCGi4HXW7ZGF20URD+ak+wnmvjneKmtr67ssavZB1eNe9jz5xb+uhXHxRLl20oHrxwprXCXVc/bKe77xeojJ+uap7Cld7rD109HhbmzyhvJyrbW7ZtG7DFkIrc7nLqkqyvhzIC7s1DfoxEwkgzdOePmiID1JJi2SZpVGXUyehhEwvmYcAgiWFSb0Msvv4KOaSTaJBVirI4y3RPN5gCfeSj14jBXMfRHiA4TB/MTS0KqCSnuc1BnNiGvglJpuCRglmxkuW28DMwR663MyYiL2qGCnZPdgzjOUMZmE6wNRAukaFs4ssOnsKRyfMIUG2LHJO5zp58meX5i6sD41uXDnrnvr1s1OnV08sH72ienL6vuZdnK7l8sct5YL4WcllUeC6pznWjR41yDXntmmLHVMcIzzekVkDhxf55zZy7/cc5ap7PHj3ez3HuJo35XpYazruc5Wd6oziIVqecsdaPZk2JFJRScl0BKISGasXvMZZDJVK6mpXiRFfDpH6cohRWGtKHCT1CZSYD1NcPORU1JusMDmMyQbvP/zzweo43aVy3NJy+RMyMDUdmKp+2rSeFm4reYXHcf97Pb/mFrxFxgH6SYRUVyAuiCbT4lBd72Vhl1CM7GQlEQ6dOv0kqymHHsukr3hgVdOoQK6z0ZSd8V7YHIjAEtLQAorXkqAD4ORYOGUBvgAeMgpqY2HzhM+R5Hw2E+GrGOqDne4OXK5Dgsg7dd29/7nvwI+t3a/nHC/denpGce3FA49/v/0rrsz764rn1nOmZ1HvfffLPU/Kh/xFd2zOOrjhIaz6EVv9havJuGyEH1lLZHUXP5O73tNB3qdA4jajiJrfhnGnkd/fUb0Dv/PTlN+3099X/x1+95PfO0HW56d/j+iv66gNaSaf39NBfq8kvx9n7fNZyvV6GoFZmqz4dAsGcrYnkL14sbIXJ8NeHPYQE8jzIhuQIES8Z6h7KKMBcLCETVaTCLAQBsmeRpeFM5kBSAoSQ9KMMQGupqSI2izXYdip1T8CGBtOCJ88JjPLt7d256d7z9VoHjyYvy3n7rvx9sfk3mNPdiy6e80T3w523Td/zQsNuOE3eMThTydP/OZzR8JCX88l+ars+/zcqV2H8BQsNm/eLV9l8g0R6wSQD1VIR3ZdxumKSigKBgxRPbAXIkguGNIhcxJ1GPH5AS0vw4FcooXTTueM3QZ+nbwuzz9a1Xx9a16NkPLko0rMFacy0DXmR31pFUQcWTHgIdUvs4IASWdiI5ptSQGaFQrqunfLnDp0bYq67NoJRH13OaGT4i4OQ33hTaTPFKpD76FayKAmhukGRAl0GjyD+zNrIRehQwuMczl3oOcuQerexK3qWctfvHFILubf5udPrO5+rXtiNblPA9cmOLnu/8Fe0MCHuDZqX8jo/YHwipsJH52G2tWUdSYXAZGQpaej8MfqiKxNwzycOOM6NnDJ1T2dK+QveGNFDxITfmrkU6jM3YwPqVIFHbk7yNwzEXi8xfmok6/LC45MQ5ifL8RwDYs4gcbTnFl9snY8sEbaOGvKQEqHDsgBoDdFKyHtkZxx6ZmuKJkzl1Kdqg/PQ2x+amPV3nEFD1RvOv7UxuoHCgr3Vm46vmjJ7JKm/DGrSmYv4Ry5TdMr6u+YPb2JO98aWLr+ruXBe1oDy+9qXhK8Z8Ga2tWrFq5ZsHTZ2poFaxQ/NUG2cJ1Uf52P2s0QH8oRBpBTTiuroCBP0SwHNipWGRkWBArqEexSKgUWnPrwGR1Ktmwri34Qhk/qxBnDsocOXrBgz4OFufJmE05TcXirvlK/49AN7o2XzRAzgzsFp4DImhhE9k1wGNOoIQchjdiJ8QbSPXQbzST7J5X4AHsH5jica9AIkRnkaNXnUToT84LJgDJkHcgYChv4gccDj0UZK5anlOEMpbugs3yksK+sYVlL/rLFG6tHLh27bOOqxzYsyFkzcunGW+6cu6FmRRMrGdaEX6tekTR4VP4tNY3FefnYX92Qkp3XAl9GwdySs42M6xoyk30MFIVxLJNOrJcQMIjbKjWjHXI+WMPkbHaQl50HvRm8XOYGXP2orOVSHpjUgkfJRx7D13s+3jWlGV8uxUWlkOPwaqncSeTnDCzC3tuAMLkn+Nmk0j13CUI9s/uVO/rKYa8FfxLVa2Qf0oKmSkU9KWMUT09tDA2lpNGSismIaVEpariWX4tfzcGvyfk58lG8Fq+Vd3Ifc3/uGdDj4D7ueYyr45ZHcq8L+UI+6HgBPlrIv/EavKhemGz4qtFiqjETTaLy3SSuLlzO74kqnxJVvimq/La+ctXVSLmLtQPXCeciv//lJr/fBr8jGyqTN6vPqv5K+qhFsUQOhzXvJqveh3LRaDSZrP65qAYtQo1kxlqIhLAd7cTnUHsc+Fe3+kIGPTIK7vbsqnsgBx/h/JN0XYGxXrLxdAwdMX/NQCJuiTFdHYOHz7tzoN0bEvRgrQmsgvyOgY2+EKaXBzbBrhKcvJiwQpm6ruCUOq+3Q5fp0LgDW3yhGD2KI3W2egMzPcEyHai+OoaNXHAXtG0mbefk1a4jbQfMxpCJNd9MaOteUEN3IJ3BRH6DVPAdnN5ogz5oqMWIiMJgfQGN+UBbV2CgkZ6dKbaujqEpgzTukMdGe+bxBIb5QkPZFzLCFGNwDKk3hVxS5u2IG5NrcAdG+kIjbLSPo7yBKcZgDXYHFnhD81nZQm9gOtlSAhW+YLGtKziOXDnfGFxCpKLlNpoqsAm7OzZs3HIP9HONpatj/d3bdsB41hhDa1lX13oCd/mCu4At9hCmzpGZlA3SZs10QpgTJxBGeH4x2ZEW16+kclUmxDqMyQvMlALFeYEy0/MpAwfFT5gIVxjANjCugiZCas9fuozuYAAwogblhQOcfXkJXoRXtPY3FAEL7UwHvbZEzp7wO6ndFyhDarrojh0JlHHjSEXKhCtu82YfqMhIseT0993TJ5U1NDS8Ir9P/m/Anlf2tm7auKN106bWTa3kXxY2yD9gwzpslL/Dxo9PLF85dPDoYcury0pyMiqLCocOzPaMvoQl+VssHXAnlLfcUT38h9eWy7/Hw5bTfy64fu2ry/khtIWdOE7+HrfiYQ1ne04/ePCxh/YeOrT39dd/d+P55aLc0PBTA3278T5XMn5mzgSNEDth5Iw5de6Mktr0tPTkGy+yny/Uacrxg/Kd8xf2HHtVfp+Uyb8/e/1p2tXWvvvAmVomn1W3kfOGRymE77GhwCBPyBSDUsCg6fZQpQpwCbw9DEVtgIAdIrBEpF5zlC6gjG/jT3SXySdLj1QWjM0pLhv9h8Hjbp/04pO3dc6/tahwUvH44oncEr6tu7x7tqq+ffooj3/yiAkrS0Z7vONySjdWtD42sltbUDxp7C2TitleVUmYMwvlbZS42xBWoQ0CqAZZtKSgQocFNw141oMGCVyZ27VUc6SNoeqidk4bUR4JYZuyz58ruSD1sGS3Vra14c62tkKLSmcdN856/aqlkO5Rw+He4NvCtzAfFvlZ6ksCfZofVb6mdzYtt5Lyqr5yXCZ/RcvJ4cONAB9apf4SVt77BSn/FfiqKPWr5Hdp/YGk/DbAF1DKy+XeSPlU8J1UymfL/8H6IxfCHCnlIq5UfIvo3KlTI/UrUJFSfw9/jMoDrD9DuAbqz/Ehqf+GqCP8fwuZa7hiUc8bvfv72gKbJlzzj8f0z9VDGBuFi/xu1Q9IT3ZzONIEIqELurD6lz7OWMrCYSJCYpYSVUNESIDUUROJOqAD6RFH5w/Exoq4JQ0rlkLKwA/2HVL9sKKqeilLEIjxIeEcV0voXEtOHrLJw44fCzSuozyUytqlQBBg/1ic67MasBofso6IWRk31S+cMw75l6mGMSdvI+3skkdzpb1bWTvMByDcDv8BTVyntBNuxol3JXhjGu0zskbIU0acmmwofTaftHNAuMhVi46b9YcMWnuz/hywzMz2J/lF4aJhaiBfGvW2j/ALJ4V67rjqZWQk0tkkxd8D8ndDSl2GKisaiZxBU/aKMSzIlOa/tFIwWQor0s5LCXSL5lnqbmZwsgIOPdNEZKr8I1gnTt5et0nJvYt1swc2pS7JEb4oq0vOpVl4aVb3AmPHNtP4QCG6Kd3c9Dv4dyk0uoA/rtDoS1E0Df6gu0BO694uXOxtEjcRurGiJEo5PEPaIr0HKT3WYKWnB4Ye2+xWZ6ZLVGewSRTV3dt3z1uy+O7xd8+Zczc+nu0Z2lJ5u3DRuKOldaNx3syZ814zjiieZVxHsRG5GxeEi/LL5F4adi8zEQLD99KbaYYnUbmXD/KiOjPN0Te9caHFM3jw+KbavluKDcby8aOMi+SoWypjWi1eI2NKJc9QGRMkMjWKTD1h/yBoi4uksjeTZWCzg63MKKZQGYaO3MpiMlKkoDn+FzOA/Wz/jsNOl7Jx95uLY+nDy6q3ChN0BWNHeVKjpwS/V6wpLliaPGNrTLorIxGewWoyL5fVRjIr6SAfpHmCCboumrjERyUFsycS28/i161GmmxVR1NjdQWtIEVDbwM66XnekJCYkk6RIpnOEQXNEJAk0jxBNCcwhPYydetQzpmu5qMH1r3aMHeaa2LBqOTJ9ikx80tct94yKnF6Ql7UpI9ecKfL49q0eMUgz6DN8uGoqSdj2UnG0i6eJeeLFTKOw06k/sVOZLvZTgS7ULtOLzGlEITlRe1HwE1EVm73zlLDvIqKeXHTU671/Dbd523JWOlWvTd78uTZV7EgZU+ZJ/nXZVCa69efCf+r/uCIVVUtdegMkpkp2Pp3iRHqUNyvS0NbfJlDJ2TfGe7SH6XqvDFSRnOkP2qR9CcZNd28P2D9jxMjwYFKtyDETHnuoPYzSdSOGu6sDSZPH2tncXQdgi6OJstIZFatAWQfCpqslAD6db8/ERMajh7GtvSR06s3iUW6sQW1rvBYLhdrSgqWxrsrY5yZBRHaFQmnk45WIGDvk8h4kqjhMQlCmFO8NIcao2RLWOallGxnwG5UErcZqWYBAmFTpa6OmNQUjTuoJ8SdEi+ZQpo4C++gS9NCadnUj5ZH9BFzXPT4+mh5SHZMFDH7owYp5lBqLspj5FxLR0n4otFyIYZtK47ISEzXEusB1QEFRBQi2QRQkFPintRSEOnCmgJQQ/sYT+0anT5s6a2TqvbXlY90y8f1K4obC9bcP3uhkfFjOfIeXEJWvQENRqBa4pQ0W+QWiqWByDQB0cNSbHEA8WlQbkIttuweOUNctRYaRtWLTBseqYbAqf+b9gsIUTspHogftQthzMEOnYA1VM8HN+LJXEHYLRyHQaymRiGdgklipkpqcP5RFeD7y2v1cWnyJWE3zrpeImTtPRQ34HMUxsEQkoQm6q93C8tORvPNAEUJET+pqGBT0aL4SUG2EC1P/aTionPDmCiWJ2em0aQMuuLapUtXr3384d/qT7fjJWdCwVNcDrbiIfIf5G/I33s4B1u+7cZf//g3lgPKRzpmF6rJ2NPZ2P/xgKMHqvbhB0sXxrpmXOEL8YAbR7n3tz2TMV7JHUfa5NvJOOPRFEVratNS1bpBiECtSYQjl6iZQIoHM4EUVnrCzoAohh2oJLVShxijV9Jl+/FYTnFaCkse2O6w+vDORzfmHtr+0lH/8z+2vdV8Wn6Y4y5XYHfTplXFyzbcU/TYc/vWvLBL/pqrYf3Llvfx7wqr0CBUj0BjRSafalC0VKGVAPr/LNpJJ3kUTmNgACzuOEsXoTlAaWiPo6DbcTrSWarh4jMZLrSOLB8nVVsHU9OovoscwAMoO2CPwl/rA2ZwRaNVUOA4V3bZ+3Mv//tnHx0+curCc/ctD63MmfVd89sfPftA4IzcJV//+Pjzg70dv957qOa5h9c/lF8y/taZvz25ozNRtIUOnLsyk9GZXX5aqKHP1ARnseL+pvmZ+xv4aXEa5tiieMGZ/hsvOEvYC87Y5wUHCHjM/42QRYZDMuY6RbWdu3BXd3d1Tyu3zqCxL8oYz1/tTi6Xt+KWcrwXZ/9hMI3B3iLvE3hhPhqAViHq+iaEXd+gX7EKnrRIMQ5hR6UecK9eb+zvARf7z3vADaAecEjxgLNHATBHPOAAuw/Uu1uWPT3/lS8/fXXL/WNGca/0HB5yqOIrHCt/eXX57wqDue53nvt1p8vFPV7T05386RtXrrsHEd50K1nbTrAzoQQFZ+wZ/goZnwhcIqi4tcyz7KbuZB6+vefYaq6S762ZdP0hVTlpr5m0Z1O9ZyTXc9T2TebLKKxBiYRq6xAo8iVyCMV7gilM60o3EAZ3Dj4jSdRKGbB4IU6Z6rqTkAIPEEiXQjGSNZ45WElKCrN4cIcIZoL3rdpqCduvqPmKGlkYZDUyR/lbwXFLtd9NP/3rAx+u3i9/fK6+wr0u7e843qif9PaKdz6rO3l08W9un/fU8sMvcfd+hI375Y/elD+RN3Qmlhvi8GJcXnP7J/92MlS5b+rqd5sYbv5a2SLohTJCF1lou5JbIU3oYshaeqRY/AFalQHKuGDc2XTcybHUOguEKjq9XpogkJB00A2WW6RQQ8AiEflMik9Ucm7TOWAnBuC6x5GhB11phJEWVfH2PuAguy/XJ1kibmf5eHguQw2iig7Jr8AGffTNatFU9p/vXj50/OKRM6K45sYH39R3PPPGM22dgdOcBZvxkJOP3njuA1kuWlrxZsi6ZsTLeADWfd71J4z1f/vTNaTEKZE5gDgZXonL+imqHOIglfLZf4suP6eUE5keT79ZO/wDRGxC/wU8QNRUAAAAeNpjYGRgYGCUnDVNO3hbPL/NVwZ5DgYQOM22xBdG/7769yanPEcSkMvBwAQSBQBRfgwMAHjaY2BkYODo/buCgYFT/vfVfzs55RmAIsiAeS0AmmoGxAAAAHjarZd/aFVlGMefc857zr2tESIrG2OYmMhNZMgaojakGDJExIZIjCE1hshkmIzLkP0RS4YNExmSiMgQW0PEZIhcRMKysURiXcJiSpiFiIhiERJhc7fP89xzLrerY/3Rxpfve9/z/np+v6+bksvCn6sR8YH3QEb9azIYrpDVblhGo6zsCc9Lvzckg/5KaQPNbqfs5Ntu74K0+Ielw7srJ/2LUktfL7gC9oDtYAU4BPaBHrDX5jEebNJ2gmC7rEktYt6USOgk7/6SgXAM7gb8Dq/y+7Lkfdre40Kr0291ko/u8m0SrpcBdzZmxrkO1l0lVcy55EZEUkul0W1GzjXgOHIclLN6ZriR/d8JNhZm3Ig35Jql001ILpiSPrjPdUmfv0PqXYOsdBck5+XllJcvjAS3rJ1LLZCc9rtxG5/TOUE98y/KVv8sOrkgp4MzyHRVFgczslrbwTj7X0OPW70ZuFXlj3U/Rvsa2Aw+MP0xxi1BphFvS3RKulhzc5CVNpuD7rXPSeFx0CMHrG9cmkDGZJmUXNgse0zfo7KC/k3+bdnA/NbwgawDz4MMut+oen8WomxhVm1hdiiD7wqXscWX8C9wGF6UhsQOleBcfcpqi3KYLbCZO43eVO/PQDQhnWaLrn8DG/yM/nfB34D77ohkS3aohPqYMrYoh9rCbH0mllf3rGRkt/3nYPNRbK7ym7+ofrrmZ/Vn9ak5WX0YeWCB69DzOeT8BP4N/gF+WGR5Ez0sh79WfwxmJR+M4KPEiPqpxon6qkLjhTEfxfxezMX+m8b1/E6rHW3vSnbiJW2z63jRruWcapCB1BHk5PwaBzH3xPypxqXGxpxMzFrcVLD5Czb7r6zxrjGnPmb2jeNeY6+S/V7OOSyXEhnCG6zxUE6b/qYKj8wPiQP1xWRM5Xl1rJchT4x4KwxZbxm82rst5+Ber0vWw3XA909Lv8jMxyJP3oDfhon+mWq42434CxnTpP6ncesmC9ejusJ1vx3OFK6HIGrld7bwXSlXKoalxnwLmdR39JyaKy1PahzHedKtl4zFYo62xt5O8hAyqH6iWuKEHMn3/qgRvRDXprcL5LQT5HPs7mfJUROAPofPBNPMHZOsfg++sBjLuUPkTMaZz0Xob1J9qzCLHYrxeAe7npFxi6NzrK1nZ82wh9/1hQeccyy8ZWsEtlcxt1of61e5LZyxMZYXhMP0xTVD7aJy69k1BlJt5P7DjDnCmMOxDs5TF3JFvbBuPtFhuEZe0PWiZvr3osfJeLzO6411GOu2pD/dU/XHmon+dEzYIbl0teTTi2i38G3Q8kTe/SEb0mvgc/im5pej0u/2o8ft6Gg7eVtzQ5tExHAL58sp0FsOuWrCHfDtOMflrdZYnUJ/GasxHbSpMe4K30ap3d8Tp9iIWp4hFnLuIOMfSkvUSXtdcS8D+UX3D35lPj4d17j76tNRn9REt6zG1dk5puJ8qbVvgvyO14adyHJDFqc2Iiv9YUTMzSLzbdNbLjyAvW9IVWoI3XWxBrpFvqXqZ2rrUkxdZJ7aJObnFstAeiW5pZ3vN8gtut+SmNm3lIunuXdk5SfixoE74EHqnmRSY8g9aXZWXTUgf53ZTOs09jadO2mAF4bYytWir27k2SdRfMYWp/lUc6Pm0TPGq/DrunA5Nsde4bfMwybRW+ZjuXQnMl6N8+N0Wb3AR9RO5fnI+DColtURfs2+GfUbtV2JW1n/EOt1SXO4SJoSVh9XP1VfocZrXOfUR81PLhfPVOJ4LfNffMjyQkWdS/JbqT6d5P5RxsleJb0MwGdlcaLfhOeqC+r36nsaJyZ3BSdnTOyi8WI+G9vHnSrqSePLfHyCWKPe4pt7onvwQ2mLqmSLO8G5pmVbSuN1n9SkkDlVxflucQ7Ghd3Y7XfssF96NWclOivpQcdzp0vqRyXPeU8ocus83+fn+e8Pw/Cuub5j20Hi9334K/izuezxf/FT9TeunfPxU3FQwdG7s08c75K0vk1ipm6KD3vbLD+Lv5D2MTqmxP70PpyAOW3pGHq319psmJAWZb3TKwKRFvyy3+DLXe5xJ73PyT113Jv1zcNbyK+mFlZLa3BERuXP2fP+y+w1LqtALWgBerduBo1gmT9r7x99I20ObyLrhN1BN0Y9vIVEetO1xO4C6QinyJHUWfdIdnAPfwm8AppAu96ZtaYzX2vMNrvDdsmy8Jj0+/fElb+dDKOMb7Z7bL1rKiI6XoQU9bdVYXraLe3g9ZhfBGv93YW78KsxtL+du0F7sIS7RvH32oTJrwu4Ch4HB8DRoJG3VDwnAfeZQZG/fyzyTBYMlSHrnZR1vElWKZBnvcrrT0lj8Jj3WL285oZkEfJ+aG/HleTuYeqkvi/RZfL/D4RDy6YAeNp1wn9M0okCAHAekvGMSM04UzNTUER+KWBIgMQZh/gDIlJS8jwfeTzz9cwjU7OOCIE8Mvj+QDTykPtOyMiYY40151xjjjnXnHPNOeecc8455hxzzjXn3vvj/fv2+aBQKOr/dKC8fzOjCehggiRBmzCYEE5YxWRhhBgNxoTxYvZPEU/pT20nchOR02mnuafDWCa2FevFfsKuYGN/1yShk3hJ3qS9M/QzbWc8ODxOgtPiAFwUt3dWeNZ4dhWfhTfgv50TnntwbuLccvLXFFQKPUWTYk0ZT1lK2UlFpVJSR89jz1efD6Wlp7VfIF/QXwhcOCQwCTLCJ8LxD7IfAum49Or04MXki3UXDRmlGbqMQMZqZmmmIjOQuZu5m0XOsmXFL+kuLVzayx7InrvccHn+ciwnLackZzUnfoV3RXIFunKYm5PbmRvKncmN52XkNeeZ8qA8JC9EpBK5xAqigqgh6oh6YpS4TNwgxohHJAwpmZRFIpPYJBcJIQVJ06QoaZm0kY/O78u35kP5nvxAfrgAVWArcBUgBcGC6YJowTLZSobIHnKAHCZHyIvkNfIO+aBQU6gr1BcaCm2FrkKkcIuipmgpHZQ+ipUCUb4XJRalFmUXUYpKi8RFm0V7Rd+pidRUajaVQi2liqm11AZqC3WbGqee0JJoBFoujU7j0SQ0Ja2J1kbrohlpg7QR2jhtijZDm6d9o3PpHnqAHqZH6Iv0NfoO/YCBYuAYFEYpQ8yoZTQwWhmdjAAjzIgwFhlrjB3GARPFxDGlzA5mH9PKhJgeZoAZZkaKc4ufFQ8UO4u9xZPFn4vnSkQlayU7JQcsFAvHSmcRWUwWnyVlqVjNrHZWN8vEsrPcLD8rxEaxu9kmtp3tZvvZIfYse4G9wt5i77OPOXqOgWPjuDgIJ8iZ5kQ5y5wNToxzVEoutV9FX227+oVL5rK5E2UdZX1l1jKozFMWKAuXRcoWeSgelsfjtfGsvBne9jXqteZrwWt7fDZfyJfylfwB/hx/R4ATaAUdgl6BWQAIRgUTgrAgIlgUrAg2hIlCvJAgzBbmC21CSOgWfhLOCOeEB8Lj8vxyerm2vL1cX75bHhdJRV9EX0Wrom1RXHRyPek64bpZnCjmi0M/5v4YrkBV1FWYKwYrNit2b6TfcN4YvRGX1ErGJYc/CX+ySdHSJmmkklcpqVRWNlW2VXbJCDK1bEu2Lzuuaq5qr5qvWqpardqu2qs2V2/WMGv4NdIaVY29xlWzXbNXc1grq1XWOuVouVSukpvlc/Kv8m/ydfm2fE9+KD9RiBRShUJhUyzdTLqpvOm5eaDkKl23km+13nqgwqk6VS7Vger4tuh24Pb27XgdsU5dh9St1W3V4+sJ9dn1tfV19XP1X9VJaoXaql68k32n485UA76ht2GpYb1ht7G1sbNxsXGlcaMx1nigUWmmNJ81c5olzfrdjLvBuydN2qb5nyt+nmnGNtc2h34h/PKlJadl+R+1Wrx2XrukXb0nuue+t9ZKaM1tpbd+bp37VfzrlG7ln5ttnvup93X3p+/vtFPaJ9pX/5X0QPPg6N+mDkyHrmPhIfXh+MPlTnSnpHOg8+C3ht9Cerw+Q5+v79bPPkp8VP3I++ikS9T1rGvucfJj5WOoG93d3pPWM9nzuWeu56S3tFfYq++NPEl/0vDE/STWx++D+jaeip96n+4+Yz6b+V38+7bBYLAaIIPnOe65/vmMEW1UGwPG+Av2C9uLVVOpCTCNmMZNU6YZ07xpybRq2jbF+9X90/3R/uX+jf5Y/5EZY1abp8wz5nnzN/Omec/83YK2JFkIllwL3cKzSCxKS5OlzdJlMVoGLSOWqOXQirbird3W9Zfsl9aX8wPJA4oB9UD0D8kfszauDXmV+Mr9Kj4oG/S+Tn6tfx2xp9nN9kF73KFwaBw6h95hcNgcLgfiCDqmHVHHsmPDEXMcARggGcgCyAAbEAHVgBrQAd2ACbADbsAPhIBZYAFYAXaAIxADJoNZIBlkgyKwGlSDWrAD7AOtIAR6wCA4Cy6AK+AWuA8eQ1goDcqBqBAXqoAUkAbSQXrIANkhDxSAwlAEWoTWoB3oAEbBODgdJsJMmA9LYRXcDLfD3bAJtsNu2A+H4Fl4AV6Bt+B9+NiJdaY5c5zU/0vm1DnNzlHnJ+eMc8EZHyIM5QxJhqxD0aElF9ZV6tK69C79sHhYNqwc7hp2D/uHw/91MqIYCb9Je8N/E3JnuzXu4FvK2/DbyKhyNPanzoP2eMcSx/BjnWPGMWDMOzblJXpVXqP3k/er9/Av3V8TCAFRIBpEh4wgfiSEzCILyBoSQ2LjnvH98X0f3cfzSXxKX5OvzdflM/oGfSO+cV/IN+2L+hZ9a/40P9ev8Rv8i/4V/4Y/5j96R3/X8u7zRM6EbiL4Pv296X34/U4gPVAdcAZmPyR/MHxYmuRNiidbJtsm1z82f2z/2P3R9NH+H3cdMUsAAAABAAADsQCKABYAWAAFAAIAAQACABYAAAEAAc0AAwABeNptkD1uwkAUhD8CRJCCgooiivYAYAWuQARNpBQgegPmR0IYDBGCmpoT5AK5Qk6QOgfhDMyu18hFZM1q3tuZefsMVJhRpFCqAomQ8gJ1VSl/4Imz50VqXDwv8cKX52Ua/Hj+yDN/nv+y5sobS+bCXjgRMcUIoepQbELMhqPmWdVCXcO30OGVttDyrE1T3b7UsXQr5Ri64onc9gxdfqyJAR/qRWKGgfprdrzf0w+6GWtrq9z/ozQ57Uh3iXpprtEbAvemzJV5WjnPUOfS5WQzjGaGrjN3rsi/Nv0TY+1uVC3cRr27Z8CWTyUl+iLta3fPu+3OwQ16+0YLAAAAeNptmAV4G0cWxx9YUkzBMjM3tcCCshaUOOQ0iZsmxbW9ljeRJVcQKjMzMzMzt3dlhiszM95dGW/haaz0O+eL/m92d97v/2Zn99sZIPD//hqAAfg/f3yT+4NAwNAEIQhDBEZBM7RAK7RBO4yGMTAWxsF4mAArwIqwEqwMq8CqsBqsDmvAmrAWrA3rwLqwHqwPG8CGsBFsDJvAprAZbA5bwJYwEbaCDohCDOKQgE5IQgrSkIGtYRvYFraD7WEH2BGyoIEOBpiQg0kwGbpgCkyFaTAdZkA3zISdYBbMhjnQAzvDXNgF5sF82BV2g91hD9gT9gILCS6BQ+EwuA9Oh8/gcDgejoHz4Cq4FBmOhjfgEDgFmzAEx2EYjoSH4B2MwPlwNfwA38OPcDFcB0/AY3A99EIfnAj98BTY8Dg8Cc/B0/AMPAufu6P3IjwPL8ANkIfv4CR4BV6Cl2EQvoSv4ShYAA4shCEoQBEuhBLsDcNQhgrUoAqLYDF8AUtgGSyFfWA/2BfuhIvgANgfDoSD4Cv4Bu7GUdiMLdiKbdgOf8CfOBrH4FgcB38h4HicgCsg4oq4Eq6Mq+CquBqujmvgmrgWro3rwM/wC66L6+H6uAFuiBvhxrgJboqb4ea4BW6JE3Er7IBf4VWMYgzjmMBOTGIK05jBrXEb3Ba3w+1xB/gAPsQdMYsa6migiTmchJOxC6fgVJyG03EG3Ag3YTfOxJ1wFs7GOdiDO+Nc3AV+g9/hI/gY5+F83BV3w91xD9wT90ILe7EP+9HGAczjIDq4ABdiAYewCPdgCYdxbyzDJ/ApVuByrGINF+FiXIJLcRnug/vifrg/HoAH4kF4MB6Ch8Jr8D4eBm/CW/A2vAevw7t4OB6BR+JReDQeg8ficXg8noAn4kl4Mp6Cp+JpeDqegWfiWXg2XInn4Ll4Hp6PF+CFeBFejJfgpXgZXo5X4JV4FV6N1+C1eB1cgNfjDXgj3oQ34y14K96Gt+MdeCfehXfjPXgv3of34wNwBv4D/4kPwjn4ED6Mj+Cj+Bg+jk/gk/gUPo3P4LP4HD6PL+C/8EV8CV/GV/BVfA1fxzfwTXwL38Z38F18D9/HD/BD/Ag/xk/wU/wMP8cv8Ev8Cr/Gb/Bb/A7/jf/B/+L3+AP+iD/hz/gL/oq/4e/4B/6JfxEQEhFTE4UoTBEaRc3UQq3URu00msbQWBpH42kCrUAr0kq0Mq1Cq9JqtDqtQWvSWrQ2rUPr0nq0Pm1AG9JGtDFtQpvSZrQ5bUFb0kTaijooSjGKU4I6KUkpSlOGtqZtaFvajranHWhHypJGOhlkUo4m0WTqoik0labRdJpB3TSTdqJZNJvmUA/tTHNpF5pH82lX2o12pz1oT9qLLOqlPuonmwYoT4Pk0AJaSAUaoiKVaJj2pjJVqEo1WkSLaQktpWW0D+1L+9H+dAAdSAfRwXQIHUqH0eF0BB1JR9HRdAwdS8fR8XQCnUgn0cl0Cp1Kp9HpdAadSWfR2XQOnUvn0fl0AV1IF9HFdAldSpfR5XQFXUlX0dV0DV1L19H1dAPdSDfRzXQL3Uq30e10B91Jd9HddA/dS/fR/fQA/YP+SQ/SQ/QwPUKP0mP0OD1BT9JT9DQ9Q8/Sc/Q8vUD/ohfpJXqZXqFX6TV6nd6gN+ktepveoXfpPXqfPqAP6SP6mD6hT+kz+py+oC/pK/qavqFv6Tv6N/2H/kvf0w/0I/1EP9Mv9Cv9Rr/TH/Qn/cXAyMTMTRziMEd4FDdzC7dyG7fzaB7DY3kcj+cJvAKvyCvxyrwKr8qr8eq8Bq/Ja/HavA6vy+vx+rwBb8gb8ca8CW/Km/HmvAVvyRN5K+7gKMc4zgnu5CSnOM0Z3pq34W15O96ed+AdOcsa62ywyTmexJO5i6fwVJ7G03kGd/NM3oln8Wyewz28M8/lXXgez4eb4RbelXeD2+EOeJh3h1vhNngEDoYH4Qi4hveAR3lP3gvuhwfYgnu5l/u4n20e4DwPssML4CdeyAUe4iKXeJj35jIcyxWuco0X8WJeAmfyUjgbzoJv4TI4Gc6FK+AEOBVOg7t4Ge/D+/J+vD8fwAfyQXwwH8KH8mF8OB/BR/JRfDQfw8fycXw8n8An8kl8Mp/Cp/JpfDqfwWfyWXw2n8Pn8nl8Pl/AF/JFfDFfwpfyZXw5X8FX8lV8NV/D1/J1fD3fwDfyTXwz38K38m18O98RqRWdjo5sh6gRqBYTjYt2imYi2SGrr1wqRqxAw9nesr3IDlu+RLKlfKloL4xYgbbqfU65rzY0ULCXtPaNxC16f6lq9fXZxWpLnwrDRp/lpewPxHDzW9WIKUBbgGYAtH1pMUcS2SqMmGLDDjRsBhltX1onNZjKN5iaNJIrr8K2SX2loSFLGvmGRuvkhjyDI3HT5F6r3DTo/oS7qk6h3w47vkS6pBJHKukKKnGCoesSz06g1DWFnAWtUxoYC0bitqmNrhYu18iXbbtYsIr9Tl94mtVXq9rhgi9t0xqvKzQ0wtOCASr40jTNrb6p4P6EZwT9i0H/GY39i439ZwT9i8EAF63hUqVaLg0P2mwW82wX85FuKb4kxXcHxZd8ae8erBXzVrk2VLBq1fZSYys8K/BQDjzMavRQbvQwK/BQDmR20KviS+vshmGsNAzjnMZs1cZsc4I01WBE5ni3tOrd0p7gltaCW9ojVdWkqp6gqpovoZ6yU8yHat5ve89yFdYaW5EeufU1eWrmNrhd3BDPa4iXjsTh+UGty3xpmT8yjZepMFQoFfOVUPdgqVwMlfzfHv+35v36T3c019GS9bwGaSwVRrJmoJYdjGZ3pWBVBoO4NBK3zW4czUpDw88fi2ZFtUDjqWZrwHE6U5lYJjiii+bizfmytch2U/Q2+7n9yB9zL2ofLJUWWr2l4Aq/T7wj1+ZW22sXSou9g6FqqViqtPc7dtmuOBW/1ZItDA9afthsFUtVu2A7Vps5XHHc0fEPjzKrcr6rJFFb95Dj3dug0dNwcUv3kJ0PLhrnuJcvxwr5rCbNrlqhSZY7EhHhNM13D7HLCc0ZdKMmDxSaag0PW+7TOtTbb9H0Gs2o0S5ORMg00+FZg6XQbCc/ZPEcqxYRFzxz0GHd/T+z4rR1NTgYIxfU2y2WKrzNbizXrpfr1MtdobZ816AYv39Tr1dM3ism1G8XqlZEcjUt80ryTlb9krxkoYV+SYWgpGKNljjus+/Xw+XBUrjiFRMN+cJVtybh8rBbT5/7322GSt4AtzWO7Zi/2WsrNd6dWuPdKam7E/ZtRUfJqETD/qmoP28SHR3+LIx2uBOyHnVGVRRT0cjZhIo6VZRUUUpFaRVl6lFS0ZJ1vqGO1FnRhMobVdmiKltUZYuNeFeOY8pxTPmMqXwx5TOmMsdU5pjKHFeZ4ypzXGWOq7GIK0ZcMeKKEVeMuGLEFSOhGAnFSChGQjESijEyLgnFSChGQjESI+OteiRVj6TqkVQ9kqpHSrlKKS8p5SWlvKRU5pTKnFKZUypzSmVOq8xpVW9aMdKKkVaMtGKkFSOtGGnFSCtGRjEyipFRjIxiZBQjoxgZxcikgrnZOTIWI9nqrKh6ctx/KlJzuCOuooSKOlWUVFFKRWkVZYRffzaiUcXKBN+kiWSHqGKrORHNJORcXTtFk6JSXzItKrxkVlQT1UUNUVM0F2hKPKRGPKhq1LhG1byMZoSfqqv4SImPlPhIiY+U+EiJj5T4SImPlPhIi4+0vFPSMVEZq7SMQ1rGIS38tHDTwk0LNy3ctHDTwk0LN51Tb7aR+Sa5MsKu36f6vcgIuz4G9Tmm+omHjHjIiIeMeMiIh4x4yEjtsnZJZKX2rPCzws8KPyv8rPCzws8KPyv8rPCzws8KX9ZGiazws8LXhK8JX9ZOCVk7JTThyxoqoQlfE74mfE34mvA14WvC14SvCV8Tvi58Xfi68HXh68LXha8LXxe+Lnz59krowteFrwtfF74ufF34hvAN4RvCN4RvCN8QviF8Q/hG/elIJ+pnxIEhDgxxYIgDQxwY4sAUB6Y4MMWBKQ5McWCKA1M4pjgwZQRMGQFT+KbwTeGbwjeFbwo/J/yc8HPCzwk/J/yc8HPCzwk/J/yc8HPCzwk/J/yc8HPCzwX8zo4O0ahoTDQumhDtFE2KpkTTohnRrKgmqosaoqao8KPCjwo/Kvyoz4+agT9Xo4HGTdFceK7/mR9eHMjcYB2z2JfmufVvvObF9Sjol5V8WckXPPGuCi944l3tFE2KpkTTohnRrKgmqosaouI3eOKjpiZ8Tfia8DXha8LXhK8JXxO+JnxN+JrwNeFrwteErwlfE74ufF34uvB14evC14WvC18Xvi58Xfi68HXh68LXha8LXxe+IXxD+IbwDeEbwjeEbwjfEL4hfEP4hvAN4RvCN4RvCN8Qvil8U/im8E3hm8I3hW8K3xS+KXxT+KbwTeGbwjeFbwrfFH5O+LloeF4wcZf6IkeFnhN6Tug5oeeEHjzt0VzCp8Q6gqfE1ahoTDQumhDtFE2KpkTTohnRrKgWaFTyR6MtA06+Vrb73XW7/+r11hHp9lqx3y67i3b3RG+hfe+auzz2NjHKFbs/6BjLhYecor+p4i67i/3N9pI+d3nnXh2c78wFmhJQSgynxHBKDKfEcEoMp8RwKtdUcMpWeNiueIvI/lIx32TWyiXfYzIak88oN5LP3WQ03hkMUjTWIZpstitVZ8iq2v3NpaJtO/nB6mBbdbBsS1xpHXAW1eO2ilthURp+hlgwrKbcjpymNCoaE42L+lXmzOBlnMsFL2tXjaZirVAIdU20CtWWLn+CBKH/dvPCMV0jezheu72r/p4LLvS3O7ywVXYOg8P+3lJwONgv8uLRXWqrx2uGu6YEGevLeq81ymt5wdjGvQL/OrWeXa6V9Ft9S8tOoeD0+dyx/n5Y4y5oQzyuIS57ZLvZnWSOVVriWK3yseIblw+Ieuy9khrirBdPGBkbtQHUcExtD40fOeZtCv3tMrVjNNp3rzIFTZWk3W/W+wcnVdex9QHwzhfsAbfM+oi4E8c91qP//cg0fZR7YyYOF2tDkWV2uTSxVAl7B7ytiMVea5Q/I90gMlCqlX11Z6V3vuIs8c77E9ML/MnpXVB0/AShvD918stPnZa8mhWjvL1r/y43blZ7B/4HE2kvKAAAeNpFzTsOgkAQBmBWcHmJvBYqNWi7jYmFFxAsaIwVJPbegMpEY2KpZxmsjKWH8Ro44rJ2883MP/MgzQXIVcnB2BQ1IbeyzigvpuCVObAtFqdyDJTvCgW0JAWVr8BI0qeiEar0eGs9Se/GS4Ai9L1AH0FnAuYvNupiFg7Ng4CNsJYCA4Qd/0DAEW+Db94hLuZrNauw4+NesJb0kP5C0kV6E8kh0q0kw/basflfY7gQviUjJDtLxsho3rEExj9WiVe4) format('woff');
+	font-display: fallback;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-weight: normal;
+	font-style: normal;
+	src: url(data:font/woff;base64,d09GRgABAAAAAPjgABIAAAABnwwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABlAAAABwAAAAcXcVGfkdERUYAAAGwAAAAHgAAACAD3gADR1BPUwAAAdAAAAAgAAAAIGyRdI9HU1VCAAAB8AAAAb8AAAKKSI+4209TLzIAAAOwAAAAXwAAAGChNp7WY21hcAAABBAAAAMiAAAEfs0qHI1jdnQgAAAHNAAAAEQAAABECwcOSmZwZ20AAAd4AAABsQAAAmUPtC+nZ2FzcAAACSwAAAAIAAAACAAAABBnbHlmAAAJNAAAz9oAAVocaDlL+GhlYWQAANkQAAAAMwAAADb6fLBQaGhlYQAA2UQAAAAhAAAAJA3MCX1obXR4AADZaAAABzkAAA6881I+gmxvY2EAAOCkAAAHMwAAB2R3/NCSbWF4cAAA59gAAAAgAAAAIATnAq1uYW1lAADn+AAAAPUAAAG+JThAUXBvc3QAAOjwAAAPFgAAH3APmSRLcHJlcAAA+AgAAADYAAABfMhgFiwAAAABAAAAAMmJbzEAAAAAyTUxiwAAAADLBqXBeNpjYGRgYOADYgkGEGBiAPKZNwBJFjCPAQAL8QDlAAAAAQAAAAoAHAAeAAFsYXRuAAgABAAAAAD//wAAAAAAAHjaXVJNaxNRFD1vTpM0g4tAkqqxFHFRsijFKmTZlRRSkkwRKV0FgtCiTBNlJkaEfmptq7b18wfEfqlV202LS3+DC7dSiiAiIhKki0J638uAKMOcc9+95368OwMFwMYVfIZyS34Z7YjByju5s0hfdvKCQLOJqKgUiDaEEEZEVFHjt43f+i9iu9fGSuh3y9VxXHIrV10MVrQ9dEPjiFdyfRQ973wfRgUvoCx4Eb6vo3dMxVa/iMF2Qcv00Kc2c9LWX9avxpZPz2GjA13oRi8y6McAChhGMdAOBTwa8IeAPwb8LeAfATcCPmyxSpgZlEpJrxhCfMt3fM9t7kg8hEF8wT4O8FWivUhwgpOc4jRnOMu7vMc53uc8F7jIB3zIR3zKZ3zOF5KbQA+WsYLHeILv0v0nfuE3Guq6qql5tav2rLI1YTWsP6INc0XqK8TRae6cgs2XXOM6N7jJV3zNN9ziqtlaXB4gKUrFOuuyW52/ZPaV0PbRTV1L8rfMPcNHno6J0tRFXKyk7PMkTuG0eM5IpX/0zU/6H1AF5QhnzBcL4YTU7sQ5pHlbZsjCYc1wjrck22FVMEdfMGsmyR4DxINgFwB42mNgZjnMOIGBlYGBdRarMQMDozyEZr7IkMb4kYOJiZuNjZmVhYmJ5QED03sHBoVoBgYGDSBmMHQMdmYACvz/yyb/T4ShhaOXKUKBgXE+SI7Fg3UbkFJgYAYA+tEQPgB42s3SXVBWRRzH8e+e/wPiSz0ogiZ13HNIrDQ1KUhEQCQUU8p84QEUtDDzNVSydEq0lMwUzUqbygbC0tIAx96zZvKipi6aqQvHxsE853DdNONVL885beA4TV10287s/vd/sTufnf0BwsC8EWVWrGbTqf4+ZiVMPcQOUhnBdtWiDqkO1aN+UZGVbRVYZ62vrW+sXuuKKBEZLHHJkb2yTzrkO/lBzsdaUzJsZZfYu+1fx87XQ3WmtrWrc/UUnacLdZEu1w26SW/VLfqYPq5POSlOhpPlaMd1cp1JTr1rualu3B3hjnFtd4I7x13urhz37WV+j4VRlIwiY9O0G1O76jam36zR/aavjOmCMXHNtMuY2qRTvjcmYnts7GJ7h91uTOh0PUprY5qsp+pp10zNxtRpTCf/Yaq7ahr+N1Njvwlj+iOKoiA6F/VEndHhqDqqivKj7PBI2BbuD1vCNWF9uCxMhAvD0uTl5E/JS8ne5MXkhWR3sqvvXF9rX0XfxODHYHyQE7iBE9hBVpAZpAfxIM3/2b/kX/TP+2f8036Xv8Sv9Gf7xf4Mv9DP8wd5jd4Kr8ZLeAu8Kq/My/Xi3rDeEzmb05pj22T7wJ/+z0aqNeSvoviXTmFd3Vn/ccfASSFGiknnINIYzBCGMozruJ446Qw3mc1gJJlkMYrR3MAYsk2qb8JmrEmOg0sONzOOXMZzC7dyGxOYyO1MYjJTuIOp5HEnd5FPAXczjUKmU8QMiimhlJmUMYty7qGC2cyhkrncyzzmU8V93M8CHmAhi1jMEqpJUEMtdSxlGfU0sJwVxt/KszzH87zIK7xBJ29yjLd5i+O8w0ne5RTv0U0XPZzmDB/wPh/yMR9xls/4nC9kJptoZCWrZRZP0EETa6WBLayRR9nDq7KOzdIkG1nF4/KwrJZH1FFZzzqeVK2c4FN28hAbZK0qkw2yivU8JeU8yNPs5ogaqTIlXwqkWEqkUKbziWziS1Uo86RWKmWuPCZbpIytUiSlUsEu9vEM+9nLAQ7yAm28zGHzwpd4naO8xhW1SNWxUVWrhKphm1qqatXiPwFf+f3NAAD+FAAABEgFtgCYAEsAZQB1AHkAgQCHAIsAkQCTAN0AqgBgAHcAewCDAIcAlACdAKYAqgCwALQAxACaAK4AqACWAKEAn3jaXVG7TltBEN0NDwOBxNggOdoUs5mQAu+FNkggri7CyHZjOULajVzkYlzAB1AgUYP2awZoKFOkTYOQCyQ+gU+IlJk1iaI0Ozuzc86ZM0vKkap3ab3nqXMWSOFug2abfiek2kWAB9L1jUZG2sEjLTYzeuW6fb+PwWY05U4aQHnPW8pDRtNOoBbtuX8yP4PhPv/LPAeDlmaanlpnIT2EwHwzbmnwNaNZd/1BX7E6XA0GhhTTVNz1x1TK/5bmXG0ZtjYzmndwISI/mAZoaq2NQNOfOqR6Po5iCXL5bKwNJqasP8lEcGEyXdVULTO+dnCf7Cw62KRKc+ABDrBVnoKH46MJhfQtiTJLQ4SD2CoxQsQkh0JOOXeyPylQPpKEMW+S0s64Ya2BceQ1MKjN0xy+zGZT21uHMH4RR/DdL8aSDj6yoTZGhNiOWApgApGQUVW+ocZzL4sBudT+MxAlYHn67V8nAq07NhEvZW2dY4wVgp7fNt/5ZcXdqlznRaG7d1U1VOmU5kMvZ9/jEU+PheGgseDN531/o0DtDYsbDZoDwZDejd7/0Vp1xFXeCx/ZbzWzsRYAAAAAAQAB//8AD3jarL0JfBRF9jje1d1zH5meM5N7MiQhBBIykxBCCCByiSiI4ZRFbgEP5BZZRMCAyCX3ISAiRoyI3ZMQEBHBCxGVRRRlUfl6O6vLeu2KkGl+71X1TAZkv//f//P/i5Ppqamprnr16t3vNcdzRzlONOuaOIEzcO25CEe4IkXURyNEgAuDPkpkY4nMnVFER1QWHYqOFCmCI6qYSBHXvjQsBaS8gBQ4KtwUy+bnxJbomi71nSh+y/HcpitfkaUwrpmzc8O4iAWGg5EaeTvnEIuInIKDNurSOUks0t4abDrOWKTY4Ub2EsXmiDY47RZ7kWJNjyoOuK3NLjkVI19ZySkWXnLKtsr2pRVl4ZDX49YHc/NdYSG46YFOXbtVlvVwngxPmvxor+7denfVrbv8GQfzqRXqeFlbZydYJ85HDDcKds4oFsn6EF2ncEbh4fa8QzHADfVsnYoB7qYQEW7cvhTvQuBVe7D1JNLnYOFEXVPsJ94R+wnvEQZY/gfukc5lk9u4iBdgGfH408LhcMQA94sYLVa4buSI12ArauCljMxWvrDCmaINbl9qeitfqFEn0q8ER1Y2fqWDr/Qmsw2+InJOiZx2RvG7o7Kfzc/ojkYMRnNRQzeDaALoOhQvtHqg1ePFVo8LWj0OxQKtVndUCZAiuUPawS6v/Tqd8xSZD3b55Nev8UJOczTwaQYX3Jf+1eNfuEmDyW+EC6+jwey1uHCoBpvHCh0c9K9E/7rxL/bx0T7wq1T6KxgzPT5ORnycTOzTkBXvmY3tQjcHL+AiHRJCISMzK7v4mv/kbmkI+vKAKwCvsEBfngB9BV34qoCvwiS7h/oDKRq4bCAprVlcQ4zq+e4kXX2vZmmNemrgowN2kpLu6imydwGpmU8a1X74mq/uWaAOJHvxBe0c/Cdwi64sFa16J5fDFXDtuNGcnFUip4cV0RKVW4ciWSICNyvTBGhcXCIbzyiBlKgccCiZpCgiWlqFQiElwxWN2Fyt4VLOcChtYANSU6JKCb63AWSSHIjFYhZgMYdYXJ5FwlIxKS/rUFEe9nh9hvwCKYsHvDZ4guWA2m6vT7IT0qG8LL9g0e1nh733zIlnFxx4vmz9lm1b+767f8H9H8wZPmXsBNL37LCH67fmlZADN+x5dNFuZ1OjrueiKot6a+jOuUMfVXzfnw8KG/qNKCSLHH9p3pC1pc+wthyn4yZe+VHfTneCs3Aezs/lcaXcZg17g0gOCo3RiA/xV0Ca4DJEG00pQcFWpJiM0cbMEnqZaQRKEaKUAlBNtjoUCU8QXOodShpc5sNlvkNpC5c5gItheJeskrPBJHj9rXyVStt8+ODLDKbCB04xFcKntJz8tviVK1NyRqySvrISYOUq65A48hVubzgkOYK5ehcJm8i13yC44LuJ69es3rp53fInHut7+65dt/edKxStbf6InF2/ZuWTm9et3Ly0b03NgAE1NX1F/qtvL5z7OnrhfH09qSEDd1+uQXpGDnz17Q+ffxW98Pnzzz37wvPPPENxZOqVH3Wnde9x2VwhV87N5yJ+hFcmwitoi0bMCKqwGYDSgQIlJyXaYMhB+tbGF5VzHEp7pGhwaXMobjy1gB4V8N4e0GOfWcgM5jtg6bJNkvMqZbczIvnSYPmyR5L9AJ5wUHI2cQabLy2/HXSjUKko5svjEDCQLqQizBtIsMBO4uCoIHYeMakLYXCZuqxxUHWrN17cefDRbWRjxxt9u3ssJUXfvDTrtw0f/3PPEwt+flK9ecqItgv6DFkw/q7Bw6aQuQvfnnDnmMmVG3Y/u/7ufX9R53R5dqz65Tr1s8jkER++OnPpFrK7x7AJ/Ome84bePP/2W0aP4oCbAN0lXSndzWZUVyO5RBbj9BaZikZakawiRcVzSLiB6iE+AL+1cakcRT4CnAGhafBHlRT2I4ezIqyHo+L0BfP5gU+s2fn46nXLdqzdwpcSE3l/71E19NtPaodX6slbbMxqGNMaH5OLj2kBBtcyZtjrlBy8IdjBWV7GV+9cu+WJNTuWrVuta3pRLVX/gH+ddh8iJ376jbzPxhzMzxftejdwOs5VoRPCQp5P5zJYSIFrcCZZUvRaEVmZpi66uEfeIf8idm+aQpapM6c0ZasHR5LJ6oaRpBeMMZH7SiwUX4czOJCTuRLZEFYI0BtdCFgy0hvObCqKEA4viYCkx1oim8/IfEgxwckSQxGTGb8zGaCb2YSXZs4EKMZWVB6QgFd7AlJQmki2LCNb1XHL+BWPkT1qzWPqYFLP1tFVvUju5S5wRqABMAfcKRPulInulA74sBlQVCcA2TJSZtgBgO/T84au6TfYmlLSxpSrFyeS0AjfOPX3aTBeDTnLd+WnApRzcTzgoVF84dYrHAFMSMfx49tfHvDUkB/I2U2bcC5UfuB+AXgUczABnAsIDtobXT3ID3omP7A3ba0VSWRgU3Vlpxu6V4ZvnHxjz5433tCrK1unG5j1OYqTXJiEiZsP1MXO41EHHj7hyo9iOzjXFs7H9eAiJjzQKdYoo30eK0w+lVG5FErlnEjl4Oz64d0J9EwxCUjaPSlwqecowXI4wyHEp2Aun3w94cJvF37/139+/M/uDbvq1q+v27WB/4w8RKapD6lr1Fr1MTIfro+qn5ECUgX/8tTzdO6HYO4nqFxVwEVEpDmEIrGlRBbPKIIvqlhRRBNRZDEwkQV4S1Aqq7ATwyGyaPlOo6fsQ3EZKbrUV3QunOEp3kPHHQeySx7wAD93qyYF+sRoJAVXbbLAqtNKZP0ZxZkSjTj1iF1OPyCa3omXekS0dAC+4uMANUilbJIa9Fabk5KmcDnpwjOKYyhgWwOEyRPwjCML5Ps7rnzojqfHDX3nwvv/2HpGPcL/tIosimx6/PaZSzv3n7r7dGSZ+tPf1GPGLXSOI2Fv0mGOBdwELpJHJVVLNJKKc5Qs0UazKS8VWJEZN6k1nW4ubJI954ykpMO87ek4WbsJJluIkxXzKPuFySokF2ir2alkZcO7JEXcnnTKbChjzpEcgWB5gp0YCroQjcp6sojHLQZy80fe+fEoMlcd+fia599e+9Co+ntrhv+w8KMftz0u16ufq/+ecbRqe0kpKSTmVRsX3/1gWa/7e9/2ev3ySJbR27jm1BdBlB2LAP6TdYdhX53cKIZ3ER7JJWcx8TaUVRVOjFJB1VUim87I1pBi9EZlIRQx0uNu1MOGmKg4aMINQa5iNMESHSgwaxvDS3IK4mQ54ETYEwS8APG9rCKoNxTxTfLZs0/GzvMBs7F9GzJgtfBZc+FGVSYDNpJvVzWO0s5OLexBJuBfGvdXxvMUEU6HDffAIUYbXSa/DfbAhSiTDlTsjOKF05HBJM+ub13aQQVOW7Fdth7RKY6MP+yydIRTrFJxMWmwggyoyXtE8RoAhe0pVFDyx3cqQizelp2BLXEEcg0FLhQEAbVEj5sL5tb2+tt4+XV16Z1PDq7gP47tz5s+7TtiUs+rv1ftaBeu20ZCmRX8ns3qTb5vjn2lqgD7mbCmEsArL9eKm8RF3LiqdIt25o3maESHF3prtNEecKO0YzfB8vIoHfABillCss+hZKFIA+cvH96zfCC/GAW7G5m4JCl6Ha4jkA6tnFWyMJ7t4AIhnwdwihfC2sEI5nIVbrYyRDY7mUn6kz5Tb7hl7A8Xrdb7Lrz51R8ffqX+p37A2pErt61ZPXzDMH4qeZE871rlV8+pb+258O7X6mUy6KW7IhMbnltd13chOzeAW0WwZ3qgwxFdnGYgPhHZUKIY8TQQxBChktFhEiQjhfdi9Qf4kbrMzbWXTuoyUeYBOVEspHDKBaoch1QaAMiI47VFcaeEQQUkG59DDuLZ08G1rkQJ0iYUkhFKciF+ZQFwoSBUCPJMo5F359ip9Nc2DYQgTmeRcvI16SaPCsfascNTd5WQB0JOsmADLOixB3548+1/LF4b2aB+9o/mXc9uXF+39bX1i0tmPblq9ur581aSmZeX37rv/idfObjrnshNg16e23T2vQMPLF7+4OiNvbs9wS8b8Uj3zo+NGD/7AQ7P5mRYN9JGH/DFSRpPsMOqLXhhjTOHIJAgT7oJ8cODkMinkEiFtaY6lGw4AVJIMcBhKEAtAKCtWKxAbbKlBpNd8NB1BxE/DJxT0lbNwYKdHkDxgnJYqdMVbBHmcK3F8Ek/mbvyt/XnH4hNnNFjwISf/m2xVjRNe+3rXY+vvWPz0IFr71y1VTj/NTFuVs8da65zr0oDIhS+fcj3Hzz+TN+He02KTDjAxXV1cRyV/yuSuC1Qmka7xnC9uBogOhqzlR3xK8X3J7YrgVZ+DQOeNTeZDQsvL1lCuTFPZY5auLcR6F4HTnaUNFq0O1Iy12hjtgHBZgLZGUUQtyaCgDYNWtRVYoiQuG9CICmcDTfuVJ0kl4jf4L17cVTm+gVkrrNwLjigiB4T8UwUjjb/Itj5TWPI+fXqCvXARpzjbHJU9AtfUdtBGpNkzFEUYnRmah/RrCH05MBrtrCzeaSwkxxdupRsXrqU0c2ke1WUm0g53iul+Wfh6C8bSS8yc70aGENxLf3KV0Il4Fo6l8/dx1EWoKTaonKrksYsDTAFJbL9jGJzRRske4a9qDHAdgQ0CQ/CxhtVWmvmkkhqVitUGwKSwjtRfXBGzC4TQk1JBeUzorMhn0OugGqoi+0gyAl2kkmCqI3Gj5TB1WJoSX/l/Vc/LOj30PgbFvQZ82jvRXP7bxi9RTO86CaOPfT8TVPG3jd42p2BDjM31kyfMXDClLzSy0uZNYaja5xzpZf+gK4R9Kau3EJODpcoxaYo7rc1rHQ0gnoUkqtLFD9cFZQoItLabvQsFYGkW8SsHB08UbmDQwkyM4hyA7wHO0jObiar6PIXFLcPV9ETVRwGqlZaKbskuX2lUt0R1CYj5/CmBIuQMPslOYNJaK0CIdGJS4f1FbBjVl4GsprXJ3jclMjwrYK5Iu9Bml3h0QdzOALt6QSBM+cMWU64j0n//UN3TBw8y2JsvX7Chud+PNJjT09/7R3T1qn/Us6rTXtJd1LywZdHflPXq1P48tdPOu19Bi1cy1cRkWw4v09tOLvyx4UTbxsy5j35Xe6K36u28UY+3rOPONa+pD73hXpSPTC4toasIgtUUkl07kaAI/ync+gOAVbaubZMapOFMCXujXojR4AS6ZHGp5SgAQ1ovBGgYYUVl4LUGxQCgisg5BfoDXz3VXxXuSnW1PgTOVsfCHoLdYcu9SCn1BJ+Mnlz8LxR05ld5DjwkcPAR+xACXO4uzQ5EaVjyk9ybNHGVB+9bSrKYAG6aSnAIFNDcopDccEmWdKicgblCqBu5UJDBkrKJiOipA8uZUulnCqB4AJomeOUdZXUyJgjUnFLlNxiMC/AmGOgnF0UkeNkGzAscfUycov6+wV1DylVGva/DJJzauN2+cglXdPeQwuf85sr1XNvfLp66ZpHH3586uK598Lc5wFdP0n5WbXGy1JA5hWpzItw8zFJPy2qpCL4UtwwPycVQziDhAdHdMp6SqmdrcIhnwGQgZMcQLUZhsx7jnT95Ns9ferqflajxPbH5jc2nVdfUZ/iP/uS1ByoWXOr+qoaVb9Qj1WsrySPwn4CfHVDAb5GTuI6atA12TToSjaYkZPOyAQgNTlQ31F0MDkXTk5CUS8OLpxFoCDM3oPHyREyiDyozlZX/XCStCchuOc3v+ua1MXqC+oGdcFaUkTySBbJRToFcxAuwhwsXO/4DERtBiLIdzqGVjoEjzUxGVQ/qWpqspiKQCdleqimkDHFk72OCyWxufzI2E6+Vte0US3cEPt2E6OP8fuauG7svi33NOroPY14T/N17gnqsHZDyzU3TNwObhaLboytYveCfddVUxr7gCbDptha9r3R5faLKMPi/TLiKBA3aYE4G5GoeVVywR0zNTtWRDT5ESO8kmLQIzKnoMzqrVTcLsBvK2iCgDay4ToowzYpVCEBQktAeQBv9pOh3/3jne5v7Vf/rX5IAiR102r1JfLzjJ+2q43qSv7c12TIvsEbatTX1G/VT9T3g+S1TbHKvHyyjMFRl033r6tGEQyMIsi6cKNgppAUWnbPApDkQ7LFgVIgwJRKKPF9Q/M+6o4AyHqBr69vVnVNsTX8fZf68nJsQGLfyHSqSweS9o1ad2B4AUbDly4x4vF6qmjjb6+MUueTidQW046L6HGOlhKFx8nZS2TdGcWYwkwyCm+h9n5ZzxiVgcp9MBjyo4IdvW8Ze1f9kcaRHT5yPzAVRh96+FR6fG5ilMKi/TWwEMNXA4AumcrAimCqrGRTRZtikBhgyvzG47FGfszbsR82AwSK+I9itc1v8m8+Gnv9KtzVxakwQliDgz4Oh4hAsVXQAdYYWgDsgdHhLFz6eksCnnpYBOdCrwkdy2ALJ3aQyG46ngs0PxfdM7phyPddOPkUEIlko9TA62woSssGJmWypUUES0olW1wAGACzCgRhiUGvRzpOOHLSSE6r9Xajal2qOox2XdPlviJslrB35+FLv+gcWz5sHhmfo64rneNADa42bYaW683Q5v3zDBXeDu82ALcYnx4ASYM8CecXAP/FHdYmd0TINPIG3ZOvNX9hdMC8OmWsmdbVaRd6X+ornviksfkolSvwXB++1nZji9tuxBbbTVqL7SYtyXaDW6/Zbjh9paaisfOZwyXbbuaRUaQHqSJj1G3qG0jSG2M//3rx919+jfHnyXiyVL1f3aE+pd5HlpEJ6sfqeyRE2pACUqq+R+eJeDmR0jon1z2Z2jmBgxrZGTUiB3UlqJ05hBTfDjNFO6UbsdVphkMhahQfOGMg6NcUR2SJc/lW6in12z2bv3zn8HFg2urgz/8VO8qfWvPU6pUUVuouCqsUoIK3cxEbwsoVh5W/hfQ5AFYOJnMhrJDeeR2gpggWmwkxDI6kGYDmssFkTChSXQM6NEITw38B35fvkxG/q19V/DcQfqcu765uIH356wGSwfEkwNEKessdGiYaGSYqHgClxUZBaUFQehNWO1soTstRBvFpBFwxGwAhdRIsglNsSG8M1NzeIoE4dLCSQDKMVxMbIerfyYrj6nb1ZLRx9/OvfKZrev+k+vmE2BR+VGwH/8uqVasfpmcGdUgeeE4rtO5Qt4oI0JZwql6RWRNAqPenJLx7OSnMlGAARrJPtErerCDCO0dSXG5qFAkyo4hXaiB2dw41NDhlV5JtBBTEAk1vprKJ3uPOIj5qswrmTB7+4cT6PdWr1rz7onrq7/vL9z2/ZFPH2qXfvqB+/5PaXLIrv+2C6f1GDyy76e2nnnt7wLp+M+7qN/q20oGHNhz9hK7HCbAfDrCn3lR9sk1BFpgzVX9G0QHZ01FzoU5Ac6EuYS5s0ZjQJu0U+6il9brsjRsvfaHLpuMfhLPsh/El0EgjKQgvvSYJyeZwXBACsioLDuqkhZ2lAqYJrdMpVC1EBpHgFIiNB+vffu2lt+vVD9SL8O88bxT2Nvfa/8abB4QDzbdeUr8kOYwGw3/i69TGCjzNjGuj7mJDGM2saF/lFC5++IBaeX0dKlCgbiQDOuW26kRu3R/7ebeuqfnWp7fsfErYg9yOwCnjDP1gTD/3OpM5ZClMh40Qoz0cDlMLKyyJwHkj7KSnwHlLZ5azo1d+akUtZ5xD9h+xQw+ZP3Lwtb/9swu26mSp2C67jygm7x862QhfPP3PU/CFRXY7GpxuyVXU4MK/Efib81jOY0E96IaVIMpyjbzJ6XJTJyvZz6O50K99jJvh7EQzIXJ+lHIsHuaFC7u0VeObCxZPANn0cNbTG79r700vJ/pG4mofcJV/26jO2a2e9ZQRb3v1SwTLnMNb9r8ozGme/8TrK98VaoG/nL7hLfcj25rDCCcjwH4D5dn5LSeaj3M/awnj1DzyC9FM+YWJsP+DJmIk36pVh8jd5L59ahX5/iiIvPfzzfzB2Cv8jbF+zSq/KDZP29+5VM4GucCQ2F8hTF0dhjPUoo+uDr0BFs/j4tkFbjfciwDKHiSLyOIDauoeEAjy+HPNC2LH+RL0WcHYXSltL47z77hOITABlkqpioFZZBUR8VXP7OQBNCAEPAMFY8whvNp8UciqFTdtrr08SZMN6tRD/BR65uBMMPHYEkVzhM4Sj9NoNFCfCoo0cPjin4RQ/MBponEdOa6eJwH1kP7SikuBlTC2DwjqZ8wngtvpe5oP1jFJjXBh9RBppvcF2ZwtBe5rKFE47b6GM3ALtAfhzfQOhcC5JEABHPEJGOI2El+AyrmBMNz8PEyiokl3fsUfera+Ur5ADOqOUnsMHigTKSWRseSzTepyNcIXCFuaJ/DRmI/Kjs3qm8KWK31gvj5OFkowigJf1LfEpE0DLFUUtjePObCII2SpeFZw6gOwL3kcTAcDUWxoTAGFgpxR+PQo2xbeQLelfSkpDwOx9ASL4acncqa1ve+GiN7q6bmv3F92BHnPyCs/Cu+Jw+E8t+IWcBEnYpEPtzvTHI3YeNx3c7SRz/WhOZw3JOzFaf6onOZQcgjdFYePclenMwoUjZL7NMRskxnVXylisPlQqXA6ZTcgYS76wTm3C5poTAryWxuyX+S2eRXUUhP3TkjBgiRrYYdqtOmM5F0Hpzy49IXwbUdHv/HK3IBx4NMPPv3S3nvHPKHUvfUiKSH9HPoeC+bWzG8b2nsk5t561027Nw8fWb95rMFwL5VbZOBhM/VukPuy0Q5K5RY7dRVZohEjrjkTLzKpO4KgkzKHrtntozK2S4oCQaLRACB1YzgK1Y6AQ1BlOg3Ufjtytkyf5GzUAwvWMQcSkm8DWsiZ+JBfEDS4kvz7cp3ROOPrT/7185m7lc7WYMmW+s0bNmyr36B3q4vnj9+lnlV/gX8f9R+4gs/77tj5U2c+eB1mPh32b5k4Iln3R0MuLsJsa9H9U67R/c0J3V/QFDnU970+QzFobpTdoO6fy00npn/3394uXLEwpEae3rH08fuevaBe5jOJi7TN9a3wZqqD3/mkam0lyQO4wlzECoCrE+A6lotYEa4OnJLXok0pEw8aA6YrhQrWILTKxhBa0FF5ozEXJRSkfgBpg06w0/gBqwSTBIh6AaKcXme3aZ4HkMV84RKCAnZBUI+eSQ1NKESn/3Tm/GybQaxb4jVN/+bjf+3Zsr5+8xP1a57gAySFtN3Z/xZy+I8f1z5L8ontgzMvvR+MHvuK09bhBJi6uDT00Em4BEscqqmWaKPbKKF53G1m3iGOqniyO4SxS6gh6P3UV6R4jFRboXDWS4qNooVFgi2wo/KAqqCbhc5Q8DszSQBFngoPojznCrBVEN2n7/8Us+le2q28MHTblF/V72S+evnCR7bx6cREOqo/fz7p6Nt91+UHSGsyZ9uzzA+Kjg67Pptzc6O5iItiOM5eMgGhDckS0DZdNMLzKIZo9l9PieyijngnhnOEIk4X9Y86QOBxUf+oCwUeL2KR2U5d5yhmGqirpaLcEdCEM1gDlYUy3yCjh8wsGtVj5HDiU6N1wrGbO1eTdcHa7HmP9V7QXCkco7a4AtUtlgKs2wAvuIF7m4u05mCaxSaQKXG+XfWAJaFICr02RhvLA61TAPLlIBVXpdHLKqRJ3Utk6xmloy/aUNTRagTxzUv5SRG8dXTIWWio03uioMQqWR5sUqphd3zQvdRXDd3zQLO7EVo6FlHnkZyF4rNc7WyS0lJyWxd3RRQslSjxKi8GupbHUWM0dk1zKvos+FQlKaYMeO/qlBE1fRjIQgOh4pJrwBN3+BSAAOutImiHRqdrwv1TRHL1FH/LywCOBQ/PaFPZreeguz95a3BPMvdERttPj5QWTe47/LXIq+qn6vcfR3dsWH7q+H2bjk19aPjCGb/+Z+ZDB8etSXMNKO88vE1w9z2Nr7snpQan9n7qiLHjoHZFG1Y1vbpj3bAR8+4e1vMeofP0WT/+/hDiiQx8vgecWS83pEUHNiG4nXBoTXTjTZQGMkripTRQ9jLRzuajdEXxctRqJ9sBzlT5dCL51+krW+henJ5LFKlBI6kzmkv3zTh+vO7BhS88CUSucFDH/ne8+rdYOf/m4kcOnaE2CZ7bCZOcoDsPclQKV6nRFGRLIOEogh223qE5dBQ98L4UmA++o1aUEreCcFdHW6E8vbNjm9adOrVu09Fep5taWd6hY8eKikvHxD6X0Y90ZbXqpve0cqloPTQjRvIADT3e11uiOPC+fjTtwDlRjHBPF9wT+YFRB/d0eBECvJkaqeO2HiEuwaMbLDnEa0rPG2+9qU796M4qIsVnpTa6Bw0Rmy871EN+Qw9tfky2wP3KhP1yoOxE98vK9ovIElN0GZNCo4AjvgmcYqKX9qT9QKmX2YXkXUZj0VAy5k21Bzl3XJ03T+9uPlYxvXosma22iy3j9feoE+L3JoPh3gKXwe6dMI8BCPDVYh6T6/TuP35kv9GfgPMd5GZpcqSUhnYgmHHEwFN0U7JBCvOCstWKDhaEgXjgA0EHag1Kmo8KGk7NK52HHhKeHdN0SRFR24UzaEZDuxMpKqdkc6jXiyZznO36EPlyfH9CwRZcXJJuLHl+MiH9jaUHZx98qe7+WU+sq7t/9tbVYp8NA4YfHDzu1Q8AL48vWhR5KbYV31/+KHY0sR89YH3uhA3JkrQ6xWFhlJVJD3RdIDpgaAv6jNEa4dYWY2WL4diuoTmpZe5XHxyYbPjA1LfehoOzZwdM8LZhdHZwag6egVkx/jUG5oT4G7cfOeIs2GthyAszsqXQuD2XFvuDCIz2Dy32B80jidgf4E5oPwJ85ZNjEqcT64VvSYr6y4W1X/91z+6nn37uuWeeruPzCKxQfV+9rP6mnn6M8C988Om506fOnkHZC+j9TAqvAHImaq8BlpoEsiyqCxA5NyFzeUJxwCFCmGGqQQ1wEdFBmStggsGGk85KBQlBNDskgUkIcQAmRC6vx0+SFmCQl/iM3erv+/s/mdhl3VK/8qmn1uzewKtufdmG4QPUM+qvTOwaNVitFqXvjn37znvnDp6gcgKspQLWgvIOyAkJUQeXkZB3gL9eI/KARib7QZPxUe+HwUVVEBR5zChFgsSDKzJIio6uCGWeBr3NrksWeSo0o2eLyFNRHhd5vphjSl1UZ7FN/+7DC3s2b6jbpNv6HBV5bKS4fsMf75KPxvV6lrQhppNnI6fzvn3nqzgeCwWwFgfXJW7JS+yIFRW+BHXBvWDkhae2A06xUqMsqrHJOKvZaiR5qctYveeumzr5epTVviL2OXH3DOuWlE+eijVq9iRhOty3FTeei3hoxIpZw1SjJa5tyD6QEL1UQsToFKdXi04B2XqfYEzxpOcih3ZKEb1DR73C6R4J+TCakDm9E2NxUc7VxeNurzEjIU+O25ryC4r5yX8/rDxX9cziWQ+0G7fy9aVfv//3B/vvq1m4fMpTmxd0FaoWP9FnSY++N7Tt0rG89+P3bq7ruaV18e2Dut3RpXLQPRSW2Vd+5HfregFPfZDJXooVg2/omqj8FdHR+CadCLIVT2k3MFfPGYoS6A/yxEMg5ZRQxEPDojwgfCG6CI4oqonIdAWPptVbXdS2gRJlCghlTPFzlXclYQ/KYgw/UKbM8ZPsbb1GkS7qayMHth2Ymj6pjfqacGxAz3+oC2Jzx062GebbJNKfX854zS6gI5ViHzirQ9lJpeqhoteOKzVgef5kwPJRo7QNDqythFI4NGUpKei3By3PjlZyvRYSdY1xK67r7doNlO3JuqWppvC+GW8fI3P592KVIBN8xHe7fGDtbYMPa7YPHuZmQduWhdo+eGpkaTGucJaEbcvl9YU7ONEgEPlxgN1omfluRB31mtgnNuvrHuXkFr49MH5qO9AHYcwM7jMukkEtyenAq3DgCDFJ1LqVyaxbfmrdQjHDCeQoi1m3XuN/8satWxnMuiUcOVjN/biTWbfSi+1y2hFFn/0HNW4JP3mocYs4GngiuIoOVi+5MIa26B0NBr3RBchBhBZDVwTaWj5x+4xpvKA3FGtWL2NaekbLZ83qJRFqSwVYZCCxpGo4Wr3SCJ7RCmr+ggsEjADEUW8Qgr69k6cYjZZS5/HGNzq6jWLw1T3qqTePu8qMrbNOHhH7qGPVATdX7ivnZ8aW7ZnZagP/6eUD/KKqUy/eGZsPMCyAfTHSfUm2e/H/d3avArJaXfQKCZCcl9VFZPUh9T31Hb6U96kjyK5YNHaSHFJ7wJhAm0U93MOD/jYbp8mqif0HCc1HHQs2akKVOeCsjoS1jy0X8YxGI3UlfOSn/i6j7fZvI2phr5cf7de3osfzN1UDbqw6c2f4d/6vl3NeekKqtR7ZymK5gU7eC/c2JXxkBtBVRDzbgunPdjFZkK61ivGDYyf572IR/i9ThcELFjQfXBCP5z6qawLcA83ZqIWr4lI8zDRGkBgC8vnPoHfTSaP1Ik4/VdG8mDUTivipsO5HLS2L4r8HUzT8cO6IRI+bbAIZ0EohUd6FlEtACj1AoN0GD8gXbq/PU4yN+dULZ3zS9O358zOnHv7bQ+SXFfyIUST0xJ5l+qPq2Y8LrAUfqx9PGMEv5+u3kJKJwzhCLqgOfi6VC31cQiQEJoEvJhKihk4urFAdRvH3ZgrHPrBejP/NxPXacb02WGgmtcVpyyaYryKckc0hJQ3WK4UiaQKuMA3WGxHSqBcyE5YOMng2rtdLkSqNphcoRgPzy5klXK+PLbeiPB/eCspD2nqRPbn1hj5TZtw39fxXB07PWvjgQ+8dPsCPmEAKpz3ghqWSgqP6ZXs3q++PvoNfMWyiemrz8zyLg+IHiIVCDaz4VQ4DUzhHOEy3zBhq8JhSjEWyO4zmRUW0hkLosKOWDiASP7702h+USLiLZWMxCjWi6w80HDhcfxz8Ifp6Z0oBREeDTgQK0GDAv2j/ltwOav+GvxH4Ksn+baiMQDNeSZVcg84guRhFEHUGo0O62g7O3IIgJgO2SnFGgcqIj/I/avQBFogReRPHPd5j6rDuY0o6PNxhwso+D/W5eXj78vn8gI33ZuRnpHer3HBfICcn9UaMu1OXkaXiSJoj15PD9DjhqvS4q8LbG6x6TB+heXFWzIuzx/Pi0HtlFK7S1zBMi4Rdm7pWhnvN6dzZEZ4UFj7u2qdb7yW9L/0mBi6zWPLDIEOco3EQIFGmEi3Dp9ErpaKVxmuLgrgV9wPaMZTagfwTtSSfizJcXyoik8+tBUL4UjGqUUJBQgLpC/R+OMYK52KicF552AOCgyZCMEsZ5jfl84fJ8iU3rywtrb13z84nn12xctLa2hNH+W9Ic5c9u4SAb3n49NkPT1St7aB/+/0cImm5Cqg/6I7DOZiq0ZN0EXhLiGYaotTeqNNzFhtFJ52J6UnsWBhCmIyF1pFUeixSMzF+JJUeDroeASlBNkZpom0+HVULPTM9WSSadRgu71BNguVhKUkmQsM6BikFPF3fe+ut/zl8uL56y6q580idOvyGvkL6ipLfzs8nnSPv1dTe8tfl6tn5n417tO0WwIG5RC/6xB2wBwXcNA6twNkw27wSRTSyMHb/GcwmwzQyDJeyOKMYva5k+EG69RBfOopouVIDr3fQWGOLs8FgsqXQ4LdsJ/SxO9xe/CJPajDZWHfR2cDxeiOTiyt8uIYKnwGwxuAzFKBMZyioyC8vq/AlyftzRy6ZuHD+hKV3Lu7bd9GIpRPmLx63ZERt374V22bM2L5j2oxtYo8RtTfdVDvisamzFt0FX/WG60fv/uuDd39z/44np07buQvlO9gzjG3wcjM4ajiO+10aHZKdg70yhRWHCSl0o9tDG3RhxQ0NhhCV9OxnZGeIZk0B1bbZca9sGHCkD0XsNhrc74BP7hCV8jD+kfluPJrvxkV9N7hPzNIGjAX/ZUfIbDJ3rzqK6NXXSbX6+i71DdIZXpyuKVbIf9yszq+fr/5GrPBG4xeT6LYB8E/LHEX2gtqWnr5p7g4MsvATSsNXrCD+5t/FZsHYfBH3/cpFYYM+kyvlqrlHuEh76hGGpWaDjIpWxS4lcsoZ1OBCnqiSCzJ8yKF0hGW19kTldiG5NShAPqoAdYXG3BCzThuk/aI1NTuvfQcMf5Q7OpX8IiDnrSUlI536jNszn3G2tI94MtqxXqmI49d4jfkkCxwzbtMzy6R+A7PAgP6UTbTw67m3vjZw8Yr290xfubj74Fv71px8c+STo8vHLOk3Y8bcLQc3DOy7+R8f/j33kWdLl659qcegynV57fr1Lu7Uqahs+LRbBy/Naz1l0JxlmQWLCtKrunWuqeix8e7hKwpvW7N8s9DzlknVrgFTbr+/0jWOwr5cZxcm6k7TGI9yjFWWPTSLNyyi0K9dxQM99Gk0/xDNBk4W6IF7kmREyku6JuXlefkVFfl55WReeV5eRUVeXrluallxcVmotDSkvVPb67grP+p7AN1MAYzuwM1j1jXFrdf8fBn6aGNZsRVjyMpM0cZga3oZRCmngimDDur1yYFpFXloSCsirNERpTucWiQ591vdYkYwr30Zi2ItY1GsraV9Rkcql98ety3olPMSgWQYvMqLwdxWfIXbKYZDrZzxiFVdst7mjdvI88e9TUa+g6/X1J1/O6nufH3SXtJuz17S5sW96sfyXvXMi8T92asPz+p0z4B5S+YvGjyv/fher/2NP0d/pu5850217m8nyfC3XlBPv7CXFMrxX576T+dZ4b1bdu9s91d3xs+A570ENz9VdwzOfDZmSVq1tPJIJo+pgDruL7BvbmDy+oSDw+ekiQLpLB4tRYpi7KgEIJOYtu9LeMjSpYjB6katn6I/p/jdaEZEjSkTrYeKQWBeMqvmJSvr0JWgkVhLRALFieURhEPUQdZryzMz142bWDStduHSv6SOWH7nlLn3Hx9z/13CZxMm6cWC2vCojpPmqJ1rRo+dMK6xVAQVnge5dqZQLxzm9JyNRpH7TMSgvQ0kg2ejl3V2ORk6U/2CZM/krelkY091p/pUb7IxccnkImIEucjH6bj2nCa3xjP/RBOLIxOpdAg4hq0il4gjw+y+oDRROLqUX/FY7GdSy/1/yr0Tr8LvdoDhW6+H4W0Zhrc1RiNti3FGbXOA+BaGGnM70C9yr4vv7QDfi0NyO4cSgk958CnvauwPtZOc+6zuDLGoNWNbchtKogrxHLTFNBE4AfSrDtL/1QEgUoCljbiCQlKE1P/FAZhGdHVPDLrlwu6TS+4ZMHrwXyb/P6J/bI0wd2HtgLlZ6kwyRt1OPru92803sFjHS3rQvfRrmb8a98MUxVeSv1qATdCLVr17/nzAq/nCCP4C7AHaIrux7FfFa0CrmOIwtFgipRZLpJRkiTQnLJFatGk8tP+a3Oj5+xYubBq4pmbhvukzbxswferA26eLaxc27VtUs6qmcdHAaVNvr5k6jeOuXOEmcgTzU535mOXqMAiTOS42g/rs+/IrQA5L5fpxWrqggSpeXm2WmDXoTmQNpl6dNZgW1z+uzRp0lVdcmzWoTwHeXfrjsIGBAV3LxvTsvmjTI2uHrd1LDvB9J347eHS/Dj165oeGTll4/4CNjz0zG89AgK+kcwty93A0gx1BJ+eWKAK8YdoGEp1WNNQ0Gzh3tkNOQ4+XZoJJg1nbqLZkM8JU83CqQi5joEZJIdlUMZQzK2WHpLhQffKhyItzp76oInLdpEHGbQJr557+bubsu8YOuLH7/R17dl0+8tFtA3vIB3Zv4qfO7bFz9d39e1T3KAoOb9dh9t0D7vKV7HyYxS4nxTG0pjm6YkscA9MYLCKNg1b0zLWEDK8cs8GB7hvI0vZTct5pu7ebeNbfRb7Bc8PhMmrDVN1iD9DNvQinFu+zLm6vMoWpYflaR5aRWeOT/M9xl5bidNEoT5SZrU7qXNBZ482EOXSZDcvRYsJCyRODPeU69fkn6x5NM0/5ZsNQsxntybFy9dIrH1Ir1rMjanaoR5gOMFVtFkeBHJbC9ULtSRH0mIlGow9sKNMbzUCRdCHq6zKfUUwSGo4bQdQ2ANPhStAsqMcwQIk6vmg2eYcw0lL8h5xh6t+/59tN+2h6l5pPTohOIqoXv9fLfwwQws5LNEeZ70eWCsP/3+coJ7vVNnXpyFKk+NPde/bszpKUCZenukkjXDlBQmTZoA7qTtOzsFBAWUBTmgxl08FGYwymKV4VxRXPi6sIa+hWkNeuqv9t/e8del9F4+YN4XbqEmPrDkXlUmR6wZLRk01wv358X/IFjXlL5a5OKXbRlGKcdV4ikbgf0a+q1Xs7LNFxTc3r+BvvGO5tdyf1O3YHfn8Y+D3KZ901uuXRR9HtmKJvicB1tkTgOv/X7On/UtSh++6Nm555fsOa5x68Y+KkESMm3TVCnPL0vqadu/YffOpB+G/urFks12gA8Ofdcf5cYSIVxEPy2NsAkq1+MZMMVXcTb+LyELmTjOypTkpXJ/VuueQoDbyZ43SndE2OAqEfvwioYD5I8UgL+wuZsf3wfTF8f077viv7/kv4npsh3Eq/T+M4fUB3HNpn/sHRXuc59vt7Y/uxfow6W6gRR4JO0Zqbw8npJZhwLueXNAY0jCqkwHOCNuDUjp8Lj1+DZGllL2rMYnlgWSWNrRiyYd2RLFACI/oUNO8j1bKDHgBKYsQTyKcGf0864Iy/Us6XIpwplVo5fWVd+IoupJqEkVzZeQ+zg/uojNxiXwgHuw3rMP6GRTePnlPtf+TBARvGVL351uFPyPDuFeFec6q65PWaNGxgydAZf8kOP7iuZvLNt3QcNzW//ZJRB8W6br279V7Sk8GU5jAZpgNfaYWw4G688hoZeJ32WVzt9dpJDRdMai9JtN/BiUnteYlxJnMVSe36RP9hXCW3gOOvqLBHC+AcpHAujClGaihz4ZYkGBcNcG20O6wYWmynKTHWREqMG+MpMNEznqFipR4JHuiQOZ4V46GHKUhasmLgJRCgOzx/UDgeO8Rnxr7ie8ScMfUrUkAOz0pkyrCMLH4fwm0e0OyTuhMw/3y6rgd5nsKT5iJQ+LTW4Lmfrvfa9llc1+u1k5orl5Pa8xL9J3NO2q4D4rSS9m/Lxlf/Stsb4LB1TmqfdaUNtl85Bu2TWtpJjfpyfBy+Ix2f9Z+s/o0MhDNQAvvSh8Z0+zDDjKbY2uJx6S5btJEjFoGZdTDW2EtthLKFBuDYmFnHZqFMGw06FmoWsKAPCMQktJYZND2QpRwYmH27PJ40VUgkF0v4x20p2UIi5DbyV8ycUufWH+bHxI59R+aqtfzSDfxGdalaj+lT/FLVzA/gu8WaNzC46bpSPCzV8HAtXS/NTaBwCDG4cXOu2z6LmK/XDnjemNRekmi/g9uS1J6XGGcy9xHAk8CpcYhWcRPQY84F5A/1EvQX1I4jo8mYUeoOMnKUul3dNZ6MFMPj1W1k7Fj4uGMsuVN9aiwZxfL+5l15XXdY9x84EekgS92reZ+zrsoWYDEI7jTqbqZO2TQWdOBGOEtOGvjTpBdsDqMvA8V3M0bYczAKOrmkSkwd2GfknGZvkHkdFZ2hMpElj/YpTMNgtimXw4eJlzzyOafkKKD5BKe2jX5g8hFMyPhh3fgH7ok0jue3Td79a+zEdPnXi/expIKRSwase0ddj6kZ41b03/IWuVu9tEV48Sb1veZTA2lugWMLwJLGnlPYd9T2qheF8bXts7iT12uHvZqX1J6X6D+Z2xSnPeJc2r+zNk4pxX3MZ5ij5TPcnJQXkpTI0Ch4WAqXLTmnQeFtoURWg4FlNQBtt9EsBhZYEsYcyqtzROo/Jn7iVU+pXxzY/eU7h995V9d0hTv58VcX1KPk1Kpd6x+jsuGVH8Wt+mzQStdoM8LCUEqGOSq3K8H4YyKX0mm0B0mwvUNpha5ML+Xu6HJ2+aINBlcW1j2Cw9mmhKYroerXqj3sux84DijnDWJuAdYxkts4G83ejABV77IkxQSnU3FhRK4EmJKBAm1qpdwOtH6XX/OZa/wIlPc/e6WpU5q0pDHngGz56efvf7FqaMf03rcun/Baw6G7u27t8/Ht980f1bP3zd0ena/+KEYiL297fMn0XjcGctpUhu/cNn7H8z23FJQ03Xx3r4Fza7pOLq8cXj5g0PnL/WAfaQywPgD72AP2Uc/duJLxtGvbZxVdt53UfJLUrvss0X7HK8ntpxPjTP4yeZzaRP9hv7NzCu16jAko5Mq4KtAOIgXIvXLDSjvYrfQQjWREwmmEj5WhRiFUYEdUAmWoHMhoZ7qNbfywTbQ8FVpf/H78DlNSOqDlBTALAwDb4JE2W2Dv2ksRe4ERZQs/HPJWlaiVR9zpuZVUG6L1VDilXQFsXHalHJIauNSsVlpQAU/lEXQzyXZM+02YZ1qimH00AiWTBJyBuCO+4Nqg5jwW7DnyonpgxuzHny7re2zMwmcKy5+/78j3sRuNpNMd22oGrx+vnp9325uLn35p791DV+/efnAXv5c3PPzAnGWk5KkGIwt6LiwfcufQUeq/P79bnRksWJcfiM6fXL/xzmHPbRlrMN57YevuOgr76aob44YB9r0Y3yW9WDvGvtK97cNwYR933fZZt163ndT8ntRO95z1n2ym7Vf+DodxLO3/q8Z3b6P9nwM+Gkpqn3Ulh/ZHfjyopR347rO0/Udoz6bj/6rx3f1UTp6KsU+gV2LdgSFaVizGl+WV0GB/UwmtOwAIkpGScEZgaRcsNZCbITkbBbPkwkpusleitri8bEASLwZ8CpIW0UgrWvgq8gt0QMQLKryUrDs9GB7FtQj3OVOJ4dMvxxkr31N/vik6YmTPrRMu9Du56Rn18u+fq9HdL+588anGreqL5Ny3RD9HPPPqE/fUdimdedPNj909e5U67Rv1O/UDYvv02f3Hj6ytZzClsWb0fN3Gzpe9BdZjKIwGsj378PrtswZft53UJI9Dx2ftd/yc3H46Mc7kdHZOJ3LNYqG4G64w+66UQ2uDwR53V8v+EsVlZwl44hkstGFO5zJAsPeG0MsWLzRxVb2NluuJwtHY3qoOZZ2qwmXV8Xd+xWOPqd93ru7aqbJbV/437YLOZfqVQ+IYcYnG2yfHeXs86s1vaeHtKS28PaWFt2MATUDap7OlCAnGrv8TYzc7uT8z9rjjCRGAMXY3Zex6TYEtwDC5LTNqZo6er/5yYcv9NdNGLthTTk7dPO3purW9pz79XJhFzPWb3a920x8YM9dz5q2LNhHu+Qn84vIzMSV87vSucWwvaEwO3buhbK/fuH77rKnXbSc1zqR2uqes/+QAa6exFbT/CDaOk+mfNG6PxgnnYqQWzWRLwwhhnh2wiCk7HipMjSzBuJFF4X0hambJ0LLbWsWNK1SYypAielMK1eGy0zBfwhrPl3C1xA2z6L2CoE+L3suRtOC9Or2xe/3kj3/6+cznD1pF45Z6UrJu2+5NsAgjpxaXDR/WX/1Q/TdC9KncW7qq5Ri/R+SPTx04nlgrhQFb6+R9SbqcvjGhUw3WdAzGx8Yk+NXgfyfrfhWJ/kO4oqT+3yT6D/la669210m6Q4n+w4UdjB+q3UVOHK71h3Z+FW2n9R2onJWvydZGOj7N/aB71YvtVQ/uev1Bjttzvf6k5sPk/qWJ/kP59Jb+uvNxHkGGkgHXHX8QdzTR/6mk8Qf9ysV1Od1Q2r9A6z803l+3QO+G9t7UfrBSsNL+mu7k1IOsFs/HOA24lwa/38iyXKibv+V459E4S1kKKxZTFIPmLLSKoMWGLofWFBXT4din02MfMVo9WNwUZDrZHoq4AjS5QQI1K0BTHgJobnM5FDfGnJZQNzWteKUTvDSS0M2SUfKyMDBT5/UkB2bmV2OcT3nYQ6uS/decFIvajRyp27r1vySm3H5T7YIDBxZczrsmNyWuz1LcbK3hpjMOS+C3YxJ8eLCZS9KjKxL9h3COpP7fJPoPuZzc353oP5RMIeWJ/ue1/thew/qr3bFmQKL/cH66Jl+MxhyaRP/h/AQu+zp6+qDk+STJEYMuJ3BTV037t9FwOUr707wR2r8vw+V3kvtXJPoPIVxLf7pe1n/I+8n9SxP9h/Ljkvqf1/rjerNZf7UKa27E+wurSAFtv2Y+wuM9WnA/m86/SJv/Bjo+5eWGemi/WWvPJku1Wjjf0ZoEPowucGoZGQJL3G10O5w080iMNhKOXlq8YVpiU9GZWKCR7KRGBAlIregOhSJOiXos0HYgsawNPaA/NTJcFX6guZWl8jCgbwKFJbQj+wCnaemMt9+ub1br4apZFUtXXIT/Vlw+iUU0xNJoNF6TkuaTZKE/GcvIyq4wRj+l0DA2Wg7URMuBJtcAzS6RM+mkM4BfiEaYdAZNvsvAKqCZGXiZifPPYEVm4eBSJ1xGJiu045aAsdBiUJlYpMSi2ULKafir5zq5J0HJvbWOHFW7tqSg7N1eJ56bf/Dg/DdqMA3lg9gIfvviRw5+FPtOPIfy5vNAiNZSewWz/9yhPk3tQo9D+wNUZvpVa3+Uyqfwib+ZnlPWf7D6Fu3/d5Rz6Tn9VWt/gfb/Dtpvp3jL+g9Rqf3wyrtoX6J4+6vWTuVfbrDaneyk564txefhpQzfyqF9AcXbfqzdwdpfhs2ZT/GcjT+U81O7Cs3pEPsk1z3h//fEDpYlw87+fOFpXZMjbvtqx1fR9p2gW9yjO+9gczBwt/B6usZR6nx+PD0L7TRZntr0MN+G749nhwzU2p/Sxq/CuifQv5idNW4pk4OhPZPyjVvpWVtV1JIbky724mwYe2pmFs94qV2bn6bFpKCjIeFRYqkwiTyYiJWcPamOIS8fVzcuEXup39RN5UNqVmwruThVncNdY5cs0fSUsfQ8Pw371NawB9r7a+1pZBlbg0YfS9hctX0aplaRIXQN/dna1O9bxtftj48vrCSZV55m9ILfkeivF1YWJc0nMT7SLzF2l9Z/t97t0MYH+tU91lHLC7xIa9V01qySRjFKE9O1AsIyCdFsRizISQ2Q6H3SytcY8XjZ6PGqANDl+XTU6mvI3FNPCm9U1/G1zacm8eHxQlas1945p9XOW0hzFfMbN8N8CoAuWIAyUD8Q9SuZ2O18eDvNpyTgyCBOwyE1iI11S/ucqruPnzdbyIn1G3n/ilhXvqYPl7BPTo/bJ0Em4lvoKqXDtzGZKL5vQLe7UjiVarj0XgKXelA+dRvbn8EtdDtpfOBTddcbnwzKZv0JtJ9Anwm0L6EjVX1Pa8yo82mNGT/qJPR8uePmMCCG6GyUxGi8aILfS8tmoDPP5MWEUprw4kdh2eOlOaQR3mqvZA5bAcMTrSygj6OR/8SpCJ6W2jOJykLlVA0hQadWgcb+5NF9Yzr0vn3S5OYjtAzNrev/R6i+NPT1d9NXux+cIp5QL25vPqedKepTHQF4c1c8Uxr9d66rUnb8WrAuLCFTy3LKZJmwmOWEIYiZWpaTR2oQ7QYHDQdy2ZnWBZOXqOHlz0lPiemXJ2U/mcsa7ztxbPnawRWduyzXcqAGDn31g+YVW+r9S9x7hDlaJlScvx+mdDikyUvHEvLGGEqHma472NkiDxymdDikyUtHk/p/k+g/xJ7cv8W+PYK4W/on6dgjhnPx2j7673TvAZ/MRg5JHdQ2OIE0syLVptVoxTNJbdKZwOhNVsroaSk3FlrkSYviAxEwTCLOxtMSbBwV2zSP5IyAqED1KivaT9NogWDOg+4zFijHLNJJ3hus9Ua12QoJK8DNg7V0mzBcsMca+ILYWf6WGDdhhPqS+mQjIb/fP2TIfX+oV/jzZCJZ7NP8Om6ylEzE8jYBcWaWejJeX96QLQ6HU9+G1ePH4gJyRlhxWKNyboiK7xgv2Rrkg5JQY5Hdh2stMifK8Gf7MaKBqukYu1sUwvBdLL+P9eyw/D410AiYe4vZpxju3tYZMTloxQFrvMqMw8fieKEL2lzlImeEy86rpEGFyfnv/8VSxyUn6uuYqW4q0f+w6L0unY48dPxCrMBI+o58asjQTRPVc/O6nFp6Xv1t76Znn978xDN164UiPueRh+evBiXfRNrOnnb/HPX3Lyeps4MF6wpyfpgxm5QS4+lzH5367KNPJm/ftStBfzQdq1yzrc+J0x+hgOLVIEbfPk3QN6whpPUHOjaPtY8C/lNA6dsgjc/863rjA31jOt/Cq8aH9iuzaH9a94f276DNZwDtT/O3aP/BbD7/4K7Xn9Rc+cf1+pOajVp/oDM8las7aPbIgng75odp/aGd++i64w+68vV1xx+0mY3vhPGHU/hUaON3pe3ZIHvs1vVyorWQjf8m6491gej4Fdr4n9LxMbfrY8qHhzA+PIa7qo5QCvcXrdZOUh2hRpvVTGxI8GmWQyKUA9TPhIfVfHUNwKTi9/DXCudaSio1lAj8ZSWHSAf1nXr1GKnE0kOqY0VsJL9zBfkpORctg9uu5delXD8XTdBy0Rr9aR6BxTD7aQwzTTvxnZHTacgyE89tPkpuMENNCjG6E/FRH6WPTtjnZ55KLVsNPSiCT4tjTvGwIF8/kn1FZ5SuzVejQrsW4ZkjlWOAejxrjbRTT+8b1Dlnchv17RUrtMy1K9yC3z5zz7c7yAh1Ac0MS/isShK+rDu4KXT/mN3rs4Q97I7fk/pTPtFR4xOrk/qPSfQf7E8evyLRfwi3LKn/N4n+Q5zJ/T9O9B/GbW3pT30grP+wYHL/Fl/cCO6LpP4t9rwRE7X+anesM5XoP5wPMDuf2l0cL/bR+mP7b7Sd1nGi43di5xOfFALtNAeOjj9c00uPxm1cyb4+OM//Q/tfYy8kNS9wSf3zEr7ByVd+pv1pXSE6TrVGR7rH24V76Th/YXTkezYO618a7w9ybI+W/lTP+Yumz5xP6p8YH87tP683Phm0OKEz8Of02ZwVc8lYvhr1FBDZxrySgPJ2FH6NHA1CxIQuVkstUfEChBJy16hxRUNuGj1M3EoW5dVmzX3wskYXXgf4+HQnuBzM78iKVxKgdeZBhmr0pWXZ4LDpw4rPFFWMOlZuVndGNoWoxcobiqTTamPp+JwCHS39r8Poi1wqkOOTd3Kw5AxGCbt8GHkksTzLlET8lBQsr2AlKFJIS4EOKlm93qv6zls+/3xn06AHvJ4JnccMIGnqP7Y39eymRpwTpgrv3dx52euRom435Ez66/oFzRUHXnQlZJhxIMt7QGe8Tctw9ce96NkoprDcbS+IKZrh15HGkrYzvMisMXzOIUV0Jjsz/GISCGd36BL15HN8XfjysM9OmLv82rJ7o8mNpGdDqFN6kz1z0cRR6jb1LVp679Jvv/7n36z0HoglH1tvnDDJ+8QLBbKqqtvVqVQ6OaO+D/y2iBbfO8Vsizq/+BO1aw/Q1pIWNyvmIB4EE/XxtbLvDs2IjfV9FJdw9Vpy0kDystM05LhvILEUz/UT6M8uDXdKa0zJnjOht5ZIv/2FF7c9+eILW5lbYEXKDWPv8219Mf+xl+L59KfPnTv9wSefsPpyeszhSOd6at6upPpyjVaPH73sVmOiDmJSpq6XJhHSJdFqc/5rq8154jNne3Cw/t23Dhyt79Qre589sGe9+oV6EebzYbz83NFDwoG3jF3uv8/bdMAfWwEw/wfJjucR6zaIv4AOcZP2PKZ0LY84rjUkzQoT/i0h9NB43TQTMDueQpyaTgvTyr4/z5No87wmg3hg30hKjrxiaaqpbN+UE2+TufyJWBVNJO4yx/LwFt/BV+3Ne9YOHHSY+SbRDjEkyQ4xSH0OyRi1ybkN9ZyDS+VaccWYDa1V3sDMP9DfMBZXr2dPDRBAjXNQNY5OXGJPBkAU36f3kLzCYjQhmyTZgpWwJExgN1mIJ4OifinJjz8ewNBS2BoWJiShTEUiDJZ3T35w7Lh5E3n3Xjm2ve4r8kvEX2Jvb2rfubK8W/dwuLuvdILvRM7u7uLHZY+OnzbzztqOlzHFdgoP2nen1e2XpJJDFdXVFZWdO3/grFrfxlH8VDt8jhb1W8B60+gztKq53iATsRpCzOoOAoQ9URksmGpnlcFg8Uq5PipXlSiFCIs+zOzup2Z3TNcPORLZP22lqNzWoQQstHoYPkdBciguJxZPV26C79PjnnkllM+iJTpKTQZ7SWGX7r3po7TaQquHPpLixh547IJYBp7zuBM1xcwo6wOQlapyGKptfmVydTH9/1Ze7L+FalK4BxDuI3l/4+zaUc/2rqj52/hTx6+tQDZ0zvjxf507YfycSZ0ry7rdAPtgLp7sJaJn18NacbKFD5blzC8K/6k6megYM332iDGzZ4ztWF3dEV4/O9o8kG1NndSD4ieN6aO87VHGO/l+cT+Tnsm8uzVbSK2mm76u6aZbtHa/ppse0nTTg1f5hSeDDtEig4MOoU+0J8ng0P5SXKauSpKpoV2TjbLVqiSZGtoXMhsQ1tVBW6OVK7mmqg7ltlgpOc5t/7fqOS0Vc5Lr5MB9/cJR0gP9RkIVjTG3imeFvfoAZ+eK6LOoTOFEmDlLTDXREGpWVF7ktKLyLMycFs3DovLEOn+Cr85777zZQ2sfvV0863v04cI2tQt9FYsWl111j3acbI3X46PPt2H3MCbdg7dqT2Ckdfmw5GTYY9AbsDifdfq0SQvvmN398eI63wS90d93+sIqf491QwofYvHy7eA+tboxLXkw5ii+kvNgDIk8GHx6A2nHDxXPLl0Kv82D367WfQNz7I1zxHJfER2N6NRxNHVcm6tCHLSsAUbkmhwsK5c+T4VVK7NSs5OZhuKHs3gMpg3Tw0PyJuoLbxo0fpR5ovnZx5Zv1X1T2jGt240PrdSeGbFTx2s1nHI5rW4Tq93ESldjwSZ8/TmmPFGmKVGkiebOTYH1tNPX0tjsbpwWki17aOB8IjLb0RKZLf1vkdn/7XF7ZMqccfQYPzARjvENSE51MjueM8dox5PGt3cn6GpPQZwWkCvYSzB1RCtMpRjcLChfMdkZRmMmsUULCUf4MVUH7p43uM8DPXqObFNxQ+eTqtprSXn3e7uOtN3rZPtvhDX/pPsMVtyVQ6+kYEY22WAU3Eaq0oEmF1+6z0FFFfq4TAdbusWn1aXGvUPSl7R9xTwSRGK0Tb+jePCtfXJK26eMtU0dWTSw/025obBdPDtnaV67vKou9K1zNchM38FcmmjuhovrQk+WOX6yQKOl0cPiGSzpL+taKsDSZ3qI8YAroM0uysYTzCyQuPqu1X3ZB/Oe70TE0vFpeCGe9bc/2NPT9Y32/h5KJ3xntrSZsY/48iuL/v/Bg/9G9mc+MH78Q/MYGjCuqu4ZM3PWnaMfYGgAzBNoXjNQhtin+gBGNF16h+mgMZt4Vt1A22ZdfoS1NfvFs1eI7jPUSC/TFHCOxIziAXW6fhUnYQyNQ5u+E63jmE6GtQHoIxJcUfogLFCqmYhvYEkxHcI5HncKCRZoDzmJGfN7Eq7OPMk6+NYbb+qiD4wzH1ieOxV2pqioEOF2+RuYV6O2f92xiqjsCMcJl4XtH9YSTaNPkLVopjb6rFoDNamxp0Bdp8RoXuLq8jcvZ4wtHdVxL+l2EC/KFL3VU723h7/t213pe5t32Nqr1B0qf2Ue9Qv8d9oAC9Ul7U+sqooRhqpfKjt0qKygdIGQZsBLh346q43KcorMWk4Rw0e6GERCrI59VUJRc3q59YDz3lLxbGafrwb6+v6zHyeQdJ1dWKRvhLm5QX+7k2bpZiWydFND8UeDaOm5iOHpadEGR7oHz2R6lD6wJJ09HyQFa95gkqeSjnW1UrMQhFiDIWK1uSv/RIjKO7CJJT+OiKSX5ReWVgTzy765IfuVwJzw/PhnTO8tKw6VlhanPrfYfWNDtah9To5nMSfiTcapOVc2QruW9+PUc3OofPEhCLsz9WZHPtd6Hu0X+wT7YbtuH7QXAB/dwCW+ob/5GhAqk37XlqvXvvs+/h3IJTwdL9Qj8Y02Xi39TWdi/vN4+jD+hizumvyb6JUf+bVonyFsBuPV91vWpjsEa2iVsGseprEjedd/pkHieRzxZxrQ4t5c3AaWeKZB4rkbuqbNl75iPn4Y+14qX9x1le9Nj7EMcdsD/Vzd4vunn4u0+POWuv7p3KDrVPZv9KfSB2/5bdc+s8OZVLgeCViDYEpNo24UfyrGoVidXIv2fJ1S/2g3/HO5f1CYL/7+y78vR/iZ16n4/4n6LmlP2pI2pFh9X31i/Xq2JnxOBqypbQLeUfq5OFFz/DTNv+Lo03kIlaGAjvDOJrVpiDfQWz2A9ZiFHc3Dlx1vHqmNgc+KgDHat/je6GeWp96HPtORPfPawhVqdTKIqDlL8NkqJiOni/tItCJDWN+CPcgKX32Ez5r7Ccuaj/HfbdqEZtLY2g0b4v4b3Xtwr1DimRBWWiO65OonEbFHELGHiBtAXTU4FBHNminJDxGnzxgRb6yPSbhGXfalL+IwmkjXE6b36AufR9D4+DJtLeZ4bW2DSC1PTAg2awmlBknhTewxPQIt22HCFQUKTCTg6Uu+UIuEE7ERo8i7arZQs4IH7W7VZj52PrZlU9yOTe9d0WKXo587U9hOhvVfpM/LzAUsvUuLrtLT+imZbr2tSA6GFa8Vy+80ijm0oU0Yn5VIxca2ybWg6RPNsjCwCmBiCIZCGESFT4mz+aNKO1xQTmY8s6+sC+AhxpiEMNSdByrtCZaztGdvFZFQ/orH909e0vz8jXt6PX+5dr0akwv3tJNVdY3y+TuplU2n+Hv8x8+//1In/j/bLy5rbHz04pN1amzhF188QsRn3jwrFH4Ye/7c6y99AOvW6rHDuqluwN0L+/wLrT/UX6sZQ5N+iTEcbkzTp6bY0H6ipNmw+mDCSuGnVgqsHWMIUYuQiT4xEUUcyU8dnQnLRBWWPEo83gXWh8mYucXk3r0nP0yvzzx9Un5cjb3Yrr6dfOVx4TT5Sg0cOi6Ma9761stwnf3M73NBrjz84O90rgNgrr/RZzQv0nDSEUb0x+g1WioqVXMNggYFDChuMcxusRiimJ+ueWShg4UWmLNgaV8P9fF7JM1xiHl0EaOdr0w8zcSJ1W1TpQadxZOuPQg1kM+XMzLj5rE6eTl9wDAQGXx8sWcAuWfjDjKGdEJKs30juTvWtP+5P366cOmFxk2zyMgTpAMZpT6jHjup1j2wqXYxufXzZsKrV2JfqA2PML31ujlV17Up/yvhaz2mBz2XrKS23XGZjO8Nv/KjsIS2r2Htb2tx1OjTpu3rWHsVa99Necz0BI8Zp76RiJWdSnnPTtp/fBWXiEs8Jo6gvk2teiH1bJqpZ9OUqAJZiIauIubNTGnxZoKu21bzX0b8GeirBbE4oqfpi5zi8NDSbXKh1GjQO1P9LVGGWMuOag5SXHXQnvWWHGmYM/23L+Y81cGaWrjAk1GTGSi+4bZhTlvVs7POXNizdvtzGzY9p57iA8RJCmtqRnTs/p8Z6k3TzLPTbhs8+DZ8wOuHH77+95RvjrXE/u7WZ4O0WMjVarG/PjON58oqodH1+VoKTRtW59JHi2G7mIeaFQSUDZiSHoTlB2nyTCRoQMQLZgHiFWFNVxct3Jli8lGmRp+h5qTZM276eEmtVEa+VnFaCxV36NjD1AACfpKVIBktCeseOfbtp3+ox8gc9eKFe3f0/8tTg59/4bBy/4gndm5dtX0bJmV/8Z+/7Vf/Hja2UVef+iI7P/YVv780b8O2bbtWrl06t3bPM0yHNQMM7GIfoKf4PAQtmzylhCYxp5xR7GksidmeopXw4FK04oNa0TneFSZ63hMsc1aY9/w00mXUFRb9Y496d/vyxm5FYp/YgR/uylq5gL/38um/qp/eNYrkT+MS+Qyj9M44jtGqhLkAcVATTOYWtGJOcr2lKF5kFDHMn6JhGMC2yeQQfBm5rdnzAhUbfZqSI5fWU7f5W2tGSSsrRPHfSuZwQKGTn1Y69cv3l894bdddrzzU5/4nbxs0+u5nP1DUn378Sv1pb2Ttzr1zV7z/KmlSiK7zrU+OXbipXdclXdr27957yh3Tf971g3rx4vuPP39w78P7+5afZTCm5xXOUx6uNBh/CIGZ156L7EkNmvGhpJbEQ0lZbWDZhaillRHC2MAC5DWZ+FyZAJIu9JB4nIoo0IciozHDHOdCHSrKr16qxx0Ie4I5Wq4wPVvD71s45u7/OTL6mXFdRy7sf4lUT1mnHl+7pqZu3NLPPviZFI5ZVGjJmD+idnugXW2bjP/D25vAN1ll/8PPfbI2SbMvTfd0pZQSmlBKgbLvIiIggwioiKzKIrKJlUFEQEBEFgERBbGDnY6TpGWxIoKKioiICAwiIjqoVZxRBzdoLu89594nSQGd+f/f9/P+/LXTpg/JXc4996zf79baFW+MGFPoX3PDizinGXSq6jkt+A+DsbcfSajjjIIWjmnrRmqkSBoSsqXpeX4nnGaBqmOHN4u3o4SdKQjlDFVYGhFC6CyXa325gLghybHOMV0uBzIlMzpOO/hjC/rDj/L3J+lnj3Wsql27ZH511dSVh/aQQ/d98Mb5j/UrFtQzS/Bs9ZhZ/fKz7r1t7bYtk9tXpuadTqz9iWEbNwc2ZobW/y/Yxpf7qcOiokeFOre/tpjZgXZms9yk2NA4GsiohTwifZcaI0pyBIQBDQVVAHSc1jwI4DBdn+Q8FWpBHPk+A6jWGT9dvHjp4qXvf9uuXveXbZu00bnyIuP6LVvWqUzkKbKETqaz6CQ6i6wmI+kHzG5mxu8K4oV2fC7beLcw/YFxIuxN0RoaRa2lNVZriZEibTKPXxNAoU/IdAjIo+3V/f6Uf3da1sTAc6tIpcrYdGnC3Qjcul3pEUpT92Z2ziWMuf7I1qs38/VzoN5PisXwHQZEwzcaMMEF6SwJec1Cboi57iB6iysziwOx4SByAUwrN0cHWIFMyginKcCrRwCHmsmpDpmBHqUdKnp2uW3u8HZksqNlbpqvTWX/IRmbhrqT0odTdfnWW3rnJS+ydXp4fZOpNGiYmzJgCKn//o77j0Z3Kveyui8b++yYLwEYr2bm2/E10yg4n0lBjFkmnQgbPBiolBDmlQ0t2M5uC1plXW7t6dQhVn342eoj5xqYgo30+Ffnv5NXyc10LVWfE7gb/GyWSsskJi+QgoWwgwWrNJT6owwvFLOFnMgh4IZVA3pXp7sx4kQoGKcZCh6cKczCyuCFScAmAIVJTrB221SEWtl2qFVJOUV+BAKyh3NbIEtoqjgKGFFxIlol32+OU8m+a4vBzgf6bCQMcHHMYlmgl+VivIed8umb/3xqWfWfZ/SUG4IPfzb/L3+viYSOB25fPPTxxe16bCrrPmPlO2+Tbcs/LDR1PTVzc8C0YuGgJ26fcc+CyOODxlTm2TOmjOi29q4+q9uWV3pz3on1e6lHsn0YjOvkZb9fRLzV0cI/QLYUdv9gxQho5LDaBtXnbn/Iifd/xImtFE6Jt1JAJFnLXtVaETJHncTplsNJTh4Uddl452RZOZtvnH6kDF0q70r1gOPB4oI2xUNP09xqVUP/no9HO/Uvty9MicpHm3qrGphIVDPZGYP41enSMF6Bg0WKalGfiE1JHLzXimCiChucjuP3omqCoTA9a0AuP4dBVLtCpQo3OoR2kDjCi5fEo4Su6svfnG66IjXWzdHrH9j17Ponnt/8FBtSFjEwHXCU/kp/oCdGV35ET8sHx33w6YmPjhyVYvfDVjbubOYVcmsxKTl2Q4D2MnErCngItQG8FlJN0KaYZPXgAXXYIjadu0IJJzUjc2mOcs0lBsnUZhDnrzdtblf28H2hmo4rn1uzkAlKux7BKXe+94asZ4e7nS9lRfDj84sfGZSTPXlE9/W3914TaOEvsOdTxe7dyeQhmWngPqKKmF3QXBg8RqhnUvSvgNt0ioUGzes0A7omhhA9NqAoFG10RcTlc9sQ20nporQWQopcHkT+Q3+NzDu/kRkNtTVbnv3rS90+fUc2yJ0f/wttfOaHh0k2ff3ogZ3E3PABr8W68pUKdK0D1hQH5cBBQTwOQcWd0CQBV4GC4QRA3ALZSRLQFmG9hQuEI0E2fWByK4q4zGZfI39HBx32j0nLndpmRw2XzHVnk3VVFntNjTxfYGhPx7PTX1QXKHqfqRGl9V3liaW/QThNiN7k4aR+Jkh9ax0VAjc7ZG2Gms0UQJBtLhYWbKvevOEvW9JzqvPSKW366mvyvTw8Gtr3xr8uP/zZkidOLKev048uCdx6zQAmcynsVpjOM/IhB2+n9gYiJhibzFkZXLFOPrZYIsYJdD2QpPdikh6KOyyiIMIFMU6Z3anhdH6upXAWMOBIWgsvxsTwhcNa7mEazapBGx7wzrRQ7J0naRSWbteMIwtvvZlMqF5b//GSX1/YRpvoRbm+7q0Hx/UbKBeTFtERMz97kM7Mle95ZS89fSlCLz+hpwXkYyPJfcF64Z2XT8+5D+++C+wADlIPZGerixRJkzgCiluYlOBDI++Nz8+LadwCQkbDrj+dxZ6SJZpA9ZB/JCqwDpXrD1i9HIlXIHGSD2oLehfnp5X2bTewc6tVpHM9Hbq3zeAuJSWdOs5Y0XEdXUedqp5kz12DjAtsxbdNoyvlO5uaaPoD/fULLLOeJQujE3itBNubxczeT4V6cbiqQ64gVEqEkgIRLcK6aqE6EAXIEmTWjsJAJGSIiQzoCTeCi0L1DYJGejgfkcnNEbHtNqTCQ3myx+TJw77zOyUIzcwa3JRt1fW7t+05lJpf3YUyu34b02Q/y0VyVvT0Gx8nazZcmmj56r05326n31+kF+j7VtiGJGBgljg3lWYPk/1CaYYUyYe5ZAfDBiOCm2DdrzeodOeJiBrkOazuGFNnhoWjxCKYtgqSHmF1PtTb2MM5uZyl2JsNKIlQ38z0nwGAYjNycrmvzPwYzK/FuBP5iZELg26QOlDi0J43o7xnbc+KOZNHT9wyadTkOeW9artVHNr5Sc+kbmd2HpLtmwjZsOnKM/v/sbKKlNODf17+j/1PEfUzT9LfnmmiJ3buJDz2mwT2HfSS8tiBNIl+FI8d4OtbeY9pRWIP9oxYffhYn5QQa5gRizWMLYw9r9mDr1fz2AREFdlZNrDnzzJ7GPANV0kRH3JVGSD1EEoLhkuT4JzWyaUWQK5gL7f1wwFAQMNczjdQiCzmyEURag0/g/fu8IdbexRy7lBpIJwJhJ4BrN0ozMVCznBya3a0jW4fXj0tjUCAllsC59xiiyRLmbwAShSzsFsImnYLC/J4gYvkYF4W1EP52KvlCrgccao9BZCNNAy5ffgoi7WRzFafpQef27n9AyK1XLlUTT+jUTrbasnL9razkKnE8Vv6rnmj7lRVFI4albvwkQ5H5GldWskT9yx84nl6mJ5c0LobfZZOIcMr5j3g8edakuSyFRvlY0S6Pc6POU/zBtPNnYRdo1NxJWESVKtOJO1APexwKmwLAM4pu5CjAw02W5CkYlLV42LTMKt0SKs4/4EVN47s0KZFalaLjsMevDsLCBY9JJeU39PGsljbfkvThVuiX8h+2EP7lQva2cizUCQ9weMrEHxMYSfFF+AXmBNMrAIwsVri3eVid5fdFWvsc3E3MpPtWSbHLoEQiy4PHtCpRYjFZec18Gm2sKWQDT/TjmGAUB6zeApgOtgVxbxMZl7oTMn2dAXB0Ad7hQWDcGDYDqYREWgKitPVttCnle2Pa05emvnOy2d66nuebnh7ce49M0fds3XyqJn3Tm261KU73o5Nl7//aufOr77/nuio46XtK6v27HngyRf/Rv/9CKW/g/v0j9/BcSrE/jW2dpruGMe9n0dHuKNgV3CuRAG2JjU5Bm6V6Q+l835gNXO5sbswDaqf0zFWmp4QKwV8gCwRFQ0nY4uhPZ2r0FQbv4l5OXbAnUHirTYYgEM+WNUu2oMsP3zmzb/f0a78trsnLFxOFyI/LB39WmTl3mPudY4Hpy388/Romibrqv4yqCrA+tgROE/ouf5Cc5jd2aP5jY11ZzYR/HAqOSS9urHeaHZjY6g6Bq9pTkW6ADNmuczJCmCl0aygQGJhqyBIwbYQMB3VENu1S/yWy5aqyFwy8LtInxfDn9P/ZMrHokUGYvxt68Etn9N6ulU+Q24nq4avGXzph3X0X/SL8rUV5BGlTl9ziPkS7ZT5Ncsf/U6sV+FUZ8+VoJ6TrjTqctk+p0q5Uj3n5IODmpYMYOkhLyyCClAIYBGgO9aYa0tSFiEPj0wap59O44V5Zi9CPwAif5epvyxARP6k1uaQbp8m7Mz+zRxy72MXUp1el+QoZtdoncvtdBRH2K8JfBzsNSDiqNPpXW6E3N+R5FR+VuD2c9OwfqZNaSV4C51lu8NnCwLNdRGx+QzIQ5GvhC0DXdp0Ky7v2U2ufkDuQL9jZs/LdHXF0EHLJvdS+xe9tWvfJ+Pklamdx18ie8nn0Sfo2Pc/0WTRvtGfL8+tWbb8sQcFl7RuKPINpzI1h4cB1skuOotCJFivsiZrkuHyBSZXxCTnFoQNKeRFk7DCMqENAEYfXMYGTmooha12jE8I4nfEZBLzseXHQZnkhbVz5Qr6Pb1Md0WrVP5Fb768//Q4pgSflKfwsUPf8Oply5dWif4JPMcO8N7sXAM2P8FWeyI8nZ2Pl51gG5rwNjjBzVudjeIEuxIbJ2LhJn4+f6Zq8sThUzVVy2mVOJh7dkQvkp8fan4m1efxTB4UZ3Ir6qRDbMyD8fW3Bb7WBHw9jcn8r7rR7PUPsedmhdQTz/BBuhBzi0apr8jj6HAPIhKCfUqGJNEYyKlSEgpjgcQ3yYsXslq4Usmxllyfjace2Zr/u4b6Q5qdl/6pSb/Uny4kVdfmyAU+VxX2gLqhfhszkGZRNYzZVI1biq21J+bHqWMahK01eHV2IRXILOo2x6QCFpon9tS+uESoRkcHfLH/x/vZFX6Z0n/v/Vvo9BGABCy89aW1H3+w+uG1j8+5On+fmGPHKitZMrM17I9jdwADOfqeZnVjWNIGAhGjWUF9gJ44TKjahLwkn1CYiSyc7gy8GXC4oOQQdD12yRG0XlRqrOVuU1oeTCVwXnkbPGHio5XN0zeeNsmrXt7apN9KcuWdtM7+/kaikr8kwUv/jDaSKrpQ9qgX/hi99doaAeCukSTtHjyfHcTKG81Bzgwd1uiDnBLcgij8Zg+6/A6FMKdOrUu28hQckjcHbbxzmY2OyPLQ6P69csU2ucPe6D558JvRhm3RV+Tv5beineQ3+VfULJ+PpsEX5KCZjJZpDrFRjeP4WpDAiaQqfQkmY2EqFI6DHVSEXNJ57A6xgprNSG2MWLE93wrthi2xeLKQ3yRGW5gAepbJHs5mhiEEJ9yeDDQFY7j8BdcCCqshOuHiApPT/46z4986dO7sx0cPn9u6dEpk5tC7Ly8+J13ZtWXXq/R92nil4+bWgXUrHn1s5epHJv850P++G248UP1EfYreW7/q8HlYYzyX2IulcPIlBblpx5ZNiba64wfLzQkjVQpdYshgY0eM8+VwzlYd/ik5gT6RCAY2cuhZs17VtuE5W1LTIc3OpmPndqrfvNRflX/wzOWymI4YregIpgvOcV0AOgXrJNpIET3X0iixOEYjjtGACpkTtav1gs2Sj0DsPDvyq9+IzpWffz86kqlW2OYOUStuMdi3VxrVp1CnruEnpc5ltJuR9ZrnjZPF4TCeUBQl3odzfzmM96Ge3Ydadh8m+9h9aNkXo6UKWax1Zksyuw+bMVJF2GtwH0bMyEJF6vXJZsFHxe9ClZFLSbIN68b4jUjgRmTnS2cg2sKcdh3Lbqoc1V5lr6H5WZWj1j/Un914fzop30p2Qz3F99RHe70k/07NSKzW5uq6DvF3E+qRh6RrajIUTBu0Uwri/X9K3QTw3oNOR86PEs75AQiqnPcDOKc8fq4F4z3NYbWNc04RzNeyXTXLioFYnraHmWZmfbqRjK+nJUMXv/jg1KGj7piyiN2ATftL/UPdqrLL37xSc1NmdfHdy5R+R6jTYONfiL9fXc8Ad8vuxLtFXO7//W4RFwq438ppaH63BJW7pXaLuFpQz3EfqoaN422UsX6CI07pPbFp0eRWFHD8A8GlTAogFhQo3mSVAEbU2oSpFM944GdjsK2mZv7KO8Mv1tSsfWvSkbOq6XKv6JG592eUy+9e6i+PLCvcy8+Ubi6uQZfma4BWIdEE/2DqesHmffW1GoSpD2f/X6vMHa5WSVlzvRr1zJ/inxfWGQOxVTdDCQZ+eFIwrnp+78MBgVxh1bVdMw6xDX1q5b41tVsTRiN2Q0YbyiNwN29OwJxVzKh6lcuIoJtq7t0aOQWoHLgKX/b66JtAz8DRN5nt5FBUuZ1cukg0xE6jv9E+NU07Xvz7oc+YHRV94vARsE4v379s+ZKH2DGB82pAfQfINkOEXnYGkVgbRQb4TxxSbHy8fNfIbVIjv7bZoGC5IJrssQj8W4fxGnTQ3JjRQXD//q0M8OdfdtTUvXNa9V0NU5Y4wlUrli+dFx0M1VpSzDZqwHHaAfeb39BiDetV9vj4HFeNzywWzYnUc4mD8olB+RC2zHewhmluI/HSHy7TN0gxueeV9+mPMJ5jBw+dXU08i+cjHxzTN0vZ/ZwK/h7PcQqcDqj2qXc6kmSOA4TWux0pdrSpMX4CB7uZ0Vi3JHGMHAfW7zuxhTHFBnAAsmAeb4esEwhKC1d0tuTwlfkKpNwcXWXthVOkYitdQ2u+2DSk9i5iIU59tFQ+7KY/nGYiOHtoiDacoUvoPRVrXTnER6zrzxN5AF/HKxd0gHMAlQv3i8wjeuZusZh4IYfTQSptyTplVbM4MjhfVTsmjsAUcngVsnjE4wXwHweU0WosFbycAbPLKqZAIoYYpipbeXu8GFLls5GE7C7bhbEecjPJYop5GP0r/YAeo3810s2y819fffPdt183fg+uCiknA+lUugXbB6eSW6KD5DNYFgkYu1AWeQTmym4Q9UC0SV2AtZ1ocSDUs8kq6RRjyo21yMz7BAMamGA5yDaGmMxqLI8D84Pw+gwTt0nZ5kEpSZBAsUJeEVh8PuKw+oJQKBckG7c8ybbGQZ6soSfpgkFk3pkvdu2V5wePbH7zGNOOY6Kb1R56RvY/pGDSqaHmtyfu02wmZ0O1PnYmc6TlCgOrEfmbIKmuiSUAUrBbMJSC8CTAX4WJUUwdM6MhVJBKmO3U+iBT45rWB8GMSF6/fxaYEeaQBngwmfUQ0u9jm6RnpgF+R4bKDOBas7iwDRRA1iST3aiUOpXnlXvUOjMRIIAcYBNS9IBsnWMmsz/6kmR+nEVfWLtqlc7U+c3J735OL33zFb1UU11LSum3A1bMlFeRCWR1oLLgyQ45vp8/GnoHvfQ1vULPkjGkB/2NfkcWkRldJjD9BHnzAZhrBoYfgXUCS4Ch9nCWqbHew70ijymGw2FhFronAEUcdsEhkQYWsprpb5+o30AiQuYdWfgx9DDLUo/1THxHmXKwKbavFlQEmMXs/HH72Bci58j6eVOXLzj3D6YrSknW4k30GPFufGheFX1b3Zd+N3mqI8nx0NQN1cteu/XmlQOGDeohuHyBByOh5lnmBn6s5tnzuzXPIXkNtav7Pt7UG+WjiC5ST8BcnwPiCdzfMjX3t5LYtWEK8FSrLSnub7nj/pa7sS5JC0FovfuP3K129mbuVq5WLhr26HqVXPzMlqj8HPNypJ+TV63cSb4h3qY+0Z8Rw9ygavcprYhhzmLeui/ez2p2H55V92a+Vq5g/pHMzT0sd8zDup5TpSbf0/Kd5I0N5MBO2o78sI9mbqBZclB2RL9TvqKH5eLocfjiNkFPdr7mq0ey0zRJRONVhsaIS+bCVG9I8rmYDBlEY7H2BMZsk0FqUtieJGOGJxkQl7AkgykttJiTmEaAOkyDPZyahiH2sB0wp11QIgi+FY/C+nLLgtlADBUjm1EkK6fnrleeWE0Prp9NyptufGhcx5qDr358+KH7f/rHd8H1w+4a9dqK2q3pLRcPePrR3RX6/KXj178o8LTG4N73jXO5Qrse+ijmRD8KPWm2tRbhR4U0OGgtUlhr0XsyKVrZQtB56kJIaJNOJd985GmVJhpS943221mhqr68W978yMNNI0UtyxitiflOX2Ef4YrKOM6XiY2rue8kN/edPP/NdwpVk1M7aaEsvU7Zm0W/lV3Rf0cP8p0kkvXKj6pz7DOszEPmEXl9EBhecf5ho5EzYkOHjgXZsJkAeWAXhDfDnJncHKs7fcaSXHnBdror7Y4Ns9rJ87TkS/Lvy7tVDXQTHf26mIvGz2TUyfwUUQtuCcZ4lZ0urKnCSJaL11QZMf2grxD4Zcy76MLXky0rVNvbQodIVnFeVjEpOrba2YGeX0bPlznVvaP9piwYNUs+drlBtbTDhmh/efejNzTNjq3nGOTs7RKLS/EMo4bZZAZu85hiPTlGj2Lz6PntrPNcbTfDAQ5Vy+Oqq6MbmZoqI4cu7yb/ovaE3FdCfQl8fl/2+Vhzrxb7iSpLa4rX3Hv+oOY+pFq/PboTkOlUu5v6KjW+M/EzhiifiXjXWsAmZZ9ZxHTkavzMDlJEG9ORwD6rCuBnaoWa1MbgUbSaGOFTUkJMMddWpJpEN1WrGh5/HKtRYtiyWMs0kuMgUaemt9bJdFEKs4hmC5kyBcMunnXHfKg2CPzxoUz2K1YCqtQQaPPHzCIvEqaA+lSZAwGAC2PHKoC45pDeBTsiG212uHiMVp4hTULsakEd2VbKZ9vjllxOCdJUBVBp4WEeFulMyqz500mWdGXzZZJJz9Ntv9LPXgrte3mXbN77d7pazv+NFDiBgNlDP/r+N3rKRfPIJw7S+uK+j+2qobYj0eWOj18j8wtFn4we536bwBBbpD6D8tVH8ZNM1/imcnPf1BP3kTyNdQadmt0dSZ7ruaZMznpXP12t7tvUR/UyvxXYZ2xiYyjBet1+ggtKUEDVWzXIc2I1xox48WEmXtsAxYtOUXiBaXKNVelaAL+0uVu6qfr0bdUTq6sn1k3f1iDXkk102r72PchxJu7f9+1YG9NX2qmJ50uZP4InN/NLm037j/1Spr/OV5MvtysTV72MuIy43ot1BqZTLEz2Yp93jV+qwvtfRZg0c+hQ6x8NgW2C2ajXI+DY7zinYkDVz2xX927qp9rFv6K/krlgRzA9l4G93864b6pYV+zU1aucxpiecXHf1HMd39TKxwWqUAo7E31TTo8HvqmwoopkNan47OTZT2h+NakgjgefoYfZGaUdNz5dvV3V0HT05VFD8GyCDp6L94mdWX+Kb+oIgprnYuMMxnw/UywmHteD5vhiAYUdoF6nXOsG8vEpNh7hW1h89ODxI8we9RL9A6vpBVUVE2Ta8emNL7y47OWRQ+Fmgl2VY/ZpUoJfahDDazY2R8L1FzIIwFeP4pcaRIUY90ttOB7F1qwmg8m208fobtL1keUL1tADMBJ6aGvtspGjbruFfWIF06FVzLZBnxSxRtTMeXfIPMxQn6T3OpKLeYVzGsSMgbnbDXloVGY6veKTqr2xvCPBnnK3gKwJOXh9k4gVlzNDGMtuIEjM/bicik7Lb3vpVQMzuYqsL24Z/5S/fNsgIhEDPUsv/SV/tSev4eUVtc+1W56aS0/TC/Q/9IToYbhyQRtkYwd/9L5m/mgzJMN0Y9wfNcX9Uc/V/qgl7o9a4v4oTOEPvFHwYiQsH5QLmTea0GTM1t7nbDryCSH0ymfHL5npOXLoyS2b1z65ZcuTcH/+8zI9Qi+x2XxEjL9Qu5x/7PTxUwAAg3PLZ0K8H+00ZzP/EyvfTM39Txf3Pz3N/E9Rrv2/+Z+cWo75n05I+eXkk47zF7+7g3xdTb+l51zESYz02I/kSPqWB9bVMjW4k/ZXqfeS+67HLbHrd7gi9FyPObFPx8nukyelSAFytkjCPfX9F0ThFv5QISIKw9zUeUzzJRUaFGi1QoRWKwSNksQhfaBrAAqNkgq5m5ZhqzNZEO1bCqe5OQJJgQ2qw3x/BDB8LVwlRxpeRacKpOGly29q26F8wQMP/41pyUS84aadm2q8S501qsGPPrLnGKIOK5wPKsQbJZ9zrI4fYrVVqhomz144ix4seTA1xgpI600WxFE0xSvhoduAOWkWXCQLuwCgYoRpBA9HUrHYoDTEJLwNaPRWXVtLCgUBsbI3aQZxXB68uaJ05b3baqxyUfR4Us1flj91/99+pT/KWcRBWmZ7VwSff3HF3h0dV1eQ3BguIGKJaAFLBLCC2WTGac6y3wf8Pq8Hx+YRz92IMs/sc213rKvMgIyxRTnKTrzuFDsd2kb02MYY1pt46YflBHZbuPnpNQl8Uq875qpnuAUQSMyex04jnq+HbH02hhaFcT/o4rFD9AZ6N6Utdvy1vWrSd8RVtfkrYemDIqcRVUP0Eu284WWmQ1GPa7ehT+qV7uKZBMzPY0tPKCWomAYqq3I7I1xg6n/L0Ctgq2lKhj5sdFUk5Oh9yhxsygRCteRSDZFOHaID6R3UID/3PXH+ecO36t60nBykHTewkYPJDtcQ2yeB683WvzHGRWJCuWzkchmMc5Qgtgz32aQenyTySpgUnDjVil0xW0Xdm62HURqYkBM3NcuJxy0VXItmphKmLDzxzLjneplxZiL2r6Yrq7ldcrmBLmY2CZEWXbmgW6U5KJVKC6SIHz67RRDasQF1DQHXc5AwL5QeUJoBRDM2BMgFjQgIUb5AIgU03ohK44ciOKctXNwK+YQi2TktsEbO4meCVQzHq17S2rPyFRqR7DhUGPYgyVhnDkamWwlXcn+e3x282S9bWiRd+eeGB3uXjOq0+oUjrywbVzPu8Vfef+HJTqNLej207p/sJjl/5Z7aIfpBL06+ItHzMiVDyJxBT2YV0ZP0Z3qMRgawXS4fQG4gbYiRtCjKenIQXUL/RlfQO0uCgdbk6ViNnBbstgyokVM6HMFww0ihWicYQCQbGLHseNnwtsRWWKaI4FB5K7BGDrvgiEMVlNzxHg1Et1Ll1v6c3Vrv6P94bYQklRj0f9tQ/cbpnVU+tcFZdxziAqNeLXue5JHjTVeeaLWb1JHBdB3VnScjRjpSg/QR1AceJndN6F+lAvurVWhEaOuALRQXRfI1FwUzVKx4UdgtAtvSjifPDheFFUtLrHBRiCIYk1IEk2oXWgLTIrzkQZTBxHIjHtKllmylow/KpfQXeplOqD2+b0fDxzvV49aQVPrlGvoZHfvBx+pxTcVLn3jsASk2j02aQtQP9ynzUMxQTRAdVF3iFOq9SVaEDBCqXszG899m4xLaDxWGNz4bcasJ6zBuTXu+rUaK0S5kB7OofdVKNFK1Z/nZs8vpAXqYGdV7mo4wdYG5MXa2fIh7KHqWOeabW50Y/U9WN9ZbHWnMOAllBsNWNfe9ee9DNtd12ci/hjYXFCAEIo5MpOuwix45B0AgZlQI9mUv2iopFeFka7MeKpEMyBcn7KrKNpXPBumATDKdtDm+s+/YZ/p9QZuy5NeilXqS9MvG19d/SvfTF/R0K6YEgmSgPPLJNgVQ6PZv+jkUuk0jQ6ODhD67ckGzid3Lvti8sWXTbUq0MsFaVmWnw7ztQeSlsgYU0EQftzV9WKam2Jow76zYvAFI0ZHFJpipzDu1IpQN5glPphpx3rEKrXZ511zgvLVRKoQoDfGlkOSzN29sF3js7uf/YpVTol8mvbitcvaYKdXf0otGeo4ZoMFvf4bLfFvNij073PnsNjf8isEczldxL+Zc0S9RY5RVF+S1W/Umgxpwb5ncmpK5b6I/Eda5uYOtg7AcsWJng0l0NnDMCGQuTiK+QgCPkCdslsfvop+v2bSW+Ul3kAGD22emdIWMnVwTHQZfqi5Hnhg7ZhuvhwbuQfS17VJnxfvF8aA9oGOmEQa0cEzG+JhcCWMCtie4QWAsKhyLijBHpDBXayBHD5OjtUemPzXjMFETS3H7nKR0cNFII/XAlzzznscmjRR1eKMxL54KdUoQpYxIRktQrAxE1pxmPXhtSUx1QiIPZZ9X4jm47DtEN6VbVO87IIwKnWJGkHG2ak60TMU2x1eOQOyc+GRQrkywzxHtZnncHvrFyo2r6RcNJIfeLq8lnWelmxy5vB6PLWUoOkj5UvUlZcP8PSZIwu/UOrGXxiuN4fooIumMMA8Nj7iyeVg1sXmI+FlqrBE8YR4u3gCUOA/mK8P+a5zYeihm4oive64DZqJiNx4T1NEHDpP3az6Yvn7K0dqj9KwsEdMCvSEb5JMc5gFG5UueR0bk3M7Gz+wWzUtsH7KkHOlNLg91FmydEgm6bHUM4zMrFbuoU3h6GZAdINpg8TaKJFdD5YDvNvCUlmQNkX3AtJ65r+H19d/9xl+1WkO2fSGLNWTeJ9URsy0Tq0JjP2HCKwuC4Vodgirg3Q906z4kXzfkQGjfHk7SI5Ioe7BeY3B5fWAo6GxhLY9gOzrL5Yhqkil7HLmq1rLAlgCYSEcScS7x37V2Fr1bvYyOmLVxbGDRS0tze959a1pN6m13dctevIHMY/8dePbxfjry70WLqE3bd9k22pEcnHpHQbS7vLfw9qm0XJNBK6Beia2fCbAv2f5nS7lST153G5ZS2O7r4Tz5BK2a90Q4xc251FLAuc9h4/fZgM7L6E7NgfHrbWGdQYxfJcavus7wTQtT2vSb8icaVv1EX/rT1H6lT9cuyukwdIBhg/GGwe0LF9eTfFJIBlVOvCmgJ3dMnEif07UZNJFOJ4P+1Cc9+rNsSO06mr6k2kP3A8A3P4cH2P7nMS/yP1Iki42/XjJb3JkgAFpebxXOZ/eQ2psFboIzh0mxGvttlN6UPH4a83jhcKYXa+w9omvbzRNcZt6pgkJy53efcnFg4pG9jz0cymBCUq+IDhMP6z7mfYeSmZAkWzOyuZAoP6GQZAKmPcBshTy2iDoHgerd9lABZn6SCpFrUrgr3izunqqZ/EBTQj4+pmWypY/Z/78nLrmOduU+W5J8sEY+SScwiRk1Z8PdJUu2P5bVe+LtKbXe0WO7+xZHFpe3p4NlAwgOXoCNTGzM2r5PbAKxmXBXi2hPeU+L2+9hbsPe3R2ig5jwlEOhLNcdDUx2YO3ncB8tIrkzQXeILBIQd9Wrci2w8nANFgTApvfqAD8itvweZflxzd3cU/fkQUGkRpsvqBoLIOLitXGYiLA2H1TM1Qug+r35M/+gjIZUP9OXhk/t1wYlblh/w0bDDUPLCxbXLPTn08OkAQQPcxljmNRt1pUOnEjvI4OG9U6P/irr07qMpC+RQXNaUCuTvbdJBdgCXehAdZn2qHSD9JoUaSfisBECRnQ/f6hXMNyJaf2uAYA9MyBBetinA4JTEhqAM69golbB6UCCTDWZIUvYiv3QPRAxt8JCXMi8pgbCN7InKkCvOF0IItI1Wa2yedJ9Rf427br26gdLpEWxaGUL5+aB1HTqx6SmO9CcAnI0wv8GMfDjbwMoG/aIJ7NVBXIdM9sCuNSRfNYKCcZ46Wa78gI/4ljGml+0Ot5pyms5NaL7qryd+LMO2ke6nPr6vR20Ky/vnPTKlGHb91bMLJ03cuHIhV0DbVKKW01tE9n/Wk3DIXqefvnYo3+69c45c3o/3WfQcz0nTpxYt3vxQwuS9I+tICYs/yzvdd996d3ntk3ruGTGMPN0w+A+nldXLt+dqk+JPPHB8SRNeZfygE5bWB3UaKp4LzOdp5qvGSj1hj0pVfKzuCc9/eH2SBGKPWq5/nAm2w1AeeuDu1HmbgyVWQFhE3ujKgM8bVvEfs4ORJKLMHPLNiTclz1RBvW6docHCeOSbV2NKovLm1ZQ3Kq0Q094SWMPd+xWAegu4cxc2JD2PdkWVFaESuMb0ho3BL3IXHudK81XJPiEPdkVYk/yRDltLOlbXlB4nQ3RuSD0rDPLuB1dCPsbM4NxN7x768nATc+ugbxw/5XDOz740Mjx825YPvzRbsGSlCL/+JIHlh/79cdzo+5tc8Otwx74e1Wha2h53cMjn3i26v4qlXrvnSNW1G7NyVtcbpk5Jq3t0im3WKYZbuqc/tjk3RX6Pu+u2a6SPS1blRZrNIUrHSkazWyMBQjsJbtW4NSKnkf2+wtX4aQBxsM1OGkepq0dJsRJcyTHkR5Sr0Z6SE1AeoDs71VIDwk4aQrSQwGHF78KJW1n8m9fnv8lualYdcx28bPPLl+DlFZIf6L/IjZiWkuJGvqYBE4F9KOb0AIcIuZgVZDFU5jecybjHJwiXi7xajxnANIcDjYHF0erANPPkRxDq8CcRywwJ0ICcjm36vMxXo6o4l8Si0ATT3pu6+ZthuhkebVly6ZNmzmoOH2fOaQcTXxWw6u7X1uxvfZvwt/X9MWeuDuEv+8MRoyiLQ5zZm4/NpnCTXfjd5uwUNjZ2hxy7Atr3b+FdPukiFbnwCuN/a8zXv0LgEZhs5qbr8m8bw4gcJk9ExNWkltPBvfNze69tePQKbe2vKm9v+PACrqbXeBNw95e+cRZWfva+m6OFc7xOy6fj/fwVaoHS252x3BscexfZoPFShSlLtcG8T2NWoQi7J5guzSS8Lmq3JfOjXXoPYPvyO9z29CSzIwCf4f0X79S940+TS+OnUWMpOyBeW0N8/VDRzadjfVU9IXeDzkX+zHHqE/GMKoqIf4l54nXx3KZps6krQL7rzVEKGIy3RoGnQ+B7ZbGOBJgJEXGflnEFL8WBrBNc8Fuye67UCFGbltUhFMsAOtj0iodfL8DCZivxGSC2IbES5O7kCrSg7RiLkQv+jL9hJ6kr9afPfXxmU/+8fE59dTQzwOdeuOQf4Zoca89Swb0L+8+emZuJTsQ48gSPBDP0akIHXiS3ZgAs19E/PTDbtFlR8a1uiwvvJy9c7NtkWn8rZsUDmr9PPVIK++B1Ukj1TMFv8BirVVbwk5OC+ZzhCz++lSzZFIXM0uzXoM/YVMC1EekYhAuS9QFtgSkdSeAI+qSbRi8TwUInWQbZ/TNs9VJTkMW17/smZwCZX3y4YZSwxppIISfJzmcdq5EEdqsEF7UMs1QTKzOB+e62QEqAVCH1NkPOtkhOlr/7qu2fu2mZL367ruvZk2Zzv6XLUkpWdTqnnta0Rn0OP2Qzmg1dWoReYy0vUiPFLUpGFZESi9eJP7C4cMK6THEVFitPqKuZ9JRIt0phez++kwOyNrCX68VoNWtY4V4KVYMAkAJtR/As1IQENLiwjln2tlvFldaNky0hS2SYsqFq1wLj+QXx3qjOTU5tkLrMJddiNQEfNpYDsBfNZMZn32g71zRvmvSu59/9l5S1/YVlUmHztdWLTV1Khuf8uiDtCm5MljWybS0Ss5vJNl57VsWVxTQT8410rP57UqK2+eRgvPhD7Na5vTP+vDv5I7OLbOzW2Ud5XpeN1/fUfJLvaShZKQUKQF9U8hjsC4Rg/XxGGxaINTNH+oaDLfVA5V7XUXbbvriUHtmQ+nZaaiE/PUtiQcFDkgve2OolxUB5YfYGiP9hsAV3a93UnGd1G8gs5yGcF8vj0nOMK7Rvq/a34garWvrUHumt6zhMv1vofbWcKX+t4YLq97Qsj8amRVQ166svaO4rhy+s6fqOnetZL92ge8R9qd4T0SovCLCXoafOldIdcyK6oLm/q6yduXtKzt36dq6dbxbMNwGgD2TVJYS2Lle2JXZj5kRLdsCM0Y4ZQg71q4sX2EH3GZLCTvzLZVwssJHH9Zksb3uZIv0HjgEdr2bPTToeuHldnhjXB1d9uF+52ZLHBQrU0bUGUSIziCOMmb5tZbL2mJlWRUh/9w4t3fx6E5rXvjwleF/rSz/66g9H76wutPtxb3nboT482c0OqFmwA1/mUKb6Bdyt/undZg2e9FAk23o43PGFfs73TYnKy9rZPseMiW3kFmDn8wqpqfgMNH67l0q+pKBpATi0sVZTw7GuPRyOqZFm5Ji8oxmf/r4KXmt8ubmFee1DVrpvr5FZU67LTW9X8+Krcrdq1XrtFJLqYs0kNwtRVqAXOUFoXAxhj2QyeTKBPZdXWoLlR7J+Dr5Qx2DYT8TsDaBurb+TuxV5gyWMwErbg8CdlMiKAt0VHdhAtbFGu7BfryRCViPG0HAenQFAevRlwnYjTzM6mPHdJAQMP/+JhSwjq1DwdahjkxQmYAFreH2IGA3v5GKAtbGWlfaJsgkKgDf2VN1FR1B3jrA9wj7U4KABSoi7GX4iV0EdaWBig5cwNqUBoLtKzp0bCZgXYpBUZhbJIGw9LBFdH4tCMmN9oi1IA1+ctkimXllmK4wt7Chz5BqqzNZXRCEQICZsBYKEMttka59b4R/0cke6h9HJuSQM1ZfAMSL03TzFi9B4Q2AC9fI1tWiNeNIQ+fZLSpu7XP/vaR03rTOU3uQkikz+txa0WJ251fe/+XzNaNHrjx3iYybMa3D9FkLB5qtQ1fOubt48ojZmXmZIFAZxENaZHuXBU+coKMHtSwgW0+cCC7zZrNb6Rtmqn3crRvJ1Wiyxk7NL86fk9cyb5yN7u/bor3TZvOm9e9ZsQXuoNGgm3RqKSB1lV6UIm1Agoq4ZvIIzZTLNVNGINTZH6pgmknbGGprDXc1N4bLO4K8dLv65nZZYrx9BUzpdBeX+A6Vpk2wbWfYE5etrlVJh0r4MdVe78stKqvgh70N24xW4rA7sguUw+5jzm7bzmxXgu0qrn/Mr59G8sXSSOAa63ILc/nXaELOr3uIJ5U+3Nvt4WDNuFV7PmKnelRJ7wc3/FO6Qj+n0ftrByQNrJ0Gx5r8qOo4KDvQUOor3eP38aMcSzKxo1xQwLNM/dl1mJhlWkbvatOm1E+e04xKS6sdz/6Px5K1GZptUjo7uSOF9Zn2e9kmiA6wHcjUYjimJVt0Xz4senEsB9WqWQ4qnMnkOZyR/cfZKGYJqpotSO3PhUV6U27D1ampwprjWlXHwZmBPaVZpXsCmZCmmvrX3JvJkuulqW6n6zRLlYmi3crsQfUXmkPsvh+h8LIxo8+CkA4W4CLH7lWQL4c/hmXPJQlKjOwWgWXvsNkjSRY1ntgki4BTCqkFqWFbe16QN/PjpgfKIfSRLVX9nfT9x3c1ff764k/0M2Ig8tSKGifdQZ+Vz3xGhu0e+uRAuo9+TT+mH3mi95N/kEcUrConYlWlgG+AGAQWU2PEbYExux1szBYs9LHYk4oToKy8iVpToW+GI+CM26/xkats10Gw4r1gELWRZhDb5Zu2tSl9fEL4r3/9a9mgiuoUSpvYkWfvnONZETx85pN3bKnRKWzUWTDmSVea1DM1WmZLSo5yjSOffXlUGl0+fhU6JnUnvsP0bA/ie3nWbuLrSc+9RzK70bM75+6UC2dsJ2OrZ24nlT3ovuoZ1XTzdvbtjR6kO/SYqlepajX1iIkKlA8qbWPEjClrM+yeCirjJZUOUoxOv9KCDrUzvFQEUmtoXh1q2Y7s1xb7gyWt2tFKbcs2wSL1r2VFrduUBtu3KAkEYA6/qs+rTmtOss8qxM/S6hvriNasZwdBD5gGsR5Oe7zZnUdd3BkkF0IDZjn3V9OcdWtvnnp/1aTicXMfH6punNuxw9SxWbZx7BqVCDmrPikf1pZJZuadhJL9AHJvihGlhA3sdjNAylEyaJCQEDAkOOoewta7nBBbYM4UOduj/Uimhmf/S7O7fa8BaV6r3dmuRf+uiM9/jn3GEeUzJH+9If4ZKub8ss9QYa2fCjgEJZU+/hnNrgdyTih69cn+Ldo57VZv2oBe7beAjOqlIrpft1+zSkqW0tjOlEs9mW9xh3QvmS0B9k0J26W2JfAZbVuy+7lNAE7WTcxXZFqkbyCSgvgBKVAd6ex1QyAQAOqASUHY3NBdgYhBpVAyRrR3joM/F/hDo4LhLPbnYYFIAWboCtLZn3OG3Ap/7uYPd2Cf2K0D/KFbe/aJlWyzpiAvTLJVGqTGkkao5UgP1KfxF4oQokJHiuu1VmkcUMlw1K3cQL2Tv5CDwFvM1wm1D9SX83/VMxAqt4aZxxXqHKhvw5+rDDBDItyLvTYkUD+YP3dHIDTYGr6Tvfu9/IV7reEB7IkRgfob+L+6NRC6wRoez54Yhy+Ep0InC2C2GQDZS6tjFoQtJQtuoHBpOXu5pAN7+d472cs3DRvVF16+YQB7+a5JmERzcDcjF+MSuua/qZr9Rpr/rd3v/6n5WyY+WKS5e/zIGdpBmk49BwY045r9NqDZb+RHzVj49SZNp17s1xuMB0ZN14lfyK9/8A9nGN9SfglqyKERE8aNLCkuLKWmERPHjYKfVKeVny5bbp04bmSrVkV+rfn1u0fBD5f11z5Gva9PGNGqVYs2XH7n66o0xyQdOyVQ25SPyE6dpbFSqNwfrlAj3Ikm+4QtVBnkLXNd/KHMEyF3IJznYuYshCRTXQBAHe4K2RhIj+cjxk8GNOSnIs1buFyD6MRIRtOJvVxhD7XH7L/b42LWg6NduUfHlracaeDCAtKuHNnVVMCWodXlapjrWO5h+1DuySRgbDjKyoH2o6DozAJz99dmheeMkZ9+0dZj3oAxtsHkTJltmdHWO+9OR7+sO9val5E9co+9PXqF51SMsRWOcPfIevh5c593up2Ry+7kT0Z3Txk+xnprF01J77fuGiMvv/QIvu1NWjV77JOH51kLh3t7ThnetHeM3Ov1Tr0Db5BPlxnhzcsw30MXavW60ZJTypGeVhir4Zue53pC2f6wV98Y8WbDmfRmAHhSQEkAimYWF88zKNyFGW6ks7awY5IcCBvcHOwOu1x0CF3pxORMTkUoHbGGMyAxDwV1emjYiZjtDrydgUCyTmsw2jmEA9SSWwjgCARVuQ6OJeAI8jAep1U6uMWg1qva7t698sCm5xxJTQcznjaMmjLxrqTNph07G7ZrdjYdnfX+EPVblz6PfkuqVPl//+VymW70PQNHjXp2zUqO271YY9eaJJuUBczLuBZYCi+yL9C+52Zr4UY0B3cqFIYElN42thZ1dpWk59CTvG0bWnzqUvXJ+mJOVe4Pp7p5q5sKKs7Q9XQINu9QBhb1akHmIkYrehdIIsX7geo0+iRrfCV0CetAVM2WIbTJIN98JLSgtuppffSlgZt0I+4fP9bwjCmy++UaZnVNWrJEVd3UB8rM5ec2T2gaoTWNGzrijs1rV2IsyS+wTqCeZkq8Lggt+Pokr1Uwa9cTCX7EIiF1o1Jy979WBrlEZdDv1dLEK4PAJSom/o01ZBit2Sf3pxfoD3RqzRkyb/fBk+px6xoa1kFV0If/gKog4n3kzxLPYasHaJ2Sndc22QS2KdY2mf6gCDYNTGGYgUOpBnLgBeeAGdgQoNUmAFrdou2c1zY5lIaHeDXQ1cX1UNZaSE+RrmdPfnZGlAM98iw9pt684KefFkTPb3x6W4168+XvsBxI9FXPxV75dKgjiDOxpCc31putWL9uhhLNjFi1qhU7KyFCo/FyjFYIbIYN0D+pgboe5qNKIuMH6XM9EEul2wU9K3Zda3VMgWnZQkLRamG5R0DRkKXETlwz7pkzdu24Jbur/zTgnnuWz3/93Xc0O08em3+w4pmh+9Ki++WjhhWDQ30jqx5XMPBnou1bJD0o9iC9Wel4gQCZ5Rj4KYiQiaDYIlgHheIQNEiRoUoQMnUVoVxbnVpnMXGkSYE1YoM5wY9MnTCzGdNx9WqD06XioTsFN5u5dDg7rAgENFpMtYlJwmUYWuzVd33x3o+/2zVj7MI+t0wOdzKZNtb4i+ZOWnD3ume2r5MB/X7diEH0BP0PfWnVpkEvpdw0eE0OrVTbvnrbtHlQzfjfTh5tOCQpvChqvfYLdi+VJ+6eFuq5tHGRa8aPIsPWeRJ7teDroPzM1uhkzU5SQjsAsY7oV9UsTXxvbP5Kuu57e/7gvUPkX9XQvUq60c5NmIOF86/H3uyhog9IJcZdLxGTOPIAMQX5frM/ZMIDY8S62ojRpPS3su/M8I2YkC3DBB1gFsXQtsUJuf0bVV2ik8l2OrxGXrpOfmoDlddFZ8tLOb6VqjvW6MfGIXMOVKZ6TIJwG86wrtk4PP9X47Bvlp+kTjKCVleT8/PJP5fT7fNpGjmPmBWS+jRbjzTQhs34kIB2xsGWJUWHhzElTkGkQOVJClReDB9PEBIha4gu2Yr3HOSqOAQKXAQpdixLULqL2yl9HAWQbmDaEHAGbAdV/aJ3jphLupJbIL4wpKr3vKVk/hXp57EjNDs3RJsM9G/0LXqAvuBKX19K6E9EbYpWKfXDBtUltq5pcCqb9TrDfJimr9el4Hx0pvh8PL83Hy+fD9KPWqw8HqZLtuO87Mm8wUMC5D9lXoABqblqdjGYFzyH7AF5IzUN7kisRPfPD1bdff+8RUsiO3r1V/d9nO4y0fP0FMSkOq3t8u7Jsx/YaD6fl8zsGMCbcSk9XCF7kFdQJEBFuf0hBzYy2z1KHbiCH4J4AnYgcwG+PbyKQWECjtQOtc5osjmvQZIKYu3YtWhS5OP6raOvhye1HYBHEjCl1HSxNgtr8q8Zs3ydMbv/Px3zVc3a0/ZvHc3btcsS27XpCDQUSqLH4OvKFak/7Q44WPYC8hbiM20mwzE31ZN2hz5u9vqX4nV9DGenOBFbClvZ4shN1tj1JeP1JerTsWTcwK6viBpqvzBTB2CbwDpap9Lpk2OmUHxWOoB7eepgtJ78Wrt1XLRxg2ZntFg+Hl0UvR0X/sCS6Bux/spKxC5oPialI5r78GZeR2OOw/xAdZvB/H80JqVrmsyPPDs03jdNh0PbpdI7LTjBmM7rxnUd9PPqlRVyXAXxYeFlrmY79uJjm5reJGgO+ceX24KuWFc+rEpVFXn6ULReHvMOHVDFrLto/jIy6hh5K7qo6YA8kh4hVZNxaURvcUesX+wRQ0PE2jUci/OqMkXR3mVxNIa1hkBAAIFDCFFlbz4a4mLDceXaCtmKzF5IzDtpJ/Lt6/T4gtmwJnNJ/8Mki+ZPjlLS8QwZOpctDL+LGrEmdLTo/LAFIwYVcoyxW8BsaG6AIsoh3AI2xQAVUIe6ZlCHfJAS7GMSmAsxuy3IhseXTYd3U82ZM/JaXLb3oz9sqFHf+1Qk8hSdIp/GZTvwaHS/+l7edwUcEsze9EKcDxpqQp5gxIpp9d8zNZmxnIJj9SimpgehDDww1hQPhlUkpefI6oy1p8QtTOYLMb8yPl7npm2ApadS6e3lLci0t2lPcuptWlW1jbdNRb++rTylfxuyiJZEl8nqSXScGjlLrJKkWYj3fTeBDWAUFbdqvOfF5SqAe66+SMMS4JWroNJSlPbHB2QlTfI6XL6D0QsbazQZG6L5ytqxk6jJUPrK1V9gn6vy+QbRS6/G4n1kOjYqDZoRo0FpbuWUb7/z+dBjLsvktMArMGxT7VmOJ++76CE4dao9im7aj7ppWKIeUOqNVeY4etHVasokOvkFDpgxprSEja3TJzYToS4AU65GJdds3VrTREUdMUJRQQ1xrLfnV+Q8uaPZeOTm4zHFIqeGpBgbisVz9dCwDdyk/99GhuAD66rXKfAD3EFECALUT9qpKCMDOVME6ASBjooIuiqTQaOslDlWmSNjZY6RD0dvaYzoUXj0upgVxkfBbTBcHYk00VBtVOLLs+HSF/G1YXLKezYHxjs2RUU1kBSwMSCjIXahijF4rh6D57+OAdZB1tAtMRyG5U09BRAD2oL6DMROni7G4BWYq+lMBRn92JGBRW5mtiguDW6XS82L4jglXoYFYyOpnG0KhuflqS59Km+ss3sBGNyYjCaUCzZMLzRpgjEobEHMUAkORWvPKhIgNzPziG6a9+h88sCXX7ecn1IT7cmW8k4T3U7foW/T6lIwB38kGp0mOl+TAd6EsAm129napgPOgjcRTyLNxOfFzEIN85gA4zTuc6az9U3nHV0pfC4pYi6CIsSekjAXq5E3y3qRUcrF5wV+qSo2u0CCMchToQKsYuoN3X8m2qP7Ft557z3fV9f26Ls9epZtT6GZnqRf0Yv0NLMGyZazH7hoEeJZYE1Mreac5rDUQmorbePdsNBGwqQhlAE7lKNOQIB2BXIgruGCuZXxAH5qIzSDw2yKvI2hIivWjaQwe7cdvMSMrnq9KtmCeUW/rV6rcaVhQQEzczNyYLoFOWy6ENyyhfKAqiacBsGegK3eINlTWkHUV+/CwjTI4DTDkc62QS6nvEAua2vnfA86hd+lELpvmN+KVTbgs1aRfqTD/JH+oSNoULrybbvWw0a+9fcd+x+7v/uIgZXtb4usGfcEfZduUcmjhoybMX7U6PHyITKHPJa7Kj26mX5G3zeMJ+nPXSQG+nPTDnpoWKZ7g3dsHvP2/cvpLT2kKxvC7x3EWpu31ceYL99SKpPWC/RTM5R8wkJmGkSJHhxCd7AQFhIh89vFAN+MPAdXzH4sxqA7Mq2Vw0sOyObqtWZbIaxeqa3OrcnH2iOvXRR6ZhbyiKzZFkqvCAXtdUaHtzWun/uq9bOL1J2SAOPQ+VjJmbCAOa1JPlbtYAnojF+/uO3G/HY3bVpVsy2/TLts+1Nrnpk8um2P7qWFw1c/fMe8tZ8/IM/r2aXnkMV9b5C9xEHauB9zHP3q/Q+TVGvO/W3/q+Gqo11TzUvNN7ZYRqtGbylrtXnKt1WIj8nsZMDHLAB8TLCH5XxRw9UdcVUKAFcF7eSFeAatdCHgZ0pGqauUiOOM7ZsGzrpr0Cj5FCAK1xuxfTOi0yNaAOBSJSegrHDNblX3p6Vbt9ay23fD5Sq4bZR7ly5WrcK+n/5SIpQL02vYR6qHq0V8tCfxo+v0GoP+f/jkItUEupndKOzmXd50DG4T1Z5r+FSJJFEnclYlAzYRUlXpg0iUJswOD8dIMppEPSK78k2CKZBnpduVO4Jw39deGOLQ+3o31tLB1VCH+Omdj+2Q775cT1PI1zHugp3M3hnF0TQ4FikzJJPNRikZsWSS1Zyl1QYWR8gSQEBZZrgZ8M4wsCVR7A9I5yGas1GQHIA5iYgxNvS2XOI+KfOVNZCF5NHdbBTF9HgtPUZKwPyWTzct6LiebiJj1welZuvgAEQCgecNJZnQg64sC9AnOhGLy8HRjg2BiBmzyWYTZJPNSjIcnXOgVlSWzH7tksVGGF+4ocROL1TTb4gzYQF3L6BryeQFMEY9k9HjaC91SoyOywpMqlWx1Lj3ZoTLS1tRoaAx65PMMX80KeYiJRE9+ZJ23EMmkyk7aEeyaCtzRGfTaXKT3BB9Ve4RHRBdj1bSwmgV+8xC5ruVo43UfAzy/7sxFJJVdOGrxEeyX6ELSfHa6l70MH1XLpU9dCTZFm2ko8FhAzgffla123Ed7hbYthoMiEXMmthmoBEpQmUqDhZjFtzZ5hhAknheHGgthySC1myFFNCWCMUuzDUfO9R+mi9/X1Oz9XI9P9gKqikcbjzbmvWIZzNGGZ/pqvGBZ6JinomRB9DE6Dz/bXTMpjQlafV/NLgi1SD6lNy7elN10xxVAzv7xxVUG1UD4N8ym3sCWzuPdIOkQN+GXH7OFp2SiPdqi8HeIioe03ZmNy/isKkQg0EKa13NCHlE+Q7XP81QcLdsuQ4OLje+BRbuJiZXbzC5ckP9vIA+gkoEYNBzahTiOgXKRjTTW2MISHVmo1XPozIQgLeqkDpENOrZrsJCShigwENievJqRCSOzCRQkeK4wW6IQ2KMyCToCVxai4mHQ8HUtAciLowBu5yQdncpDEixkfPFdXLaI4cdaY8cPKpgDGBfFhaA49ImcGex7wLHCU3O7JqaxRurHn2+tnb7gipaxtd19iwyktYkd5KPXOovD+9mo0fYOwlsKeiJ98DYzTGXxsjGrjFDb6k+CJx4IRsbOy61C4pjNDh2jRbGnpK46lDrrwmE7TaQXREPA+gcWHyEuNW4MPIoxu5JHDqyZrNVf2f29EXV1X+eNdv93G6+6A1aUkLPpNzKsahuS/31mxopAXcccbEUvwN7dTXmOOj/1TEag0AXg/Idg93GiWI0ZpsgJGeDyUsk8oQYDZHePHKWievkhrXshtg28rVwtEEunTMrJxAtE3GZ7go+lzHBRq/XmhEIShvH54rD7yiUDjAOox3tJba1ieOIM4riOELVtzfc9/ze7aeGb5rNLGxzr87bn6LjyIr9pf1pCdjVlVcuaLswuzpbKpRWSrxJHZpxMZHuYUY1iCU2COoy00AurcGwLhmIeZT+NI2rEfRJJj87tlT4W9jnBXIW7FC3pPKONY2EV2ooE1yEEHath3JsEZMTU6MWe9iD9K75OiiFkjm9a3mQGX8dSTnHseU965x+LltS5RTk+6xsueXKtFXO6TmaDHIj8ZAi0uLyJ2ai+eXud1fcd+Zh+hZ93vH40+RT1ZRDHx79XrW4X7tAp/HFpCXpQxfRlb3or/TfWcWbCjPJWDJgVhZJukx/QkzbKxfUZ9QjpCxm7y1X1oV56tBdEc4zNlsOA3RAkVDh9ZbDAn+DpfCJVtoWVy8FNorGlsEmlsGZxtsa2SPMNs673qJgEiyDKA3tSBxYmJfvQxEMelc4J7m0OZd2HfkhatLW/u3uZ8cMf2bqf+gFLf2ZvCJXLn/00afkr3oF/B3H5777Gf3l84lvvZHdck2Bj2Q2qRc+88I2jsdQye5GkI8cqUjaJUVSQVIzgki4k+qEA50K9T4oJIUgJNnpCUKSG1DSgWJVsuNCkhsI53IhgRoDSEmkceYmkJfihEXKVuQlCzOC9iK2TGn2iNNUyBYsbMmzKZLjTOVLlo1LVvg/yJEg3vsfJCn0bTWl9PT/IEmdNcy+mp5BRpDSmDiBPNHFKE8+5sFulyIZsI6pbB2Zt5WB65iB6ygSqYnriGzqSsPHVetogb8lrKFC55TCczq5QuZaXr2c4bR0GyxhAbrySNQaW7iC/0HWcOEK5D+UtsdfqH7t2B8LWzc13UCmZhHbZ1zirsOPhHwhujvsBeQA548gVgJ4PIhti9io5wWvxDYlpqPxMv2eLk0V9qRITSjpPa9OUgNcSELcg6v59DjNDwQ73OlgX2qRcSRk4JmB5qk95tIa3DwFpoolCkh5YoIvwPz6PMzw1chLD0cXpZKbyBhIeA1+sPcD6195h3770/LbBXHFUJm+Qo8wfbXNmbG+lCT/8HU0K7pNxHPUPoznxOYkx+fEpMWr5XMyNovlxOcEEcPEOVkE3XlsTrG0HptTEsxJ22xOajvnJS2McZhgXm8b+WIXLSdS05T3Fi25vfU9fRavf2Xv4JHM2bgka2mmmv6T/hRueqTTKm/BqXeOHUmhlYpvtFCzCm3GzRIn4gAuL7cgrk5BjCoDL/C9Lh+HDfg4HAl8HA5rnd1hu4aPg72GfBx2hY/DZk/g48B0lKg5ULmBptOMNJ02W4Rg/q0ZQwcvzrmapQNKk67D1MFtd4WtQ8QDFqtXIs5tJ8GDCiBdmByy+Pll70LUaL0Ao8OsixFh6CxAgapH9IM4Jhcfj4KzO31pjrwAaoSq6Y700etndZDna8kp8rOw1HfT9XTsPuV8ZGFe9baE/DdztUIGjHfWq5xSIkeChFx7IEsu3lnKo+SYq7RDR6MBIY6tBh4NlGzIYKGEo+OZbi8R4XL6Jb08+IEb5y0my2Nh88/o63S7I3NdKflFzoUAMZf5MZhLVcYpgsMwTosJxxmLD4txev5wnHwpDZzUVuItmLFxxnPWPGg8dvuRfY+MmjqualZ0kwDw/ZZepF90WFv51hHyKgSQeb7hJPqNt/zf5xs42wSEQ0Dorh/U53vN12/3qgObr5twILzeDf3EPyWMB6uzoeLL3AxF7PfTDP8HI8I0A4pddCMHTuMCJ0Ls3D9EP8cj3fhf/EOEkeC4jDZjjCEF/EOUfy1i5F/fQwT3K3gVT8rWrddhSgFuKvI6eIiS8BFL0EcccrWP+PuOYTI6hjhQf8w/NKsEpMvveIgJAxQe4trqtddi5gKaO7kzhpvL5EtXxNYuRbpT+Cq2YDMRU5oLUtxYZWUS1GiQjUiBTXM4kXa4TtbY7AiiYq8zGC1W7KghAK+i0uktDpHm9l1VjMn+8zBP4iCRyFE9OUp3r3x7c41ZT01LqVWv02l2Xu6v3skFUPXSI59c+lFjnb/P3zQ6hmuH2PMpUmUMTxZ9xdiYXThmi4D2hjFbUgS0N/T9o2JuBvHNh5YA811UkoIw3yCAzaC+S6bcDVDfQvk1h/u+jo2B/HDAUSXlCVuiAnuZkSsCMft6csy+r6WE5/OV56VJUmX8ecRu7MlxPP+Dz1+hzIZZgJ+3BP89e07LMSC3J3Bejla4PdnnW/H9OF6oScEFVa0wcZt85pULmuHILeIF9jKbAixmVPHQVb2D2IzJyNAUQyJKVQBbIUltFtAADuVkh7y2iMZoQ2uQOJCGCFI5uoqQkRNAO8p8MpQqlcWQaLMdVriKymeq/Tb628UvPp/x4aPkBjKVVtND0dqd73344W9W+WRvYiDmAZsLsul0+jTdSqfLT9Nfm0jyLzCPcWx+WvVIdiemwTwgSgrAANwK1iQ31ruI3QR5HGOsdMmV2ijIXmEeFlGvxPNqSeAYMIdSw+uVCI8awDz0iOyZxOfBK+XLEsBoOdt6+Tj5oqaueswLt9+6deJPxEOjH3/wn7oVixZtNJFTE997xVe0ukUO/YheZob+QWLa98y2FzZxecD9AHmQHxXysBr3D+cH8iAv5vLwjZRg0+YrNq00ifD9RpsWuZLPi/fZis8jVx0+/xZ//cp/8HnkWsDnv+Tvv4afPXi+nOkNL/RWpSjcdhYVpwqstxtSLMmIqofSocNVRXlwgelvBfSvsDqFYxQDFi7UedntYZMD/C2zUG/N+OyIDwBmTEhgl93/jk8nvf3uubPLyb+iA1WLqcx8qTx6mH5DkbpuwxOPPraCfLphGXUmHdv//td8zGnUqapmutgrDZciHkADkNmYk0ESTMzCteo9yQBabuBj1pwACnYcs1MDsArITSt7OASe3haWnEiTHTJUhJNNSvTIfdV4M2WXk+1/Ydqud7YcOPHuXHIgulTVnnZZ++V8+o9/f/MYvThs73Pbau4j9PF5VNbd9+6ST+m/evM9RF47bb3Ca0eGSfW4J4j/qRmj4H+SYaUJz+Mevi32dm/C88dieKGTKqU4fxvqmIB4/mhMJ+DznDdbmpQhNed7k33NOQbknObvB3+/3vvBc/B+afz9kH8Jx/uJkLnv8HnEwMbxNvHnH+fPIz8crseHYj38+DzinsJ6cNxTMuxvCc/j+38oxtMx4fljyvPSpF2Jz8+Ivf9IaUX8ecRU5u8/Us2fx/gqvv8J8f6T8HnExcfx/8zf3xO7a7FONgl4KJSSUAL9TxKG+WMZOnezPJkxgTkGCcqgAHbLFs1OkZ1T7kJVd3YXJkkdpJDaD1H6iBrTcmpMyxkUTpo6vUa6Nhd39WeEoLh1XbW69/Km44guL+4QrQHn+7HQKWmKfGnm4nwviXU4gM/76UyYL9v3rnjnPCut5rx/dCbU6bLXu+Gd89xMvp569vxBzU5rAfDtwfMqXidYyF5vq+7LXr8NX39O5jV5Ws7PJ9ng/rck1pjomWUsW4CB18QZeKGBz+4XPJ8W9LDDGpWCHA9HFRM7kOEiuUlES16jDSRIZ0OK6Z5ddBrpxH5/dT8mmfasl8dEX2Em3+b10Z6YYoIcE+dj4GNBW8Qsak1wLJIylqSrxiL917EUknH0a2Kn9SLVFCEp9HMyYQ8km8jPC5jVNJJso/4F1ICpJqb5F7KxlAseuO68Qgq5ZzXIr2bTx+pueGme0dsoyN8UdwGr3WycuRoiNHk+jmWfx26xjgQIsRaSPJL9Vg29i/5EL4Z2HjrV8OnrZNtH78vTLvU/fnTlI3LGg3Hc8XLENO6DdsVC4GHHeyNXmsFRtQGfMz0Zk018hD5PbIR5OMJUNsLUGFinKKACS5Q5OwiIlwVhOUTwA5xtE5jvUtiXDkEmdrHg6qKxF5+ME/2wIMKJF2CBf7kVUPr55FqSnFU1X46dW3Nk96xng9MbP28MEd/8FU999DpZeepTedrlXRfmTSFf0pSX3h88oubo+/Ti7Gmk9zKse7igXayFzqjW0gNSJJtX/GDjgjUQKcCOqAKT0rxbAvcjB5/JZbPKtWIUWwdlkVCJlCy4DiwcjKYo12aPaFXZvG43nJ5RgWj+0GxWUmCz79Bpna70DIXZC1r2gq1JmeLExGcLTek5ssMZ41HPnvHVkUnPdjHJ+up758yavP2dVxdsLtbf8PKCD76uXbZ265NrttLPZR+7e/033mKblkb2Xl7+3NJHlpAK+uo7B26bPv02UkQMJz58+f3crw4y2R/I1mCB5pDUUpovbAOLUjlTyO7Z7KwUKPjIBq+62B9KOwF9PSGTNaSFfABw4Ob5kWcvD5NSeVlAfRVr7oeWc+zoR3jOLIivmAAtIdvGm1QK7fWS1uloyZdB6QTWudQObkvEVqE1aUaSO3DUzw+f+CmyiYzRyvc8OHva9g9fffcDWT586uD+fcc3/nl8eLwm2HfQm39ZsStVH6RH182fu5gcpkVvvX30nXWrVq5+5J755b3Y3AexO/AAszfzpYdF/7ZZwaPKYXPPSEfe+AxjY12+W6VnirkAqjqRNzkbpq9luj8b552dzudtFe3chZAjNCGGpxROh2ZRE9BTZdi4VZpvr9PabdkIIZGjnFwxfcCK87Dd9hKcfLaKz10gmg265fkJu4/tu2ueJun0mepX3qSPWjUr1iyfSnw/3rD4RrW1RR4yVjkfmHSMiQDb83ffIDfeNXxF7da8HNTDA9m9dpTtdy7UIOI2ZzNxT/HzAGgeFKMLr5tvMRa0+QF4K5KBU81I4WTXEBSwevBIS2FvitJ3lG2LSNpcXq4Z39BMZnxzr/cquuOBd9JHPom++vzuN2q31p7//NTRw+e2LZ74xkRNsP/AN/+yfJdX761bQylcnWTTomWIcdcB+s0H0cVqq3qElAk5cFlQVUAgwW3kNBVeDI5HvJhw9Lp5klvEFOpMZuBeszE32eYHXjZOE+R2Ke5Pui2sAX6xBE5IsTUZRMxDcItB5HPQlkOvHT/00LRnqtfSQ+tmkopFszesU1v7b1y8s8KYv3TcJgyBlLy9onbwoN6ch1jnY3o1V2qQOBcr1Bfm+EMeDn5sDuBOpMaqqwS+Oqx1swBoUmtzSLdPE06HAGjWPqZp6/S6JEdxKMtal5GV7iiuy4TvEfZiQhiUvQbwKBkVUn2GTp+ZhRFQsjMpPf6biIjajKiqJUVK2bpECLZvxmKhSAjeXGeVYVgU9FagS2nXVu37l8v/njpj2vTth/e8+Q7tm1U8YMjDY3vJK1M7TyAyaSQvXT6ydC4/ofvfe++Aauv39CXa88NxPE7K9FMRs5UypAEiTmo0Qs8vh5GGKzpFhEsz/SE3hktDet6caRVcBsl6G9DCScyXFK5BQtzUGT9qOPLEAOr0CbOPV7+yd88heiAxhhqtXLqQubEd4XC9eUiujMdSr1xAjGNvrKMPB2wQGN8YA0xxxGKA3BOPl4m6m12ZygzAp0nWiRkQVWwGSujtmrWH3MKpmilswavfee2Nd6KFPDQYX+TX3j/0FgkqdbdsfaE2NCU2ZnsilQ6O2WOPsel4Y818vBzUFYsSxq55gWZh0tn41U7iF3rimGOLXkkwbjioehKs9r6Gw8B9BxFWts6LFCX21sEZPMYKfstGpr/SodYAso9hG7OWEBzECDywrlS1wgPLMx/mVAwhwt3sYfeUA2vvHU5mR0MGBPipI3p1agVCyzKrTgq7oBpfMnNcPn1FSC0olRA7xI1gMhjxCGZDdZULYeSq6sgt38z5bkj3ESf+xKysT4nxF1JP58tt6Xv0IH2FrpbPnCdDd5QWriloTQ/QL9h/b5CT64fRLTRMVgn+EnUI+UumCf4Sc6zw0sB8dAfyl9jj/CUJqoHdtBEbVlPY7LynAE9uRKX3cAwjhM6Vwg6kwZD+n+K+BDyqImv01r23by/p9JpOJ2Rtms5CSJp0k4QMm+wQkCXEGBMIJGwhEtnXiBgZjGwie4KAqBAxMk530iIu4y/ihg6jyCjD+CPDP24ZGcZRZ0YguXl1Tt1ewuT/3v++977v6RfSqT63btWpU1VnPyzwWMKKJj08U4OelXk4LzqtFWQ0cfz+10NOtJz/6rfvPP9ruZXIXbJ8Q77EO+kGz5q2qeiLTz66evTwjtFd35N0Zb+KP9E9gJV3MLpYE1FxGV2lbHjJoKuUNeSMZMVz2qo4I4F/BRTWQgOcSqk7BrEAaAEJOiXdsXdN4lDZvWb5tycu/ubd8+A31VmzpZ5w5CM5883zvzsrHEXfKTq+RrS73BccH6ubw7ylQqOz/+9GZ/8/HF2mUCa31K2+1PKbN988B45TXefoMSKSkUDeH77Nj2By5xI6vjJK32lAB/0IK7WKQTHopR0b308XncUuOeZfkNgHvLR9VrissR60G6oDt1nVOGI7pYcMuNtS+mEaaijHxDkwe7JfFDBOuE2vjmb39aD8gjysqOtNZTmTgB4wKxUjjAKbROWKJR+93hogmmuEv1C56KX525+68P7lT7/49oOXO977NebQ/JzsOPBmrCa+befz7z6xdsyg+uUP79nx+NbHd8w8cvd/gpxR3n1daARdBNnN9KfyKtX9IEuSDxRZ8ha2m6gsuQJkT/IXJkvS7YDwXZ+qTKrXg/pWMovkMT1q16dYy5fpW2k7915IFl6mXkXbB6LMu5ocQpsx5GP+EHUF05T280y3wHHqyaBboPI5tI8mdpSd7RTeifDlrJbLCq5X+NXE1ws8tCdEwLtC8LVkXhgedR3limz+kYKfoz3mO1dkNWcq5aM95jtXXBehj74Wgq8SOyP01ztD8FViSwT8hZC+e7/4VRBeHCltDMLT9j29wh8QryB8NvYfhj8QCa8pCsE3iZdD/duln0PwTeKhCPjqEHxzeDzCebUpBN8s7grjB/EP8OkMP3R+JVwWew7whOswRvl+HeqGSn4fob/XWEPvOyhej8DXmdD7DooHe4V/kt42vcE/KTZFwJeF4A9FwqulEPwh8WgEfNj+cFj8cwS8PgR/ONg/zn9iaP73ctlk3p10ovpKeS6N3PuHELWw/UG//xl0P8zeQL85o/iyH8X6wczeAO2nI+wT10LwVeKFCPvEzhB8lXguAt4dgq/o/jIMr7oStGeQio9D9hhxCdJXhkJ3Z0LwM5G+JijtLyL8LOw/DH9APIvwRTieMPwB0RfqvxDpMUOhuzdC/SchPU5Q2p8Jjx/pMUOhu9Ph8SM9TlDanwnjE+kxQ6G3NxR65NlzgNdQ3Tf43sfo8e9s/s0cx4uI3wEMj8IufK6eXhBfI35/VNpXIPxp+SjZiOvH4OcKG7D9MG2HGmFpUEsM26uZ7pfSC+iGFV0ymavaGFrvalzvYmW9z0Xoiq+F4KtUO8O6YhxPsbLelyPgLwThhf2qDSH4Vbgexcr6vdcr/AEFvgr7D8MfiITH9WPwTar6iPH8HIJv6gFfHYJvVq0Lw+P6FSvr904YP7h+HrY+gB9cvzOh9cOaXvgcrN95tn6GkO5dmoe66dHKuZ8VfJ8qHmuBMXvg6rre4Udzjb3Cj/59JPy1IHzkelD4nQp8j/Wg8O4QfAV3NAwP+4/1Tyr+wQXnL82TYkLwc1X1QfpQxYvfh/oP0ser0I70N1iBL1LymB8VC+H+5sp6nB+vwnuRngYr4y/B8Ryj61GI9FSmjP/TILxUj/gZy/DJ3QjCq/YjfsYxfK7jeoUfzZX3Cj/6tUj4a0F4Op45EfA7FXgYz+cR8O4QfAW3MQyP+BzH8NnNBfEj1SM+xyr4mRzEj2q/+EOo/7liW/D8F3H8EEMD4+/e24ttA9qrguc/xtwo8LSfQz1qLivw9L1HurtC/V8LwVeJrRH97wzBV4m1EeNxh+Arut+KsM1cCdlaKrbifOWrFA+fqM6b6P6JgX21Sx6PvG0JucyP4JdxAtcX8t1BYDf8ELCBcCQrICRwWjELKgoocQcl5Dtyuanp/+ezxeSy8CI+a/+3Z8MPFAsz8QGEV/8P4NUIT3GowFskoQB07t2dcq4wpfsifV7N9eGAm4fUHYKbxUpr3EqCFyhcBf+LQnHni/CTvW37NqznIJwhY6j8pYb875jUSW2A2QXTxUgJmCMGc075BMxIl2/BNGbxsdWD60e5TguXyol+nfwvJo/06A8igQJcuD/+M7+o9CfyaBSB/mh3dolXx49LPWXsU51HO0j6Q+w8+V/LgZZGyD+TOu6GReKMof7H9ehf1WO8vNI/Gl9U2H+BN9buTOPjDaddo+qz61RHY2/fqiSJzBeC9scHsD8j1OcRmIeRggTUrJmCeIBMglDL2ZDAXJwUlIBwLEJBGZ8uEj2ufKuXziqEJlI9eH198pDoEL5iLxHNCvlq1Z3jMIXGEeUNaNg4OBaFxvDnE5kjfzQdhyWMSkX9EI3iZRit3vw78PtTn1HRpwxxcwaHET2PDJoVWyH/cz07f+Llm3yAu0F3IhUybw9GvNMTXdgixXBRXB6L+VaiAamE7tfCmDztGi0EAkaZIETYx3v9GhNEy4VCAVWCV3DZXFantZ5Mzn07l8yRj9JfwjetyeRpeXZya8rtW6IUfNdB+i4bx8FjVlXo2VAH5VlZcgspz303l1TJT2Vlwb/wR+WJFHp5JqScSCYPyr9MPpEifyV/mnIiSd5M6nEex8hPfKXwZzqPHM6nxTydFMHKL6U2ZkBK4HS0kf0KTiAYPEql82PLFi9auaL2/uX89XUPPVi/pmET4q2p+8+qF7kf6DlmhnueM/MWPHfNIiSlUXPzuq9rh1BZXcfFcHGck3NTeW4c5RYxf22bA8xJg73+dE2Hb7inLVYI5qqxqDsoHTh4KMKq6QgkZMNH3xivP4FCekL1VaJiUMEDJgVVDNqbwfetH/3YD7Nd+pNjMNUvWJuG0I9DTP6RUGklpgMrrkA8druGt0HFFX9/qA4Um+Cwwx8jh5gt/sEezMGXbracSu7Xf2DekJHwlSUBMtFFmTjFMOUIYghdYswmZ1/JCgbPO75QtPmq3pvnkcFNx58+tO/Zx2bMCgRmzTggZO3t/JR8Qgbvf+6ZJ/c9u3X6rIr77quYNZ0vIQXQtPfZxhmsaYbIk3PfX/76mxtXW1sJ5RJO3C6BSnfkNDl3/crXX9/44oXnn/vVC8ePv8D+/tsV5W9cv81CCxmBfla64N+8T3WK3vwqpJ1ibhWfIrzBSZyDI/SoBVJR4V0Au0ATdJIXcfvlEbuWqItJ6Rr5KnGs4fUJ5MBY+Rn5aXa3TaN9JfXsy8d7lO7CfRHoq0BLCoiNTCMp8rVVUETydTKbVI6VFyXIixS6E4rQti4ivYnkDLxDpuwNv5OeKQLHgXOevE5o3Nm5DvDBzpx0vpA/onqP09KdNoqdpn6rGlVC0ZqQW6wuBkPfFbpCh1jw1vWr+WC2KjrUwtDymxw9VzOdDDlyRH77yOEtxZWVpaWVlcV0jd759opccP3zEy3HX2g9dhxz9PFF9Px7nWLehhYagWVLkbz+KDVmm+Iw6JbTgsMDHZj2M5+e4tyGMcoaLEitkbRZbVr0e9BCQhAYqUarBORGMWz6eDPz5ckDh0Cb0+bMcznyBhUYiJFI6hjStG3Dhl3yLSJJqjhjsjFKiJnPj+46v+qDD1adfXSSPj02J9aM6zeEL+C3qFq5JG4950twQ25t8Cy2qbGKjsXtN0rMxqD+zB8Xg4YFNMW8dWsVmmKMOT5rDvjNWjTgjG7yGzQ3OZ8hh7QbjBZryKISF+FRlRD0qGoj0XFKgpOwP72kTrfSC14dPqWGDN6eP/uBugWFk1OGOMjf5E0xw4fs8rW2FG3j6zb1TZtx35QysyaTHK35Wr+zfvuTKUgTmZQmnqE0Yafn02LF4qdRM/8Cv6RGk1mCmhUQl0JG/DgrPXtQwY95HqxKKTuOOUsnm9sFDRbXADcwplt2JIDW3IIhS76oULw+KyfjDSV57klLmZ9/XpQ7aMaO/TpN0rJ7Nuxt2dH8q82190yfW1Z6z1LhLFFx3cblluaWrCF7H3ri2CfL73tw1typFeWwXoWUvmAvSFTGVtTL6g7YeEGOTs22HXNsxeAFYLyIkxTypfLRHaRSNWplZecP/M8c1kjwUjztoXiyUR4xGypRo10uS4J841CALVhtJJZiBg2jTmsoIaqJfsyANr1VqT8SyziJDHNAa41PNaCDbVa82fISJ+lNqUqZlUH5Bax+PNoW70SPmxiIFVJBMFR5J95TVHh43YMH9vqOb9391KaS0vKSWdMTJ4xLGjN9+5QxYyYJ2WNX5uTMGrPgodU1j0wuOrJsy8Mrh06cOHTE1ERd3xKy3j3ekV9VOHQopQknnesh1Tkuls61NmgFVmOlLwOUmnP7+0ihIpB2K1Z+TKL0bvL4JSvL9mrnFG23L4nO0WCOEXCOBi0rtxoDiU0hua4Jjf1KiSk2VZNSFD7Vir4NPQjC+fxjTb4//n5Gbu4sEmPTOVeO3NTccM+9JSsWzpw+Wzz02PEPXpF/6DaujCHjvIN2b5s++57hVctnAz3UCQ7+LF0/C72BQ3UMDVI4ZtLc4ecpAxMM3jSzoEkLz1ZKZ/aLGEYeCp7EvJL53tRQEKfNXDfHoJu0i/BrpkxbXkHf11w2/5ZcQo6VjF+0Xj7G+OVqKis50c9poVIdNCK/IqZUjfL6OW2HL9oT0Kkx3aoOxANLMLsq2M8g11abEbOrGqMhyaERs4wbtZBp1RjMtIpeST1SHSppCap9grlrHz+m63UySP5tC9E1iFkHujoOfN0g/5Po2DipBC9OoDTg4rYoVWGdmEuZuYXGRHUEVJRFj8by1io63GQ6XC029PH6dVqW8yYNE5Wrozwefyrkq0ugw07F1EWpLhhwarI2yxfvaRNSg2nM0TMiFRyonBBopkMbIRwZ4ELqzcsfRpx53jz4AWJhRqkkokwNXAkctjG/e5/+96c3zh0Z2rRn/UPkGPpUzRxZJCTsGPijs6Gl4aO289M2jW9seJV+dsx7bMBBur8PUpn0guJn1Z/OmNk6MW1Mqq5DuSujOwLaqDRgzLT6jkB8Inz0xXj98dqOtniMpIu3w32VxS5SOx6SOuZWoPgEZioJkuM8bUlYAi8pgS5aJmYUzoyh6Egy+e2UDu1udI7JVClOIlDdFDLJaM0UM/74KIyA91nNbUZVbKGSICg1FvxpnfEhP1uSN4KwvGbMY9nGTE0HiUQ4Wf5O/uddg95/5eTLxfysw8Orr1wZNLJvadTQB+oaVKcuXvrzXyCl665ndj3e1Tpt7H9cbJDH311sEDckP7aVfKT4g8nviBdBb8FdRD5kFBdA2hkBvqBoo9rOtTkBhcnRire5CencGUXxFsfovI8noJawgSJSre3AlMrpSDh2Y0ebHcnF3gfIxQ4h7YI9SCsQwA7RsXYMd0rDZDFOMxaH5SCxtN+kZp7pSv00uhHS8woo7Vg4RjqpAlygNrtS5JnVeBZGNPF807F00u+v546Pb2mQz0wlctdPPE8+kke6Pmw91Lz7hb/KV3PIrYb+A6Y1EBXpV7WtVK5rKLwruyHwzqj9I0k0gXwjIrej+2dJpzpDKQpu1yxuH8eYfjrRNIk5UflsVG6SOgL9Exyw1fvTj3ozftTD2TSAEZIVObK4MHufwdh7fzbcujqsiELPWOTeM4CVtyU4YvHA7Z9GcZNMuQe/3szc2zXggGMAu2/QvBvaSbYYBQlpyMRHCEAF9BtwMNrx+gs1ZY7p0/70n9XlU1a0nLrIWPVjz+3d0fr83m2tjW0+X5u44ES7c2HKje8c813+ziHIj085cvrVQ0+9/MrhGze+Q75jTfd14RDa6fvBCYMWbTPdRmZcXjOsNJYbdqiBYOzqaOUCd4HfC7DfBsgy7mnrg1FKfQhzOsLCZpaOdqsuhYqmMaYOfxp4FIIRX20GYzc7UmxKPAsVqbFmZ5ugS1IYrPwCszJvXo27RsmqPYxIBf0wSN62Zsry/Y2rGn/36+KyFy2zNc2P7z86p5NwG0cP58VltjTyw9annt76ivxxkfxVTf2nLW0vPf+j88MtZMBbpYtRVYY1ds9iHFgCl0Lpgp426K3Cab1ef5KuI5g8JBDvTATPCspeBKyZ+NGqDlGF0dbh11NyMCq5OWyYOQTY9lRKL6kmnHqsQiRGPbt4JbOfBzcsLVxi/lQTxQG6HqaZ/dZ4ZvZNTsEyuUlmZgFGT0V/rIl+gkgPxYQNYTbeNHArcRKnxWaOJBbkoyIu7XNv8a0aQ9NrXZM1JpF/es+2Z+Anm+fkUirZTZ1aMbNYder2L/6xVRh/q0j8UP7T4s4zfN2zL712+NnTr8nexka+bvnqVStWLF1K6WYmf0XVSvdUX87LtXDsNuqXDpW0JWRSofQEB7wWgf0zCJMI2c3IokAl0mQzysQQ6OylH71MUs60dPjz4CQBLOkgBOQlQWuMScBK0smWNrMlEWinv5duLVd69kDcWpyD7jtnZv8ctxf2XQwxW+7SqvSW5LQB2QNz4Unl2rKCL1HeoBySrrBzQV+KZGLH8q/Ovi6zNwEdxwqcAv3fbp5Zu2avPf+etdMff2DDzL7zZgydZMma3TBt34O7eOn1sx8GNkqaizXnNBIvL86Y58hwpAyomFy6KH2uKycjqV9iP0/53dV1Gv5C1wXe3eUmx7Z0XeTdDXIxkwNd/Feqzah7ioMIYeSOtXqKQ06KTAEF4pXGYPWAyiGeimaf+VUWKhhIIa8HCb0epGA+KjiLzKEgLYMlHKTVrtNbsNYeY7LBP47cOWMXn3Kxnux67e3w5FSTa2u7mvmF9OffZ0Lvn2kcp/oJYhjIoxyLD7oibsM8IynAXUHQcyBJxa2n8nqMOxCt4tbQT1p3IA4/KYn7A7oELoG2x+FNHU+FAw02YAKGeB1ke42OYcn4FcEMSiS1cfCZuf0A5VsoY8Vi3e14XPAFDjN4SKgXbP1pX9OPjZ3v5LYUb3p5+oTqy02H/775L3yJ59myX63nLS9w3dsfl7uOy4fyxi1qyHzywT1E9SOx5Y1S/OjHU77kRyrrpwuTedCip3H1t0FnPkOY09VOv0/tvi5pVOfw+2dAC0W/WdXVbpK4Vd3K85KoPH8Inhem6dnzy/D5Wvo9p3w/Tnm+Dp4XinODMVd5lG/uQ+WoeYoHcHIUPacF5gUWEF1xZnowiVA9NDOU/pqVZEGnRNhg6gRISayLNsf1xb3jSmYqTBGLQegwFNjMQoEVhNoLTI5g2BUU4xJDkoClABBrIAse+/ZA1e4sUf56+BMD3U8WffKH5+Trvzr52sn5c2a3rI2Nf3ja/OPzyarniffpWZPKyb4BjqfsLvm6/KN8S87rOPf66keeIML+qsW/vIW6EXow19E9oeL0yP8RJVk7MH6Qg5SlGwUVsJ9ATVbeTA8KYEkh25fLQdLSqUBOPmohFzqX8xdkeUzfYRk1qim3fAua+JsfNF9bhzEjJpUD910eF04HL5HQLgLvpx4Z4UUoFWEMZm23mpVEmWJZa2enbFK3/Fyujv75R+C5Jssm8QrmjxvIhUQKyN2oAelB70atpl8TxXQKkhl0IwJLWWbVQk0zhxbY6Mn8mq5m8a5OHz+665jQenuJXC8cEryLD3R2du4A+0UNv0PMFOxh+0VUB/OL6mG/qBHO8Du2bqXwru4fxNelJk7DpXJtaozroA9BWBbUjcYUruqw/E35DiqBu4jjO57f0tW+Ue4QuMauEtVvbpYLBpTD15A9qmxRT+VwB5XDS6D2ks/q9bs0UD4A/HqzvH5Bw7JahSXyWMYy6RT5OyMWWCZ1tDWRkWOKi55RnE5lCgreUMg0dJ+lR4ihSHuSKkINs+bEppfWP/jK5meee3hW88ihzWWbTjRUTR9Vl++pmzB5Hp/ofWD85Hnz7x5Vx198tP3zS7/euumV2pU1y361fUZtxbyqWYvuq6q8v+SeRTMprvRyDP+zFMNi/i0Y0wYJ4NzAFqPjmUhv/Vj0K+P8vAVTTEG4LqfSGVm4LotZhOvGbHIw7YoNHczS9cN+cYqMmTogd7jv+LNFQ+QXY39UpZBa05bYH29d871mhT1QTRrFbDGFrqyb+5oDzQ94G+s97VrBRtkpo45erR7Km/vjMuhl4YiCVDXt2Y50TZZvgNefoOvw05uH4n2gGysr5fd59fp7b/2E6q8BOb7UHN8Akz9RfxN4kwz9zVe/O3X2bizfmGhqT0pMtWa1p8C/FKo9c0AG/TML/m2jX0WUb0wpbKPN8CmzkGtPSsnMYuUbE5NSUjMyswZElm/k/DYjphnAQoyU4v3ZLJmkP8GBkX/I8MFhE0xTwmIJ6KoK/0179eK9o5eW3V2Rnfdw/vzm0UvKJlbk5m8srN0/dmXx2Nm5BQ3eeQfHrp5acs+AwodJ4/4HEl2O+FGFB+qSXMnxd5FZ++pS+yb1GVWw/4FUR984yCVXw7WImSqeyghpsJ98Ri/sDir90w0FqgCVjpVaCBdFo7vEQX/sYOIDAUZIL6ghJRvlbN7auKGO2OXWBnKpq2PThvvJmS3EtIWkFH69Rf5+i/xVwZfsTqnhiJgpXqZyWwr6NdRyXNfKHu2OcDuliyVQo1l1lp6NWtCmqeBsVBsUr02tAcPeMOrMrwX1pcC0OZiJWSssIW9NIG/LQyfI35JhZJh8lr/Kf9mV2OXgr3Vd52N4a7gu9XhxPOiuIR2vOP72K/CD402i9/zbUoopnZvIn0LL/MRgu5hI29Pgbyp/ToZvlXZ9RPvUcLt0UenHh3ep8pyqLvT92V6+nwrfc7FcidygPqO6Qceo5aI5syLVuSknWsAN4SZxM7iZ3Bx6Sy7j1nAbuAZuM7eFvA9Wp/ac/Nmr+9m9fknqaB8waNbyfnZPQDRwBsp3rPTAsj/kDRADZ6J/b/QAGztpvheFRP/kBR5Puy7NQffYI95AlIEzUphNHt8Mt7+Ecmv93W2Gike9FDhBAjNSwMh6afT4Yt3tAwdXrYXXUqmhPbeweh19rc9qCljYm+spWW0FzTo9+gwW+p1fMne083pTLAyPckEAFOMBMyiKnpaw6ElFrJzkDE1WwJ2Ar3O7fQO9gRz2h8cDLPZQCjeZPlLiaTcOLTCAqSuQn4DD/4XHN9nkn0OPiCpPYDZrm+vxTYMqXWVe/wTKOY6kT842+Wujsvx19GOdyb+CZLU/+NAjj8I4V9Nxrn/4l4/BfFabAmvYUNe4fWu9/m1wvrvpee5IS4DAIf+caZQmx46h/PvsCZRxm1+zFMO90+AIGFrom2H2TSj0lVheSu6XETdmLFrDIA5gZBkLDx92/2Jk9CAtgxqUKQ5w2hXM8ENZWZu1FzEZFPNmeg0Gf1PocKALhUzH2yMU6JJFQoAoKijO+lYvaO5os9mZF36n11yyZMmSN+UL9N8lxP3mrsaNDz3WuHFj48ZG+l8mMcg/EMM6YpK/J6arJ+uW5gwYllNXWVKU6yofNyqnX3/3kM+JWf4bMTdlxZduWFQ56IezdfLHZGAd/pcOz695q07Ixh62EKP8d9JIBi450/Xy7icP7tl16NCud955+/ZLdZK8ZMnNJfjr9gW+aPSM3FEajWFM3vT7FmS5iqr70oPu9mvs608XaErJbnn57Lldx96SL9A2+eMzt07gUBvD78H7vUQ+o26ld6DAJVM+zMr5MtzMqz0LFWJwAGqF4OWsNkC8DZWpCiCdL9zG1gi5s0RoFU52lsgvFh8tHzE8d0LJkE8GjFw48bXjU1+dPX7cqIkTRk8Yy9cKrZ2lnfeqatqm/cKdNyl/zNKiIW7PyNzih8oaDw7u1I6YMHH4XRMnMP8UekmWIo81XuEQqZAJSVjRWCJKjOvQo91ea4Taq2ibikJVVRuPRise+DwxaCX35hWY06F+qtluKzl5kudPnqx2iq2u6mrX7VJnNT2ThsI7wdcHfPbAp0duR98aGMuKiPbV3VXQDt44/NPhdlIis9h/6GcJ+BQr8LXdaoT/L9r+AfjuKPAV8h8Rvj9tfwTis5X2UrkL25Np+1Z1Qaj9XvkmG488CnCjtEukvIbdNYgzdW4IvoybpsBvFE1gw1TGk81jbovuL6G2kaSjcsgG7gY+Ma/r2+4D4b7AXqv4L/43c/qfwdH1+1y8LLwh6elZPp4DVlnUdLSJUcE4a3TCYJnkSWyHjzCJRhPLEhKj1Sgao1SjqGwInBfQZo9KbJ8f0lYsWzg3itVek/Q1xWXVrM4aIVvE8/wqSudazoW1PUWlZr0OuTwV5fnB5UMlmpWeSR5UE7QZiJpssabrTkSVucXzcQXPTbd4Xx9H+1smD+GXdG9i/TE/h2B/wmd+UelPBM26BvsLduckyxK96hNR1QXlcsldr+ZZvGdG0f4axMv8RsnR2/goQiBBGPSnDdm/I8bXYJibOzMpTxIvW4f9R2H8sDO5lIdoEmv4j1TvcAZ6a96rePLosZ6pz+hps6CUxdL7qMwdbSouqGQA5pbpF8D1xZqglPGFJA5GO5YZ0odZjkGUVbPFQJoGin1VXj4bUNNf16W4UmYVjCZx4xJ/k7kmV/zq2WFQBN1q6pNYNGZY3EvrY6acLOR6pbFe/wbfOIWeq4RzCj0fjaB/8KUFXTjfuUy83P2itJHSGEgscNVrvAGzARxNwK7NypdRqjPgJUPyCvLBfcnmBHnShTOQ1J3L8pYO8o06ULl07vIqEpiYf3LGWvFy/ND6uytb4idVzB95Nq5iqe2BOfR9tw+Kl+VL9H1qtFSCNGnyBviI9/EaejcSlZ6l8aFXEL7N2uPFtw+eHDRp9tpG5bVVy2sXSbW2xVWxlfJVO77WPnL+nHHB+dVLP9P5pVAuyJfs9ptVHahasX8WiGUlUmNNLHuMiYoudvA6MauTQV5JgAhv7s5ZkzwskGskznTlVO85/+b4grMbpWm6whGFWTk90EDOTZO2LUyavkmbmuaKR11XZw3FxzdqE6U6F5WMgY0G6TDK064RYkCm0XTgPk/DtNF6OkI9XP4pqYXKJoHC66EdnYMVF4Qew+2siZ4/yTVx9PCEjP768qi5k13jR49IzOhvmBKJPW/tsuR+ybm5NSuSXcm5HrmlBxrpONfRcb4nneH0VPobw04j7b+dRjZ2GpnCpxEdsJpQlEZFm6DYEyipqGyEY484ilKtQUpat0A7uba6VLMoat82+fpn03JPlq5RXZlQOPKutduJaK+Zb1s+6/9yPCRUj09tbo8ymq1M8XfHeBj+7hhPMiW7yvB4LlKSs8/iwuNRS3Q8ydzq3scDccgmFYvuDQ+LCssBm4mrp3SolJK3MDNvcLyxFH9t0QYlFK5djDIlsXLymMA5iZ7AfgvW3rkTo3dSac+57Isd/uZGqVhXOKpwgCs0pUtTNDvmJWWWa1Ndrj5h+tRT+uzH1XE+p9ufSOeV6IR5JaZqUS8JRKuOJFo1I1oXhpvH0+nEM9NHqgkU/z496L+ZXx6SNERfQ0aFFHNAY4wRnMqC9Ebcxh6TpLQ9b3JvtF3UY6pSbg2j7oXL6a+BnhI2WeSZcuVRBKQnI5WTmP4n2u3n1SzFneozzOWFxWl4Ja+k2uzndIXh9DvpXsZcp+em5ru82+qPLJg70iO/oRuYs7Bx7S8rFpoUP1R5FVnGHaS8WTbcf35e3xHkuFRKKQN6r6rp21ARxjNHhIG5doXhNtE3xGcOq9z75eCh31jnkYHyVbkzLrLvnf/P+nbJf2F903tjECWC0ZQPUnMx3Ws5pp+HuAO7uIK+zw5+WlrMusCi14MZL8MV4uFalILV7eEu1ApYOgaSKSh+FeBpY8GchXwkf7zi5h//cPNfX1z+54knH99x5MjOHQd5NzGSPPlD+e/yP+T3SR4xfPztX3732+sdDA+QALpArOR0oMsT0Sc0CqcuUKYIYnsFMejCZkXd/qACSlDZZOO2pzWjh+8XhhDn7Wf43L9tHz1wqVL7SbhE5xkPsdvIT9tF9DIxKmGsEuaybrOgycESDyYHS1BZykpj2RU3L625XdJHK6WC88hwPugjFZQUVHaHLZPsOrxswLY1ZYdmlr/5w7t/fORV+RWef2Mzca+pmTHy3oXDiupOnNi/4rWHv5EOwvgq5X1igriSS+cqOchjAdowDasha3L77TDIDCRih1Gp+9OHcv3RfWCI0VCNPROGKEBkZTrLMuVA05s/KZlFVlpj+uC1D3qmVLMJUgaEvbt6ZEeIESExZuXsS3NIvVz5xO4X3t/z0JzWupLy7x759PrhJ3yt8hfyP1aeqXjInQv5O3YeePT+9YPGLR0//Wzr9rZkTWxg94VrzgGUtuzyCXEBrqGFW8wFXe50kS53WOcCGbAorFVmDXnfGdE8FHa5g0h6o63DZ3S3aYxBlzz0mzFqlbBXxQ8P8n8xDzxKFi4HJAyU1Hb+jdOXL5/o+pT36HWZYxI2CO92jmmUd5AVjWTmH78oBZ3oZroGSeJsrg+3koNQfkGPa0BFQsiDqgfldgISCqQTSVSc7t69dRS1jvocgy/qTZXfmHjT4DO9SUdjyskh7VF6oynkcWeTwlld4Zzsw0zkUKxSWRm6JCZHX+ZuB2XWRZYFbPO4j+f7zspbKo+WFvCXul52rVj+DdHSY+NfjzyY7W05TDxJBfzJZnmi/av3/izLU0O530S36kOLxMVzjMaeF7Po/CQuIRgPgF5qvbqmVQrnu1pP85XCu82bb32kSgKdHe0vE/tLwLOjluLLRWkW+J0qPK0MdHGj0PtMz7z56N9O5SRJC4Xrx7GUPGaWNCg9mBESXbhSzO1ag4AGPL8TPIDVnMWsqMo5NH6ZWE0qjyXSZwvuRVSa1nLdH++7urarZuWYaQu+/0eUvuDU8re+PPbEnormsuI9s3ce4h/7kmia5c/f62yJ2dmHErB3xr3ffvLE8aKHxy1qW3Aa5rVMjhELxJlcEpVMtyn51R2Q+w/U5JQasKYwi4fPYOoCmFlyPJp7oRyK1M/jAbkFjORqKzq9goNNMqdkTKB3/0sqwaKPT1BU6XGKcAEeJAlmSufgKgDOOL4Metio4uPCyXns3gKmslESHg8jQN+h47aAbellP168Wh8Vt+n6zR/2Tfpk9ePHtVFLv778txcP7G89IB554Ylm3kk0JLdl9+1j16+PO9I/5/nduf3mPkcPUM2Fyy9/kPVfv/0ToyHEBcT5CCdZXJkU0Q5xnEr7vfrI9qtKO5XBSWlv/QhPQL7L/wVPbzUmAAB42mNgZGBgYJSc9YZVa3Y8v81XBnkOBhA4zbb0IIz+PevvVc5FHElALgcDE0gUAGY3DSYAeNpjYGRg4Oj9u4KBgXPN71n/qjkXMQBFkAHzWgCnhQdbAAAAeNqNV39IVVcc/7x7z7n3Ji5EHjgnrYk8xIUTcTHERBCpcBHiRFg0aSEigshDREIeo4l/+Ee4EMJFk9FEnNviUSNkkyBC4tEkwiK2CGkVIkhEi4jmuvt8z73X6ZtiyofPO/f8/P4+R83jKvin4oAlKMGYvRdDeg+q1CgGnTPo1HeRjM1hyGpDM1GrutDKvs7YC9RZo2ixijFmPUWc3zqIWaKdaCP2EENEX9juJLrM+GLUhe1+YbsHRW4lTug8QFcgo3OR0neQUb1EMdsLbC8hY9UQJf4xtczvpci41cg4HlGDlLoV8jP2taNLdSOf835R1wC3E0VqHJ4aoKynKcd5TPLMBeQq1YpK+4y/qsZjw9yvTS0hbd9EL7lXpdBrXcYudRyl3DNtOThvOf5pVWV+p90k0vJd3THj0zLHbuD8W5RzAbvZN6EswKlGgarkGh4s+wqabY967Iw9IR8U+SPd8/cVQnQzQOyWMZR/gGfb60yh3bqD/fYrNJs51L18U/Bf2d34wny7jkqi2MjyHGldi6ToO3YLCX4/ZAP1nN/k1OJj4gPiHeq+yuh9Ezir/muxhbHDOtAOmrhk1fjX5be+jorIDtkQHxAWW6yHscVDrveKehO9bwLnPtqMLVIbQRv8Qf1/T75ErKg5JNfskA3xM2GxxXrQFsZmZJFV9vsfU3bZf0sWH6XNRX7jL6Kf1PYs/iw+tSXT10UeMshx6vkHyvkV+S8je42/RP6Num+lHvaSfxV/VG2cl0sfZYwYP5U4oa+qBMF44ZjvQv405OD7ILkCu6wCf1XsKHtns+5FbO2b2JU6zWb3OFLuMG3BGJQ4CPlYyF9KXEpsbMmMWRM3WWz8hTZ7U5Z4NzEnPiZ2DuNeYi+brRGecxzXGAsptUhZEvTPZkyI/nQ88AOJA/HFSM7s88rY2FEUqtlYrsHFWDk5IfmCsdgTG0WCbY/7LFnT6ANWPwH+eYtcSPaAvx+TazhW8lCR+J/ErXrm33ZS/m3rsf/IOek/0kNsk63L/nKUK1UZMcrcIr5FmcR35JySK439F5j/wjzJ8x40sSh+y3yphtEoMoh+nOOUhznSaUO3U48mieswRnvteRwx+e8ypqijCfmmxXcKkaMmkJR++76JsbSaNTlzyvjcfv+Z5CHmWHBMUnSnq6inO5i07wU51s5wf66pr7Dd5q84DiacCrPGDrOX6Hsx+MZckaOGeNYZzglzkV7kb+pA76JtaBdTIyQ/MQbcHsr+bTjmMXVQiBvqJYpEfhPj1FWkQ92PnbKec5X+MolGGWvGc54+H+gw0m2kP5MbRX9cM9KflvEjmPbqkfEa+Psk8p0FcoLIQa3XQS5g3ZEcN8f6d4r1ops6GkWZyQ0PoajLBp3PmMs38ZmmXfP0g7At+nhpao2pU/Ys50kOm6F+WWO0xb77OOfuZn0q55wRlDllxi5p+ymqnUn+TtIfo3zK/CL7s6/X1K2gxq2ITzsXkecWmBoXl3OY/SWeuL9XwLx+ij7YgQK9EwXuEcr1kGO6qddB5LjMRU4x23OI6xLkujfYnuP8KdRRvkLjZ2Lr2iCmeG4wdyHiHT8i5fF83COl65lbXrOe9JMXGYeyL+1tLxnf6FJ9tNM4XjJ2FokH7jLK3Ekjt+hddFVB+eOm3kjO/4j5qNtwhS33hJIgT1JnFs+jxP7GBo38ftTIn1ENhitUCeUZRJ5aQZl+afwn7ZwMZPeGKeNKkB/17v/qBH0kz9hJ4knki/g57yStKHXu0r7s18OYpjznxH/UvOGMusD1fkat3o+qiMXHxU/FV3gWue+k9STXG+U6EtdP2H7BM1Ub+08bf6gJzihzs+tclN/W6tNd3tlOoCPiaK9IL2qavEyfZ3yIT6xxVA9qN7L4vfiexEnoPxs4OmNkF4kX47OhfTjOU83MceNwzD1qCYOSO3hnHHT3kGtw2OlCkwYOs441ub8zR9xEnlfIO+Jhrpcb2uMC9VNOO0yjR3KWPmvqQl6kB4lxudNF9SObt7wnBFy+Tf+2/Ab3h8/IjVv107ZfM34HyDPkb7aq0yF/vmV/VAu34ey6G9XO7XhDXd6EnebXi4rvEk/eJiGzboIhgxhrCX1S6iNitB/mYf7MWyQE5zR7IexGf1VqswHfLMLWfAC7lrVI8X4dx4Bt8Xz7eVf+iblnHO3y5rETfPf08I7Qgyb7IftyXp+w3uZe11FKxIkaooyoJqqIErsU3YzD40SDU4Sz5l44gzpnDKdYZ/o93recIzjq7EVC6ixzQAf1eYB4L+Quxpm8pUr1sqkxh8wdth0JPYF+Ox+54fqda6A/qwPMid18q8wGcPsCINBfiwCBHluIfQH7fvDb/5P8PvFu2N/C/NNij/GusWE89jEG7ynwfYFYkjhpV/E9F86JwHtNkneaswGvdhIn1qEzNoFKolBgl+ND3kN6recopx3KzFtxhHe3Td6O1GUy+v8XbMySrwAAAHjadcJ/TFKJAwBwjojjiAzNyDgqQ0AUfCC+DPGBZGbEvcSMiNTMM2pe+SUq8og8M8EnxxE/HsgReWQMyMhzzjnXHHPNMcecY84x55pjrjnnmHOtNeeaa3d/3L/ffT4YDIb7Hz0m8p0Vi8UO7uHvqdtj2BPcE8fhcQAOxhlxFtzyXtxe1d44Pg/fi//8PeV7lIAlSAndBJQwQUj8IPohTaQQu4mz+wj7avYZ922Q8kkSkpYUJCX2U/ff2j+1fzerJWviAO0AfMB6YIIsIxvJw+SlbFx2TnZtdnO2Pnswh5LTlTNzkHXQcnAldzB38xDrkP7Q+KF5CkRBKKnDosNDh1fyavOieTtH6EfiR7apILWVOk1d/lH44/S/vtGaae+Plh/1H40dUx/zH+cfHzoeP76ZT8yfyJ8/kXsi/4T2xDIdS2+hB+jzBbgCdoGuwFsQKZgsmGVIGTBDzdAwdIwuhoWxwthgfGFimCRmHpPB5DMhpow5zJxgvmfOM5eZa8xPrByWleVlBVmjrCnWbCG5MFAYLZwsnClMFn4oXGf72CH2GDvGTrBT7FX2JnunCFd0v6i7yFrkLQoWjRZNFWOK9cU9xbZiX3GoeIxD5bA4Ao6EI+eoOG0cLcfIQTgoJ8CJciY5M5wk5wNnnbPF1XN7uDaujxvijnFj3AQ3xV3lbnJ3SnAl5BJaCbsELJGWwCXqEk1JHOADECADlEAr0AEYADPgBAaBKWAWWATSQAbY5mF5IE/Kg3lqnoan43XxLDwPb4G3w8fxyXwan80H+VI+zB8pJZXmlTJK+aVQqaxUWTovaBfoBT0Cm8AnCAnGBDFBQpASrAo2BTtluDJyGa2MXQaWSctsIAHMBfNBLigEa8B6sBlsB/VgD2gDfWAIHANjYAJMgavgJrhzEneSfJJ2Ej45WU4r7ypPnqKfAk5FhPeF3UKr0CsMCkeFU8JZ4WIFtoJYAVXoKuwVyYptESTSiSZFXyullfJKZWVLpbdyBcJCxZAd8kNBaBSKQXPQErQGfYJ2xTgxSSwQi8TVYrm4QTwhjonj4rR4XbwloUkYkjqJSmKTeCSDVeSqvCpt1XrV56pvUqKUIqVLAalIOnqaf7rj9MdquDpa/eVM/RnzGduZj2cyNdSaSM3oWczZ5rOTtfhauNZ7jnhOc25OJpXBMrVMI9PJus5Tz7ecXzv/6fyuXCPXyeflKfmKfEP+6SfzT6swAIvgWrgBtsNeeA3ehL9cgC8oL/jq8HVwnbrOWrejwCgICrIiT5GvYCv4Cp3CoOhRxOqx9aL63vqFi4yL7RcTDZIGT8PgpfxLyKURJVZJVNYoo8qMcvsy+3Lz5cDlpctpFUFFVuWpZKp61awqeYVwpe4KcmVBfUytU49fJV/tvrp4NX0109jRaGhMNa40rjV+atxpUjaNNb1rijctNK00U5tHrmGuaa4lWmpaYtdx12XXR1pJrSM/k36ea5PfyL2xdCN9Y10j04Q0uzeFN2tu1t/8cHP9VuutD+34X9i/fLytvj1+h3RHeEd7Z+jOYgfufxotTmu9S7qrvbug4+vGdOl7pHv19zz3du+33595QHvAfgA+6H4wqyfpG/SRh7iHNQ97H851UjrVnf5f8b/qDBTDmCFmSDzCPIIe1TwyPEoYqcZmY8C49Rh6bHm83FXe5ela/o3223A3t3vhieZJxxPDE/OTrR5Vz8LT3KftT6d6sb1wr783Y5KZvKaAKWqaNM2YkqYlU9qUMW2bG83T5jnzkvmjecv8tQ/f19r3ri/et9C30rfR9wXBIASEjNAQNgIiUgRG1IgG0SFdiAXxIENIsh/TT+rP62f08/uhflm/vT9loVroFvT33N9RK8mqsyb/0PwxZcu1ddiWn0HPbM9W7HV2lb3NrrUb7YgdtQfsUfukfcaetH+wr9s/2785iA6Kg+4AHCJHraPB0eK47eh0IA6vI+gYdUw5Zh2LjrQj49h24p0UJ90JOEXOWmeDs8V529np7HXanX5nxDnunHYmnWlnxrntwrqyXFQXyyVwSVxyl8rV5tK6jC7EhboCrlHXtGvOteT66NpyfUXxaA56DC1Gy9FqtA5tRG+h99Fu1Ip60SA6ik6hs+gimkYz6LYb685yU90st8Atccv/r3Y34g65Y+6Ue8W962F4YI/S0+V5P4AfIA/UDugHggPjA+PeXq/Vi3rfedPejPer9+uf0j99PpxP5/M9z3pueB7zk/2WF/QXwIvxQeng9F/Nf30LtAVuB1KBtcCXl7iXuS8tL6debgzRhsCh5qG5V8RX8VffgsQgJSgLqoJtQW3QGLQG/UF/CA75/5UKrYY2QzthXJgcpoXZYTAsDcPhxnBbWBvuDPeG34c3IuSIMGKLeCKDkeHIRGTzNeO1/nVimDysHo6/Ad+0v/G+ib9JRqnR6iga3X2rfBt7G3+79nZzRD2SHsmMbP+N/TvrH++GFZIAAAEAAAOxAIoAFgBWAAUAAgABAAIAFgAAAQAByAADAAF42m2QTS4EURSFv9ZNmIgYGb4YU9G2QBhKtJhXt1JdSaeL0iKMrcAKTG3DyBoswSp89eq1iBjcl3NOnXN/Cljnmj69wQbQWB3usS3r8AqbPCfcF78kPGCX14RX2eE94TW2+Ez4gzlfHFNRWgvriYIrgpXLc9GEmhsende6pqqBN+uQA4bWfkJD9lRPddf6ZvYJHIkb0+2bx/61EzPO1ApRYKQ+545zecm9uVzvg2zs5a178Y87/PFfyhr1rn9wlyzutkwucxfuX8X8sndwVh6VMjqLtGn3F8beHWTTeM3JT2bErbMrvY1fZvHu3+n23uwbsUFFqgAAAHjabZgFeBtHFscfWFJMwTIzN7XAgrIWlDjkNImbJsW1vZY3kSVXECozMzMzM7d3ZYYrMzPeXRlv4Wms9Dvni/5vdnfe7/9mZ/fbGSDw//4agAH4P398k/uDQMDQBCEIQwRGQTO0QCu0QTuMhjEwFsbBeJgAK8CKsBKsDKvAqrAarA5rwJqwFqwN68C6sB6sDxvAhrARbAybwKawGWwOW8CWMBG2gg6IQgzikIBOSEIK0pCBrWEb2Ba2g+1hB9gRsqCBDgaYkINJMBm6YApMhWkwHWZAN8yEnWAWzIY50AM7w1zYBebBfNgVdoPdYQ/YE/YCCwkugUPhMLgPTofP4HA4Ho6B8+AquBQZjoY34BA4BZswBMdhGI6Eh+AdjMD5cDX8AN/Dj3AxXAdPwGNwPfRCH5wI/fAU2PA4PAnPwdPwDDwLn7uj9yI8Dy/ADZCH7+AkeAVegpdhEL6Er+EoWAAOLIQhKEARLoQS7A3DUIYK1KAKi2AxfAFLYBkshX1gP9gX7oSL4ADYHw6Eg+Ar+AbuxlHYjC3Yim3YDn/Anzgax+BYHAd/IeB4nIArIOKKuBKujKvgqrgaro5r4Jq4Fq6N68DP8Auui+vh+rgBbogb4ca4CW6Km+HmuAVuiRNxK+yAX+FVjGIM45jATkxiCtOYwa1xG9wWt8PtcQf4AD7EHTGLGupooIk5nISTsQun4FSchtNxBtwIN2E3zsSdcBbOxjnYgzvjXNwFfoPf4SP4GOfhfNwVd8PdcQ/cE/dCC3uxD/vRxgHM4yA6uAAXYgGHsAj3YAmHcW8swyfwKVbgcqxiDRfhYlyCS3EZ7oP74n64Px6AB+JBeDAegofCa/A+HgZvwlvwNrwHr8O7eDgegUfiUXg0HoPH4nF4PJ6AJ+JJeDKegqfiaXg6noFn4ll4NlyJ5+C5eB6ejxfghXgRXoyX4KV4GV6OV+CVeBVejdfgtXgdXIDX4w14I96EN+MteCvehrfjHXgn3oV34z14L96H9+MDcAb+A/+JD8I5+BA+jI/go/gYPo5P4JP4FD6Nz+Cz+Bw+jy/gv/BFfAlfxlfwVXwNX8c38E18C9/Gd/BdfA/fxw/wQ/wIP8ZP8FP8DD/HL/BL/Aq/xm/wW/wO/43/wf/i9/gD/og/4c/4C/6Kv+Hv+Af+iX8REBIRUxOFKEwRGkXN1EKt1EbtNJrG0FgaR+NpAq1AK9JKtDKtQqvSarQ6rUFr0lq0Nq1D69J6tD5tQBvSRrQxbUKb0ma0OW1BW9JE2oo6KEoxilOCOilJKUpThrambWhb2o62px1oR8qSRjoZZFKOJtFk6qIpNJWm0XSaQd00k3aiWTSb5lAP7UxzaReaR/NpV9qNdqc9aE/aiyzqpT7qJ5sGKE+D5NACWkgFGqIilWiY9qYyVahKNVpEi2kJLaVltA/tS/vR/nQAHUgH0cF0CB1Kh9HhdAQdSUfR0XQMHUvH0fF0Ap1IJ9HJdAqdSqfR6XQGnUln0dl0Dp1L59H5dAFdSBfRxXQJXUqX0eV0BV1JV9HVdA1dS9fR9XQD3Ug30c10C91Kt9HtdAfdSXfR3XQP3Uv30f30AP2D/kkP0kP0MD1Cj9Jj9Dg9QU/SU/Q0PUPP0nP0PL1A/6IX6SV6mV6hV+k1ep3eoDfpLXqb3qF36T16nz6gD+kj+pg+oU/pM/qcvqAv6Sv6mr6hb+k7+jf9h/5L39MP9CP9RD/TL/Qr/Ua/0x/0J/3FwMjEzE0c4jBHeBQ3cwu3chu382gew2N5HI/nCbwCr8gr8cq8Cq/Kq/HqvAavyWvx2rwOr8vr8fq8AW/IG/HGvAlvypvx5rwFb8kTeSvu4CjHOM4J7uQkpzjNGd6at+FteTvennfgHTnLGutssMk5nsSTuYun8FSextN5BnfzTN6JZ/FsnsM9vDPP5V14Hs+Hm+EW3pV3g9vhDniYd4db4TZ4BA6GB+EIuIb3gEd5T94L7ocH2IJ7uZf7uJ9tHuA8D7LDC+AnXsgFHuIil3iY9+YyHMsVrnKNF/FiXgJn8lI4G86Cb+EyOBnOhSvgBDgVToO7eBnvw/vyfrw/H8AH8kF8MB/Ch/JhfDgfwUfyUXw0H8PH8nF8PJ/AJ/JJfDKfwqfyaXw6n8Fn8ll8Np/D5/J5fD5fwBfyRXwxX8KX8mV8OV/BV/JVfDVfw9fydXw938A38k18M9/Ct/JtfDvfEakVnY6ObIeoEagWE42LdopmItkhq69cKkasQMPZ3rK9yA5bvkSypXypaC+MWIG26n1Oua82NFCwl7T2jcQten+pavX12cVqS58Kw0af5aXsD8Rw81vViClAW4BmALR9aTFHEtkqjJhiww40bAYZbV9aJzWYyjeYmjSSK6/Ctkl9paEhSxr5hkbr5IY8gyNx0+Req9w06P6Eu6pOod8OO75EuqQSRyrpCipxgqHrEs9OoNQ1hZwFrVMaGAtG4rapja4WLtfIl227WLCK/U5feJrVV6va4YIvbdMarys0NMLTggEq+NI0za2+qeD+hGcE/YtB/xmN/YuN/WcE/YvBABet4VKlWi4ND9psFvNsF/ORbim+JMV3B8WXfGnvHqwV81a5NlSwatX2UmMrPCvwUA48zGr0UG70MCvwUA5kdtCr4kvr7IZhrDQM45zGbNXGbHOCNNVgROZ4t7Tq3dKe4JbWglvaI1XVpKqeoKqaL6GeslPMh2reb3vPchXWGluRHrn1NXlq5ja4XdwQz2uIl47E4flBrct8aZk/Mo2XqTBUKBXzlVD3YKlcDJX83x7/t+b9+k93NNfRkvW8BmksFUayZqCWHYxmd6VgVQaDuDQSt81uHM1KQ8PPH4tmRbVA46lma8BxOlOZWCY4oovm4s35srXIdlP0Nvu5/cgfcy9qHyyVFlq9peAKv0+8I9fmVttrF0qLvYOhaqlYqrT3O3bZrjgVv9WSLQwPWn7YbBVLVbtgO1abOVxx3NHxD48yq3K+qyRRW/eQ493boNHTcHFL95CdDy4a57iXL8cK+awmza5aoUmWOxIR4TTNdw+xywnNGXSjJg8UmmoND1vu0zrU22/R9BrNqNEuTkTINNPhWYOl0GwnP2TxHKsWERc8c9Bh3f0/s+K0dTU4GCMX1Nstliq8zW4s166X69TLXaG2fNegGL9/U69XTN4rJtRvF6pWRHI1LfNK8k5W/ZK8ZKGFfkmFoKRijZY47rPv18PlwVK44hUTDfnCVbcm4fKwW0+f+99thkreALc1ju2Yv9lrKzXenVrj3SmpuxP2bUVHyahEw/6pqD9vEh0d/iyMdrgTsh51RlUUU9HI2YSKOlWUVFFKRWkVZepRUtGSdb6hjtRZ0YTKG1XZoipbVGWLjXhXjmPKcUz5jKl8MeUzpjLHVOaYyhxXmeMqc1xljquxiCtGXDHiihFXjLhixBUjoRgJxUgoRkIxEooxMi4JxUgoRkIxEiPjrXokVY+k6pFUPZKqR0q5SikvKeUlpbykVOaUypxSmVMqc0plTqvMaVVvWjHSipFWjLRipBUjrRhpxUgrRkYxMoqRUYyMYmQUI6MYGcXIpIK52TkyFiPZ6qyoenLcfypSc7gjrqKEijpVlFRRSkVpFWWEX382olHFygTfpIlkh6hiqzkRzSTkXF07RZOiUl8yLSq8ZFZUE9VFDVFTNBdoSjykRjyoatS4RtW8jGaEn6qr+EiJj5T4SImPlPhIiY+U+EiJj5T4SIuPtLxT0jFRGau0jENaxiEt/LRw08JNCzct3LRw08JNCzedU2+2kfkmuTLCrt+n+r3ICLs+BvU5pvqJh4x4yIiHjHjIiIeMeMhI7bJ2SWSl9qzws8LPCj8r/Kzws8LPCj8r/Kzws8LPCl/WRoms8LPC14SvCV/WTglZOyU04csaKqEJXxO+JnxN+JrwNeFrwteErwlfE74ufF34uvB14evC14WvC18Xvi58+fZK6MLXha8LXxe+Lnxd+IbwDeEbwjeEbwjfEL4hfEP4Rv3pSCfqZ8SBIQ4McWCIA0McGOLAFAemODDFgSkOTHFgigNTOKY4MGUETBkBU/im8E3hm8I3hW8KPyf8nPBzws8JPyf8nPBzws8JPyf8nPBzws8JPyf8nPBzws8F/M6ODtGoaEw0LpoQ7RRNiqZE06IZ0ayoJqqLGqKmqPCjwo8KPyr8qM+PmoE/V6OBxk3RXHiu/5kfXhzI3GAds9iX5rn1b7zmxfUo6JeVfFnJFzzxrgoveOJd7RRNiqZE06IZ0ayoJqqLGqLiN3jio6YmfE34mvA14WvC14SvCV8TviZ8Tfia8DXha8LXhK8JXxO+Lnxd+LrwdeHrwteFrwtfF74ufF34uvB14evC14WvC18XviF8Q/iG8A3hG8I3hG8I3xC+IXxD+IbwDeEbwjeEbwjfEL4pfFP4pvBN4ZvCN4VvCt8Uvil8U/im8E3hm8I3hW8K3xR+Tvi5aHheMHGX+iJHhZ4Tek7oOaHnhB487dFcwqfEOoKnxNWoaEw0LpoQ7RRNiqZE06IZ0ayoFmhU8kejLQNOvla2+911u//q9dYR6fZasd8uu4t290RvoX3vmrs89jYxyhW7P+gYy4WHnKK/qeIuu4v9zfaSPnd5514dnO/MBZoSUEoMp8RwSgynxHBKDKfEcCrXVHDKVnjYrniLyP5SMd9k1sol32MyGpPPKDeSz91kNN4ZDFI01iGabLYrVWfIqtr9zaWibTv5wepgW3WwbEtcaR1wFtXjtopbYVEafoZYMKym3I6cpjQqGhONi/pV5szgZZzLBS9rV42mYq1QCHVNtArVli5/ggSh/3bzwjFdI3s4Xru9q/6eCy70tzu8sFV2DoPD/t5ScDjYL/Li0V1qq8drhrumBBnry3qvNcprecHYxr0C/zq1nl2ulfRbfUvLTqHg9Pncsf5+WOMuaEM8riEue2S72Z1kjlVa4lit8rHiG5cPiHrsvZIa4qwXTxgZG7UB1HBMbQ+NHznmbQr97TK1YzTad68yBU2VpN1v1vsHJ1XXsfUB8M4X7AG3zPqIuBPHPdaj//3INH2Ue2MmDhdrQ5Fldrk0sVQJewe8rYjFXmuUPyPdIDJQqpV9dWeld77iLPHO+xPTC/zJ6V1QdPwEobw/dfLLT52WvJoVo7y9a/8uN25Wewf+BxNpLygAAHjaRc67kgFhEAXg+Q1j3JmLayljQ38iE222I1gBJZopnkIgJREIeAEv0SNS+wCbb+Rx7EFrWX+nTtXpi7rtSB2MCdmzKFHqGCdjS0d9qsYT8uY4tnGXLL2MDEoHIZn6i0pBeE7/pfQDRaB0YhSAYsTIA4VvRg7IfzJsIDdkZAH7g2EB2SkjA1g+o3wfdZ9QVOFXGkH4Y1SUaaR0Yo7XSOroNRZCH6yPhB7oa6ELej2hA7pXYQ109sIqWHOEzcf05vaebqHQ/BW2wdZK2AHbgxdj8vQ/ID1sGg==) format('woff');
+	font-display: fallback;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-weight: 600;
+	font-style: normal;
+	src: url(data:font/woff;base64,d09GRgABAAAAAREAABIAAAABzxwAAQAKAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABlAAAABwAAAAcY6V2zEdERUYAAAGwAAAAHQAAAB4AJgOxR1BPUwAAAdAAAB4BAAA+XNeWl01HU1VCAAAf1AAAAdcAAALEex++Y09TLzIAACGsAAAAYAAAAGCiDpfuY21hcAAAIgwAAAMZAAAEblomhxZjdnQgAAAlKAAAAFsAAACmEJEaNGZwZ20AACWEAAAEqQAAB7R+YbYRZ2FzcAAAKjAAAAAMAAAADAAIABtnbHlmAAAqPAAAxLUAAUH0ZZ8df2hlYWQAAO70AAAANAAAADYGCynlaGhlYQAA7ygAAAAhAAAAJA37CehobXR4AADvTAAAB08AAA6kgRchDmxvY2EAAPacAAAHLwAAB1gW0Ge+bWF4cAAA/cwAAAAgAAAAIAU5AfduYW1lAAD97AAAAxcAAAbPBA4Sh3Bvc3QAAQEEAAAO8wAAHwUG9iKUcHJlcAABD/gAAAEFAAABGHism24AAAABAAAAANBwP9YAAAAAyUzqfQAAAADJ6Ex4eJxjYGRgYOABYjEgZmIA8phXAUkWMI8BAAsDANsAAAB4nK2bCZQVxdXHq6pRYNhEIYIzbDosMyyiIihC9JwQQohBRY0LL2iMThL3ZzhGXOKWp6JGTdxLRYO4Q0cRlyiI2lGR4JYYK5LFiJoYU2Yz4XOL7/vd6uo3bxgg8Tvf6fOf269fv+66t/53q+5RWinVoA5SR6ku06bve5Da4evzTzlejfjGKcccp3Y9/mvzTlSfVV04R1WrSs79b/b1cceccqLqJnsBXZQJspvSk6+QM/XbybpkXddvdj2x+6VgXcPaHgsb1vac0HNyj4U9721Y2+udhrW9T+5rt+25bc8eC/ut3351128OmDvg5AEPgtXsrQPy+eSBSwY82GgazYB1jabrN7uva996TuBaE/KtYW391tfmW7/1vd4J1ym2kztujaOAEXTnfgV6LMy3hrWNk2XMA07eGHIOI1zX817ZGufJ3wFz83v3nDBwiWy90SVHMRrZtu3ZaPqtF2y/WrbGtPFjuadoIGc3zWw6s+nJQYc2jmqaOejYQVc0zRw8venMwQfJ8cHy+cnB1w0+aPC6QYc2PTmky4C5QxqGdBnSPGQye/PYv2DIYj6tZ/t4yPqhvRtH8Xf/pieHHjVsyk7LmpuHHiVb87jmFcM3jFg+4sNhU0Y2N48b8WHzuJETR43ZadmwKc0rRi3jU/PIcO7IiSMnDpjbckXLNWK91jEtV7SOaV3UuqjlmtFNyDFydPTM0TPlWNh/m2/4PPrt1jGjm0ZOHN00xoyeudOy4RvGnCkYO3vs7BEfji21Lho5sXVR84rRTQLZ5HOO0U07LRvZPGCu/HIUdxs2peWasY+N32b8NbuM32XmLr8f8WHLFSKbx7WOKSDnj32s5Zpdv7Kb2q2tdZFo0nLNbrfsngrkbDlDsPtvJl4w8eUBcwXyy4kbJi0uvhMM35BDtmJMcp7cdfTb7aPsqIGgGGc+tl1+P+mRPVYI5KrF/p4T97xqz/Xsh3vKvAsfCtRz8L/BpphZj4a1BYoNtsWtr238uNhyPraj6czul8oWPPhEwaBDB6xWb6jmallNUi1qTzAZTFH91LRqqqZXK+oLYAaYWc3U/uAAMJvPByIPQh6M/Ao4FJzHdc4H3wMVcAG4ENzM9RZx7q1cczG4DdwO7gB3grv47m5wD1gCloLl4AHwIHgIPAweAY9ynxVgJXgMPMn1M67xU+RTyKeRzyCf5dyfgefAC+Al8AvwS+DAq+DX4LfgNa7zOngDvAU+rGZ6a9AN9AJ9qhXdF2wH+oPtOTYQDALDQLNq0SPAaPbHgp3BLmA3sDuYyHd7qH56MpjG76dzbEa1rL9YTfWXwJc5th/H9ue8No6fBE4B88ECvr+46vQl4DL2f8B5P2T/SnAVuBZcD27ku4V8dzPyFoCt9V0Au+lVXCdDrgGvce4bfH6T/XeQ7yL/Bt4D1WrFKJCALtXMdKuWTX/wGTC06s2OHB8FWsEYMB4cAg4D3wbzOO+74OyqM+cgz0XCCXM+ssL3FyIXgKvZvxZcD1K+/zHyXuR9SObbPMT+o8hV4HHwBJ+ZZ8M8m6cY19OqxawGa8Bajj/H8eeRLyBfRL6E/DnyZfBL9l9BOuSvkK8i1yF/jfwN8rfI3yFfQ/4e+TpyPfIN5Fvc+4/gT+DP4K/g7wBbmQ/AR+Df1UqiATZLtgJdQXfQA/QCcCfpW82S7UB/AHcSuJM0AviTDFb9kqFgR9CMn2g1Vj2sLlQjqla1gl3BBDAJXu9RdWpP+DoZTAELOH4VuBpcA64F1wELbuDcG8FNYCG4mfNXc3wNWAueB78DvwfrwZtVq3uDbcC2oB8gLugRoBXOjAHjwHiwK5gAJsKZPQDj0Z/j/M9zbF/k/vzmVLh3FjiX/fP4/nyOwwF9Ebia8/BxfR/f3c/xR5DPIV8EL7H/C373SrWkX2X/7xzbwLkfVK3pA4ZUS2YYcidsPxyMZL8FjAZjwc5gFvO3H/Ir4FBwOJ/nIEucPxccxeev8/lornUMn9uQ30AeC44H8/l8OhLbGuxqsKlZxLFbObYMMGZDfDIPIB8BK7jeSuTTHFsN8DPzPp8/BB+DT6o2UcCALmBr0A00gJ4AuyfbVF2yLegHPgMGgB1AExgMh4YC/C9pZh63gw0ps5MyOynWFiunWDPFkikWTLFciuUcVnNYI8UaDiukWMGhfYr2jlGnjNoR7beCWw1gBJ+YazVWN8A7B+9c4N2exNPJIOecg3MOzjk45+Ccg3MOzhUcc3DMwTEHxxwcc3DMwTEHxxwcc3DMwTEHx1yNYxMZcTuXhEdOeIRNU2yaYtMUmzps6rCpw6YOmzps6rCpw6YOmzps6rCpw6ad7JbsUS0nU9BnguqDNn1Bc9AwQ0OPhl7tJfZATgXnsU/kIps5spkjmzmymWjpyTqOjOPINqJBhgZE+apHA48GXu8FuIbeG8wImmR6ORGU36GRRyOPRp7o5YhcjqjliFiOiOWIVo5I5YhSjgjliE6OyOSISqKRRyOPRh6NfMLMJFPRY3ht7op529I8fdo5ivPxae0fYtkZahDWrmDtitqR2kIsvjnL1lsVqwVrfVoLER+xSEXNgtUlWF3qZJlJgHlizh1zLvOdbdFaN3DujeAmsBDczPmfnuUOjjgiqSeSeiKpJ5J6Iqknknq44+BOBneyYO3Pcyz3AOGLgy8OvnzqGSCqeKKKJ6p4ooonqniiiieqeLiUwaUMLmVwKcM7SnhHSQ1TfT7ZoPqCZvKCeETuDZY5s8yZZc4sc2aZM8ucWebMMmd2I9Zb5s8yf5b5s8yfZf4s82eZP8v8WebPMn+W+bPMn2X+bLLnJxuSqdx7TWDNNsFPC+aUO88lx6cx5ul89wVAVUWlWqZStVSqlkq1TKVqqVTLVKqWSrVCpWrVYfz2cEA8VCXwVe6zuep1S9xYxPe3cv/F4DZwO7gD3Anu4ru7wT1gCVgKloMHwIOAKoeqtkxVW6aqtVS1lqrWUtVatSp4g1S2pVjZlmJlWwrce5Z94d/PkMLB55DCwxeQZFAq3TKVbplKt0ylW6bSLVPplgNPX0MKV19HCl+pBoWzVL5lKl9L5WupfC2Vrw087kN0Fi73RQqft0MKp6kMqYQtlbClEq5QCVfqKmFLJWyphC2VsKUStlTCVuN7egqR/rNgHyBcn8Z1pvNdXhGXqIhLgftf5vN+XJOqOFZ/Jao/a56B+8+GyCCVXylWfqVY+ZXqKr9SrPxKsfIrxcqvFCu/Uqz8SrHyK8XKr0TlV6byK1P5lan8ylR+ZSq/MpVfOfjgB0jxw4+Q4ov/Rhb+qMky4pMJUvyS7Bp8sytS/LM7Uny0B1L8tBdSfBU7UylaKkVLpWipFC2VoqVStFSKNhnGObsR7yeA3UER6ZrwFIeXODxE/NTDYg+LPSz2sNjDYslYHiZ5WCS+KZlIso/Heh7LeazmsZrHYh5reSzlsZLHQh7reCwj2cZxR6ce4I6WO9rolyl+6fFLj196/NLjkw6fdPikwycdPunxSY9PenzS4ZMen3T4pMcnPT4pI08ZecrIU0aeMvKUkaf4n8f/PP7n8T+P/3n8z+N/Hv9z+J/D/xz+5/A/h/85/M/hfw7/c/ifw/8c/ufwP0YPHgQPgYfBI+BRrrUCrASPBWul+J5koxTfk4yU4nuSOT2+J7Hf43sS/z2+JznA43sO33P4nsP3HL7n8D2H7zl8T3KEx/c8vufxPY/veXzP43se3/P4nsf3PL7n8T2P73l8T/KIx/ckl3h8T/KJx/ccvufxPY/veXzP43Men/P4nMfnPD7n8TmPj3l8zOFjMvMpPubwMcnoHh9z+JiwIcW/HP4lrEjxK8m6KX4lmTfFryT7pjAkxa8kA6f4lWThFL+STJziV5KNU/xKMnKKX0lWTvErycwpfuXwK4dfOfzK4VcOv3L4lcOvJLd580HIbx6/khzn8SvJcx6/8viV5DqPX0m+8/iV5DyPX0ne8/iV5D6PX0n+8/iV5ECPXzn8yuNXHr/y+JXHrzx+5fErYbWF1Vb9ZKM6pdIp20zjLCIVrLaw2sJqV7cmYuOaiI1rImlYE/lqqHcqMLsCsyswuwKzKzB7y7X0Iq5zK1gMbgO3gzvAneAucDe4BywBS8FyQD8Csy3MtjDbwmy7ifWSCsyWnF2B2ZK3KzDbxqxiY1axMavYmFUszLYw28JsC7MtzLYw28JsG7OKi1nFxaziYlZxndZT8qxiY1axMavYmFVs3fpKCrPTza6rTOH8z4J9Yo3K/MS1lQost7DcxkxiYXkKyyuw3IY1hLXsPxdqkwosl/qkAsulRqnA8goslzqlAsulVqnAcqlXKrBcapYKLJe6pQLLpXapwHKpXyqw3MJyC8stLLew3MJyC8stLLcxe9iYPWzMHrYue9iYPWzMHjZmDxuzh43Zw8bsYWP2sFtcZyiyxfBOsXpL8VXincQ6iXMS434X49f6PG6FGCXxSWJTvxhriCvBl8WPxYcL/xXfFb8VnxV/FV8VP+UaqgvVuldyhMo8kQ6sb3FkE7Wal/oo1hIeBngY4Iu6IOTJ4ipcF19uUC3JHmAK+3LkDI6cwZEzOHIG3WB9ppLsdFDwv0+XQZ4NfuNCNvgPmSBE9b6B8y5E8mmBo1uOjh8EvghXXIiESeCGC9Gve+CDCxFPaoGD0XE2Os7eZB6u1/D/I3dKnpQc+cyns0LIha/HHPhWzHUbW6XIVWIdyU+SlyQnST6SPCQ5SPKP5B7JO5JzJN/8p1zzKawJT2bDk9mqe82qxerBjoFXs0MXzhmhExcmO9UQOOjgoFO9a7/rqS7nN4vVPsjPq6nqS2AW2A8cybE/Iv8UmJnfceNfXv4ffnl57ZfbqS/y9xBwmGpTh4M5oARWqTY9XM3WI8Ek9g9Qs80zqs08q9qSYeBErnASOBmUwSnxam1crW0zV2vjam3xam0bXa2Nq7VxtTau1sbV2tAlrjfpU5nZs0D7GqHTVH5hjXBp3XpN38Liuo0zTgKngHlwZj7yHOS5RH0qX/29cAXPFbwmhnGV+jWSmN+5SoWrVLhKJYxhPlLGcT5XoV7WC8gXF3O3S/h8Kfg+uIxj+dp7qq9CXgOuBdeDG/luIbgZ3AIWcYzcrW9D3g7uBORsfTfynvZYnMyRCMXYXRj7Rfl44dmmtBVNvxfWN3Jtxtb3x5xZ4swSZ5bQKOPsEhplYdX1AuQCLHwx+5eAS7ny95GXcewKrpprZdHKolWKVhatrLbhqUI5alZGszKaWTQra2IG2lm0s2hn0a6MdhbtrF6y6T4FbTOVMDrPyLzYWm1VY4BY/iaO/gj9exTrD2hl0cqilY2zbcMMXyd2iOsE2xS9yEbcyOq4kWLfjF+KjbPIi6xW9zXU8SLlCilXSMM454c1bF/LnVpfRwbZGv6m8DctRgxP8X+ObVWbuevqeNdbyZr6gvD8RqwtVnX81mFVh1Ud13BY1WFFsZzFchbLWWJJ7OxqnVfX2nVurPt9/K3qw8gqjKzCWZ6zfJjffB59vKPnFz7e0fMrGX0lkZXdrYuMW/yqLov2kYwcdPKJrAaJ1TP0ktFlnXTbaFzo5NDJoZNoknGFLFwzk1/Xjkys2fU+NHgErOT31GT658hXkK9yTFa1/wE2xNVtorTB4mZIeCaQmuFgMtgH7AtmUZPlq982rH6XkNTkZi7yiLAaXgmr4Ufz+RgknDPfQMI1czoSfQyWMwsBehn0MljP4AkG/cyd3GMZ+/dTU1KDmweQK7jmymC/nBc3dfDV+xk51Xl8Kmf1GkBe0y+KtqolPP2gmtTrwRuc/ybnkcv0HwBVpX4bUFnqd/iO6lJ78C7n/AVJpan/Fp6apFgp1e+x/09+96/wFMXq/wHvgw/4TtZ6qEA1FaimAtWfMJPVatkoYNAkQXZBk26AqtNQcZqeoBca9w5PY5yBAaYf+/lTwooZwP4OoAkMBdRiZke+a0bSTZmRYBSfW5CtyNHIMcixyHFgZzCez/imwTfN3uBz4PMcp4YxVPWGqt5INX8A8kBwcHjS48wh/O5Q5GHIw1ULs50y0ymznJqvcfzryGPC7FrzLXAsOI5zj0eegDyZc4g05ttgHrqcijwtsMCaM4E82ZSnmvJEswIu4fzvg8uZ8R/w/ZWAbs5czXd0c+ZaJJHKXI+8IbAohUEp7ElhjjXET0NHZ6ixDPVVfBJajk9Cy+EpkzxhoqMzDzGen4SnTc48Gp42pQb+mMc59gT+u8l1ocC0glm/yH0mzNqwOBMyCzIDY6PlxYpiQfED8YFjwfFA/EA0E61Eo1vDaB0jdYzSMUonI1Om+KR26nTvV+ruP+S/GMPRcRxttbHYMFPzNzGeRZsfk5HVnFm1CH8/0a2z73lG6Rllpulv8LlUyxr+O8h3kX8D78WIU+WKdGlGU+NQM+IfHv9ITQOfiZHRD1K0k6floqGH76Klh++iqYfvoq1HWw/XndmL334ZfIXPhwTtPRzuOAvHwTGZiROQOT/TYIWOnBSrePgnlvHwT6zj4V9hHeGXi/xykVcpVvJwysEnF/nUzqGda7XafeE5bfF8tojHNsTjIhb3DXNbH4cdcdgZeXY0K3iti89iXd2zWLvJ+Ns+33kcvgBc1CHuOuJuOcz1cqTM9wq+y+NuUTfGWpz59sJA5scH9h0dmVUwfH6wpceWHlt6YVStfm8osjp6efTyjN0zds/95d7tNVkX/ZB63VxO7Cn8YGqtIrgvMM9hQx/ymnSwdDSazknLmuyakOuykOtejv7yKsd/ExjpYaMwTRjmYJg3g6ImxZjolsx05CxwOCwpxnhkVXKcr2lMhQSDHAzyUWt5V0Pe03DmYnApx+n8Q96TnHdL9C+6QbMk2DzoDHsc7PHY3MMaB2vaK57aE6T49okNb5+IpvIGimj3RshfFo0kd1g0smZg1OLI2ijljRKJu5YRWkZowwiLkaTMyL0gf2PExjdF2p8gTaqzvYu2d9g+28j2rs72WRgdHSV2d5ux+8Y2F267aPMMm2fR5h1t3dnODjtLfZFh5ww7Z1uwsetkY60/oRYdHqrfvA6TaiHTb4YxZ0QuT+TyRC5P1PJELU/EEl0y9MiIThKZJCpJRJJIJNFHIo9nvBnRRCKJRBGJIJ7I4YkanvFkRAtPtPCMJ9uotssr6kEhfm4udkrclNgocVFiosRDiYMS++rj3nEh3uXRXmKbxDWJaUU8k1gmcSzGLjW4Vr9KtfR35D/AP8PdPfHJU7n4UEnIije9V6wKPHf03NGHCuB0pGR2anuytSdbe+7ma1maDIJne+JM+1pVjxrT3gh5w2FlYYvMvMygzFx7lBhZq9LzcVrGmcVxpuE9l17YWCqromqSyigftw3vsXyV748A+fglbqaMP61ZLNcjDXpcHnTJ0CVDlwxd0jpd8gpjJfPWqQsoYlhNy8F19XnuSy+F93TS4C/F2yZDQpzM8I8s+EX9myeFfxwVxi1ROCUmpcShlBiT19HLw/s0rkP9vHstC9XzqrBczq9MLNeBY4UVh8ZcXFiznnfjIvfEsgX/5sQO4YiadTOsm9XxMevEx44WzmrcvD+8JVQJHJU3hFbVZSeDvh59vRoAf8hW6PdwiE4p0SkjKmUd+NQfC30mRJQs8Oq7fD4HnAfaY2EW+PY4MudcGc6V1VUd4sR9dBl5F5LqR9hfBRcz9teAjp1Ipl9Fvo5cH0ZjmYG0rhvJ6EYyupFMojndSEY3IrEnpRvJ6EYyZkq6kDR2IVnsQjK6kEzLc4GPQN6BSPeRMnsp1VULHUjGLKbxPURLB5JRZbXQhWR0IRkdSBZqyX7I/lhYMsgA9nfgWBNyKMi7jzR2HWnsOtLYdaS1mnM8+3ShVGItdB0ZXUdG15HVdR0ZXUdGldZiZoED2D8QHAzyziONnUcaOg/xy6OQ7d1G1qmKy7sNqebSkOVOZf80kHcbGbNbYXYrzG4FtqW1buMHfHclyDuNNHYaaew00tBp5N1FRneR1XUXFlYKSyzMTGs18oPsS/b8Cefm3UVqVjB2WAiL0pBRNxXjhxX9e8w6Lmad9phf74vtWWfzcX/eJvyq8KM86+Q16hN1awYjiAwZkSEjJmVUX23EpSzk8jwuZR3q046xKYuxKYuxSdYEJG9ntdiU16NpXA/IK+5FoXvLc3Te87vY82cxZmWJvFG0dTGyujiafzM8+B6VYl1/VIwzDeMUXg9WU0Pk2lyfJGMveqU5MZ4WeeDYGK2OR54Qc0HH/i3t0CPJW4CDQuVQXzVs2Khy2FLFUGRQyZ4bVw631lUPxV1jBaFai7e0Qn+Rz5/0GDOYv0rsL9I4f7LGU2H+ysxfOfYT+Ft1Ruj0ZV1H1nTyfiJl/ipx/iqxn+hok/kcz+ezEudzBqNLmc8ZjDCNvURaeytqYC0H5W+kupCpN87S7Rm6Pn90rmduDeyRrqUcs2+eE3rX5dZM8mqt1myvMfO6/qhqe51IvlTn1/W4eWTfVFQXpr0W1pfqI7rdQiS3dZHcwgsbo3jaKYpLBP8k+L2FM7YuiluiePp/jOIuRnEbo7iNUdzGKG7rorjdZBSvj96dI7eNkbu9ivpWYErKXKWbidBpLUKfHXJwxZwb8nDFnI+scO4FzNCF7F+EXIDsGLVtjNo2Rm0bPLKI2JLLf8wxyef3hZXFzUVqK6sb+JGtReqib6+vSNt7mM+E2t6HnqK+l2iti6IF+yodKrt/xHiQr7j6zVR5ldoKa+6Jri6S+hhJfYykvkOFnUdV6ajT2NGnsaN3HaLqdozUMlJbWwcu1oD3i3Gw3fPydVtZs/1R8LY0+HV+NcvVrOqmX6rzsMPD2IvOPq/MRtcsI7HppdpalrxdncUoIFVmYRGJBnI1iQieiOAZVxauPCf4rozPhzxzBPLrHNs4z3SOU1vOOyvDm5u5dbYKK2xFvIlxRu1Ts1nxhnjeA2f0v1lYz8n7XsmZWXhzPO9Lip4k17E/GBhyaFab+WmxRsrfMM/i2k59H5z3KPkb56JrFnXNwghPinXQ/OBVUtFmeFOGJ2X0yFmoeer740WhupYVgLyuWYJcWrOJizYp3mzPavM8uGaBQjNhTr12wqC8w8qCBnlnldVseXK05yUbsUpG07mbar/z9jU/lBWop4JnhfWdsBJVv45Qz75iBaR+Rapu5aPmt9vV1rfeqnW7RZcr3a10tNLNdvS1e8DSDv1dvs41uq6/y0IdtSqukbwU10XyNams1uv1r7q4BuUC56cFLmy6rsrXRIraqn0talNrUJtab2qvr/Ke0KjL1VZs8j+wPZRWfVRflajm8HxunNpZ9VS7qgmqt5qkPss309R0MvgM9UXVpL7ENljNYhui9lcHqqHqYLZmdQjbcHWYKlFVzmVrVeep72OVH7JNooO6Tu2hrLpFTVWL1B1c8W61VM1Uy9hmqeXqQbWfephttnqE7UC1Sq1WB6k1bHPVWrYj1PNsR6oX1c/V19TL6rfqaPVHthPV++ojdZL6N9u3VVVrNU8nOlHf0d10N3Wa7q17q/l6G72NOl1vq7dVZ+h+up86U2+vt1dn6YF6oPqubtSN6mzdrEepc3SrblUVPUaPURfocXqculCP1+PVRXpXvataoCfoCepiPVHvpS7RU/VU9QO9t95b/VBP09PUlXq6nq6u0jP0THW13lfvq67T++sD1PW6TbepG/Rx+hR1o56n56nF+lR9qrpNn6bnq9v1Wfosdac+W5+t7tLn6gvU3foivUDdqy/Rl6pl+jJ9mVqur9BXqAf0lfo69aC22qoV+kZ9o1qpF+qF6jF9i75FrdK36sXqcX2HvkM9qe/Sd6lML9FL1U/1fXq5elo/rB9Va/RKvVI9r1fpTL2gn9JPq5f1s/pZ9Yp+Tj+nnH5B/1L9Sv+KnvU1/Wv9Wyrs1/Rr6k39uv6Dekv/Sf9J/Vm/q99VXv9V/1W9q/+u/6X+ot/XH6j39Ef63+pfumqMet90Mz3Ux6aX6aWV6WO209r0NwP11qbRNOoeZpAZpHuaIWZn3cvsYQ7Vg83h5hi9t/mmOUF/yZxk5ukDzHfMafoQc4Y5Ux9mvmvO1XPM+eZ8fYSpmMv0keYq8yN9rFlssKC50yzVp5t7zWP6HPO4yfTl5mnznr7SvG8+1k+YT8wn+ukEYutnEpMYvTrpknTRzyZdk656TdI96a5/lvRIeui1Sa+kl34u6ZNso59P+if99YvJ9sn2+qVkYDJQ/zxpTBr1L5JByQj9crJbsrv+XTIp2VO/nuyV7KXfTKYmU/VbyZxkjv5DcmJyov7j/wLGQ07tAAAAeJxtUVtLVGEUXfusmdEOIcKM1yQ0pvAhhjQQn3wSYWR0NCR6EgZJqY5nbGZkGu+3kqC0nq2s1G7vRY/9kxAJIiJChvBBsP19c0CIOJy19rf2+vbeZx8IABdrEkGoty81guaxUs5DfCJ38w4SXqbgoxsh9eDkROF/US2cgXSqFe3X0gOKVj2juoDqCiOCKlQbRXXX6s4/Gde7NZFBj+dPT6LXy4556M+aeGjK4I18xitgNJ+/0oFxxU74ildRKJjsjK1Y6VdlsVrRsT3MKWRPJjpl8xqsaGYOF/U4j0tIoAs96MMgrmM08A4FPB7w54C/BPw94J8BlwM+qrDE7Awice1VizDf8C3f8T0/aD6MfnzFPg7wTbMJxFjkPZY4w1nOcZ4LXOQSl7nCVa7xPh/wER9zg5t6N4bL2MAmnuApfmj3X/iNQ5TlthRlXT7KJ8d35p2y80e9ET7U+oIoWuw3N8PlM77gNl/yFV9zh7vc43O7tag+QJ06hVvc0t2a++t2XzETHxdNLb2/Z78zclwyOXXauohqVKf7bEAjmlQ5p5VO/Q5qEJJWaZO4XDS6DMqwrdNl/10YZ7VLCy6gnTmdJok071pO0Vd/klOKaWYVU3am5F8Ge2hgAAADBPMCWAAFAAgFmgUzAAABHwWaBTMAAAPRAGYB9gAAAgsHBgMIBAICBOAAAu9AACBbAAAAKAAAAAAxQVNDACAAIP/9Bh/+FACECI0CWCAAAZ8AAAAABFIFtgAAACAAA3iczdT/T1dVHMfx57nvD6hgESBqUpdzr4qVRiYqX+SbhISmlgGBgPgNM/FLVK60VWgpmSl916bZoI9lJgGt72Vt+UOtfmizH5yuUd17+QPa/Kkvn3s7AWuttn7ubOe8z/uHsz3OzmsHEEbnNSizYrWZTo30MavG1G72kMyVPKY61fOqVw2qn1VkZVsF1lnrK+tra8i6LEpEJkiaTJeDckh65Vv5Ti7EupIybWWX2/vtX3JW6FSdpW3t6lw9V+frYl2iq3SH3q079Ul9Svc5SU6mM9nRjuvkOnlOq2u5yW6am+FOc213tlvjrnM3zfzmt1gYRYkoMi5Nj/H0qAHj+dWaOuL50nguGg9/efYZT7fE5bzxEDtgY5fZe+we40Fn6ilaj3jm6aIxz07jiRvPmX94msc86X/ztBkPxvN7FEVBdC4ajOLRkaghWhktjLLDo2F3eDjsDNvD1nBN2BjWhhWJnxI/Jn5IDCW+T1xMDCT6h88Ndw1XD88JLgWzAh3kBHaQHWQE6cHEIDWI+Zf8C/55v9/v80/7q/wqv9Iv8gv9BX6eb3lrvRavzqv1lntLvVLP8VK8cUPx8TtiO2XX6Dv+j0aylfJnUfxLprDGdhb/PUZPCjGSTBrHMZ4JpJDKRK4w2UzjKtLJIJNJZDGZKUzlaqaRbVJ8LTY5Ji0OLtOZwUxymcV1XM8NzGYON5LHTczlZuaRz3wWsJACCimimEWUUEoZ5VSwmEpuoYolVHMrNSxlGbexnBWs5HbuYBV3Uksd9dxFA42spolmWlhDK2tZx3rj7+JJnuJpXuBlXiXOa5zkDV7nFKc5w1v08TYD9DPIO7zL+7zHB3zEh5zlUz7jcynjftrYxBapYBe9dLBVmniQdmnnAMdkMw/IVtnGZh6S9dImG9UJuYdtPKK6eJNP2MtGdsjdqlK2yAa286gsZgOPs5+japLKknyZL4ukRAqkkI9lO1+oYqmRelki1XKvdEg5u6VISqWSfRziCQ5zkGd4lufML/ESR8wNX+QVTnCcy6pONXOfalCNajUPqxbVpOr/ALzd91AAAAB4nGMTYRBn8GPdBiRLWbexnmVAASxBDCIMbQwM/9+AeAjynwiIBOqS/DPl/9t/1f8//Vvxbx7QDDIBB4Q6wLCDYQPDYoYpQNZZhqMM5xl2McxiNGTYBAAzNiDVAHicdVXPU9tGFN4VBgwYIlPKMNUhq27swmCXdJK2QClsbcnYddNiDDMr6EEiJmN64pRDpp3xrYxI/5cncjE55dpD/4cc2ls5Jtf0vZVNIDPVCGvf937u994uavvwIND7e+3d1s5PPz76ofl9o75d871q5Tu1tfntxjfra6tff/XlF/dXPi+XFj8rFu7JT927C3N5+87M9NTkRHZ8bDQzYnFWEsBDH0YKIl+LpC+jerkk/IWuVy75shaCiATgJ1OU9bqBZAQiFFDET3QDDkGh5ZMPLFVqqa4tuS022AalkAL+8qTo84OWxvUfngwEXJn1I7POFI0wjYLrooepiqoVPtSedmM/xBp5MjVZldXjyXKJJZNTuJzCFSzK04QvbnKzsBb99cRi2WlKizv1ow7stLTvOa4blEsNmJGeUbGqCQljVRg3IcUJlc7ORVJ6FT/v2+woXM51ZCf6WcNIhL7xiB/Hv0N+GZakB0vP/l7AnR9DSXo+LFPU5u51nub7lBxGC7YU8RuG25FX/95GogEyVrDfMFqCVQW+q116nBpyHcc1KWpxGEf9d70jKWwZJ7lcfOoj3WxHY4j+u5fnDtSeB2CHXb4eDLZe223CR61DDVahJroRIvhuSXfVcfPXNjv/p2ZIC5KDDLsu0XDeV+wIBei1dCoLduRcMLWyHIAVkubVUPPxPml6Q821eyixt822jiFTaHSkj4yfR9A7wun6hRojbZh567gyns2LtZXA2AqsqtE5ETBaRJLQ66YDzg25xLYRZt6mnysHExTzs2JNYhiK40s/HLxPuwsYQCDR9eV0EPY0KA8XKhp0zE/ur6BHFGLDTjzTTFiRpzAnK9fdpbL8k7Y2LgM3mKsCCx8PvGDFN+dK+HHopSVQLNnSl+zBu9fJQ+G8eMAessAj4/kqTlnRj3XnCdwNnQ6euydCOy6oADscSH0c0NghQ0uvHTMcgZmVPd1sy2brQK8OCkkVFC5T8D8II7WThsEBhGwhK7TljARoaCMgariQlQ38hfFCFv9sJNygNLiVDaG5w4bWWAYsCf/YG9iRfCvoKI1TtT6MNkYixqnWHTdw06dcslAtBonRI0uk1ocqvKZQkcX5rNYNRFwu0NALLY9lILsC1I6mvRE9huUBGYbzQa/2bkk3yEKamIvqoUBkQm3ZuUkubBv5Wqx/oG4M1SLOymY7puByEJBh5Q1gNMJqNe+Yu4AOtMS7V9h4pM2BjhOl6DB31ymIbHRi2dYbxhrvk9+cZ5RrljV5c69SLuHVVkkkP2slip+1D/SlzZg429MXFreqYSVI7qFOXwrGlEEtQgkkQZBAkXZRyBp751Ix1jPajAGM/LjPmcGyQ4yzx30rxew0UdEkUsxCTSbVqKF1BrFsivUMZp6EEWVqclRl1YTKWdOWk3CCLhB5yRmb4OxFjk9zJ0GvXQP3eS+ZUE5q0UMLlVZ4tv8+9f6BfpFj6GZ+MVGFHhyXhS42G/+t+KJDg/Jr0I3DgA4bm8fW4MuBy01sk9zEQsZyMCmPKzAlK4RvEb6V4mOEj+OI8nmO7j3s/Q5wmoBD7eKRFJ/86cT2FXUqwEsltv8p/wcp9yEpAAAAAAEAAgAIAAr//wAPeJyUfQlgk0X2+Mw33/flvq+26ZWmB1BKaUNbSqENVymlFKgIBLlBqEVAQETECmw5BeQUERAVERFdRERgEbk9EFlEFl1EPBcvUFxFVmkz/b+ZL0nTgru/P6UkJJM3b968ede894IEdBQhUSvtRQSpUKJfLxJJIIJaIxIVQtm52T6LFRcWWnwWX057m8fiKYDfo6R3w75qYVZwkbT3Znm1+A1CAlrQ+DXeyeGYUGu/TUtEIggWM8YGgRhUAwIGGyrJRDEl1sJsBtLi4yCxl3hwh3xfrtNhl70p6Xj6zg7YQT+vLOtV0be0Vz98kNy8+U553/69et3RH/F5yDbh9xC+SX6DSkQwk0YtCypCUInvdG4UwpgAePjFk1qvay1Mh3+kvcGfBTP7ZbCyYe03pT3IjZLQo/5ydVK8Q7RrLHq9xmoy6kStzWZ3JiSqRNklYhQrxkiSbJe1HhLnIjHamGSPWtTr47EhCZnNsQ6LAX4kl41oJSsgUuKzFhZmZ8M6fXytygPHzQWPHEWrq5D/8me5ucojQ9vjALRtXvab57F54NdHfOzXgX3w8qUCbKRn++/u/3v/nRU3sbuQ/o7T+u/p39B/Z/+GILpZeJOMp//aTkfgLex3O47fjrfRoex3O/0XjkdAvSmNS8QM2YqSUTrKQhP8hXq7KyGtjSyKkgdlWJCktsRK2e0k2ek3WcucLn+CIZW0aSO70vSyvl+AyJnxdpcrvl/AhbIzLQhWF5Pt40+sbIVxMebTmebTsGC+PvhRlmaXVQ5vXnpGXiJ2WTLa4bwO+QV5PofTpUrPsLgSsaoDPOZju9NlMWIx4x/vLvj96UHf3DVw6xMf719wam/vpzZWHFp9dcDIXTSj1/D+A/Fbqw46L5wTy861KcT4gaSSV+Y9utu2/XlVn33Fero2ofeW+Z36eOlRt/B1YUUaLtCXIyShgY1X5VXSKaRBdpSIWsP6B/vbZ7XJbBuX5EiTtMisNSeltWkrZ7eLfyYDZ2RkkVEG/IoBGwxts0hbq8oqxqTY+B6XMH4ePtVngX99UYtVfth6nb5ci9mbIkucv/PMnlznbV/UYC/Grk7d5s/v1gkfe/7Z9S/gkqdexDeKutXVdSvCx7Y9vX479m94iX7ccP4YyRTR46sx4LZ6zTffXvsMn/yx4ZPH1+LWOG3l49988+Pn+ORV4rlZDueE7fWoxqvS97BeHaw3Fw30t2ubaXVktJI9yJ3pcHtaSR18acasNmLbDJIaQ0wZiW2tiZo+gUSxvb4i0D50cJXDawmxbPOl8oW6imE302FVtlzgT+ywO9Ngc/kWK+dbhfMLfIIKezKM2JuSio937zz1rsFl/YY/vu8vdF5N/6W0du4LI3te2Pfqe4s246ED8n8p3YCz6NnHx3+77Bt6U5xdcl+Jf0rPrpUD6v8zEc/qMbNizOzTdcdHTXmyav2ul1ZNOzCc7p54hv7rNXppVdUdn8DSEWbyAk/i8sK+DxEiiQKTE6cVGaSICC4eFMmgfKaKHhQq4DMGkDBGIuqIVoW0CEQC+2h2WMC4mEg0Wwt8suCwW13edKFq4+rTS9euXXJqzQYhB2vw33cepFnXr9P8v+3AbwPcLgC3IAJXqyOiCokAV9S2hIvNgsqbb83rIGT4nFahYOPqU4+uWbv0NANM/6Cdtr+B373+Gz775is0R8G5XKgR7bIdGZHbb4JlYpVBq9FpTGa1EaGSE3zD2HLTXJJNpcMZtrQCiQjPtMbz4un6q+9se/z0t3SDFz/YWrbTv9x7IYGenIir6M6JuCDhwr34ET7HKPS1mCMeBz5q63fKRKvV6bCaGPQaLOCqgJwtYJCpw0NSgDMIyDmYFAQYrAuEmsWLf6LT8GN78Ao6dY8wazdeT6t30xqAXQIybBP6CcmghUxIIpJaRfxyf/kDmcgA9HSIOjnt02TiBaLjTe3n/rVnyrcfH6AXsfE7jl8ZPiqUC0tgrx1+DUFABNQ3gJl8Yh+G3crzOMoEAR99912FN5jOwnZYT4xfJyMEKyEDAhrG8GH+KIhSTgsqynpX9C0rq6jtXTmgtNcdVQwGsAwxcv6K9+sJwoIA8xIigA4oiVJF7HgTY/CLzwQPU5rsYApoSONVsVA6DfO7UCu/3Yr0soxiYzSOvgGNipj6Bkhs6OxFKzWz4E0BzWr15Vox/9fCXxELf2u43vBb/W8NQcPsRYtqaxctmi1cpHX0MfwInorr8BQ6lz5GzzciLILkSMcqSgH/DYC/HtDRIo/fjETQ/BjrdaIKa2Qcg5h8K+S0YFzp8Vo6FBixKgP7iP6K2tX98AN45wmy68WxMZ02Po45PYaCTi0EWeNGOf44lT1OEIx2t5gQb9H2DVhUQhzGcZUBBhnWhAqVpblCS2uN83CxoAgRVUYx5pQ3YhN2eMTCBg+e9cKk3Jn3DHxqwpyHvvnL+zd6rXmJCnt349kvrXikbOy04gEbJww6v2fs7jefvaHl+zsI6JsFuKSj7v5Um8oNqKkMrhS5VQZxxcS4+gViYrSpqYl9A6kqrblvQNtEbcAsmz9EYcd1VyLINdGTwvSXLzcfUM3Eeb7kMMr5IMhFYcuaXbvoR/THX18Y/sGoHdsPvDNnHh7x0Mw7Ntwz/STWXvpdHL/0b8lq5yurzl3ud7Zd7iPzZ0w+/MuI8dk9tq49xG2cDEB0knQA9sSKyvwZGoyNOpVolSQwduw2LFklYBC5vxWbrElWwWolJpVM2Gb5mDYa7os+gczyCJlaFq/Fk4fhPx7YRi+IY3HSW5eD44RNl9+ig7Tq+M70cVxCj+KS18nbDWV4yonabiOCPwMdZwAdQUCieNTJn2QicQ6idsSIiQnI0jeAkOx0xlYGnLKs7xuQbyFhE/lyRYcdNZHO7GEUszFTpxgL5ZewQC/SX35bNuDDoU9vo7uzH+1wT0fh9+DHHu/dZNUP7/1A/+h3vl3uY0uwbNMXC++dpetkM9BqBOBWIp2EE5SKevi9bkuKFjZfspD0NK3daEzsFzAa7YKg6hcQVPaYvgH7f9tkbuWCNnY52H4SX4gFERx+QeLb7U3hmm2E8MbkiopxV65q9dk7pr/zGW387KnvajGdVTd7dsXc8ieFKWSo5YSzgf4wIHD97Df0tyew58amVY+s7Dq1aPlRLq9hj7uA7SmjNL9VRlhCgkTUKhRDhEqwrhQko8jnYVLUgTESugXV5NfgUfHyma03f+b6XZEjJ5ETeVF7VOBPIGqjPdMj5+ZIFo8nM1OHUGq/AFLp4voFdM3X71PON9cNbKkSZ3DQznlh3U2YtcKWng1KHafIDjuYblzVC2Uf/EJ/eXkVvfH1T/Tmkk0Lp90sXV07b8X8hQnz78eGcQ+1HTjuwbGzpZOHn/lywaBDM17/5P03Hjpe0X/3lKffrN9dPX3m+AELCw2dlpKSsXd2qOqenTej8s6xjP/ZuS2A9cSgNLanKXo9irci2Uoy0vUmhympX8BkIg5HbN+AQ0XU/aLF5O33FJs548FCrDYvMz7S8zog2FprGluPsr52WCygW+mWBZ0CQ3/6QacveuG+Y59h/Nmm7x6hwkN/mTV75paeD5NS2p8OMr8VixG2Du3/y7nL2LSefn7j6ZW1Kx4bGdg4FEV8IbEG5LqTyXULE+soxmW0DwgYzREVE5brIS0ZrWksHW5VOmv7lEfrHrL5CeYUVbH5mO58GeaTkQXl+t16FZZlUUVsVhHJZnmlTAxE1phgWjOfNnvkiOFvR7FWmourVNI0KV5u4trVG5r0J5eiZYXLoUmZLXAJbIGrMGe63ykBOUTGvSaCS8gUsoJcA68M1PbU8DwwCwh3hwaLOQ3Z5GzQK1y6hHfOwt8dp9vpWVjDeLxLbE1+4X5dlt8NlhERNWpRqgqAQkJVARPOxv3wFNBdABYWYX47M8S3TKtj+B1Pjjd0IcdJyWuv0am7d7fEEUuCJAOO8n/B0aZhSOJRwqWgl5xtyMZbYNYhx2nMLFoFOJobvyaTuG5LR139Hk+8G6lsyGiLF1tliC4XmAKpZrO2T8AspiYOCKTamnGllft50UzJjljYZgbdEdJ2KiNOwNF74e4/bmbP++4ZuaXvwFPfnfimbWDS8JIf15RV9O3VqwIf9E9eXTmiumzg0Pz0XVOPvNhnRs2dvUcNyKJHn+hX1uuOAZwfpzQOkg9Jh1AeKkEV/nQ3KrJ3Ujnzjd52yGh3tmond/WrdV0sltyYjh1FnS4zKZekZ6Js7sNmM+0B7g08jcI+YvXzw5QRPlNgjThdxGHnB0pI9aaIggOOXm6BQ/YmI7BZUn25ohXD+7YCtmr50NDnJva7367PWTn0uTd+P1vxtzJndb/hyyh94Tx9axvOxymXfv7wP2C2jPkCL6+/gO94o75h31GrvqRs7grh6xU/zh9YVln54Wt/x9gdQ7Njnnl/80uYLNtF//ZP+hl9d+jWQXgFvhtL+Il/7qGv0Re+x2nXLDs4TeCPVC4dBG4zgcRMlCU9UhERC6JKrTepLGaTUAFSRkKiVS+RkD8fpc+ABCCTWXQBezSYtMMZMny8YnXw7IoGwYtFwUtzlpjytO4O8/E6WiMdvNlDGIcfa/Vyq9mraR1wOYu7XACdagIp50G9/el2MVFnjosziWqdCQSwOtZsjgVWMptAdFQEEDHFAULW/yrolCBNsuiIWCpejy1spsSGDBbvUbwbt8OG+Q9vWEV//C3487Vv1j36+JYzdN2Tm56W9u46NHeHU5vw0uq3PidDR06bMCy4g+ZMf3jaZDhPs0AunwH+j4HzZCcmjclB4mJtqCJgE/VyRUAfJdWU84RDhmp+iAE6MAZwqdphkv33q19/PHzniJc/oYfp9hdw5/NfHBpU/rxI6ae0kf5Kr6YlnO6KF+Caf+FBe0e8481jewY0k8YDzdRANZCrBlED7pPZIoGXKhHRUBEQrbezl1FrbPEkI2IG+9WXLI2nk+lCOgGfwMPx/AbqOLNDMAvf03V0nrSXLqbPCYb6i4pPBfORBphPh7r4k0GWarUg55jDI2sqArIMtr5UERAI1lYE8C07E3XS2fzg/PBf0tDwFikK7hEygheYk/kenfYuzWua7ybMp0EdgSPhFTDDwU1ks5lkrCOyLGCrMmckmAayPNrKgiWGpsI7fySFyjxsloJTyhywh1IO7GEcs+ViBJtaUMcZRJBkwF5AXp3OXBHQiZITSGr7c1vOY4ETz040HG6XCo4ycrB9LoD1uYS4+b8up3voerwOj7t8euDu3T/Qn3/75v759CyJDaZkpuIleDwejVcMeaeKftJIr9PvE/Cs0PqlbpzePn+sWhQlsHyRhPQGNakIqNWSViY4ElzLbtrkpqWDiQuOpsUndfs5OOLaNWHLz8KaILj/wR3CoAiN8S7ur1n2Mg+RoLCnltOeATp6jflnfGzjOFqNd8BYPfPXtUSlMgImCOgPdlbYPivkksCmWBd5AMAuq8d0G1h84ufztDr2pON3acnNOV/8GJ5bSgB4RpTnj9fpMWJrBLtPb5RA3hgJqDtd1BJdLc92a4xVfIX5BdiDVFICvULzll+7NmY0XorNdN42Yd304CVYbemDU/A5WnxYmVN0w5wSjznAg0qGNQM9kbVpDfyw+riPfvSaMFHaW+86rXxW3gKftaNif5JVZzQa7EgjqCVJljUG4nQIVg2RdSqCjDJDuQXOYTXBjVev1cHcD+zDbI86WAvAHS6kQ9SWC3gAXieDoq36RieqaW/xLfrzT8FCQGGGuPRmuXBuEh6RVt8lQr86wIdZOS49NpsR0apUajWyWYleDZYVVkdCrxHmCOMAxPO6nCEs0gXYKqmOXgzmqCXjBZBTp2VBf1Fc3vXAhqAaJp/lwp4BAkVcV7Azc67JT9fDamUUE6txVAQ0IjFVBIjttnLHo5yQZBTtp0vn6Eb6N/o6fQo0Ux9cisfVb/3ko/MXPj7/8UXhErx3P5yPGviZTx+gG+gv9HtsxxZswE76gyIDxSXcX7cBFWJNSMe2AznsOhEOrk4lW1W2ioCqSUBEHxOmsUUPdwSTxYgDKy6h/6BX1l/Dz2MrtgQz5ux/ecNz20jD5euMmb6gzrmLH3mY04Fu5XQwgQVU5E+SRCI7kVmLRFkLHr4htiJgECUVnBOGAY+iIB8YaiWZLfiYRbewJyxAWpLn1DE8gh6iVzP+lEY36NpyugiX/RdCobC+0HJ94WB+hNUhmu02xMJWZptDdDmtGqTpA1JPb9dZ9WpQYCGqKdIFtQzoAuJNypST0GGWYB1417YX1m15bvM1/BR2wzn8F36K/ky3EOPDDz18b3BYcL+09x8f0Wv3B2cJZZyPx4Ee1YMMTkUdwFpHCVbJ6kJiepo+AbwakMMOkWiaMRUqbB6IAPugKQLBo+hcrzKTirtniYKop9/8/vvmcV+OfmzRw8fe3YrFix9+UHH8yfsfbD95xbPrSvHy45/1/So7/967qqZVDvhg9b4Phx2vuvuOwgFlRd3vXw04JgCfVQPtVMw/RRgTmWjU2ApGDsgOkYQ2tySi6pn0BSPcIxy4RqvEPvD7/WkmQ/bA2SniZzbNbzFjnVqNbVaLhkjGJg0TfcmEQYCKwBlclDp9ybFYKlpK/9gHFP3w5+07cZW0t6Fyy691OLmB7GwY+/rLeCzZCPMgfpfDZHUbsE0EDXjUIhY1xGjQECQSYlXCI80NOBBHXvjlDm2BKPxOUQMVbuCcmHy1Id+iBOoapnc9nVvxbnuYQ4+Qqo7HQfx+D0YxWo0ZPGZ3vEEv6c0x8VJiglmKIVq3XQ82gSKJWkjx0F8mjZjNCNY+8eiwz8aC5wU29pgPD7JMG343t5e0WaZfaMObR66fzXHo2lp/+vG6N8NU+MEvpLrw4zb+93MbNgmfCp80vHz6qTs/7EoGNWyb+eOKS6SK85gI9LjBdSnoGow0WpVMRBGUjazW6tQGvaAWNaBrxGiB2VzXaJhly/5i8Qb9ka6mKxoRvkw7YS2ugh+BFgiDQK/eEI4EPxZaBzsr+pXtw0F+5tr6HVgAnxB0nABSQatBEixXar4R1kh81INBLGGPMAIPxSKN/Zm6waV0Cxsb5gVPCtlkEcDuBrCHhOyjBKJSCwjMdVGnVYmSJDIbUFBjrA4ZY5HwYrMgHgsx8kCKRxxS/4PwZdBHfgrGC79vE7uf3l5/WFnDBnpQmMp5P8lvALsPrBCNWgYHkjkCza5EcciqE6bS1vhjoA+iB+Wbu25OQLfEhgWMCOj228SGbcCEPwnJl4Kfh0PD8Fkf4KAO40AQePSAA3NRbsHB5WEnz+LxYQQInKeZa6Qnd/0hszMsuMRs8PtklOG3CmxuMCoJCzOBX8MWczq3xYGwsROhAQd0zyx8+Rh9jp4WXOSFhoCwNxiyiRroUTK9sYzZT68TSRBZyN9nwSFq5HnI9IYlZCY9CvuFa8QLpL/sgf2y7VUTnVaai1B23OlQNB6ckIw8D5w9h7C75zk4+Ol1bcULHd7q5Cjd64tl8nsoyElRHM/9bfCQ9DgpyZ2qVtvdpFWGILn0yeUBvV5yIYfLXBZwmaX4soDkbLqtsijaD7VYoyfiruanFTQPNlvScvO7MA/cYXeSYdnq/lvmPLePYvHw2Oo7N5VVDP1o5LmPgzfnbnxs2xNDNtzde9ezL+1Uy0U19+SmbM/O2f9W0PXMinmjZHns+PIBDP/tgP8a2Q6aOolJDE2MhRgSiUGnI55ktUUGeaJzIHtpAJlld2lAjkK9xBJtwihXQiENmeFVebmZqfLluwD1UPzKLFw68+0PH3x4vzlz1xW1oL3vqcdqhbmraueJ40G7/xvE59kn6mQ7faz1FufzR144YX7v9bffYGY38Mn4xqtkD9DZwfw6AyFqK3E5ZR2gZEZmQM/Z0q+TUppM/2QmpsHDN2JhfD2tBw0svLKs1+Oj6ZcrHn1qWckKO04Ds8KF23Z9sxOtO/BG5em0ZBbvAdoMBNpYFdqYXRqi1xsTiBFoo7EgWY9MDjmOo2CLQuH2tJFCfqbLl870hjfDK2eA06lsLhBISDjz3ZUPPpmmt1zd31o3deOq+cLiVQ8v/Isdt8UmbMbZz87sidf8cXXV84ee2+c5u+vkgf1HQzgWAl3swIG9/Bmx2hjYOqK1kIT4GF1ZQB8THyOYSUwMkmVHGcPU2CuaWMxrauaecdJxowfMnQTs4RqcUY7APnraYWEppfQSNl69SINJ0tbHx7w4etCuTfctMuAbwlw7zsJqwDaf3vh+zrN/Tcs83DqFvPvY4iXL+R564WR3k5NgD4v8iQa7XSXAAYez7nIShw42UQfS147LAiq7CQSIoryjQsxWxQfg1rk3r4Df2SoGBeApnKO/XN27d/+bDz9YPLhf/97YSJ5pGEWemVxWduLN1rvjx44t43FoF7WLlUCvTNQRdUfT/F0yhbRiqTBNn5RraxuLJFtsUprcs0eKWt25HPw5Z6v4fJMpvzRgMjlbtepaHmhlzhR6BzJNzuzeAae7acebhzv4s1uMM+Wm0aFiYQ8ZTgnb9iIe0hY9/Kwr0ezIfbQLh+PamThFtrH/KOwiVr4Zl3L1TF5mRa+RR/cdou/Ri1/9NO/+7C6lPQdN/PrD7AlxNG7Jw0cOTli2++6Zd08c9/7dE8bfI1bN83rHF750Qp1dkp6+ac3B959ZO36p2x7IKR7UJu2F+/a8bVDVCxVVk+8q6zKS9Kq+75N7Z9zP92076LQZcA4czOfFyGTQaLRI63KatDabVBqwmXUIax1MSUd0WcSvUW7kOI9zt9CuYjcWyRZxxtUJ961deuWK3tT+pWl4tbB97iOvfhC8CMd/xsh7+w+hExX7eAMgsEW6yXN28v0pYMiD0LaYDUmqbJUwUjVFNUf1tOoV1eeqayqVSjBhQKMke/jU01EJPCykQqITeNZcufJHT39xz57F/p5iFU4r6dGjpHPPnmy+xkXUzufToxjU3d/GptWCsFGp4mKdfpM5yZxt7mceaV5hftp8xvy5WWMkZrUJAQ1QiBXYYVK0B0uhael1R2NRUFPao9e6K6+VhjGh9tgD1h3iufqEl3apxjbhpNB/Cb837+RPEogsGfWwAwT8GC045Ua1ShS1gg4JJjm0C5YWPi4/NgWKoaR45yq8dAGuxCbaHV+gV+lT877/Xi+UbcPjaFpwCb5cQxfI9qDmPArPj5mOIMjpB6MVlLSAOKHDN9CMwoyqMCY0XiXDGfOiUr833m2D1xjLYK2bpKXaDVqLzhQPDJMsWYByLhA14cMO7rmluZlnLbyFhVycgVyhiy9L+C2x4uqo8YvnXNnv0bd75R7UeIc5Z/f0t1+/Mnr8kjnCjjm1r/49eEGsWtVv0M6qYe+eDmaz1156tYm/AV8byvHHcEzBdbU7AFGGoMWsM92evf8ENYW3H3+UoZK7/z78GOPtXWdC03PGVuR2Lcyph1PF4oQqC5hRTpcWFInWTEylAeK8rb/OrvnymHAGj9STbGE3lGIt/eH3jT/Nxfb6n3FMw0Vw8GLoN2sXCJmgUz9YhuW/gsPZjp6iN+k8PAfPPsH1PsjBNXzNyajEnxzDIneqRIvK4kkhOmQ0gso3Am+r3MjdpNpKmhy9MAV8XLVlePlO+JwuX77iJmMmlcPiS7jw4f1G45VD6lj95E/PfHuF/r5s3txVD82vsz+xLJEWycVJM7ZzCwDwJQe27vG+9/q7fztwmNMJ8BwIeOoAT78/OdFJ4uJitaZYU4onzu0yJTn1VquqNGA161FpQB+t2ApjoixYBVFuOinbZXaF9DGgXOBjXJRf4JWFEWvnLVj7yPzjp7+7eqb6+a7quONX1cRQvf2lv6ad3vPuG3TBQVBxRvjJ6Ttk1R/H8Pm2Y+KeD/EQYXoFdshvZjwkaK3A5watQ4LXSnJLCqPNaRz2hMNcI1zo1c6Vm7/8lSv7k/QFr4rjtRf1+9cED4lVx8fez+CPAftnBcD3MH9ci9xgflic4GPDmbLbY3sF7GaiLotmmpb+OFM4XBJ1AJs2pGE4EqCEwBknK65+emnh8e0X2k8ec3jR5beO76x47aEDo59b8nBnXLTlr91PDa1r07FzevnaBx57qt+r5TUdykryhkxX5ENG41XhZ6kMOLmLP8mkt7GArdYiupwGk19j1ZtM1jLQnzKKsh95Nh5LwItOwknjJpoX/GlvXgn2OZjbAoZRj0GDMmZ3o7uf2NJ/FS6ib925w/2qxYVHCQOrB/1wY3dw150DFDw2w5maJFaBLdTe78IWi12ntqudDkGyakzIIRlLI6Z3yLuLOsZhg1tx6YFr4QnZ49HnvH7/ybd/rJ6ydunVVX2HvHtKOBccNGfOqx8IGfU7w75kGcypg1Nsg13HzIjRSjzjyCQBSWDrw3ZAeC7uTPuYF43xVjrs9y876dWaLl/epEPFqmDtlnFlh4Q6Bp3BB4kqTwf4CajY70lALptVVKuM7nitRtQYXfFSUiIyuIjaoXGLxApmk8tX4vLdzpv3kHTiFcCXV2ZnvrzHBp6NgofoWxHXQ9MpZQ1toO/9vLy9Xda2Nm3HwnOmLFFtKlhxlb4rgKrMpL9MDVLA8vP3VvZ+M1soDR7Iea/j7EuCJ4wvOEVgX1Xx+HgcaCZJwFowDyRZpZNZ7pJOxCa1zvEnHj0oKHfEpd9Ml2N9A8VaugwvojfoNXAQbgh5QgKtxXXBr4OnYMQYvgcgI8r5vsOcdq2o1sBrosYkOh2i3aFGJr0FZENIQ/tKfM19LYtHoQdQQQjdwJeAN/2lz6LWtP+G0ox59FxleV6PHT1bw8KXL3yg4ClhY72bvmA5oH+rms3fA87+Upg/4vODy68J+/zg75m4z18WYDrzf/r8ZGnD34Ts4K/EEbwk+FYRw56tQVmhbRb429/z2E5Pf4YuxioYVQ5HvBATTxITLIJgInPICvIKOUzOEBl8gJhYnVbxxFnKTXQ8o9CiWNIdPHmM00EUwLlzgG3mADEO4sAB8gEX0BuL6i5cmDbh8uXx0789hZMOHL5rOC7YtGavdEcV/fidDH3qSXq+aqCwT3jyJYYfWBJJwnJwMVgeo8DyGAm8XJIdyWMEMYsv7Nkjm383RdZzCtaTyNfjtoouo0rF7gJIcpLe7TbFzYlbEfdK3OG4M3FyXJwNGNz2Z+vxWUB+SOBw5hVjtqCCPDjKHdIz8nL5inwOkLX4zDsXR9bUzL581+TPj8+pnT3Pvmm1sA/3GYblWfMd+ox3cOuqO6S9T+6kX44bePjOu5V8QqFIzCHVcJD9/lQTuCpGmVgsuqoAuEgWQUMssl9mV/9yklwiT5FFmV/9M8nG3CpkjjlhfjscTAAPKo/b9c7QdWNKekY6Ls+d3WXsE90eGFIX6FDb6Z5VXWsHzhH2dO5y+N64tILiToemJHkLFFt4ARyIneIIbgu38ltFQQtUBvMJGZT09VDqRPP0dZvP5sFKDi+3Po/u9NEr2NOnvKyioqysr7CgQS11LK/s17vnwAGw3m2gZ25Ip4DHyv2tjYJOkJxqSW2OFxMTJEGI7RtAglkAj1IQY422vgHdSlCGehUqOT08l52ut7gzGZ3ZpeRD8oxqIa+DNZxJ7Q1ntRSQizOXbjrz7sm/b15fV7q6evWylY/2WTT4pyLp2LtJOOYmxYnJO7ZIXQ4WHTp6bHdiGsuhBB4ZJJ0EmXinv12cWqdzmWyCxmxzxchJibqY2Jh+AbUpFutIbKwVIQlwVtlMVlNlwBoTjgk3ub7NE9EUF01RjOBVggoCnoIHYKsuoJV8wFrC7mOvV2x56DReTqd36y9cr/9lzIiDB7+WTlbt7XXx+st775qbdeZ44vz79r+M0cF/sH2bgQXRLW4FHyEDLPi0FGM8vCpp9EZAOU7bupVGz54IkjrJkWZSJYFTQ1QsSfVEritaRtg6FGQUuJjaLnCpwItQuVQZTKurMgrSC8KmFtD1gH/BrLpx06ePgYeSknkzF4yd9kigbmadf/viEaMXLx49fIlwblL1gpnzSrrWzVgwbvrMMfNmzuvSZc7MeWPvH7NgwRgYo8gbIJ5YC+fTie7y+5DKTHQ6Pcfb6lDFuGSrzdqfXfrbkoD6xGbTO7RGk7F/QGUy6bFD1oez/cIp9wq5m6XestwYDfYpuh5+vHke/gOvCGW463U69Wv6LY6l335JL2M3vfwFfeAGSRCeDKqf2PDk9etPbnhC+J2fjSjZo0KpfuBPEL2iRk1EIrKkSkCFlzo05TIxaWQJSSQmkxq+oT0b/sXP2fTGX8gS2YuyUCHq62/bwZXubocsUm5sAQtX6Fyxbo+6qBOJLbDntpET1WpT74AaJ6b2DiRGmV+3JKArW5hfEDqHLMUgZHxh2EvFK1RuTBQTTShg1yT89sSI5/Xtvfri3+7aNrbH/Q92OTZ58Svrli69+sE/FvY9MuBKm3Gjl/+ly/72k5ZNevjp/J4ko39d5h3r561OabMlN25Sfj9fj6cmvRrov+Kx53u91spXl5mfn14wfMborNIeHbtO6DMhz3wX0C9NEsg66Sq/P0z06/VWGbY/NsZEHBqU3aJkJcqLTYv2q9O6t88r8Xdo3x0vgWf+br723aWZxQXFBXn+TkXsMb+kE4vBjGu8KvcAGeNE6SgffMRWxJSdlOHSmOyuJKkjCDurmaWMumWTPkn/tJ7o9V6fW8z02sLX6sNvKWbg0jUkUBwRYQfHGHdQEnocdoGlDAJRraIvN9Uazv0htVMevHd2wSPtpj/41oVPTzy6uGtNw8J38Yj32O8xuuWDM3TL8dkv4tTtO3DqCy/Siy9sp5+/LGqffWzN5kTHZt+/P/voP6UrCuhZ/hm65b236LYPzuChb++gl7a/hD0vbsdp27fRTxlfFRJBWCO9AxT2oEJ/gg57PC63SmVxEW+KR6ezJTCzxSwKotEmwlL/MfyEj5+fFhdCGeHQcAn3ZUJpWRZez+BjHo7gTWj3QK+pU7dvn9iz59AH81cuf/RRSntNGnXXMGIcXZB/T001aKqyso7TS2traVfcWfDnDKmqymQ4VqFq0UO+RDIysBopImsNgqjTaESDLBpNekmNgR1O5LbM6MEuDVbhNOWhCo/bTr/BcdvpJnwM372dnd3tdKOQg3eNoFvo1tH4lbimp4qsGYUR6NlMJDH/CbNjLGNRJFWBbBGLoXS6E5E8AMxv8sSc3Q1fkrMY4Vm7UWNjOLceWJcVSYgRPmN3q2koDw33+0SNzmjQI7PZ0i4x3QmizOJMlAvywR6xGkyWJItgscSpQ/yXkhsntklpyXQtNuQ2F6+SXcXqotgNdq7zf/GfcLVneUXvft3xk0/+eO7I0DexvHNL/ef/kwGJUNq1rLD2pWI6HQ+l28iixfSt/8mB7G7kpmwXZXk/vxsBT+WWuxFRrr8u6mX7VuCFSaRQoEA/FgtL8htssgHYIi7WrHESxp8nooWCrUkQtMPR2mjSoaWPHjqyeMiTQ54cX14+vrqsrFqct+j4kUeXvjl4faC0ekKvivHVin0zCjYtR/wSZJCS78aqN/QmrNZJFrPeUBXQW0NVHE9HVXE0xfxvLeRgBnVUMQedRs4K63fjJ+g9u2kNpbt3K7znA67ZxnOTM/w22eIQBD341jEujTFJcDhwMmL7H+U28FnCaZHhrEjZhD3CtuDyb2Z09fuG3zti6Y7FTwxbshQvF8oXfXlfTVGH/CGzZs6fdscTc+Zx21coFLbAnF6QBEkuZJaRrLMlEjktFTRpkh3DX7tdE+dJMmo8EQ6cGn07rGT7h2PJimvPMv1zm90XCQsG9Bsx8sBf1z60qva1d6bfs79nx8LRhQO7rB6z8Cnx6z4jMxyT+855tPipfotqF8zr0LFV2rR2RbNb3ItJ6JZ7MbCHCjzgNKhwTeEsL7Z0ONNLvBBb+nIXR5ejeTweAj7ZDPCJYlCRP0ErSWoLcjicTnVcrEVnlF0mjcPpNgqlAWMktHRrRgxbYcgV9yr+eYYX1mvh0cZPVj96dV+Kof2K6mX9RKK6cgVva1Dc8jV3DBwavzuVHpGLlf2dShvEmbIduCrL7wA5IyFJB3YzltRqo2QkfQJGlB02nJvtMjvDXotS/5bv84gzlxxeUjzwn6c++U7oQRvkOX/MIz7rzXosUqVWRyjEOwnLqXb5tbxWh2gGBEiouKfFKWnKmhbORdXqgC+LWfanBXB1mfSsTkBPbFa9ya8zlplMRpXgBmyV9I9muNpDviscu4wCH/AF3kHPdCvI75lf8trA9a37D6W/fGZaYvRk3Rm7bYhjJJtrIPC9nefppLC6GpabhPU6lQYni5pExnThIIlLIUYJZoU1aT7BfoBIluwHhuDYFwAEmnCXtW3gvrP8DHcBHXcGdByzI9L8VlYvhGSwIxABmwyMCS44hjczJ6KcEylKcAhnXnlq3a5Xn1y/i5orhwypZL/iuK2HDj/34oE3t02ZPHnK1EmT+Jz9o3QWzKnTiAIiKkGrkY0m8Lz1ElNZ2blR1NLgDA0uwJLyIHrok9uZebkdT6Bd6IbtOI5+sx2PF1x0wGg8DI8YQfvHNT1FTNd0RkjOkfaaM0iZsA0hczqa/R2yqEg5GRbchzSvEcEC9m9eHhvbDsaWhcbWKWM/gbHofrIFxqp2C2Y2FHG4YP3I1dJJPhZMW3gsJ2uC+ywymgG8oHlNwCoFLqy7gM4k68AfZH5FmT89PgW5VTabO4W0biW6XMhtdgs64nab09KSBgTSlLTvlJZXf7ekfDOPh98uM1vKpewNnHbmANmitkpYWjX+4eJ7Jw7dXlX16ftnvmszaNqI4mtNbmVJzbr+Y8b0qRxRkP7a5MMv9p5WPbRidL8s7A/5mrBWnt+smm5NR6mI0aN7479wFVK/JsRK6Sgzj9Oj5ZgH0I7/NQYPREXKmPiWY8oiY+5CWcqYmJZjiiNz1aBSGKPdQ4Q0PigvMkYTGiPjwKBJfLdTibIr7A4JpIF8judN29Dd/nzZZrNYtEYjVoPokRDWm62Sw641VAS0WiybSUXAbMayZNXYZFtFQCbYGJ2rq2QwhbIEwimuTReK4fCRhad5hzN42R2pfK7hPFUfvCFsE7ODbwn24FWhqL4Ab57Nk71DSb34SWEeX/sskNdnpFOwrnTgOhV6SDDy13l+Madtq9Ae7eN0w44murUc8wCq/F9j8MDGP5QxMS3HFEfg1CCR01/AnjD9G2+C4PqCw2mr4ENXKnAMTXBeg014MmrMA429W45pfB3G7GsagwfSD5Ux5iY4II2FaRwfBU4N/TSEj8J8eUp9vjSC53TFoF7+NAOyqp1OEYlgZsXFOmSVXBGwqlSiRmOpCGiI6GyWAM6rm5qXojalg7NoA08JFzKV3GxfsjSC54VPWb0aH8J34fkNf1x/C/vo6WcEq/A9XU/nCFPeFebQRXQrGHYa2vtdOjREV6mO835OiPd3K2uNa1orzx/l9MhV6IpmKufD8+djHsAZ/2sMnMUDypjUlmPKImPuQjuVMcktxxRH5qpBp0JnMStEe4zqsFE0iutB18T7TZhIKg2LMWejkax2IjZ7eKj4BkS8hjsmIPXxSXqgFpfh3rV0H+45m+6jB2uFc7h0Dj2AS2fTvXR/LS6FITxXYFbjHumc1ACn2A12WqU/C3z1JNEeb0fxWiSptSYpLdWV6EwSPbEmq1oSicHgYfmlJLZ5ZmTLenSlzQCv92KxGyVNhcV0SIcMzArAsN2F0yN5uOfXjlg+5iDLMn1n49DHxh6n/YN7Ry89f6FhS6XQZ9jScErugCUjVp7As1iyadW8YcveoSu/XNywszNLOP22jlQV0R8YXXmuI9+fjqF9LlB4wd1E+5ZjHkA//a8xsM9LlTGJLccUR+DUoPWh85MRLU/FgxxO59BcQxQ41hCcUD7xKn7GHKjUn2ZBBg1PKHY5WXoz0pg1AlhaGlllEIH8BllFWK53SZPQDGW4RCUlhHOMfQ5fdJbxKvopvbL92rW3sB6bg0kL3nh508tbifrr6/SMtPfXL6jjkWVzZit3xrA2QU5CPtTVn5KG5KRYY9ssZLQnZUl5HWLTLDlZjpxWpYEcZHGVBSzNM75a3nrgsMZNwolCszhQeqj9RLgEi193M39SrO3bbWh+VuHIYYPbfvT+oUmdtnQ/0nPWzOoevfr4F06Zs/AKxte+BAf6cvkCX89O8Ym+dH/xyPt6Pf9y13fScp7oMqS898MDS+7JK7jTVzbg3nvqp4urjp7ezvaM57PJHtiPHky/oe5PInYy21vYbtzm/Qcq/uv7eOB3/H1fs/elG5H37/oXfz+7+ftXI/BrfkP81He2KKe+CcdNERhgv/MxbcJj4OzCGHm/OB60WXuwqab7Szwmp5jVwenMynNkwHBHXJZU2NHkSTWIWeUBUUw1dHD2DnTokGqw5JQFDCrYNIM5MaZXILV1WSAx1clyFPj1UWZ0pk/ooWWoj3uiNhagyevAPETmibHALUuosnqUW86UdCWOU6DEbFS8cFXl6ZA+9Nc/Dp5cvq18yNmx/x774Fd/vx7sqMXe/S8PemnysgvdRxxd9fwb17c9vHLRxpVk6311GnxhBu7y8l/VcsWxqm3ZORs30l//NYfu6n+4dcqkybUj9mzcuGrOKFkeLViWLv3LWk6/8dTOcumAfqWKrsfjlNdZLhnfuzJl71/he5MW3puW7z8w6r++DzKBv9+q2ft8b5XP14T2LadpbxvfgMP1LIfxa0i/D+BQsMESkSubQCj8JWrMA425Lcc0sjGbm8aAfv+bMsbcNOZbGDOE4/NrSL8fQ0jR75awfud5GqwLCdjY/f2Z+vh4lAIejdkWI7Vu5Yy1GM2Sy2SyM/mT1Cug0RCXHZO0XpGb+LfDUojFv5snWofyORCv83UVpHNlkFHg5KrASjo03ZGItfTH+iv0Kyx/+tFgdfHzN4e8P2jAwGUPfDvk4Pqnf36i7omFa5esXSgU0O/p+9h8+VtsmCK+uWndgplFmatLBjw6b+oyOp9+P2fd1s1Pbtmr+Bk854WfwwHKOfRw6sRH71Utp1+Vwgtv8L1M+rP3H5jyX9/HA/X8/ZRm7/P5lffvauTvJzZ//2oEfo1V4ZXMqDM+Cl0Vc0Sln5MbdfDHOc1a1mvJLCbEqwyxNoONl+VmY8wLcsHOYg2AsqPdZl6Y26yquen5KHI2uL7E38Xfo7Bz9/CjMGv3btrg71VWUlLeSwg/QRyf8Y37xVpxKbcXUlA/fztuL8Tb45FdsRescqq3hcEQWxowmImnWb7PnxoM3ojBELoEChkKssQNh2SeCbSypmJR1WPYXr9yWs/FlYsaLqbhRZ0Hr10g+Dy0Nn8QjlHyggonDZ2xEWtYalDJuGH3rm9EiwYK2Rkn9s2qCn7s4TzC8yn4Hg5ReGAf55HIHjV/n+nupShqxO1g4IEKn3maweD7rMxRk6GcwDZR8p7f73MYwxRey4ieJZTLxPMTPUwbJ8l6qyNONJnMZthGvUNDLMjsJk6gsVmTUBrQ/FmirpKxh5m0DucxJ2F+S2TCUjifydIhHa/p8lzN37/7/vTFKUa1fOWKiuDYx+bNXUVnk6OD+tEP6a8slfnxsmG0QI1o1aNu99bdae+9jucdeqNpPXzNynpq3rvNmpmfKV+I+KuDUIViI9ua7CtFVy6K6MFBirxtE6at4qsOjcAYjEoUGOYWMGR1BMbgPziMjAgMmslqkBUYZhUeSpYrn6OZYhrXIT2U14XNYbtdPMPtufSQj6BW7LmUpjl5Ljffz1JlP4fw/YzIjhYwQI8oPj9Oaw7jnSYYeOBXHEZKcxgVERhD8M3b4yHdDMFgY0pRFCa3Ww++E+29xc5lcL6IwuXOeg7FHcaF1wRzGBkhGKOUfXA0gyGdk+0wphejJ1lMuvDXQ/6lVUarI3mDP8t2ro/u83fTmGOTRYPN4EwnxOhwiq1baeKQ7DSajL0DNpMpyZRtIjZiMskWFOOQvaUB1m0hWSYaIptQfFNmH09WiCkJVeuGb2yjk0ib57C3w10wv6h1+BzecDJ7JLdOiP375UuffDZNT4ws5fDqpk1HM7X3rnysbt762tl28MJE7MDxW7SPth3+3M6dz9V3WfX8oaf/6nl/66vH6DrUFAvg/N8qxP+iQndTM5qBPbEoYm8MEprrICWeMDQCY3BjowJD3wIG538FxmBFD8U3h5EdgTEEV+K8FrENBY+bIRhsTDmKsoyU9dBMVqetwOHnZWDIFuvB8veVz/LXq1DsbeIldyJBwd3SEvcme+tOBXdP1BmQcjiMNqFzdFaBkdEEg+fDcxjlyjn6B4NB+jeHMTQCYzD6/BZfUIGhjsAY/E8Oo0dzGBURGEOEbAVGagsYnIblIRpaOQ1J36izSItYXbgCB87IEpx0uzWQRyv5J8uiz183TofMEB023BJ74vaQageM6RMa0xov4fJCiPih8EcWwA+1IRca4s9GFjuRJNFgdhG1WiOIGp0YG0OcOr2uTwCZ9XqN0aWqCLhcGquRSJromnAe9+GHLCoTItx+kB8oi1Lk4IMDBoeMgJUidTtyhBWMHz3KSsbhmXhhR/1ZVjouZu+4dOlScMeZM0r9H8/VT0T3+P0YGS32GJGn6+ttYnJSjDberjfoe4NzY4g3xUulAVM8fiX+cPyZ+GvxjfESijfHJ8eT+HitKZzSz9s1TW0erCqMxrp5DnQIZyVxpnmq/6ZNV3AtrRPVpvxXavBKYSbLo6R68TiTARMTBgwfPIBOZHb5biD2CR4fUmJzd9G3W57bxidgzIvcfvw1NOYlRXbrm+x7EMPCQ1yGKHAG0X8qcOQmOF/AmJFchvwaGvOmAkfVBOcTHk8cGoEzmH6kwBGb4MCnhIf5Gfg1NCbkb4hN/FtBM/FBLgMAjlnGQ0Mx//bw+hbO+xXK67EoHMfEb/Bzo8w7BMU2j2OGc/PFqujcfNNtc/NhjCKHqlmtvVnBQYWyhKn89Q3gE56UbpoVHFSor5DB1zWOVofipFnN46RN8XdWMyFsYOePtVfjY15X1h4bLf+KWF8BgNNOObtolXLuaBGrbYDXK9nayZL+kZoDcRHgbGC9oiQRCzrEDhkRZY1kMspEhUQN1pokjeOWRgRNuaRN9Q52vAKfwzo6EL9Nf6K7lv7yi5AlpFFj8Bl8dgJdJ1bRz+eG9Y7o5uvNDvmWq2/RO4CbsFL1MozpFxrjx0v5vgjR62V0VuCwdXVR9nQ4LWK1FMpnGR3of5rmlfaF5yWLcVnjc0i1G2tI5G6I5ZjbIp+VyeJaFPXZ8FxMvsYGJ4bGJ8l2c2gukKm1wY5AW2Oo34IBdfenqUSdDsZpDKLJiEWVVhT8JnU/taADoYYkgnRNbRgU4yDutKsw+sbdZwGfBEhc4JJYb4bA0NeuXRxGTwoT8XXfxonCteAzdZv30/LTSv4BBdqNk+28X0mahhXeSmqBtyshahGz7LdsVT/VSNXTKlmlksBtciiRvOEtZsXg/sDO8qnxM+NHnLg6bOjeq2Rejw1zggOF2E4bZpD0ptj39HDsG+xR7y36S6lv8oR8YebHrFL4N6E5/9ZxGueE+PfLCP/O4Pp7gLLP4yJ7Ej0v6O+TyryuP5sX9Hde1KmB9wnAyGf3hvD+UQ694w+8xwSt5j0m4lBnf6JN7XTGsOslEzHFkHi31mZymonJGt0DpHmqdSSRKHRhXBDddCIW80Klz6tLywfV3Cc1fB7pPWG8+Amtjj3lqBktLi0++nzQJe2t/2E23ol/vNn/5PmmO//xKAHwSlK5wf40E3C8khJtZpfFZHa4dKUBlzm6XCrsgrXI5AqVTLUorOGpvDLJGdOtU0ndPZN5gY0x57Vpp97aptROkbyHHozU2bx3qmHzi7ub7hK4HsgN2ZJvKfa3u7ktVcv1gBKPGGTktlRstA1zjuuA3JAddPyW+0Ml5qGOwBisxDyczWE03Y0Mw5mhO402kXh4y7jJsBol7tEqEvfgvT5Ubuk0sqMkNMifbUAmmy0hRkayJUH0JJusrCsU1umMFQEdURqAYFtFANuIuyJArFE1i7dvBqRcKMqR3jlNt4oh87/Akq5yN7w/fhI9Qp8HqVIyfQTpFDwiuIOXBX89/eCjf3wwb2B/O299UY0XupSrRjGP/gCe8a/0O6+I0pR4yVVVBeeX1qg9muLvYhBSs+z21Ha2RJXKFpcq5uYYBFGbZS8L6LPiswQzycoStaY2ZQGTVpvBCqWQq1cAZIinNCA6ldTe8KVps8h/ywgtlyBScobsSVEqXZ0sOouiy11xVCZCmhKYlTbTb5fOp9ev0u+w9bdZ73er+/0SRsFE3eMbxu8YNfCV+l51q5fXzV+1Yp4YO3mRDv/7EfuxYzgfa7AZZ44ZdYz+9t2crTvSMg+38golbx47fPDI4UPvL126cGVYXmg5b+SFZNAChb+SmskLoti5dyp+869cXsRF7FyQUVouo/JCMmo9/9xoWsRqk5TPcZ1Tj24zJ8iojFvOxUSYc1LTnPjOxXzOCE/zPiEcRn7zu992TTB47RKHMUjBW/GPM/8EBh7Y+IMCI+dPYeCBT3EY7SIwQPbouW+QH4pp91A+B3bNCr72QaHXFfnccs47G79T5mzz53Pe+RyfMxIbSYA5qzm9C5rF0TPAHvpZYvbrYOV1dIO/zvuV8DkLQnN+dcvddQbMWSknhj9LFqP9SBvV68SESvwevcTKLYhKa5QsZhMRSZ+AXhTV2KpTqcHlUEdanzRlXzdpTqULitIJxRLqhsJyrHlHFOyi3wuzT+Adp0/TQSeiarsS0GB/ttHisotut1bQ6kzOWDkp0Wr3u2N0er2ud0Cvl+1Gl53ddtmb1Xo1pX8rJzG66svVVPWVks4T7PMipV+KEyGU9h2eXtv1pecWLQrXf2EP/ZyXgO3ec/K5r3gN2FfPHd+Jou4cyyL3kneFzlH0XbcSc7wRiUneZY3S9mEYXF90DOmLdbfkMygwFkVgDPJyGDHNYHB90TGkL1Y1v9eMxEbVERiDldioozmMnyIwAjwOxiKFjoi+UGBsisAIFCixxJioWGLLu9phiIbgpDaD82BTLBfGrArdhSjszvGhmaxPjgKHxyp8yjpoplgrVimf5a8r/M570fB5OynnGo9RaNC6iQa8vo3POzTkd3+u2F5tmmyvFnfEIB/qb9mPFjFiPPDt5nFmBUZxGAYCtRqiQWKEBrx3C5+nS0iWlSnzRMVcea0Xn2e4Ist4zAXbwvMoMCrCMEA7Zt0eBvf3hof8ulMoCgof0wIXkBXXbvFDWuCC71zJoZgUKEpNql5Ogn3w+E1aQkTRaBAdajibahTdHE4xuvjdspI0L2RvuvL6sbqawuHSqCP1o8Rth97I3J3I/bLjQGevdAosjx7+1Dh9YqKaqLW2eMmTrEmISwBFHRdnRmZnaQDkXrShd9tklyYbNC/S0cEZbunA4iBmPGZwWXFx/9Ljx7cdqpzWptPgbpVdg/XU7jhkHTqBPDW155TDexJNuxIHj560p6GSrgnbR/Jm8DFYFKSzP8GmQ7LRbJZRcpJNR4wavyaeN0WLicrSYBVbfw9fBfBvuSgsbNYfjbUT9rmMWOWUwATihdeCdJZuogciLcD6vVbU8d+m5CXTKuu3XTyPd9KBLbulnXUtnO184Y3Mnd/Qa/SqkCZ46Y9KTFeaLt5ETpQCVPU4DEhltloTkEulQqleh4GYtX5tMi8Mj4u6KGqGM9vFaLwjdeLOKMyjbJqoovFJh3r26vVvU9qqR4obLi58fM2ChWtbFo/36uGoW+R67bW0RdvePHbszTeOHEFK3yz5LNA5Fvn9SaIs4xid3WLRueNEqx9r+wQwNsZaidFZETCGu2ix+BfHuykdI1fJOlSwFFQWO6M5y/k1e3hnrcryn43u0c/NpB/QH+lV+sHPeCiulPYesy6tcz62eZw1uL2efq202hpEX8aDyPZQLbAsig3AAX396a7YWGyxWxJ16kR1cpJL4xckjT2hPGC3o9uWBiuaqjmaFgXR2xUKN+FO9oBH8ur9772jVAz3A9Tjxzz3QIvK4ZnW5X9xrXp2rLHhUCR+sjkqfnJnOHZkDckD1ikLbLUK1Q5k5tUj7dD9fp9GsItEpUZEktU6i90Vk6Brnx3jN9jKYozGtD4Bu0YgbV1yRcDV1tUWGc1Gwbi/8YjfajCXGY1qUzyOZ2PjRd6QMDtzOFv3cFYlBYfU5YvqX9xUemJXYf51NTiUBKrDLIuB2CLp4LbwrXURzs0na/oIYsPy4LElDYJYMW/ihMX6GQPcevf++xLvS8aWpMPdCzu3y+7sy9VmFUrbaorrBTyJrhEbOk0eP3tWQzbu8PbE9P7UIs6xJSzNM2asakN/8BUU+HILCzk5lLsroAnrvdQOdEwpWu139uhYnNvUhSm3Y0YbVVmvdmzhxVpjWbt2eVPaYFObkjYj2xB9myKU1z9vVN7KvGfyJDPJ65rt8v//NG0CDvks9wT4GLknRgyfamnRfLdFZXmH1P/WysmWlw8UlFUknF/rAFe3qfN3Omv11H3/A88cwPDn8Pi7e20aVDHqnerz54M352x67OnNQ3LGVOCsIppUXVdXPW7Zkgl57E9+/obBg3c9++IutVx0T02bNtvbtz98KNQCSlU9qrKvXGi+a7zevyD4w4MTq2fNrJ70IO4LH+N/OW/yXFauhxYrOlGYofgICc3uEOX9XA9tD8VYdiix+67R92h7Qr7vhtCYNA6HZEX7z/tDvu8BRbdWcyhtm2z8oigbXwb/BoVs/KIoGx9eP6a8ngDjm+xzeN2DQvZ5UZR9Dq+/qMSmWO8XFkuN7qXarLvL7Xuphju5RDdw4fOYyVFcI+1lcZv/MJn0tXiBXJY9AL+V36pRC0jP2s7pidEgaOZK7Lus4k7ntjhx6Rmyyst4w+lykNLZ90x4aPPhEiyWHBUv9J44oW/s2/dMPhobBdvAYEuizoA1KqzSEZNRjebqWAb8rbDZgfWkZ+T5WEs/cvmRCW7a0PXNzY8OHl0ne9x1D7e754R76PBxdzBnwwvwt0iLlJ5qAvuWBxTq8MaqYRwe7BXmBOdJi3bCWBHGHpfVyMgqMXV6keiJ2aSbI2Jxrpqv8v3mBQAp6Rm+RIE53j4jFkY89bp6idR2wB333K1apj8iXnh6ZfvCmG4ly7fwvnfiDd6fR4dse0MlFig78lU50fUVG8KNdaSZkWY6Ah4lfkyK5E28730bv1OPrLKMYlym+zTYpEnSZGuIxs6WdmL4nxYpqEIyDhAmRXX33jt3zqTqRQuYJJvYrrN0cPyc2vF31z48HsRUbk0Bw9lFM/Ei4DAzq7MwGJFW1BqJ1SKMgh0youzoSsac9i67LzdSwsgI8s6QzC49S6feXzHi8Z7l3wcsK+1TR3V9uFe3SdweuwrrodIN5EC5/hirTaW2qV1OM5J0sELdHNsKm2ADomcDyZWv+rI0aw2Y0k7wpqi8TByxDWDTEXWbAZXlKQPiH9LXjc+squyd0s9dq/+LeMGb6Z2+dDX7d+ETSr0W8CD5FnhOjazI7dcjUWMU7TaDOFcTzcssyQYWwpjNx/QEf3a0uup6wrHK/2ROTfoVHsULsSufduS83Tm28PWu7FG56w4eEro11vFaklx/vLJXsTGOXQSPJE8TYQ7BxMR2TQAemOp7f/jU/7lnTJoK3RZNrJk7t+behYvZpuXnte9Et1Q//FB19ew54yIKprGxoYN4gcbJHrBku998T5E1DT/Ba//grz1QP195rT4oftxokm6A53NXvQVxWdLws3iQLpE3IAvS7taaRJT9fi7DyIS9GcVKViBvBUCXbNUutfXpPalzxx6965ZI59ZkDN9iaN+2t3GRZRzQoH43zHdGqcNCxj1Gaa42RNtQc0Ifa07oiTyjlT2OJl6PH5tD5dAT8UL+ez5Hl509YsOPDL+gls6i1sZaoK28C/i9eVVvUNvT7+/eo8Tfk94s6dGzuKi0J5MB38N+t5arAZcYv4aIrMUF2+twWVgoeUbZYC/+3p2r+SFmfP4y8UbV+T4xvT4aymJ+30sC2S3vARgOlMy/B0R0us1aUaN1iymeGAPL5k2GQ2jQGMREGxzE9xnfDm9ZpBKZJq1ZMXJTLfJ1V7b6y/h7iu+lvxXn+Dr7s3OK8dUp7fz+drldpAW9X8+xd9nWX1tc0LmwqFOnohkdu8AD03e/8J77jZGcmXFU0/gEq9GxIeUe5v+/zqtP794Vlb169RXO9qns37usfyWbByw8cZ7UaM5ArdACZabgB3wmbOIzKWOkc3xMJvPGbzvmKDBJJR/TFm3m3ve44D/Z7Si89xHo5QR4Lx3lliuf/lFZixuF75QaX4E5PuCf74ztoTneVubQh+f4CGwANkc6XlgRDQd7m+D8s/GqcF7eAzbsOg7lbnoN3tCDrsCK/o7Oa5IOWmVG39Dd1QWe35KGQv2zxTTeCxwkiohVsmiVBNY3NaoTOFNd7H5cTAsuvSbtPV3vgg8ouTLiAWm/VSZjmnJIOOxWTT41/3+XSPyzG/9/ZijfX+mhreQTdvInOUWzFgsi6xxNAAlCVAalg3Ske/Sf9J53eMCevH1vbbE0eIScvqW/9jOf/vPjixfPX7hEKk6enHJLi+1f6XfYhq3YhO30+xDurEc84N42spYE/v92KNSXSBJ4b91WfpuKNWZlZY/siwGQTDSh9u0t7AGjgL2s5zVOF+ZoUpLo8d8FgCQIv9NzXcVzbRfVNJSz7q9k0bHIHRfrvQ5ztm+68+L/z+H0rGD1vKHvwdQxespqlU4gap0IWLD27qAJRRVr1azVVQS0f/b1BOwLIxwe9oWTjK7vCNeCliqypmESOdjgJiPeJcnv1X9+6lT4fkU6DfPnhnlJSgv1h7ZgXnylUWMJ+IOVWd3a1znUnd8jpf0cnH1NHCd+zzkrwqdL+Np8HDZbW03oDtUraNQE5DKRNQbJZBQ0GgSOmbIyrIvcoIaKlZUEiubyzJenYcXKngwNTvM4KvBFmkM+puqP8UnqwYX426NCEW44dFpFjcF35FORWDLHp6ApRsb/35nTfgyc/S689j0FuHu0vwDZXZliSopGjM8waUzxJKutOtWW2ifgsiGb2SaYCcrUZvYJeLT9taO0gk1r02ocIvsSoBJrSAIz1MHXsfhatLYMpa2EaihIHitzB62bWoRZeliu6GS175nYQcKeITlq33PqzedzvvK8Rv+9YRmWdxV91eVVLC0BPn89+aucbQff22fFS4++/MzB+vVf1mH5mY1/LN+zZ9l/Nj9HG/7ypVj95tM7jsOaQ/2jYc1FfE/AIpJ7wJ64Wac4u02S49ySbNDLejdJiHdY1BbYELVajrPplQIRn69FfFwxj8KRH179m4z4jShgzSMszN2Xe9Bz9MucL3LoZfrht/uOxH+RuPfwD+Q8/YP+QMvwfmzBWvw19ezaTgoaTr70Iv5a6RElCyBbklCJ3+uM08oJNmKQ1QZbDFgYyWZUETCLTjmOaNSaikAsd8m5Gx797XNRjS6soPTzPDzEw6SMXeBNati3MaYT7z8+XbMluAlPXv8svhc0ZTG+d+t6PDW4YfOTlyR07auz9ELN6dMTcf93cSoO0B30wim6G14Zh1uf//qnxv9D3dv/MZ7K7jK/lqtBJzzG45PjeN6ukBf25wY2XiXn+furlff/w6MeWeH3+X0yf3+t8v6Q5nH6rVznVEd0zjj6nRI3cTX5nRsAh3VcL23hMO4uCWmlDmGtpORUfs17DGaicn9GTGxsaychCRqTKSEFzomzjd4aY1K6DKYnlwZYp8F0faQi5JaiHniudD0Ktfdl3Yejug3m82/jjHQk5t9NJAsjVs8RFq6gDY/0+/DH3z598Kk8vbv1IXdK21ZJieZ+iSOr48zTd7z4rv7vr9LaNw8ewm2xATtw2zvvGO2roo130yWFncHONFcGXgjlQ5+Tk0DopKG+/tZeEqd2svwAWW1KlDLSpcSkpMTSQFKSDpncvHMx0sWUBnT/oy11+AvyzJJDtPD2/rwYyZUcy1LPLcrXDCrtHrd+hSV6Fs+kv3/3/vwrWPcj/fXRjTjz2fXDyub+P/bePDyKYnsDrup1pqdnunt6tmSyTSZ7CIGEJIR1WEwiREBEZBCVTUQUEREREREBERARcYmICIiIiIiKiF43FAQuInIRuYiIXJTFIImKqJApvqrqnslkwXt/z/P99T2fGmFC6K46derUe+qc855H5gqpX76LDncQ2qDnvjrRI3JS6HDs/Adof8On/aBj9qIPZ04Zf7eBswQ8j2rsj+ugNJTI2aBN5QFUVIGHvMq6JQ7DaV6BfrKTyQI02cP4P1Kz3sFZBospzV03Ri+GAsMMaOjYFlWf253UWxKEYO6+c2hMXkfkGgxTZuOj+cc+x8rT589h+l3cPh4dNnVjmpBAY9Q9Q+kBkKIwKe4MP2Nx+7n8PCcIBHw8L1eGeeDLrgj74gkYteImZpLalSbsP0KU/gcY3ewg5foxvRTm/Dfv3/rJwuHXrhvR/7q7V+xYj36+eAb9+AVz7Z1TXnxpyYPzlrDLH982b3lBzw35nXt17HT7Nbf/svIP9Nsf+9/8C82+a023vJ2Lpj61ktT5k31G+VivCuWnuXkFSIrTnShkZugwGGSqwnIwKYhPgGBQ9vlSKsM+VRYrm5JpNkbSm8AcOgWjd5bRjq8kSrxjkhsVs5blyxbDhK3v1/z+6yUwbc6+37789q1+E+ZVnllcw9S8cc3AZYO3931l6a2z0mylOx9Z2v+tdklzqiuN9R+DprG7BBcIEHuueRmWxf6f3w7sLi9Wv1RJcrPpXs3ldlWG3cA4YGnMU2tO0EKo4YiXG+O+TISZQpBEQAXAGN0oILtrzpnO1TnDrz6w++4j4FKb79B5bEnR2Tllk59YvqTr4neuWto+kBlwZH2/9VnogspRefNzb6Jd6MRzQ8f3SE67Oy7/hXY9aZ1H1k+SKru3RiQLWyeSvX3ikodjRLL4+U/Ovu/tf8ZTyRp5FNwEIR/bLydIIGyuXkUBHlUl0kr0qJVhj4e1WvWqsBWycjOSUF+LHkW0MDUKXIuceiAR6un4fJEgN+ESQH81oAvkDhJcgpbIX4/NEiIHuTkL5s+wMpnWmayMbkOT4dNwPv6ah8Y12EghJTqNLnIHUeQS/jsslhO12zS3LzXkAHa7oDjsipVtrMxodCc1V8xKlmhw0RPh6zPv6/nai9zABrSGhIA3vslysVyqudxAjAUu0Lu8BsprH8Dop1soza/AlHQARMWdwmUEsfmTgFvCSyJBnzNuz4I45YmJI0g0xnTXsaJAkiEStdsMMd2kJduhgswbru5Y0nvgLQtvLoU9k7vkOQsTBwaH3pG5qKdVCHY9yeXPGNVf/ljrMX9Jw6x+faQ3Zcd1t8LHdubPXRQ5DaJnHR3/FKr7DOlRS2WE8btdjnJa0vs8hbPTrMdm93m6QSvq1IpJZ2bm3KG0npanHqz9/MRJbmBk9TVfvwxXwS7oCcSfjttbBWBkqNiqkN6smVlZublBXUjCUEVWfEGhsG1amzb2LC7B40mowkpkz0pXrbIdGzt7/HaLkZ632HdRO6xHLUOZkE9wbhQIumPNYAgFGt2gWdkZY56ee/ix5z7uWcDUdd+Onl6xdv2r75fetnLlozNPdeo7dhIaBtfP2dlO6vLlnY/ny5vXL39w7E3rljzS76ZOgeA9Qxe9229pcZtivSqaS8WNwTI1+o0kYP+A8IS6yb2DxWWTGdnhdPFej+zWJYfqqAyrigAqm7DUFjfpcNrIUGuS0OO54LNwV2mHhBs6ogtobO3xF7gnvl/rf0PxwnRmfsNYtmbMoPcisyaR+6xFeI2nUY7gJNA1lJII3AI2EhJISXZ7BdYh+R0aYV1mvfFBPnoYO5sw45gNlk3SZUoGTZqEamaogJt24djL98vyWWj97QcoI+nhh8YuXzDtPiYX1aGvBt/7DDrGJUMHzEa7J2/6B9p/43ufbnvXsLdT2V00H6sklIgHZreLQBd1H5uawqmqR0r3+CvCHhU03SnxdczNlhKb2lj3NQEOKX3g8VULZp7qXjF82tdfYHdWfmNJ1RN3PTefAaMnVyZnTrlx8UdDlxYWFPvyftsFO8COvf7R6QCI4TOyFxLwyiV5ZFl0AYcIRBvrT5S9Vm9l2KpwmpkEFqUXboRjjW0gsVnLxU5kLBKaTSKhsx48u+o8Os3czPjQ2TcbDi6ZP3fJM+WfvATP1Pz0APaGeabb5nf2bXjvtZd+e/U9IqfkS6exnAYCDbQJeaHNZtd4TncCu2KvDCuKBRsyS8uBxIwZvZTUAkR3mPy14RtufuC919H3K1kbuzTy/gb/G7lvvsH0Gz1oi3EGUvxKdTY/5FJUVdYFVme9HoVTgLWxfqe4qX7w6UYip6kR2cV4VVTAzPztXO0D85+cl5RzNtuP/nIhKDPDIqtffOXA8fGH19acnIp2oN3G3e4Y5OJXcaNp58eKUEYqRgYikBJ0iQOcTjw5FfjVpKqwqqbKEFsEL/Q06dnQuGuw+hZpFPtoGVj+uhcjHJWnqQaUFU3UaNmQW+sGmTnoN3T2243DqmHnrWt21C1EDa/BweNvmr98C3LBb90wEx88BVC6+75/T0Gvt2HK39uFjlzcgBpqZJTBtVv3yZ7IduUwtf9H8F5bwA0DaaAqlMvxVpc7QXCkCKLoSGHTPd6Am/dZOK+geP20DErVZHxCx2elkoxybOo1Ognq4urE/pPuM7pxBlD+VpY0TTcPiH2VN1W0mQBzz6HKrcGrQm2Kegy976myGWhDA/xhaXJVcUF+NTes7Yhp6BCTHWFQYEiFtNn7wAvw5sgD7A1w4YBq5R8eo7ePi/8R2+ZE0CuUngAxdBctFk7y6JKis0n+RCC6FMUPE9QEbInVRrl3L26Uehzk1IzNWOzEpoLHBiPDdGm9Grt604aUvP9cgY6g/xxFP6NTx59/VXBdeFrZvnXiL2+genzc16E9KsqC31hhKtSZ3Mi+9zbb+NsN3Zxw6Yzgx7qZCfqGMhP9fm9KhqapoiBILKumsNlZGYKqgkRBcWHMVhkOEGUtMpn+CddWFEsWR7epqbsMab5HnCSiv2SsqtGsNbvY43Qblk9g1G1HOnY71bPzHTdvOvLmmPFdQz91Lz2y/cSVtitdMA+yz0Pb4sXo/NI3tkEGFqJ9CH381jKoPPoEqn8GIXRg2zbjXsdKsAipxTR8SOzr/mDmPQVjeU90D9KfWWXUaxYaP5Efl2Nl5O2OjeXtjm7ftBbN8EPHxvzQ0eVNax6pLOmfrzF8WYAMX7YwmgPA0POrq5CLvdQO4NZQxzYpuSlMUYZbkhJERlQz8vnSkjZ5+XlV4bT8fD7biUUOnNDJOp18dnZhZTgb8kmVjYHsprC+aW5OcSyEjfXHQ/rjYgevCd2kS6TRlDStBC8zBf1perE7M+rVcFs49CU6iYbrbFpy+/yyu6bfNMwmjx8D+zHfo50rP38bfhJehB5OeHFC9aBzbDCrC1qF5sGr26wuK0hJfKbbmGsKR9/cPXw9k52Xx0zY8fCyDZENmzZ9cLS65wOLQPR+k9vKf4rtYmnIDzQNmxKL04UNo6oDgH+DJy31DfOcmdThbOKMUd/Q2Y0pNrqoO1jR6Os19JmJfW7o3r1TMDm305Cpg7PqUSrkWBUO+v66HPdmS4ean7eOihyhnb7IegQvnREDlHc8GwwJtc22Zdr1FHyY816W5QXJZk8Wc3N0S3IysNjcgkWoDFuU9ESQiHFG3FYwy8DwCmjlTdxFLWrKSzqU0eMiaJLEBgVohLK0kuJogkA2M+mLr0ai+uXCcDT0qy9+uMpyFfrHjaPu2HRk6PW3jR3iivz6r5/xofLTgXMXt21jN/z66cplkFm9+v6Ha1489F3LekPQ69Irl+FwiudnkpryM9Gz8QxP+nEmg96hTIuf3jsomsvPp6Z47NUYRDqx66k5teqw02hTqjeelLFekHGtiMz8MFpaSi9njbTVIk8ydAlc8i1XDup7Xf+xU9DSerSCs6AqeNc3p3e6Unanjhwx8/YbIl1Jiz+0Zufb8z47GLvHzSTzhBPNHL8JTfPqzP6zTLT/LPY5NU7WvFySnxVIDMDhdgPS/9Bhbcxrai0GkE6Jo6NHRVp8Z+GKnb+4mDWRIdKpIyt/2HQCbUQ1r8HKYyf3DJ3+NIe++3z30V977ukBH4QTfoDXvnPjrrJgY84yvxvj2VLQWgzgf7i3i/aLxX+ngOqw5dJpcSStJQmC6lBuKvD6/ZzgBpzi5jIzvEFSwMi5OT/hrXLj+btZWYtro3z5CgLo4ggrmShBStxIVxE7k1o83444Eh1HZ7FLsiW56Iqhi8Zf2bO8tOqaMV1YMAW72MHIwIkvvrRq62C45dBR7vRR9AiavuOmhB0JbzFT4LeRDYdRaOID995uxqKxe0e4qp3AD/qFcr2A9KHgbKJoAZyFTU5S8AwUm00gDUg5u5W1ODm9kYvLTEzzqdvym97YxM0k2re36Qymox/xDBZF9tXVMYW/ToYeGIgMmrhyzUpj2I2tfSMbjqCeEx+45w7DfiUDQPeJTrqUAt0hYGhilXXO7XLgXeFwSEB02q0S1jEpls3dvL13+3YBrfm2cGvcmzfdieaT7ZCLsuHcvUdhw9ibohthx+bI2VisJkj3wS5zH+wx9oGryX7na+jP7DBsArixRS61jPdKgjgF/8y/aN3aXDCgaZ0TrVcaT+MwNtAu5LMCC2+0/bLLksCyQZ50Q6QBKWMlmkyQ8KBRoZOGyZmox8+oqo6ZU4/GwyWkAzB3ukVM0eSLWm72n+0aSlOw+bXhNwosPiN00qWZNcNOrC2uIKa1rthQzY1yrzWSRC2PfI6uY++PTNrAhCLO9etXrNy5CG5BVfzmPWha5OaJD0y9DbSMbUZtD/lMbA8ep4zlspzGkHRwRSjDanEKDk6Dsh1ygsXOu11We5BzkIEKGhYeVl1nzO2Ogv6m11xlxYmQ7DGjgBgKjBjQ5ImLtyUxv31woqHTCWadZ9MkZuoeaGWehNUXvZEVcAkaL9x3PPLK91xii5ipcc6KQdobFVsHq2AHrJ11iBYG2iRVgxbJofG60yqzgsKT9ecg67BpZqdlcoZ5mw3Sa9xV0F6axZpRomkcvoWRnyBgLMcZCwSRn5gC9Gfk9PHIaXSeOcd8EunCbKNf3SIy82PET77o+IZgmzgH2+pMjJUzEoFTBJwoewJCdhbr8Xo9fbH5koLB5L7hICepfcNSC4MNmjPqGl3pA2mUgyutxLjXTotm7pUGijhu+Acvf7wLbcX45tvXR/wyGs48eXzjS/Dtpx4e9/Et44/B9qeggxu+aHOC4H37ic9P9N/Xtqjh7vs+Pn3D7R17rVr2WSw2WYPlqpI+0XZRkqwKT3p4Aqfm4FURsJLqNO54WukTrRu9FY0+1WVBGNh6WGatTC30fqtbIk50Cpscy5Tf8rmFF/owv772x8Vxcft5SnQ/4716timngDmuIN07paFEcukkiSzLkZsn2cbgYXIWPq4jazyoiu1YgzIFrysfRCcja7BhHACFyJtkyfC46CIaNtBy6QTtfayBwpAPAlYFVpXVMWSlnJisKMcF2UGTexgSqZWgkN14rvBSHRre/6b1j9Ez5OoRvdjB3OnIg6jobRafGK8xAxjrZWPWsRyA5jFk88+NPftAyzjwJZMfhJ7JWaBFXJbU4xP7SHsotA8leIDiABa7Q+d9XjtGqB4Hy0txPYab3KmQTeJggrEizQCkwSPIJ6Diax/7x5y7R4287fppRZEfsYNzczubJPjgldgm1n/06oCUg9nhu7nCSHBsMLGcdZu1TCQejOcxi46zeeyU2OiT1EYXhRI4SKw0gDEbjT9hK83HotjNrHRmcbyV/uTkxa3ESO+IrIlZafqOBfid9fTM6xjya1jbJasVuF0MrzmstNcyD51WFprdd6O0WU1uyfHCN02/LtOKufr6uftv23usfuLMmzY9WM9Utcv79C1mYOTEXXcG8xmzLxHBBxvp/NpjXeOA1cJzvJXMjxHY5tMrbjY9c2rki9vIOH79S6vD/9/DnSatcBvnh2VoGUlrtDqHUiAnCsAuWznBauc01cFIrBjkgGzFWm1ttONN3xV7W5xAubWMpf6Tk39V1DECeedFralcMYbDOlph8iOWh1I0YCcEpKxBj2i1ciJhIRVZzt6CfLQJYDVgTklTiMZXUIDTH61gBmzGoCwj4nxz5UsrP6oxQNkeE4ZhWMPSvVVlnrtecvK6XQoQMd4CnItN8NGkGZHz8Kzbydmag69W4WNTsIVd8mJuAba69eimunXQCVMjmatXrH7+/UVcTX09GRC2Lxu+Rd0nPTDltsgYPBIDC7wf34uejIfDWmeOhmfjh9JaL/oWw+DeR0exSDrW7cVoL7vh3K6Vr635dAPccvAYeX0M5UHQE9uGjfhsSiB+hNflsrAWO4bSiR43cYRsPI+PdJ6zYTxt+zs/gnjcRiZRtKM6dgcDbSFEaz4evOsPWAHHoiXolR82jX5v1Ik6S2QYs8pxikODt9+IpqCX0ONoco89yZk/n9i983sTK186YwH8HoyVU0BlKCsB6HZBtliswCqQzksYGsmyVWKtTjWJpCWwnvhCGV/35l5aLGqUBlgTJTubZz1ZAHoN/RMdRG9o6JO6OtgzCVbDZFgCB1388Z+f7dr5z093fs4cQUvRZDgK9jYwMyyAIXQ3WoZ+QT9BH7TT5Kef8PhdeE0nmfreOxR020ifK42HDGB4ifN6WPwTfcNY3jbGaXGY9ZDR6pOWbVkNNJKhdcggaDMBRqMTzCL0NKqDy9ApvM4O+E79h8+sXLZ6M9MnspmZOQKW7foKn659mNW3Tb1ndiOXFo039KZyHos/TxWCeC+kk854iU5bWhreIk42I2hzK0oSuS12Czx0+yrCbk/8GJtG3vGBrzozSzO9nEiSaCk/mZtSB/JpmhpMx990ecZehM690BFAW2qeX2BTyrfc+vkPqPb339AZxguFn3vcd0vS00wNvAs+Vp6Xs7coKXnnrmuuR+g0+h17iWPXwiGwuuOw9md+w/uYxNIW0Pt2N9aQwaG2rO4BDsGv6xIQJKwijNPvd1aFZX+Sn1FZv1+y2RKrwjZF0qvCJMD5d2Hj2P2Ly0BaAvZfAmks9WMCRcavhPJw7I8PPlL3Q6SeccA3v7j/fvQLdP+afMsYdPzCPfexZdtyLcrsW59/hRsYYQb0QjuYyT07o/NdDTtM6t5IzzyexBcx1idZhG6eqQzzSvP4Is0jZCehtFpu4JaGMYQkhQFBNJXbQ+dPcTljd8iqpIukQ6YkE1wO+XRJxVNVyG28UBlm3f8Fl0Mjs6zY8IAJOTcjcnsOR6RDQ+9ZYGdWrEJTzupTr0NT4Vw0len6CjwKXQ2jmVNfoDvng0auJ6pbVdH4oDCexiCqQzkcbxFJtwwF2DTV7uBFm0PFsJzFp43AK4qDg6piszjcl4HlxY3ojYLy4hgot8JiZtdhuO5PdBX8BkVQp8OoM0LwEOr3J1POJERO4q/Tke1M+8he+tWZ8ZL+XJfOsPui+QasPUW32FU9IShkZijpwWB6XL6BR5L4yrCkevwkSP1f8w2IAY67gTSQejAt2veAIHW4bGVN/YqXq7ee/uKHA3Mmod/r0MX572xb+OzSlXOZmso+c6te7//Mwvc6WTIeHlXz9hW7B/e/+pp+b8T0hvsUy9RBMLkN+xGkCw2JT2PpsXbOoYj2+MaF5Y32z4juiAYgJ1hNg/MIb3fqf2xc5CA6htV016iP2aEXNzAFbb8obFjLDTRj1p8KmRiPn6S8VXPHtqjf5Gbg8VAsDiDHYqwiiJAVMRbnJYYRgUXhRPflsXjMvSrW2MGQQWWwHv2K0gkZUKQ28ilZMvy7kwYWP8uV4HepJhZXgFVhnRp0KywxU6JcERY9f4fFTaCKFZwr+RntTbrp2fuu6pCZOWZygDnJLsVW/M4tni0OuBseisqax1LAuLhTKNkuAwJSXBpecGwefV7VAlgnpyt20WkqbVPqVNMPyiwrLdOJzEVBZINsFslICugeNmjPTfkTlh9yFqT++uavRXkHYVl92rF2Tw1ghl3cwE7vsrI6sp4Z8tCLDbPw9DdfHc83RPpWJmAx85CEZnm7DC2VYQgl1hbtrlzcDCQY2ybmdGtwCWOtrY38gYWMesP3L26AR1CQrnfzeDR55wT8TpqfykBeEKDVwghukasMi0rL/FRovoGbcAap+PF4LjUNY/EDzPyBJfTZ1zRyG9LPFfRd2LthT5rvcrIcxPjQauHcjCAK5svMTgPRYKXbuFZiT6KaM6iGWkd26ZbGWmuaqzDMyD9BLn6z4MK2yAdSQd9Qjqy4k/FJyCcApxVglB1IswPen+SRPViXZDXZLbix0RQaI1fRAFaLrFKXGbEq6QAy8Xc5wJO4lQPyHfBid4P8ZrQfnT+K/kJ7YB50HoESLLi4evXql15kb31x5Ysrmdy/0L9dKA1+74IF5yIwU4ebUR8f+vq31Ts15oL+2epV2/SIpO+g8zJ7l+J5XW+sD5rGB6hOYOTIMtQnYgyfSGHTidOAjxT3/+ATcTNXHGkYXcuwtZsj2+EcbiDJC2j0icix4yQ+kSBJVqhpVhc+VmxOh4OtIjeBolOhWUON0KBZ5hCJKxNHSIs5R3DKxmtX3VBbO+Lt2177BOvh7esKO8DDWBUPdCl/ayVcHrN3wg46v/bGvRwHoz4fo1iwjlSaLUtb8YkoKjanJ+z461gtfL0WbjhjTI1Oj8pPJHOj/hDL2PFxRCVoJf6QIUO5iRBb94fiBGm87YUjF1LN98XJMypTig/5nrSOz0W8EDt2K51W3mpjPW6oVeHdbJVlW2VYVqwYxFjdf3f/R69UDYxSAk2MwgyHll9OnzmNLOgFrufUafhAtJzFQq5YseKV1/EeiYBreqIdBo7i91P7TfyhslCS2wVU1eKyJPiAUhXGxt5jVdxuC4YSFnczXyhueYujQyiG5Igj6IinpG7fn/ru5FFUUgs/mDZp7xuPPcDMOnOGqVmx4tXXsFmjgxiACKKh/b6xnk2hPWqdRJsxYMZGXWRdOnCQkYgWRcRDEt2X84MCaVpsDFQKpXAJdMO9Z44jUAv/fGAS+gva7p7K1KCPX3k9+vpBhp5hP4hdhvGAD6P1LEkUPYxF9XCJCVYLhgLWJCuGAlYr0HV7ZVhXAQYEoDUoEDtwjJhQmk6dIJNenfpHcNq7D77wNEzRUQI8Kc+fNXJFj16vXwt5yKHTru5bK2D5+qceLd+QmoW+x7j3NPqKyOXSGYyjxlBf6OpQQaMvJFipL4TVRE6S8QiJS6RY3WpSRVhVKZmwp6lL1GSUjV4RRunZtNMARn8ZpG17XBG+MB798fM36JL7XG3t+QTIfn0CyhFp6rxH7rvvkXlTmXxCIwzxmR0kR8m350gL91j5PR67ExvfeopTPcQPYuxO7Ak5eMICKNk5n5exa/aqsKZZbNBtcWElU/6LH5QLodEZnGY3sTTrPZAuwAS8uB3ufPD7T+CfZ47+NHP84Utg+K1we9pL9z3/BjYq6+CQa6+FVQNjODWeQ/6NVjji4znguWYc8OTOjOZ9u0AWmBKqEjM8CcmsQ6dxRF8Gn5OdrAQSNKd2ZdjjdAZcAakirATg64GPAnsDdYFLAR4E1EBagMXHTkBxAcUdX8FrLtTlCC1jHNAxCrLL0lomQJfAllzfs1On6QdNcstb0LNRcsuXkCvhfec6FpzbtKc5xWXDvrVvx/icKPcJ/I9R7yw0xX/kDN8T3TcOTWNZi0L2jQMbMdmR5MBa6XAAQcC2TFCB67/umyihF03HigtOMrPQn6gWu9fqO4srlt7x8GMaPIV8tkcfqXlxtgum422eDLN6vFn+2JL1K2sqPuoR40ai+GKwkWePF45wWAqkMubSpUunsYIObcKtvw004dY3eA/Mv3OVGYusF+ZhffaCNBJt8LnU5GTAOIDF4eLSA0a2EXA4sCPnUEAyNltuwRbXU/7ysUiszk0QqmaaVD1qT1nHH0k3Pjt1UKEBWLdsPfHt6f98P3Xypi2TpmDw+gyavNllgFdi5V99DQ40zBu1q8J79PxOJHFHnVOBz2dRbDaZs8hskh948TgVRaKZYZpdkd0WX3Nzf7m4Y8zwx2KP0QOAK9xx6tsfj6Or0HVnz8L1P8NVUydvfu8nYvzXmXiTYE/zJAL/3+CFNfwhul9OG/tlIt0vrli9CPWnAlF/CvT6vSknk8ERlBnlCGLnfhPHt2TgFW4WxUPtQj4LdgBZQHIM7TIPFSkdYEeIdBLtXtRKnLI4hk+C2tpahq9Fsw4bsOTiBjQNzqFrMP3SGfEkvwsUYU3JUfPzc9pJQQ8neZJy+A7FakJurp4A0hLSqsNiAleQpWdVh+263hQjt5YnYuQaUE4J45aQdhZJizLb0VR8xm0Q9xWTJFGn1oHh9+UP6T2ky3MD/oQe9AWqvXvDVde9Og79hL6A7j+uXtZl6BXX5s97dvtbd11fP3Ta29uW8iClzaa8EjQfvYoeRSM7d+1ZCpfBe+C18J6SvE0Fyej3v1AtOtAHrkOD+8B86D4PHdF7iolYpok0wunzehyJ2MXTbRIDoSA5dJ+Q5Lf6fE4JKrzXwRL5eoswCGyeXRo9UQOQZjl3gzobiE93xk4xnIemnj+S6bNKaS8/DYWtV2qWR+89u+PA8dWFj2NEMnr8kqzB8EG4IrL6eMU6uAJ2Rosj5w7CVRPQHgMjkWaLAO8RkkNwfajIy0O7yuo6gY5OLjkJUGZnVZahA/qrw2kQW0xoYzGcdACrbt7qx2hSW0urckYTQYvTOHf0up1ui9jlMuNfCZNgDjqOTqHh6CgM1JM+4y+88sor22dxoy+Bw/u++Y4b/cFvv33QMGrSA1NvNcfN7eWzsf+VQGyQkwOywnq9Fs4iaZw/0W6DHoJ6LTYg2YghsikWb6MNiuNnI5QvzYcaBX7RDWzYzEARPIudrYO1p5Dw559n4I3PzrgPQeZ3bCwRQYAYBh84sCWyJWZ/tmLdL+d3Y8s+IJTPCgmC0+dyuTnZ6U7h0wOC7sMCZH0+t4d1O5NAdTiJU6zVYaXZtXPzYr3iZpk2pUaqTeM1dCY57fgF204lMosj46UzX47YPHLjUbQNvaCg03V1MDkL3gXbfrdz8A4OHdi159iFzOQ9PeBNsMq8gs6EvZlRnw0z/aVLZ/hD+DxOJXNwSz6JJX2oWEHxpvCBNGxPscPkJn2oFMFtd5LcTOCPO5T/bg58ekY8SmxxRHPLf0a/aKi2FkNb7tTa53otmDDnERkeRanWJx9+/IX7XZFzhtH/4UyvjeXzH333xScrtnY3OMv5VfwWWhvSN5TLclZJBTbRYhFklbNDm8Wlq6IV8jLfN5wmQ1kWrayNFY0IPrHxTS17bMAB2uA4SJoOWmEgm5gcbuOf0w/M+KOe6QNlprphIew5sKcsZDOLIhPJF7/lQhU78MC69v478LhI/HE3tbUqidyTIUlWhV5MWGyyXbE4NUaQhSoSigCcxa1YFXr50gK7Ro/4JuNhsgX2+KYb9w1/8yd4AKOXAxEPVO70JcMdqJx8kbsTZjKUqq6O5g5twjLSsZW6NVSuqW6g8xbFxflEhtWdguiQJCwTm9PHJxG6Qx7veKycrjQHdDhsqiqzrKizJDnDS4uqsdS2R7P6WlRE4E/l5UVF0e6yZMCGsuqk8jrAEEnyu6YdmH7+HLSip7COflBH5Hk+8jDsPKaNJOaTnKLoF80tGoIFOxhapmenTon6esIaWjeXAMKhYh34yOWSVcKHuwOygkWyOZwut48QdWFnFHsIcmXYpWk6I0isw634dIWuvpfIent+K56CmcIRjMpcN6fgh8VtYbbI7YMHTr03dO+Q90/tQgcPHoRTPtQa+mQoQ4jY4WGUSb9iKAWVvTGizX/wuFOxrl6guYNp4IZQO5uQ4vGmSmmiqni8yXiNJMWLbYU7QUjoG06xCYLFqwKnJKZZLGlR0ktCMOkzC3tbVPZS+ZcXY9kXl+rdmDLaH5rkdAfZtvjIInPBm47F+pOaemfhyEdHoyncPnT70o1dHz83M3dcn2Bd4KoxeTPh77BLZN6tcNgTT17jgMfmzUOpnlc/Q53h6jkTImOZmtsfQcPYsXAGXQsV6zlxwpPw7G4OlVq5ZLfbk2JJ5RVHEp6uxeHBpgNjMd+V4WSrwqVyjI3lOMGjALeFTxWE1KqwoDSbGenQ0drkzLnp3aA5Nab51KAeUKeVPjwB7eJcaHvfsdV50w9OSu9XmrQv0LlPcBJcdRZlw0E1D7nhmFtvRTWO0Pi70HrYeXgf5Ic/Vo5C25mnoRrNsbKQvIZ0kAnuCnVR/CzGkkG/PynDkWlzu9IBMY1AsDlcSUJ2VnIiNo7YnAetVtmdBFjB6bBlynImhjoySxGOMT1v48K11mQdT1AzyjkCemmZqXSXmSqxAl0fL+qAptfVMQvRI9wXaMLYRaMKHq+fVXDrcLleHj627Ux4AXaOzIdbl5Wa9n4PXs1k+7VPPUaW8/GRkXHM0yMW4+UcA2fG7lGEg3g9GTrvrmTeQQngeUMHQ+YdpK0JybSDeN4pifRQUACdd5AV3KLNwTKyTIouzWX1/l/mjReQ/ft5B/VSbjhexh1o38GDDIMOcm60rcVKH5iey9RAByozN+E1rS83HHQb6Y+OumLf4Sj20h4KXdk1r316KLESuKyulJyC9h1DvSul/v36eL1sSvu8tiUlnfqGlZLUEsbKluSFepFS477h1FQtLy+zb7hrHquxfcP9tRc0RiMtuQz40ZiKlehTPzda0ajbtFZKymglJymcJjWmbnr7E2VKokUOjalaYnZpGWXF8Xhjed5mt3QzbsQTuotrrrrpjju6PlHiublfxbjb7nn74//8vmPjT8c2roGbnprz5cd3bPzE3/uhNX0f6ztoWGnPgsQO+TcXv/LxOy//Yyfag46MGN92RnEBz2fv0JN5oWbekscl4Z4HJk/5+PTwW6etmpwYuOoRf8ljN1xZ4JgjV/fzvz93/rt+i+ftRbuPCYwnz8AUfjSI3ccPAZXgtlCXtlqZrZulty8vr0uoqLcjjbVp0pVVrjb2ouLioqpwm+Li7N7devAgZJWrQLdQt3KM4rqp2RhkZKdHwRxhV/w2vwiLD6tUuVmH3CIwFC8QUx6iwyi46A5N0Rp9zzMzShpLuw25ZpliZctDBcmFBTdk3f/IvlkT0a/nB40qqBp27ZhnZqfpg8qu2D5l5Vr4IsxftnLOZCMo9/A9FZNX9JtTdd1N/BAsk4rylMdG/6PckvnQ6BXrIXRn5xRiaea+p/uk+bMhNoUrrql+g4bsSpVr7/eXzQ9flU/8QJPnwSkQv+rSpWi9DP78UhMel8vUw1ab9bCUBFRu2qr1MvWwMSIXknuRAnWCzdpCoz1rPI1LZNCn32gNq5Qjn33wrZcd4v66Kf8nuqdh8skTx3/iqv797wOHY7W70zGmlCn6wGP1qSrwapoogiS/V6sK440lSS5K/mmv+B9qd2PEn80GG0f4WQ99kfOz5siR/fIjs2Y+7GDylblN+T7R7si0Z2pqnmEuLHp04WNRPpkptN6iQyjRZWd5ThIx9JVYr0fCGJh3ahi0a3HlFnEaV2RgdIh9N0io5nRzR/JqaVVbtBadQ+A8LO+U5Ou2psuQSddeeXUJ13Dj4xd/5Tc33PzeI3N3MMKHT/VK3uqN1n3M5YZRRrAE1evhrW78Td7Nkjt1A3RzXnpB0SRMSXhG27fTTN8xNoIgHdb5g/2tgqXId3ubPjdf06MwkN+22I2d2XrsND51sk/Jlith5ey7il1v26t6NJw2842nkLxoJkhrdUZyUT7l3Cb8GHPJXQSTYf5MDWhaNcSSntuSl+qpF7QBA0Nt2iQn+9ICCT4nkPHZ6Qtk820Lktq403yKQePPKkRbM3L7hjPiStXovm+WdGCeFpfhIMo0XOcyvRgyAeNWrDvkJ6PN2KrtRO/CKlgOO8DKi+jTT7Z/+P727Z9wwyA43l63ODodaEA5D6J/XdWnpPe6K3Kxej+F7oMPwYnwTvgAmoY//YR+wf6xF+pQRfUjIwtmTL/mVWbSRT96WXtP3j7WjBda9lGdd4M8MChUkJfm93tSUr0eDdhFIHpSM/k2+Yl57hSPIulU9RWi+unZFeH0/2HiLTaCGqCEvQJsbd5NN0bDYeiHPnTiyTlsewiOlToEZ+mhBpQ7E+3v27+s96tXZDffKegC6XEGp22Dd0YWPjfihpXMxLjZGnzEc4RMoZDOtn8oj03JYHUxIYe1B4AHoya7zrXJT0pJEEnbaF7MyMqx51SHddXOERgebVvZHBx4jZZseKI8udkkpZUgk/KKejkAXU6v0XTWSermyA8IjJCJ9qK65HvuTUSn0b9gIUyw9+lY2keBbtj+Yr+1a10VxbdkvPLyyy+n33Zr1to1eG13oam5EydmwYdhV9gFzsju1q5dt2y8yjsPodqcguCAHOg+9DV05Q4ckIvOmnWjlxZz9dwmPNdc6umnpOO5+vBc06Jzzc9L8ftEXyWZqzs9E0+2IqzqdqVxst0vO1kXQ877bLywHZxlxmQ9Tl71Gr8t1VSjp262wNWf/rdz4t3a/rNnD1p7lhb1tB2obxi7X+nUsaSztm+vo2vHzl0ce5n8WnQ089bbMmDmiZ9hWnpxdnZJBvrmONrWOScrJ6sL7AyLuxXk5xd0i54r4hHLaNAW9ATXgDtD3cs79enVxprm5qyKOzGrXadelf1t1w7q2f7q9qCT2omxdupUUdq1ElTARLbCB5J9ydVhwcflBp3B6rDsbHa151M/o0yyRVp5IQH4hc0DofSWr7S1Sz56XWBc8ZWWpUDjho91Bym9I+EP7UD5HUl2ewllwWDIdzz8ri6jcvo99Nyf0IW+QKcmru/bd/1EdIpcAf717OwBt9w479mP1w97q9cVb17/2idLp6kjn7h7WF5JvrC0odPEKbP7od+fmta5S3pu+tSefXnQLmnTCHo7+Bga3gX/A5+Hk8nt4IhN1cbd4P6hAwYMxVqnn8dQ+ezy9Lz08vLsXzLbZKLa8APO/lrHRF3TEv3D+kXPRWGkmI+1qBsYAG4PdfUF7WxF9w4lrMWZEszJL+neq69t4NV5+f2wLW2vlEMNoxEMi8p79RQSbSQkkiaobhWoFeGs+LpTQ9JfF23LJ8ImoLuFnHlSJu40pWrw9NC7pRI1aK6A2R1UgPEiLm0pY5KnxAz9BUW+OzT/tsohffbOnr1wcvEDV896eE9x//SqOx/597eXfl15++0Mp45aMun6vOJ8y9Kps0zhPjO1c6dAbqBHx559SctEH/43WL6hEM344LMx+d13fgRnpmgbytERvGCn0KEhQ4SdzwfzgmVdsu+5L7MgE529frqzn16WqDvVxKSCwn54b44j+isGQTss01tC5UpOTnZbawBrrzsxu32Hss7dpFD30k6duoWs9qpuHTt08YWys50+kOJLoXqbn+HMaEVv6dVhovpdUdGe/KImeD12NX0ZpW31Ypp1i8HsoPlVwu/KH9K735waoqJ70OlJG64asvFWbL72QP3CM48MuOLa/Eee++yd8SPrb7j3nc+WLh5QULSufX779YUFA+iF9U1UIxegUd279uxE76uvgffeZF5Xn0X/qoZr0bABsMBQymCXdbfgf9Z1wbKi99b8auy354EbQyXWRJ8XO+zxN9eJyWnB7Dxbm/z0rKw8IrK8jLQca2Iivcp2+JpcZbcinFautMvYGIOHS4JikM3GHnsTccBFaNL5I3luq+eG4cv+3H21zbJw2tlBW57+6c5gwVym10A8dTx9LIIBGLuMmT6r+sgeuDqy+mLbl+FS2DuCHkebn4Nl4yeg3fzqTuvJZNd3MvwQjEVozaOH5H953ArLWt2sz+vx0yoMDjjjSjWb5n/xjaWNxAqZHYKCbDVagRZuhH2Ontk2eNuyIxd+PjXjrjoXnAnvOAav23LjjiHo8CWAfkV1qZHOUb4fF+Wf8JIxuD0OlrV4MK7z+GmYT/VqFWFv6zloGHbFhTbdZmVAUGPG/In+JIHNN5ZULBv77GNLF/Yd07bWaYHJUCVBzV7/6PTuto/f8WmRrvAbOoaxlxq4KbwFz7V3KA/YVY2TISuIEmdjbDJkGM4iO5z4DTpgNUHhVdEuWWUbBIWN/cnMWz4jgYnN1jPLePrlxQdeJv5imE3TN6HjvWFgFzp2BUzdMm0LDFSh4/+EKVfAErSjAnZdM2UNvHHN1DWwcyX6ZPWU1WjVmimGjD7k5rBb+K1AASkh2SIDTuawMZKACAoJlX5cshg+KGkoH28+EkWE8+zhmws7wh2268e068gdv3FSx6Kbxncsx888zx1hz/HngQtkhZySVbd68Px0+yL+BawSD0qUPbiouDCaikbcR4KfPckwSFxC7D/AEsj0mz3lzs4P3b90bN6wu5aMUPkZ2Arde2+uf0gwN0gSjiA8wO1hTgoVQAOJIdJ0TnCwupP9WCEvaEw8M6lTDVp04onCA1f1LA+V+v2dutz/NL+5R/92BXm65FISy7QB+nT83IPxzxUx8Jbxc5WP2abPbWGYTz55P7WwoXJ8fr05+H59gFZmnEEF7foDYAG5aKu4lV+McWoiyAGloDcYCG7C3ucPoY4YoItlvbt2u+am8FB/TiDdnqi7cksL2w0fP+aWKwb2rRZlV2J6TrvSbr2rBw696Zbx6oQ7ctP9bDvCQ69Ylap2xSlt2mQWjx96DTsm+r0x4waPGjVs3BXdythq8r1k/L3q/p2qqnr0Lx7Xv/+4YtaqekP4m167C4j4J97GvxcJ/3UxNi70f5q3vJCwPGMNUPfke4uM330e+x39Xsv7pZb/UnZherBRtjLW/GDgLNjkU+D//GelLf+Im8B3uaJfEd/Xtv2GiWJ/8wM/+pZhkwR4ju/SG3+s5m8mHy8WNvnItf/bP60nH4vxcz/Dn/76sOkf7m3TJrfwk5tv+OtX8pvwrWOGQU9Bfnb7obeOuSH6K3u4+XdQQps2Oe0+GTuUfmPsmGGGrswQp/P78T5UsP1KpR0JSkBXMDLUmRNkh8vjTwlkZOe1Ky4tV7t3y8kvLHrwIxWqno34XE8JBdMK02CnsgfzizwpaWVlaSmeonxB5mRQWOikS4r/SVT33KDuMf5/A/7F7KKEjR/hQS4tK2YJKTKWKLnSdmfhs5Pcf+EdBL34CC4r1cWs7DJvCuSzS8u82Hcv83jF7LaQ66lVZIwo0Rbs069MHdHBuYB5v3JnjyMzLw7t+VH/IzO5s71+6j6Se+CNXo+XDdeD11040+tY5Qhu1rpey3OH66lD2xs/tQb/nW8fQgHyDPIs85nMkd41bYc7+11M6P1d35Fcp/c7936iA/7Mnez9W+lIrmircZeMxgtLxSkgAWSTO/LsxECabLPbJNHhYa0+DsIEq5SQmMbn5ng5B8hW0qCVTQtlJIuATXDKQVqIH60l6l78dVHiHoLtWvSvjtFaGAWUbLETBrQAG9CDWoduHCmjhIb3UGyEErceVqw7mAzsHnGr0C+vfcOyPMdCS0RFP3E+5/49+z+zHxSH3H3LzVZ+c0QYirbDzuygi/7IMriE+TX52huG9WkLL44Tp2xc9szbY64ddpNxf4ym8RuFTOAEaRiDlUpWq82SnOL1KLwsiypH7gosmofERBVOdiYrHjxXT6Ie4p2K5pbSaUKaOzbXxO+KWptr41SLzQRRcs2hFbNBMleSnp7ZOM1iB4TzoEKy1X+ed2r2f5TIAXSccX61zXZAHHLPqDHWb9SvMJo4pOX9yQ5tGE0SLpnCsZ82rOEGzn32rTHXXj/8tRcM36/QrLsm8XPs53otgCXxc5nBZyahUHYojmqSDMNplE+AkzVW1gmijE86vFzMnKSOxMLmNBitxerCNsIQ+ng5TMfu+LfoBzTqiSfqVr38+poPn+Tlnd9/869vvuN671x3UZv0wOTxtO6a5ELSOH8i6Wqmy5CzsD6fKmNfmkvyi07gvDKMl8LCkDi5YoGkF6rKANVXFVbd8UH+y49XN9NdGhNIg9CMnMvLauEAtBHafjlV/yMSlrEzZkxDkP2dz62tXY10mr85p2GPGTo3a9gW07rCJHBDqIjlBd3tETiXD6iSZAOczcWlJLtVmbexgmz16EmqireEqso2p5yE5cs2lW85JcssbxacNPOtBRFbBYGGEwK05q0MGw2z7m3xuNFjp88ZPm15HdyAQZUeSV1UVjRw1oRBz7+0jm146LPOC0e96Ysc4TcfQ17hjhFP9Jg9Yxow+UiXYFznwft7RKhjpup0udPSg4IeYG1+UlUjqnqAy81JC6azKV6XaGOdbg7YLYrot3srSBg9paJpGN0Io2pxRQFeA3QZ6aHBVGiwKBq+Gp0Siw8bCgyjE2IO/etuhyjWfhi033Fo78kXx86c0nnO/Bncg4uzPXfMG9ttuuuZ3mNRV6Hbk2vRV+gX9MHTC25e7mLfW7El+M+3LY+NmRt+68N/RGtLuZ7CSYLBQl5WAJDk8UOnwkGJ5RhGrA4zxhJQD7+71oxxmsRyNtYxr/w7cge/GbZHTLSGaR6/AD8zO+SMPpNjoJsRq8KMmchJszVaPGtJLcMdQRI3EJYjN3kW2Zf5lGegUyiF9txleFHmFAdL2wUCi0XinZLdpJoArbcNJBvQyOMihAh4yy1Do+ueeIIdF5nDlu2MLGYm7GRm7KHyIFTYM2heKn6fjdSsAE604vfxVslaGWYkSRbdMqwwQmCXfZ8W90Z2BpLgILS+9sknmWPsYnRqM+oKP91MiklI3S3gc/H8UsCVoZwkxUo6nYmKl0tLJaQJig3vX5uN4/WE6rCexDlpra8501ZTJc2yS7IF8AiwDnGEqIzSfUUrjZh+3YbXsXdGZox7cCfMeWH2ny+OeeiKafNWv/kXM0iObCFUEKXy8+hfe/+J/v2CO/FA+x8PHfrJqCmQOJKb7gfdQ+mWBBflx3EmYPPowU6Ox6MqblWvCKtK8za5Lbg/Yq3TaLgrNljiXTPMxMfuGH/P/bNXvlHeqZbBRmZwF8jCxD+Q1PHz8i1vv/WBjIZyAz9FP8hoP/oZ/Yb+Te/W0XhxDpajGwwLFYkWRXLYrLymYeePgS43tEg2p1vweqyqzgo8AAphe3C6nfagImExx6p5/67CLFptqRncDyS1P9gq/wN86sLJWa0TQByhJ2yMBAL/JTSN5mDScbOcTZBEHtqdwO5w6diBE0SHpuNx87LiZnin08YCXXFobmu6TagM29z/67ihURoXN2b8Acbq43r+eGhKfIEcXEtqq5iESC2aSg/NaJFcV8YdOUniVkNQPuGucGbBz2ivzxo4jcazqlA+qZ/D3z9hfj85VqM/l56vPUIZPOAgSVSHVpX0RXHp2CNxcrxC6nbZIC0tbsREzaunzKqKoNkdnVSsAZFbeOFkDSpZWFc3cgRcAFU0c80+KuqnJxGjHqm4dwLcj7p9ZNbGTOW20Fq5ilAGgBZW5Ox4Y9sglj+nKlYHw1iArNjcQrqFJE42YpZWKtWitWox0cbq1QYdOHRHtGANi/FTODdWtAajPQ+wPHqFMpwKK7OcqkFgkv5onEvn7IrMOxnRoloxcnO2aBXfeBETJa4wBFKmFbsJgUUyqkVrZk6vq5s+Ew6AauQwPHcJwKfGGPJ4Ct68By6MzIjWcs2gecBXh/LMekwgkSIehRdtCh6LbLWxih0ClnXanYKChWRRogVlxcXmjUHTNKuoaPBodJLWxLqDWrbBrnF+3sFoQd+v80bV1jIbYNVqvHFqsYz8H8Hhk6OlfYb9p3LygL6hPAh0l1VWsYnkAS86XIxH9HkVehBgdVJZxoMtpcRCPiat8pb4xiwWEGOJvaRZo6FFVGZYiTAG27QppkhUh7h+u59/fjfaEK9HMo2TufDYrg61le2qAslRoesuwa64HBoZnENzWjmXLHqAh8IyGSM4RXVR2cUdHd7y5iOMYTCxuMwohaQDlpedhjegFyVhJuwHNdQLHkRn0fMzTy/jx2zY8CK6aucaOBplRubB42PRHO5Tk6sEy3AjPUNDoSDLiQJRdo503iP0xRbeynA2vLSiDZsdfKRGK867ay23nh7QGkcTsDBdmKugFjnMFKMzWHD1aBPWrd7M+5EZDbsNsRFdJzVN5bSmqUcowLEA2sxaUCvnsPMyRhkSIMWg5ICVlMa3t1oWGi3wJWQPXMJfqBT+ghpQ4Bh6genZWBpKSplOmnZHyKX4s3cog4N2nge0RAa7Jppq0AXwjtbtTnNih0bT05jUzvc8ebI+cmNdHbOq3jA4MdIsEKvDG0bryPD7rUTy2LzbHbzgwO8n5KOkPlNRHG5LOi0ndv/9+41izcZB0ILNA0eOx0o2DSfHSFAz8Z2wkK5991DAxrKMRCANI7KKQ+IxapJE2YKX3inDRrBdHOXQbxrCCcRNPCAsRG+bE2c6cycvJjSZuFEje5LiKPxexmIRoc0mY+SG3wslMmuZtSsW2U1L0JW/fa8WRVPRCTN90YrGItUtDWOi0zXwlGUonm8auCqUpwuJICE5RXAkpHDpAcaDT3oGAyqGSUmVVDz5pMQUZyr2MlJjE28NUhmjaBVKmeCFfHHnR8/7CKYsnXt+xdCHr5o5a/nmH4+OqaqPrKvjSthkx/Poq/3/RF8/50reX/jTv745qUY+JFLDI6W4SvgQjz+VnAUySNSdHi8QnV4ukJakVISTkny61+1zV4Z9CmetCHNxyKqplhgq6mokrWs6RAIHPU7hw9t2z3/49jGT7r5/6drclLOopJZd3aHT86cf6P4Wmt3xi87vvfXWBxIaYtTnoqA0FzVEY8Hr+bP8HpAHSsH4UOcOcmY+aJ+Z7MRj9WXyHcs6pLdNY+UcR07bvmGQo+YwVjYnx+GmeuYIuf2UeTAtjnmQ5Pt83rLbfXnTGoFyI3jqMXlrSUQ4gzYPMfrtphm39llMs25p3m6Q/3TahK59+oW6jH19yZgn9qCvlsMrYaeOswu6DhqCJh/bm+WvuO6zd9755w/9+/QZVN2530hmzWr04zCfZ1vCyPQ3YN9j8H74iEfbmhzZhy6hE9aB0PbET79Ffl2yYsWiR/b36HgkGjf+kPsR+4gWUASmhrJtTJDPBcEkTfMEc9vxHYrb2LLsTEBMzcLuD8hSs9KyWJXNItekiVa5KivL7rK2rQpb7SFXQkXYpdpTsd/oaUVE+f9FRl6jOxukIjITCOKiCmWN3TlNYbLOW8srJk6BFYtn3n5PzakHIFc/5roOVb3mTH/k0Q7quPXPPr12xOCcshA+Hc+vGhmcc+PmiDowYwFkX4Y6LEp5x/3BFxu2WuZ/+Oq776+btq2T6tigU14pjA330l6XWQYGZAqNum6MDTfRXpcVJjZcbPAJovG0P7wNdAj5IQd4jhclzi6zwWhP+HjT3KTYO94ml9CG8KdO1Rnt4Kk55k7u3WvUkKNptIacvoMVGBEI+Pixy3w6tBrnjshUxmpIW7wDBrTYW0hZ+f7DP6Aa9n12aSSJ2Ft83LToYwRpzU41tYHYt5btPGeBJApjp0T4rBt7sQxtANJYNxwjTiWWrjia8MEsO4MGoD3ZhVJB7t4GBnngT9ygyP5btr0/gSkw84rep3xsVaEswDpYAq0ZVWEEq03hnZpokwlPkCyzDgCsUGGtJk0Vthgtc/rpZQo5ZN2m1S0JlGAX50Y4FHIoAZag3fVoN/4FrxTrZ55rmNl+D9oBy/fksnPj5qxjrJFOIo7A6mBZVoCCRdJ5t4v3E8e9KuwAFrdTMvPim4g7DqRF3x8niuUwEf1wBh2HfjQQHc4OSIH8Qw1vos9gpzfx6b/+9prZ9zFD8Tg47G/0o+d+RSib+Bt2h03C2JqMQ3aI+OwXFCtnsUus5b+7HI1aZqXoh0iHG/fDiTnoCbQIg+ofUScowYH4XwxrDRgwGJ+E55mPIweZ3EgXwt+PfY5lFAfg8RDvVCQl6wxgOJLTjscjANbKMSLWCbc9ndbcuf92PMYw/DHXA0OwenQezkELodyAoIQehdLuw9PhcjSSKWGS0XQ4K3IczSRuiLnnhD+pfPA6YekAmXCmiRKvqXi9YhsPf1uOZxdryXUQK3I3aTy1YkE+c+piDZrMlaAKZk5dbB9ePEFJv+hepNiAvpuxETYH/CabnccOr2JNx0tlJ2WSAmNjTB/3su+GgRggoiNgZ6At8GztwSMNPdFRdhDen2n4HBtt7lHCWYD14iCetxf0CWVxkPd4vA47tHvZBJ8buzYOq9VJeMd4j51tphZx7EatO6StsbthdBjP72boRkuSNzKuqRQje/AezrRLgsNhBR6r5GF9XoFVnB4nWxV2Oh2iR5HTHdheOdzNh9ViVI3cCk2GZ/Ir7D98vCnDApYS1o1GloVGzjsvuDlU7nA6NZuExSWwrEbEBSRVGiDdKT0oPS4JVlbyep26G8gYTHNWYCUd8pwKxzrjGfFo/QhJuSCnfWy0zrhmuqb0qF9Phy1g9MJMOneu/t4HZ961tL5+6V0z4dktHxLp3XM7HIjesZcyGy/0YSo6utAOc8w3Yjn6wE2hIkXXnbLN6/WJguD0sYkJPp/OKLZUG6OzNrtiYyWXR2AYqSrMMLoqKHoTqopyzWvgEoJKWxmtGF3tJsN1B5lsb+Irn5zZOG3EnbW194anwZHMGy/ifXj7OuhF5909DDKLK93n4/v8UV5Byco4nbpudbs0B6PzBq+gDlhJpw6t1jqHhl6smT25zZpVLLKtdU8cuPHL7+vvnHnthsV1GJe/U5T32VuRjYz/zolp7SKDYhwusygPU0fCQ07uHjSL7hRYm8VuZyvDdrvFqgBLtGS2tXcHaJW5eRNDx8A+/cbAJeNra9/ZuXErrHkxuxxlYhXLnfzWSjSa1MlcOiPUYAyZDDLAsFC79MSA369bVRtrtSVyWZmKHTpYeyBk1f2BAAaMgYDg8aRUhz2cgPei0AoDajTvvrmjmFmUgREO4XVLK+lQVowhUGdIqd00dzSxuEMW13sqdE4+iv6FtqGnEtDa7A99Y7ODcDBMg93hFRcP2U9seOcbB5u7dUv30kNj4fWw5583XNmx83DYDl6JZqBZFUd/5aq+++LbL0GU4z6V9iDJAGND5eliwGIBLr9HtLs8ZG6+VB/jYH2BkAtYAgFCIBFICjAqGwhoLJtSFWZVDdt9rXUuqcvNE1JmhmQYcAZICSHtFJKdYU65GBrzhFX5EPzzGIQRpwRLb1l7y+C3J/yFDtvRwbQNntGM5a55dgbMZJZ/fwqdOzkDvRks+Cg3HSp/MUcHds4LDYWeBQtmP0HnmIrPDbJ+AZADxoRKU0GWO9PjcbA2fH4J7iQ+L1ex4CW0ZIZYhyczE7tcmZmpWiCopZMU69QEbBdSdZMvuUm3ttbnR8FQBqCd5VssYjFdYqx85mqyGy4BdMS1diNdxlQ4DKZEl/F7ss7v/3pqtLGcUhBeC/33328sZht4lbmYeJWvs6PpwpLGNcVnVSqtm8wCE0Pd8NK6gm63nZV4wPIuLidbsaRa8KpagiHW7g4G3XEMYclqarqaRir/k72VYZDsaTbvv19aIzeIia1l52YrHTdx5tAHX0rGWurNFvqhNw6PNlZXyID8PnNB49a5uwUt4MuN9W2Flx0QDmXKu7vd4N2FPQ3eXWcjjzblc6NcYD+a3LzknCc/o8XxaAOe8IumgitCmVYpWWVFUiwmqT7s5YqyDPqGZZnjXYnVYVeSlWc5em407vQoRPU2iXEUa4RbthXPPIOZNeKuurpNcDl0RlYpX8K8F+ddWD1k9tUzH33xbTziPsmR/dgqdjsCf4wMXIR++Hw3+nqZnkJ8869+jMY6FtDa756hoMcrA5+bMHwRrzzJ73NUhN0+n9OjK053vEve3ezK2dwW0cGZY1MD5tAJKy7gFtz91cJ54ybcfv+jaO2Qm0+fhruhBRX+Bvnub1wCszt+3vn9jfC2ZDQJG1EBXkAeBh2ld3p4HzpovKN3KINlOAbyQHQBaHcREkkTubgwhnOxNjWOpLN5/ln00sDIJWhBTAy5leiX9S3oiQ1M14KjmI7L4J1yxcYluEQd2nUX53Gz6TwgjEm6WBnWFZvatHFjq+My4v7NSNqKz847NauWELXVTBtYmJk54p4gc5LSKbE1aBma+LbrPQdcB/809a4nvT/uGkpzYT3TFUUFoopxlY6PV11X8ZGlOlkMWNikv+F0zaRJ+eYSxt//oaNo1KzKmYtWrzWvAaegQ2ijO3F/4bdfM46md2JYp+ZSjIfHolmtLlWW7ZzdRUjjbJXYTNidDsXuBkIc50ur/LLRgZTFMfu7GGZH9Z2l4++45y4m8ldtLSP+fBpJ/uQvOq/fADdE61Uv7r9EmsQY96IVFP9fGcq283ilYPRmlCEcV//Xq9F4JWoUDsk++XX95S9IjfvRydQXwOOwiOR+1CoYN6Sig/u/X5HGXZIamhO9JKUqc5lrUsMvMLEuxt8s4+Z5oMiAkTHQFazYMzDcAkjdAshVh2FLt6A5/g4YRfGteAUHTu2J9wrQeGY0nNLcKaA+AeVXoz4B8QhkG3RbbW7DJ/A4DZ9Aoj6BZI+TzOXHFM+3Fjc40yf4/LuPmrOuEUpPmNroE2C9EVdjOfnAtaG2qqIpDmD1sZLN6WHtFobUj0p2B5eYwHisrNMmsmoQCE6nvTrsjOeNjndozQqJWEJx0EmALKm3imU4lZYFIVuOhli0Q/Bq+LQFriCu9gpUv+EEK1vQldx29G644TC/+eJkboGRxcS2L7r31MWuUR0TnqZx66tDedjXlLC7DTibTfC53R4giB4uOcklA9bDebH7qXlssdhqa+ONWSdD5w0aR0PZmlA5psAol+PZ+SdnxfM5nvNmGoSOpmPajNRxbaf7weXOYr4POYtBhnnODqZnMaM2nsWUx5fyxPQ2eGIslMMqO8YjQ5/RLfoMMA70ofVfLJMZq/+iz6D8R70Nnqs/DJ6rLo09oy4hfObvp2N7JPpeYQvlVFpLP2/EvoVAx5pjjtVh4Aa5cawG31ZmlE+LneuiY00yUAMDFmA8vYlyPScQi+lRVatXYawK609UvNVhRZEF6hVwNBPrcjTUhsXkS6JMa4E0jZCvsaTC0OVhfvwD/fbQ74uxXt2Hj46PI9O4AuXsq1uO2Rv2fcyDKQe6FqEJ6Hn0ArqbuVh16vTFLUd3f/uFce87HI+/K+2ZmkjG57XZWJ/ESiqb5Jd8VWFJEgBwYOCnCq6quMaMrY2Pjgwj967Q4IXDo9XNATohB7NRfe0xdIk5y79Y88G7176+ZuKjNgQe5Magr9HviNzH2U7NePnlgVuzMxo6Pjp/zmIqXyo/stbMw+ZabzXXujC21nQOZK2ZucZa/26sdbu4/mAGBuwWxYBgHN6bRs1gduw5FAPSPmM/mu86ZNYMZsd6kdF+F/Q5n5k/4zCf0zn2HMq/S59zwhjPG8ZTyuM41gg3+QDTVmdB3mXFcmZ4q4NP8AFB8PYNC4LMMyzLkJZHsrNvU91wNsGTjbdppCRdjm+foXUIBGEuXBdZxq5EuVCEKvoUHUMXXxv1n1vgHWjALLYaPr9nHeomffPxlz+RThmQOUPGl4tcLOFNSCDj81ghb4xP5f2JeHwJWBcEOx0fCX3Z9Yqw3f8/js/DuV0CaV9dYlb14BECuCGynJ2BetRB9lF0cf251TceuPHFt9CtU+Eh+NF7K1B7V+TLJ49Nrd7bpu3qhbAgZlv4GuFQtJ8GHAx2tOihQzmp+LlRTio4eGAcqo/15OgW67EzjvbhIauVFVtP4xlnYrxW44YY65kRp1+05pnapCLzObtMPS1o0o99OrVJA43nuAw9jfWx+/9rp//fr52OXxsmYK7Nbro2HFvYcm2YdGNtnID+RLwNof0EqK58az5HMHWl8TmUa5PqSoPxnCcMXWkb9xzak4Tq7b9MvS1s0deJcqURvTW40uDgz5pyqRl9n7pFn4HHUmKOpU1jDTR9xpnoM8C4fxpjyWs+FtpjyhjLMLCqZS015W0LxMYyLL+JVTTsNLlnpeP52hzP8BbPoVy7VDbnjfEkG8/JibOLGJtxBdguWkkNEmcVRChaMTQTg4AlaR2ExSTK89WsBkmnfaIIJtzK3h6ZdeJEHb95z8VTBEgZ+Ily0jd/LqWVAwphCYkx0V7uuWuZ3Sht/+Hj3MAtRsjM7GdTRef9jXmuZJu6VRBvP/CeJvO+YMrmKDC0qyB2rhSi3iRHFOtfiMYVnwUfUrlKqDfJ5cTf70G/vxTUGP1jUG++G79ZzSL9Y8jPsxMNDmX8nBXcQPz9642fZ/aDaD/r87TXz5WhXNnGCyzjoME1O6doUFQlWXfaJQ1o1WFOBEDBtl1Wom2GWqVGIZIxwkgkH9X4zRRYiKbHwkjTYXu04/8p7UvAoyqyhatu3Xv79r53p7N0p9PpLIQQsjRhEdIQkjQhQIgRaZawh0UiKAMYMIbIICIi+5ZhEFEREQERI6IiCAiIDMMwPIcfGQcVFAXHQcfHQHLzqure3gLq+/8/+bL07epTp+qcqjpbnYP1thvExSSKcJt4BtUww9vOM1lt20+11VEH02opxkTO/YzxK/F7w/ixBEE9MehS3AIh3PSacOjWL+GWTx1LMN8qZaSCnrp/iydlt9Lx27dgufiz+E/qbir7kVkOjxDnkth7n+gl3iZ4kchGMzBOFZHaJSqzmdHzpCwqrSGjRCSULFLA7B6Jg43u5FRfQao7P1xxG436QRwlXhUvw87QvWXRidde3b2Fa7ldfunCuYsnHn6sYWZIpqwm+TRAGZXRZlB7M9FXUkCVP1NvsKsUKSmqJIQMKpTqsQPBYPAIfDwWI3mPgDQu4KoIWsh1wbzoso5k0431+5jkgO00iqSR3gGlWh41Q/FGijU5o5miq9/CLGhr+oH98Mj3X5ydtTtr8sMHXr4+ba7pH3+9cI2puvP22/+AB0TPO3+6P7CR2Tlvwbdj7pfjCq7z23kLcIEsjHuW1Zak8yg1Gl0mQjobyu6sTOKtVsBrAJ9O7hjGG0uDILk0GC/dGY62NBpjwgXCuEsXHu35EfU0MgIdTMfnCA0gwW8x/a/eunzybJ3G8F3N1NoR18+fq/+Dv+d7U556gmlc8tMcC5aTTFAHc1+YWQFX36mfWzvncRgvfnD0ZNm4yhEHX3jH/ZfdYsP770n8mo/HtZw7RW/Zd+JNye4MB9SabA43n9UpOdmrt0KGgQODDNNJr1cODOpZb2JF0HvP6meULNGCtMcXzlAsFTyTk+bYJYEpPLwCuOxAy9uHFs0Nvjxq7klo+Qyyr23c1cIwYydPHfvd5+f/9gXDrNvX+LtxU/J7v7Dmg21LD7gE+661T0yf+ThelVlHT108K5Kx9MdjMeBzPI2MxeJiObWX0ztcKV4+I51lhUS33mDQExNwemKirSyYaBBAdIntXxuLV8LXQK4ekyxJkTQ2kruHJr+x29jaSaOuicNPX2bQmiVrmtYtO/vKiwPGHJp36KuT0xoQu0eihPjI1vWTR0oZaTp5Nz39bg/BMnvSdokeYh3nxvRIAeX+DDvQCjRtndKcxKd6kMlsxhK02axNVnuS4wcGk1mtUBHUxpwj9yr7IpejS5K808ZIHp600AhY1vTa1n3vXb/6r3//a+WRD88sa3zvrbkTxOVXoIqtXfJOCm9/YxU1GcGtTz66r2HO2KkzXwhUHJZ4aLA4n91M7fIY5zirw4K0gtZgsTp5d7KeZG4KBF0uh8oumYwMDktZ0GH9TZzvLtIRgz/c8MKGyy1bKt7/7th3Z5549NOL/9jw/OZQZY4/Ln63h8q9cGoTtSz1GD7sDak2xTUFiUdzg2K/R1AagckNlPFuLMMLQpzbjfdAN9KyJFsqybAQd3dt0g453WNXqe+uIqXslTG1tWO++/tfPr0kLkrKKY2qTMq13Dk+tebReYR/Pzx9/CM083PxWXHeiXBZUgnf6/wifJYkEXwVgg4YEoFgT2RdToXCkphowCysVyNiuKXBSnfnL+7ABCF0CRf7Otpxk0ZOHjv6mjjq/EXxarQt9yxsmDoxxLfHP2JcMUbdcE7OhXRfH+hPs1hVDKOl2cu0VhTvsFhIcA85Z3i1AvEmYIjcAI8Yx2Jwlf0tySjapBqZa+5TcRjbtvif/2TqfxgxsXbkd59Z4DIYHzJl3jk1bZw0sUc+Cefb5M9TPzTGjzGbOY0W2mx2TmvH+Gk09jhoJYZNO4rT260GoTRosP0v8IOxeNGtwSeZOOHN6zUTa0ZeE2vOXWBEnWznbMuKTOTHRybK5k65TvAxvOYTSH2veGhWAKjQkkSxCcRzz6qp04BlbVik+ZX6Xm6rwS1foU+OukLfrTd0o8HM3LZG8TXxmTfg0K+hcGbYieNftf18+Z2PxEXINKWtH3wOTrgC72+Z8NEo8XOxVbwlXjlxSABS7nCW5NiRcbMIAAoSbljcBJxajQ86tYGz31UQvCNuIQVOztcgX673uZmXmGzxOlZ8rolnYBlM/eLNgeVvDXrn4I7t614QjzDThuA3vsFHmgFaYeeqlpSMo4ff+fCZBUCuEZ1F/S49/EkKAegFvZG4XBQKTbg2tAZFm6NCiY+jULtrEdPQtb0TJk4c+/2XZz79XBzBloiVsGnauFn10mlz4hh6+MwZEjuD5+YK9a/g/g1GFUKcYGRtVqw98kqOx5sdrwfaqCtn9+ifC/dJWUlCBBWduyRuQvvETTW17187ZzlxjHHv3992Zdqkm4R9jn0s8c143P9qzDdpJFZVB2zJQGFMSPbg0y7VbDCYBxJnJ0vL0rFJcRXBpF+vWWoukK5Qh8gTkvbcydR3n0qS4/m6wOVP3NjUfPORR8d/ULtkFdyxY9eVb+EUqDy6X7yEKXXyk3dffoutmbZtdGnFrqLuk8Z+fWjenJs1FwZ99dHq9y1C/FsE72qsW57HPEX24VSnhdVBQWe0OPD8mxi3mwkE3W613Z5YFrQbqPX3nid0hIJWTzLGUgpIlbCUgivpIiBshoTN4jloPv7ehn/fbAfzF5398S//583Ay5u/X7mB2fDG9o3Djg18tXnqwmR1txOL/zBkd2BRRRnVQQSsm1wlugn8WNJNWEf4uZHoJvBbSTdB/SVdt+0grR9M7bkGBRwNqyV7bNtBWs+N2nDJc/BlpIaoYjZ+3lWqnQx34U9g7dgZY/dR8FRnrZTbXJL8udnGSO1k3GYhrbneU6qvDAVJD0+LwLHgvmiNADBCymneQKGEbdEdYcyB+34DBmlTBKKgROHSJwxnGmYOSX/OC+uRFA7V50fIeuQV2T6Zb4zo6vUxczmBs0tzKdbHzOUEdkuUPf56yJYOx3GSjZuxdLTHN8u2dNyG3U/xlw1XUXDOhu36KzhGtn/ZYmzyW/jGEBy0gt0JJAtYRA/uCGelnNsNMUkRewTFJwJnZRhOQSwcoTwMZxXbek98avhbYTir2L33xkcYH4azmgMynC6xvgaFIQxnNbtDhlMSSxfKJ4Qu6RJd8FxWAykWASVHzTehFeWX/lJbdhu1u1R/Q2YdFcb4QbBuHMJtDaeScYuLxY0/HMZtTXiMOR3GGIGzlhN+E85ads8vwBkehrMuDCelw1zxYTjr2BYZTo8OcMaG4aznWBlORgc4ujCc9eFxFXWY8/HhOX8Qz/UIo7wmOvqc6JwL8pynwQe/JdShqyTG93RYrKf1ualPiK6j03JceD2tD0j9QPT5qdBehVrp+sqQ184paX8wdPQhNcs+JNLmrNRrcmR9SXACYTgj27+9y9Yt1Xb5OeSLgiOvUiipUbZudi9dWxny+jso7zGmGDvoHrq2AnKb9+R5TQnPq5XiEoGzkj0sw3GE4VjpmCJwcBsZTmYYDsFnCl2jGfL6e++e+IynazQgt2m5Cx86N3SNZsjr74AMp1MMnB50jQbkNiE4PSNwCG3pGs2Q191paY2235H2xMSouSb0DtXZoW2PS2v0R7pGO4fmfBUATBalf2eJtmirRDchAmsubmOg9P9RbrNYOh+ECP33ivXwAOW7zhJ/IclHuR4/JzVc0kjdF/p8meSPwLxP6mhTfwQ9BzaE8W6gfFol8+nnUf6L6yH/BT4Hlt89ZmIjp3hWyXx6QeLT+AieEpyzITj4HGiS164zhhYfUN6oknnslEyLxDAtOsJZGYYT8fG6KT4ROCsJvWgbTywcymMSnFVc4z3xaaA8ViXz2C/gQ3ksTz4HQnC6xcKhPFYl89jpu84lShfKY3nyObBBPgcOS+dARiyPNVAeq5J57EuJxzSUx9JCPIZx4zdTG36xLF+4JdplxNCOk2odSf7wObMp5Tr/EoxiMPs3YRS/T2F4YmFcD8HAPNQswfB0hNEswyA89Hn0DhviIQwnEIYzEkgyFZPeAQ7Z6yRc4Ei2Ay5iPb+Zt0gwKP+vC80pN4u9LX2O8r8kU+7Dz3vR9dVdbj+FPt+MaVBH7O9guNz+utQe99+Lrpfu8liHS+vaFsFxM+aHOrpehstjvSKta0dkrBgOf5bOe4lMO0aC44mBw1N5AJZKbcBKCU7GL8MpBoW/AQfTbzeF4grNmQTjeggGHtN4CYazI4zmEC54TNclXDwdcQmE4YwESyU4KR3gUPqVSvRzdMAF0+8spV+JTI+JIXrwLNsqfS6KfvT+EF1X90njb3/6rhjPWD8WaTNawt0ZJcdier9H+eC+mPM9VHOTfpbic7u9Pdzv9VC/eD6kdQy1HfttDvWL2yy6iw8kOIEwnPD5buzoE/w57Icb+RaFkiTPmfgKnlOeO23Ae0s+0a+WislU362Cx9EuZhFAwPgWAhxLrqRLyeSw9opV6Co0Ch4/eDDUVvGrbRX/L22Z9lYxFw1uP4fbKkBXv1qBlDwjMAsghDSRmiYAOR7/96bWFuBBTlb+R1mj84wwVNuX3N8iN2MGt+5CVeRHzF367FLqN0KHIalFrgB2vxIqFJxSACwCRafDyfLM6d1MhfmMwqux1Hbb4feiw7b7Yfyj7eDf0Z/n6ed5nhUULI8//1H489DOI4+pEE7U++bvKHFxLbaz4k3o/qtkSygSb8FN4Hv8eadfDzgOCQrk5yv5P/MIj2N0BA0vhZIPN3Vd8HpJytefHhAvQt03IITD7NAYeMAApYAUMWOANrMnjUkvhLqUkp2+STYd13JV/NdMaB5lI/Hd6DCy0DHoQIrfoNACDnFqLWvQ8zqG5JTJP50Xrfh3M+Pp8HilafHA/b4GPK5rYpU0P9fQp6egRfzb6cg0xfShpX1oSB8qksRGhTQkm0v+RzF9SKPl5EHPolP3Ndzjm78TD57bIk0hnUn9VQI/S7yFMuk8akGm3xYLP2pCY4fije1mcWH9zn6p38A9XReQv5/+l/jfkL1pJ1PN3pToNR/Liht4C1CDPv5UyCoEpYpnGAQQqbuqUKkBZHkOryLiS0OkCjIoKorc/Anf7sMj9Jo9Zs7HoXzkRRvEHfnf+8QPYF/f9/lwGDribHWhy84/OeEL4hhnqN8duF8rmOovBohXqtQ6vcFosWrkdEBmzm7jEQOBkhcUCqEiqFdAHdIZTWaLmtdotZqKYKUWKrQKLYf5TEKrR07OaAkzOQy/I4rWEJKFMqZWr52phsMwujfyxV2wKjub/MYvyLNsRuU6nSQuhvVJp11QuOX8xAnniU/hP7fo3C2EZ5lGlsdzZ27hAdBqlAjkUCaV7GDyxVxPStrC38+rX/TUY489xVx/ZsXKJYvXrCTxIovav+QFaKH51j3kPqkzzqTBgDRxyJuaoEdKNDTotirN4O4E1Bh+YRR87y/8v6giMKBiUCBQwWTf/V/DgMFDS8vurwp0+EtCw0BV+3XlZu4UUGEKObC+mAN6ghJQ57/PYbPHJXvjs7r16tqXVwOj2miL82b16iuUlaZ07569pRgWFzvQWB3cTaoRxTlQnEkws0n5+Rl96ECM+XKajNGP5BvxbxpPf68UkGGbKklzzElWVYM7z+aFHuW93+Hu+RSa/IGy/ksDfnh+x4ubdsLAlteZZ1vPH0ZZyO4vw++UkXdeIu88v/tOjz70UR94LvSIBWtXrVwH01etvvr1jX/Akzf+druca2ll1q5ZtR56V6y9evXG5/Dk9UsdXuPzaRHaButoPKWKnlf4NXOLvuak8wJMYWrQZbzG4/wqxDN4oxUUHD40joazhJqhHe/isApO3C5ehfHbxU1MLtxTI24VXxoHd2MYlTEw8M7BYhiQi4ahhOlKWAiZGrF5O4wXr26HtYxdHDoOjoI1NWKlFDuGeRF9ReMnWHKeA5bpRnAUiS62HO9ziOQyxYcaueyMEEPWGz6OCJ3yaOklyCxv3X4IjSDOe65FiqVMZwqZg9xJzN9WkOzX8RpgNGrsNqXZhXRuIKfKD129M0fVoeWoZ4kQ75o/ECguDhDiiW+++Aosf+lVTI8Vy9etXbFitej752fw+A3al4EpZ85z7+GZNuKdLFkJoVrBYpkOz6nZBDmOV+qNLiNjxGpIsk7hDFWMzI9hPzkthMfqIfej8Qu3r6CQ10PmfMMh8TH47HsN4hG+IHUNc3vPnkamuO303nETp3SjOb8CeKw7uD0gEWT7bXqUYLEipTWOdSaZAOAdNqeWd4cDNOT+ZPekvFSl8D/ZlUpibPSwG5y2ate+XQOXdspd3Ov9ycN7V1Z7YKu4HOnz2Flr5i/f7Ix7ITlzfdkgexbcuTJ9hZqcG0wP5j0852RH6eZPTDC5aWZbE95R1E6gN+gZvd4qIFecNYzP6PxYj6mZBhBIxSjy+8DwZsKFyGO12LK+/Gpgt/zSpStUKvd0f9Py3c9tboGD+1aVBYrHVKPjEEBGv97y9JquBauffOaVs0WVg0qGlvuGTqB83wPTai89O5P9ejmSEnMtSGYQJUy0M0GKkdwMh4vFTL24h1B5/fw2PY23y8Fz3oLHagMpoAvJX8YZkzNZQdcZpVmSBLsOkUKtXXMyk40cq/YAV7yajplkpY3dcaTTgbqHaUUeuYQPrT2MQnyZriPhd1ISCvwSzl64ZdXo+/ct2/h6eXVZz23GsgHlZWMDvfqs6t67e9/col7cyfrJCwdmP1w2a/ni2aV1nXNr+k9uaJtWUFxc0GOgJbEMfubrnNnHab8vr7MvtF56MPtl2nX3JxHKJZjw2UZoZ3Xq9S5CPBRndQkoinimjj56JuQ5LvRIVwHogeANu8oK0pj9X3w1OD+/5JkV6gj5xL0y+dhe7WIbpt6i9XdRD4IpSMdc4Y4DE+jkN2sEYBKUJqXFrNEDpQqxelIioui0lFk8uiJ8uO4qTYKYbDUygZKS2qrNTVbNgBWQQTrYXFlcO0vcyewYNum22FeKCcY6gJfGaFX4M0nOAVk0MHBmE8k4UElSBXI6nXEQKUvPxam0g4Iq/jeSd3bMHEizB56FheLJ6y++iPxtO5nstnNwazOWY4Vm1vKxOPBjgks5xmU4pk0KmOfvb7TqBY3GFZeg0ibFM1qzNT6BT/Wok5xJlUFB73Q5c5wfOFklcjo08Y74yqDe4SD5kgYFgcJqMVqMg4OWOLmGWtgdFV1zoWNFxvzwZkF9UUk0+Sj+tpCKjL4+sJAkvSI/Bd2Y/cd2VTz/5Am4iJR5FetXMD/duTlumPog/vqMO1m5r/ji2g3LmluqzxxJXDCvedmGxgsXyFoivu1ReK5JRd50MMHvUyt0JpPCY3XFxycghdJgTeAzMwSjzlgZVOt0CYkux6Cgy5WYEJeYPiiYyHNgSJBzdEwP2HH+o093L/W0JTugx1cEpYxdFhu0sPSKjTs5XIGUOzWk34Anxe83bK1ouHWrjzhN/Id4474vIUlbt/K+bS+veb56S/y2DJgPF9UMO//5DnFpSTkadfVHmhOt27znGudLdo7D7A9Efwbn6PnWD0h1QItI/Dp3jN4E7adBgmBzoQROZYxLSEpVZKTzlKYomqZ2ZZw9rjKoQXZoQXa7OSUFDAqmKMy6QUGzI8bDSOri3ZOqdlmNk0pqKqx2/Nskex5BOiZkuo+QtJuU6wW5lr3phCfETIaBG8R6P+y8fN3CXf8Sz3XZ8DTDPL0uDebdPLG5upkVt+9ozi5M3yie6HOqNxRub/R6+zbfgc7h71YQdRrUtt/kTdxhTG09iAOdyapCeKO2sAZVWiKWHFSJ7k6KLtkZwAEdDmTTakk8uynVhUwKM91vpPRmWGp75O5a7UoqlvHh/YazkNMMr3qYEuNGpUlqOFfr+SMoC7bs2rhq187mVbtF96aNGx8oa1uz/Z39rz88psvwge+8VfdghSRN3Nn04vsfvPDyu4e2XLx44VE4sOWl11uynvReOO9dmEn2zcr264iceQlYTh3gT020IzbF4HCoWbXWzqZ5EbIoUgxOnUOt05JM5Q6nRRE+i0N5d8LZAMK5ALxSLmI8oN6QV/i6FRolwdrAGS1mqQ57H8g0lj+oWKt8besrb/WfM63ypZ1Lt4qTLtb1LJgxfd2U2sNvH933rt3VnJQIjzfvfGmNuPyAKP4J/Xv7wNHiwm7HCE2IX/ZTemcvAa+7LBD056QYEm1qLDsDJclFCxQGW2YnPrszUmcIXodLb3aZGbM5QyegzIwMKFVGNYYOg6O/lHqZ5sfz2ORrWCQ4MJZYEeEL4QOXPSWKbdu11rOQZ6o0prNI89rGlbte27jqddETqB4aCAytKl/EFLGPtG9sS8cEWnNrJfNl6wfb333vlVfe/XDLQ9OnPzR96tQ219athD7DmEvcBsx3HlAAxvhz87K7ds0pSO2clZaRkakCThNnsoPMzjmKbj6VE8smqGvnVJAJMzslWK152WmdiDKdT+qiGE6PzsNfOcdiMyVFUhNKIWry8ecr6ALT5eT6kVgRuxNC5LGTkyiBhoEVehCT89y8hYMfqZ1rSq8eWpqyeMbkh7M6Dc7r2tv3wOwBcMM7PLvs4p53z61h+UNo19hHvI05wxzuRG9qYaAg+HCXmSZ7pjctJyV/lHiDcc0VhzNn275lbG05cHNT22Uy/gR8Yq6m9ow4vObSjRaLOU4w6DUaLYAI8lqDmY93KDCbGrQCgBDajDolK4/6KB1yRx0pHBmJTzG31XPXiODcVR8zmaeZCoL7hb3v/mU1yx9mrjCVTU1te+5GEu+P/bGQyHCnTTx8So5TvcQuZQM0d7zPnxCn0bpcLKuxIneyNsdV5GJcFpdgBIkCSfeTk0d079Gx+imXQssi0fxk+JiVknvbsRBlpLehjEz9H/+16Jmf1m74cXHrsdxtVQvfHhoYf2F13ovDX5/nWQ25P74G2p99Tmx7WdzkK53alPmHx5ml0OrrN1skNc/6tn/LV2J9JR0FyC0nrLfMv0F8DINRc9ubQL2PRUw83o19NIwet8/G7adxJ2n708R7gFvua3sTawizcQP1PsRAfXT7Stx+igz/JIGPBgoS/L0h+J2j2w/D7Svk9o/I8NcR+GhQ0l3wpT2LraCyqxv093vsEGoSTbzGhPAJoLdaHYGg1apXKtnSoFKhd5UG9b8WvEJ5oZCqDj4pxTSpbeMrAO48M63ERJa3CQ1n6uubVq7cevkLcYd48fAhGA/Bs2Upm5buKCuvP4R2arZtq/m0QrwmXhcXtZ38+NQtuFjc2yxe3j69DtrlfOoHuP1Ye9WCQn8CA3kVUmLhgUd6Hc9BhEiRVWUotZBUQTW2UnNu10KahAqS/O+oC8yBxyADj96ZzZRmudsBs7bN3mUZl3X73FL2wutj2gDT6t8u2alaRA+XT9dQqt8AFIhVsMSyyTHh3Mk50doklLPjsUVtD/3ENoge/uh/7lOsvlVH9Q/RQ+8Fq8nMMwKpzUrLEHNaDSMIAClYVlERZBHEg6NJb3KiRbUORUCJaVdJap+SqHprD2Z02z62tvVzxtF2BtWLnqVoBjIs+bjN13r6FOl7LFPP5qIsfAY7/BpiJIagKpiDFz2gpquwrXgsOsvU791Lx+5tv8le5A8AAXTxWyDgOYbBc65UCFjiZgUeCiAnR1Is8Rozyjt/ble8BD1YuHKbYT6zcJP4w16YfxH+vFfH/PfutmXcWkB1qFlwMZfL2oGZRqT7/amZIEkFOJXe7sFnDv7Nsdo0iwUpkuPjjUXaRu3zWqQFktnmaB4R9O0xQVQWOZuffOaT1U/uLoW2X0hrfEpnDZe7a+Hb85peWrrzjafeeOzxN555pbWp+5iu2TV9SiqrmEXdxuRlj+tVXD2MOf30weNHWlY913Ls0FviX4Y8MHRoTWlgBOw35P6qqlGBwAgyR7xoQW6at9Xp1ynNSG9GcXajJpFYWorywkX5IqVGrcbISYFPdmbh2D7F/Sr679s1vt+Qnmv28pbEY66pw27/1PJ+0hHXYU7z1vt03Y6Cj7D5bA7upwuRGJE+Ph2rmGlJyBifqeON6qqgERgNRkaJjLyfx7TlkzI9VUGQacjEzzKT/En2qqA+yZVUlDQmqTGJS6JlZ+PjDKdDdWbDr3KygCHuqOGo4SODZMyRJEYfLVdik4vL0zhyFH4cLjpPn8OAb0Fh3epAU6BxlO+J7rXNxbOGl03IL2jsMW1daX3VgPFdfY/3nPSHkjn3PzAGXutbeHCGx1VY1POD6fHepHi4xt/jg+muFJejqOfBuiSPx0b5FzSzuRy54faAvwDheTcqDCqtWoVXDqs3MxpMZAiMLMdyVUFWqcYnmlIp4BErc5RDlDOUrFLic7w3ELFY/k8iTqhAERZ93YVY7TfbqXTstjLupq1jRVg1WSxjVE+9OBEy4s4p8D24R/y25OzeS2/C+LJzb17aS+lTg/eoXE4FiM3N67dwEEBWoeI0agXGQoGKSDq7nNEfhcNKsZwHfdCqZIjUk9uag862eZhLrdnobCvcVQ+//lDcLp4Vi/BKZPDYI7DT/VaIlVE+CjYo4iExyRuioZuVBDw+t/CSZi61eTBc3Ac8jLe+4R+KjnqxqpXCHo9hl2IZiQNKfN4mMlDBsUpicQckpa5apQACT3xEHEndn3N3ZmZiKsknMjgaD4/UwCNi7xoYEL8Wv4YO5nPmizZnm5v5HH4qZoqZ9Lzy4PM+k3fhc3MA1YcGMF+HnrNLop5XRD2fF/V8SOS54pHw83QJDvkcdyb8/vh7vD+EvI9XUbXYpDjMfY/HrcZ6vh1LwS78GSIJ54B8UAh6gSJQDMrA/WAkeAj8DjwOloC/+0fOHDtv8vQ5cx4aHqgerFSlejMy+5cI5OY/1zX3vt7+voJOp0VEsrI54pOcyZ7sLgWF3XsFBo+d/FDj7x1Ln3myYcTQYQNnD5kOp08fNeeh3y0a1TDwoaGjZj4EHyI5PH1qXeChIaPgKKCyetMyO+Xm9e7Tt19J6aiHjNBkjnMkJnXOFshddUWyu8DXvYfAslCDt/AcOdUh/kXq5OAlPBqv36NHKY1MVG+SLU6RtIimjoqx2YhFOquXxID7SKrtfKzjk/IiNLqXWMPID4lnxz+h/8nffPl/H3mNf7h7aGNeOVcoLbHMZ0FzSMtOkjZlDwxtiSR+uBrmHOL+BLvW/QfMOMTpjtS1DYDGO5ehTrwJdezbdfjrzofQ0Np1xgzmEDTMhcbb22fgL17Ebzy/uLFx8eLGJ54WZy3GX/DyzrqZXTr37lJXc2Z+vy6pnXJ6led6R8CagsQsx7CGqexB2HXG4cMzxD8f/g8Dcz6sq/tQPEt64MUZM25vhzqs/epv96qrg9tw3+Wkm9YcaKiH+rYp0DBg5aZNK1f9oXn1sWNHxxXfn9tf4HX9fUODcHxKckrSl81Z3nLxtqpWGAZXiY+OmSCdfdXiYQXxQSHgBJ1Ad3+iXe1lXawTIrXRyXXOynBadClOnc6Zghi8a+TIxayMUQZcqvkiLlzwm9hM7aGErDo8qyhasxLRztbq1mHou859Jw949+UhB8qqtowo6pMbqO6VUFbab0CgOFDCW1qHtT6IXr2Tk9c3t+qJ4Yubu3faW9kzxzewW/+Z5b3EG0WBAX38AwKSTYrZQOWYQn8ix6iQoFYjBmm0SpZnBwZ5pEIQDZTSmoSzLcaILpnQV2hMx3yjMNqZDW179+xhBu/evaQnm9NryZJed872pGu4gPRDYgnQXClOQPxY8sVbI754gstfotrMaX+yY5v273GbHyJtYHW7WmoTF4GDe2ReI3G/Mpxp7VY5ds0diitq/w63aSOxATKckWL7XbF/BOc3yZ1iuc2wdqPURh9pY6Y4jwi3ebBdf1c+i3Ixi8yx1MbAwxEzQHi8GxQV4c8OB1V3z4k4hV1KfCr0swqQzVym80Di857l2rGOMBf8RD89se1v7euBYi/UY2nFF4ZPfEXks/+7efm//wzmoa3sBXSL9wIdSPZr1RoWaZBBr2YX4IMnJy/+k5gKfrRGEyPXaGJK/3pMfZ7PGnr/+Fr1Bf1f2Qsb3wxUeh6cuHMLqa03iz3NrMNrS8ByrgoxAqNSCgsQHl18lBcfA7KSYmFwVo7pC/uIrMXslc0rLX3e7Edlflgr9mJWti/EJ2KcHyvECKhVygUsyIkGQWqMSTBq7VnC5aRRnZ4Wq/2v97NU7uxOYbAXmJW8OwRDie4Bg3ycWFHzmZXmbOUXiaOzFvO8740y86DXexGZYjE7hWnljmHdw4HPfTNi9AJgBI2FS4i3K9SKQ+RIjv8kJKWFggowXrzC4y2gCfysFicjORbg4WL75d6rposfPftEv74pmSk9ut03gF3y8QTLE281DJ0ZF7B1SqQ1Ur2Zpfeg6T1fk3gbmQ/HoYt3xdOWi/VRPExiIi8TWal1MHuh/Se+EWiAhVJJacHfhkM8CVuJ/4R40yUjQ1o6KSiLB2Szp8vDEn9qnDnh0XFNm3r/PLyx+v68MyWrGtgLA0dO6ut4K7jguQ8nTLGOehT3caeavSDewn1oiR/Zr1IhPf42H9IKsX2Q2bfZrVJXhfiPD79srZo5KBHDbxz36LSpTdXzl1ac8Q1mbz45IXPBc46+k8aWHpk6yfrw6PBYdvK38FiSgNtvQEoj/rYn+lXaQGJoRFl59xyT2aKHnnQpzzYVo2MGt7+Bn6Lu232E1+PofTJqiPB30xPK5ilSXIXCVJ7q9K1VZKwKA5ZiUsGAfUqQ4HaTEB5XSoD89TuNCQEj4DRuoNEAN3JZc6xFVmT1W+wB6yGnQ0JxdPiQycoy5huOkmUnl/Qlrrjw8jNHj0DMTR1Q0i8xo5NukjC5yjuw1B9P/ldPfmz2vAkjn5z7as8vijfzmQnuxMzcyQsSUxKzcqfPF/eUBIcOcux+YOxLGHdCpyv8YczjVpDk15nUmLGRX6ULoEN6iVZZZPKiONscU7Ktrbw89+iIWY9Wrn9FaFSMnvTgFGWTajf386Ra6+9Giq0bVlcMGFj+3B/pPEX6MpO+DGqohhzpizuk69CXzAmI9EXym5Oevp45a8Sx3LIB63com/QHWkyN6le4SyN/Z31orPjlH59bu3bN+lAfCh7LlEmgyxvxVkIAu94UsLJWVuXS5+iL9DP0jXpOfyjORLscTZkji+qwHfjBFt29mDubr1H1yK3MTDWXBCetjsKCn1+blDlR6UzK50cI/UW7jEx4zDcVOswbXlDiVylBSoI+ARoBIIglYhbhNAmELxIifGEmfOGKi+ULzBSjf40vUAxVohljUnWEMSZ9tfFVoUkxqnbCKGWjejufj1kjI298PWWNKbPEbWsWFvfpU/zMMiDllc6CJELPRHRrICBBhyxmw1hMNryRRsx+uV3tBfSEsIY1627ny0vWB/qk1E8p7dutizfnWrdH+nUfUJ097lHTCn02gW0R+8PT4Eu8bkn9WKUSYbmdw0qQFosqOXmGSNiZOVow3TG0pLB73aV1Yv+4982L4TBxU/MLkp1Ignfq/w9eH3FfCF4OJt5WmvMA7yrkBjULoUbNKqCSh3FS0BEN+LFLyeEKCvFhkg7zma3XBcfgN+bCXcfQnlcnxPdfvhZvy/gsqWu/zgbYBhrzk+G3mADJd+WIU1oHBZVpSD8oiCI+pMjJS/NIGaVMMFECJRsQ79z4Bks//LVrELUZFjY2NS54sqmR8Yk3sIyWD23QDH3iJ+L1Dz4+c+DA6dPSmPCpwLSwU+4xJsO9x8TrIRlTyzWhR/+dc+E7J5iko8/elzt/HRwkw2NVeEzxIMtvV1gcDKOzxLOJCUbVoKAxDToGBwnY0KAiqeB9sA8TutYfijNQcHY3q2rNgk2vjsx8eFLN85UNj335+JkrTftEkWEe3gEd84NDfWWVFX2bp1S//oc5+x/fqyI4DBM3s9kYB3qHMQGYSYk3rT2Fz0hH9rg4+5BgXJwqNdU5KJiapjIMCqq8v34XMKQise5wXibptntyVB4CG8tsWbtnj/hf4o1/vzz6z2N3bD9wvLEJ1syb+8DmCbNOQtVn/0GOZ/e7BduuVeeuVP65S94Tv5894+DNmto8/4trJHuSXdzOzqC0MIO+/hQlw5DqTMjMI16FrBY9UkDOzA0J8kqzGSkMKFWKv8sPlToPIW2XfFZSOQMaumIsMBV6eAVkZxy72TaG2XHtmFgtsEJ2pbg9QVwGZ72IdrTWwaSeEHQfNlMsxHM4G89hJsYlEdznT9aj+HAMCzAOCgLA22yYlDYDrxkU5O+av+iQFtZqAe6ohFZkvkhIC+oDmfK/QyheFG/+vLTi0xHPbxP39lyaMbU7c6vtU7dnEtP/+slvxf9Uns8ueG4J5C3qPszHfxbX8kYqx9TgtVPEnTTxJDsK0X/w3PXG+PKY76xRcSSpNBHX4CAyhJ3sUbSV025BwPRrE9CPbYcxlJt/evG2FDc9nN4ZIn0kUPoME7ewhZiv4vC+3d/vSTSlyPE06WkavVXvGhLU65HV6hgUtKYhYUgQ/RpjhVJQhW7Lh+IzAPGRRAVodIFsofiSuHVRz+CI779Va3psm3X4cwj/vumbJ0Rm3pP18+du7d8Ab4uV4jDDMQcE0Bwc+sNfr0D9BvHzn59f0bD8ubHBjSMlP45oYavZWrzfpIFyf7rKHKdlExPdZpSe4TY4nZ6yoDMhXq+NM9hsilJMXAMoC19bD9nwi6JHkR92jsrBQAYOs5knnHekkF5hl5OqMqNWNPG/X9+wkDEolHWfnfnmuz//bY4q7kjbzzde3f/VwrXbn38788TbR98XF25Z8jLMxpK4Gha8uPzOS6Kz/8lhq5cA+Y4CHgOJU0fyvT+e3m3ID8XGS+8L4fcf7HBHjb5P7gTR97GuRmLlSYuukXjzDn2gZ+ZG3ej8H+Jk4w0AAAB4nGNgZGBgYJScpe/RviCe3+YrgzwHAwhc2PpoGoz+HfJ3H5c4RwoDIwMHAxNIFAB64g22eJxjYGRg4Oj9u4KBgUv2d8i/ai5xBqAIMmBeDgCJGwX3AAAAeJyNlwFIHVcWhv83c2feVCRI1hKkiCwiEsR9u9gQbLeEFSkiIkFEJGRDVkQkSxCRECSUEopIkBCyhTSIyBIk+whhV7LZQrvZwiMspYRSQkhtt5QuSBCphBJKCemr0+/cNy+bvI0kys8/7869M/ec859z7rhPVRJ/rlEKDPs0F76luahDBXdeU/E9DUdbOpp7oLngjIbAG25M/dw7GrTqQPCu+oIu1rSogbFRsAgOgRHQDk6AI6A/uz9i84NuHbBngAnj8M9qyBc0FfVLUZ9K0W7NRt+o5E6CHn5/ptk4UCmYBuPpeNTM+IhK+TGV4l4woFm3VWF/b0Ljbl7N0Xe67h5J+fOqh527ga2L6glWtGh7hrvcgJrDqbTsbuSOuRX2XlYx/IF9lcGSJoINtboZ7YkaVQxe12Lwejrv3vXXxfxlFW3crfv5RVsTzrD+nsbCNrVzb9n1SfEZNbpJNTnsC++oN9yjTjeZ+zJ4CJsvM99zfRn0ZX7bbXNcoBn21hYXNR48UDd7GfJr8L2NOaWPwuM67sc21AU6zRb8UIze0LT5O/chz9/QcFhP/GZ0MF7Rb8GvwH58v9/7/RnID6TbFgsfhycQTKePiMXf4X/AuehLFapxqAX7esfHhVg8CR+L74ntMH4zvz8D+SYd8rFYehrE4J/4fwk2bLivNPE4DrUwna37+8tPwmLhY5bZau/7P8Z2e/+ObBol5mZ/VM+7zD9Lz2fTs9fUDmxaN3tgwfX4+Rp2vgf/CP8X/g/8L3w/gB9+7WOBHt1dnj+GRskR06nPBbTqzgLyxc+p8O+f+v0QPqRdweF02+Lo313D0ZrCx2MWV3xay/kLms3/Fft4r+VBxn/I+I+Wl5YbOzI5a3lTy14zFrcXZMt3n3OmMYtllveWe7UcfIbtF3UzPoZG27FliWdc07L330BFB5YHpsWqnbX7tbm5M9TAW1r3+DjX6m7lnNULt5w7mlvSHsa3XBFfX9GEVH4V3Jd+/An+Dr4m/VTH3E23rM2oP31geeu20w/iC+kHYUNaii+mn0e307/F4+nnQTn9olor3RDYol6btrDJtGP7tFppfo/QULVOurc14HPxnl9TwrYBs8H8E1/CHmpkvKrj8Zv4hby28SjB3hb6gNW/slYip0Ubw1dF3h1jl78fbmU5uEZ+Ms9r7mJatjrkFhSEWT5GZ6mD6zrn5zcwVked5plxHddn06/jw1wvaIpnvGTjfo2rjEXHWPsJ9hyiJme1KG5n//gg6iU2xMX3CPZuOZB/X0n+dmVO1Aqj9ahJ9Wa/95/gzIfRJ/QInpdvI+abGrW5fj7rols8x3yY+bbqP18brc/wzMf+2834qhYS9pFc4LrI2gRuAR3qSU7BXWjTatw3miRni9TgonuATdSGeEqBa1cfthYN3o9fK4kP8rtQqXHRHt9rKn2qUR2m8biZa3pM1MO8XVrIT9Gf5rleVmN8ivl3gEMfd73ed1drqdUX/35iYZrOetymaZr+n6B763H1tg+/H/Nbh4rJuN6KbyuIxlUXdaouP4tv2phzCf/dlstf5/dVakWTWthPQ1Lg9wbrv6LntusVrzOL9WAlp6IjrJvm2RnXNWs2uYM/lvH3qCaSUfoJWkv6dcy/1+JtNdd8eEIfkTc/kD93wVp+U3vpzXvjj/D1x7xzk/y4gw3f+3pddFPUo5vwqArhVfZ/mvHT+OsqflzH/8Tfx+AK42uVOubmPRfQcj3xTeitjfEozz+HjRbnR/jk3+jH8bubPRf+1yd8jjUQJ6tDA1k9gqMZziQfqinfquY4UUdU1kI0AtBPFHsuodEimmyJ3mZexqZx06lpBW36Pcad7Ok34KHP+2I8CV9gz/Ys08NN/M95xdeFmj5XrW/of9VrsKAFxo9Wufquql/cNfVwrtnr8wNNPOZqPxh8mk33pj3LE6+fWs72SA8qmRYtX7xmq/GZ9Ge3JvIr8BqXpqzv5gc0lX8T7lUXeuqNBtHWDQ0mu9Btm5JkP346kcVjn+/XzdEccdgiV6lZ5GoSmd+qfiDH7UxX7R+1vOM5ocI7nyNekF/g/PAy/PJO94ntn8jfkzDnBb23U5/O+Jc73q/2wudwbd+t9s7n8VN9+Rkcn97+i+O7JLFvk4zpm6KVKTfC2CzXXVwvMvCp/B/zhpIMYX9azi2oyRC06YBx2Jlhlfjv1inXplNhwNn0rOZeuq8h+8axb59gle+cVR1EZ3O5uu2TnJvbQQPoAx2gGxRsPOyl9pxH23zfUKeK/gy4ogPxLLxXB6l5ReryCDXwFeup1J8Jzty/A53AzuEj7jLvon/znfU+67v9eXVcbdFlzYQF+ut5Hc6+lY54vqIxzomt9CWPpK4CVfw0bLDrYF394NUKp/fh1+Bvs7FfZPf76X/94Vpayn6/VmXq6SWn3AyYMASLmq+uqYKzyyBnl+EKl4fA8JPIrag5V1ajIXyH2nldx8Np7aPf7vPfiOc4Fz3jG9Fyu/r/My0HfYYAeJx1wm1MUgsDAGCukpmREZGXiBARj0dEOBgiIKEpIhAh4UdeXvIal0tGRMY1QzxxTQ6Hj5S8aJpIylxzzTXXWHPOOecca4255ppjzrnmnHOuOdacc8259t4f7993z4PBYBj/04RxYo5/cfyyn9KW4k+ZSdlOzUqVpppSnamR1AUsBgtirdj4CcKJlhPzJ7bSlGlTaVsnKSelJ60nh07up8Pp86eyTjWeCpz6eOpHhizDnhHImMn4fjrzdOPp4Ok1XBbOips7gzsDnTGeGTqzlwlmNmb6M6czlzOTZ0ln2WfVZ6fxKXgxPoDfPgecWzz3k8AndBMWCWvnofPm81PnfxK1xB7iygXiBfUF54VEFj5Lk4VkrWbt/Sr5FfnXDCmd1EKav0i4KLgYvbhLNpJnyPuXiJcolyYvzV86oEAUM2WOsn6Zdrn+csfld5cTVDxVSW2hdlB7qXvUn9n4bHo2L1uW3ZQdzV7IXsneyj6gpdFINCZNTFPTIrQoLUZL0HZpRzm4HHHOZM5sTjxnIydJx9CV9Bn6R3qCvkM/zE3PJee+zf2QG8tdzd3OPWSkM8gMFkPCmGLMMeKMdcY3xlEeLq8+bz5vOe9rXhLAAHigFXAAvUAYmAYWgDiQAHaBH/kZ+eR8Vr4kX5Pfkm/Ld+aj+UcgDqSAbFACakADaAUdYC8YBqfBBXAF3AT3C7AF+AJaQXGBtGCo4Aczg0lhspkVTC3TyGxjwswAc5IZZS4wV5hbzCTzqJBfKC/UFZoKbYVIYX9huPBt4Q6LyoJYlSw1S8eysGCWl7VaRCsqLqosqi8yFnUUeYv22DY2wh5kR9jv2Avsz+xN9ndOCofAoXKYHDFHxWniGDkdnB7OApQFgZAAUkI6yALBUACKQFEoBq1AG1CSi+ESuHQujyvjNnJbuQ5uLzfM/VhMKm4rXr5CvtJ2pYeH4y3wVnhbvIMSbAm+hFIClvBK9CXGkmDJUskaP40P8Fv4Af4y/7hUXCor1ZTqSp2lU6Wx0h0BXyAXmAWwICAIC6YFi4Ivgh1BUnAoJAopQoaQJeQJ/cKgMCRcFq4KN0REEUVUKVKK/KKgKFSGKyOWGcpmy+JlG2V7ZcdinJgqhsSvxMdXJVcjV48l9ZJ+yW45oZxcbit3lE9VUCoYFcaKD9cw1+TXnNfmKsmV9srlKnZVRZW2ylBlq0KkGVKVNCqNSRPVQLWgGqnurR6snqyelhFkZtmUbF72WbZZg68h1ehrjDWWmpmaBXmm3Cx/I5+R7ykABVvBV0gUMoVa0ahoVkwophRRxbaSrqxX9itXr1Ov66+/VaWr6lV61ewN0g3BjZ4b/htrap7aoobVUfW32uJaY62lNlgbqp2o/VS7ouFpxBqr5p1m4ybppv7mxM1NLVvbq01od7Q/6ix1cF287kvdet1e3UG9un6iAdtAbGA08BqMDV8beY39jVu3pLfGbn1rgppeNR381vxbXCfTLf7Hqk/X4/UkvVW/dDvttvy27rbl9m5zS3Pid+nvRy1v7ojuRO8cGPgG1PDesP0H/g+xUWv8/qfpz1UTaOo2bd7V3HXcjdxda8W3mlo/3MPfs9yz30Puxc04s9YcMSfvV97vub9owVgqLLBl9gHhgenBvtVhRa1Ba8x6aP35sPih/eF8G7ZN1eZv+/SI+Kj50awNb1PbvLbDv1r/2mxvam9pt7Uj7RuPWY/tjxc70jpUHf0dq0+oT1qfLNmpdsAusMvtOrvF3m6H7QH7mD3ZKenUdBo62zvRzledU51HDpWj2WF1dDuCjjeOmS5cV0uXrQvpGup62zXXFe/a6ErCGJgAM2A+bIADcASOwgtwHE7AW0+Ln8JPZ58uOqlOv/P739q/33Vjupu633UfP1M9Cz3b7QF7WntiLpKL4YJcYpfcpXNZXE5XwBVxRV0xV8K15UoiGISAMBA+Ikd0iAVxIv3IBDKLLCNfke/uFDfRDbgFbqVb77a5UXfQPeZ+715yr7q33YdoOkpGWagE1aAGtB31o2Poe3QJ/YyuozvovgfryfKAHpFH5Wn2tHl6PIOeSc+8Z8Wz5dn3Yr1EL+AVeJVendfktXmdXr837J32Lnq/eLe9B740H8nH9Il8Mp/WZ/R1+Hp8AV/EF/XFfKu+zf/r0I/z0/1qv9Uf8L/3rzxPeV783PR8ohfby+i19RH7KH2MPlmfua+jb7AvHsgIqAORQOwF64XzxYcXR/3m/vX+nX/0/3wKAsFXA6QB84BtYGlgfWB/MGOQPggPzg1uvqS+FLw0vYy//DnkHPo8dDzMHDYMW4cdw+jw0PDk8OSr7RHpv+wj/pHwyPTI4siXke2Rw1BKiBiihYpDopAqVB8yhYKhD6FE6Mcof1QyKhttGjWODo3Gw7iwORwJf3lNfm1/Pfn68+vDMepYy5h3LD4OjFvG58dj48nxw0hjZDbyKbIW+RY5+i/sEf7BAAABAAADqwCKABYAVwAFAAIAEAAvAFwAAAEDAOQAAwABeJyllNFqE0EUhv9tEtvSKm3xQkRklIIizSYpIiJeWNtahGKhEfHCm+nudDM12V1mJ9T0HfQVRBCkz+C14CP4CIJeeOeV4r+TqWltFdEsM/vt7Jn/nJxzZgFcDFIEGP6uY8dzgDm88zyGcXz0XMGV4I7nKuaCF55rmA7eej6F2eCz53Fsjr32PIGzlUuep3ChknueRlj55Pk0wuozz2dwrfrN8wwma7c9z2Ki9piRBNVJPnVcVCUHmMdLz2Pc/cFzBQ/wxXMV80HHcw3ngleeT+Fy8N7zOF4H3z1P4OrYV89TuFm54XkaTyrPPZ/Gk+p5z2fwsPrG8wzmalc9z2Kmdg8r0Eg4LMceFGIIDslnSYqQIccAxll1uCqwz7GIJlq8FshrtMn4tsvdAstkwz3lLJ1qhhQhsKITbfWeikUsrRRRlg+MTjpW7IvFZqu1INayLOkqsZyZPDPS6izlrg1KKQoItCmXonCk0KPwFqW7DBYbuUpFW6aFaKue3sq6XNukUYI+DSQjwaZK+l1JWKJE5CRjzoZydY6/cSNwl3rac4sZaFKuiFQaKyPq4ngU4m5fc241m//xRx65MAufyNJx6JzjkTIFkyRaYeuQ/oF6/WT1Urw+Ej8pKu3msvrW1TB2OmUWn3Itw/axmkuXTeGsBrxvuVXjKlCqWfcXhr2lnbfIrZQ9NnzeYWaNs405Rz/7pig7Z5QVXQgprJGx6knzVGTbB00j01j05EBsKWFUogurDBtNpyJSxkred/pGF7GOyrYqwpPa4OTGHRX4UF/CnQRL41to8Np1V8htR0UjLxk66tESHWvzW43G7u5uKL1yROEwynqNf5e1THvuEqxcpyS0HXZN6DR7LNQfXdtBrmJV6CRlU4Ud26P9uquEclUY1q5/KF2WwmWVl+hY0m74dHRP+XX4tX0XGRLbdV0zgoI16rvk2o4SS7mMePNvFsRBfy+Gzd9nZuQ8dFlJ+LZ7JIiCK+u4z/qu8qPb5lw/COJwRpzzMDNJozsMoGis319efdBerbsAjp+UUV/i+Fn7ecR+AEcmWaIAeJxtmAV4G9fShgcsyRgqM3ObWmBBWQtKHHKa2E2Toiyv5U1kyRWEyszMzMzM7b1lhltmZmZu/4XRsdLnd57sN7O7Z96ZA6vdAwTe3z+DMAj/zx9f7RwQCBiaIABBCEEztEArtEE7dMAYGAvjYDxMgOVgeVgBVoSVYGVYBVaF1WB1WAPWhLVgbVgH1oX1YH3YADaEjWBj2AQ2hc1gc9gCJsKW0AlhiEAUYtAFcUhAElKwFWwN28C2sB1sDztAGjTQwQATMjAJJkM3TIGpMA2mwwzogZmwI8yC2dALfbATzIGdYS7Mg11gV9gNdoc9YE/IwjVwMRwCh8K9cBp8CofBcXA0nAtXwiVIcBQyHAwnw/fwAxwLp8MR8CC8Dd/BeXAV/AQ/ws9wEVwLj8OjcB30Qw5OgAF4Eix4DJ6AZ+EpeBqegc+c3nsBnoPn4XrIw7dwIrwML8JLMARfwFdwJMwHGxbAMBSgCBdACfaCEShDBWpQhYWwCD6HxbAUlsDesC/sA3fAhbA/7AcHwIHwJXwNd2ETBjCIIWzGFvgL/sZWbMN27IB/EHAMjsVxiDgeJ+ByuDyugCviSrgyroKr4mq4OvwKv+EauCauhWvjOrgurofr4wa4IW6EG+MmuCluhpvD7/AKboETcUvsxDBGMIox7MI4JjCJKdwKt4b34QPcBrfF7XB73AHTqKGOBpqYwUk4GbtxCtwAN+JUnIbTcQb24EzcEWfhbOyFP+BP+BA+wj7cCefgzjgX5+EuuCvuhrvjHrgnZrEfcziAFg5iHofQxvlwNy7AAg5jET6GT7AEl+EI7oVlrGAVa7gQF+FiXIJLcW/cB/fF/XB/PABehffgdXgD3oS34F14Dd7BA/EgPBgPwUPxMDwcj8Aj8Sg8Go/BY/E4PB5PwBPxJDwZT8FT8TQ8Hc/AM/EsPBvPwXPxPDwfL8AL8SK8GC/BS/EyvByvwCvxKrwar8Fr8Tq8Hm/AG/EmvBlvwVvxNrwd78A78S68G+/Be/E+vB//A2fjf/EBfBAfwofxEXwUH8PH8Ql8Ep/Cp/EZfBafw+fxf/gCvogv4cv4Cr6Kr+Hr+Aa+iW/h2/gOvovv4fv4AX6IH+HH+Al+ip/h5/gFfolf4df4DX6L3+H3+AP+iD/hz/gL/oq/4e/4B/6Jf+Hf+A8BIRExNVGAghSiZmqhVmqjduqgMTSWxtF4mkDL0fK0Aq1IK9HKtAqtSqvR6rQGrUlr0dq0Dq1L69H6tAFtSBvRxrQJbUqb0ea0BU2kLamTwhShKMWoi+KUoCSlaCvamrahbWk72p52oDRppJNBJmVoEk2mbppCU2kaTacZ1EMzaUeaRbOpl/poJ5pDO9Ncmke70K60G+1Oe9CelKV+ytEAWTRIeRoim+bTAirQMBWpRCO0F5WpQlWq0UJaRItpCS2lvWkf2pf2o/3pADqQDqKD6RA6lA6jw+kIOpKOoqPpGDqWjqPj6QQ6kU6ik+kUOpVOo9PpDDqTzqKz6Rw6l86j8+kCupAuoovpErqULqPL6Qq6kq6iq+kaupauo+vpBrqRbqKb6Ra6lW6j2+kOupPuorvpHrqX7qP76T/0X3qAHqSH6GF6hB6lx+hxeoKepKfoaXqGnqXn6Hn6H71AL9JL9DK9Qq/Sa/Q6vUFv0lv0Nr1D79J79D59QB/SR/QxfUKf0mf0OX1BX9JX9DV9Q9/Sd/Q9/UA/0k/0M/1Cv9Jv9Dv9QX/SX/Q3/cPAyMTMTRzgIIe4mVu4ldu4nTt4DI/lcTyeJ/ByvDyvwCvySrwyr8Kr8mq8Oq/Ba/JavDavw+vyerw+b8Ab8ka8MW/Cm/JmvDlvwRN5S+7kMEc4yjHu4jgnOMkp3oq35m14W96Ot+cdOM0a62ywyRmexJO5m6fwVJ7G03kG9/BM3pFn8Wzu5T64CW7mnXgO3Aa3w0O8M9wCt8LDcBA8AIfD1fAIz+V5cB/cz7vAPbwr78a78x68J2e5n3PwCw+wxYOc5yG2eT4vgGPgfC7wMBe5xCNwBlwBZ8GZ8A1cCifBOXA5HA+nwKlwJ+/FZa5wlWu8kBfxYl7CS3lv3of35f14fz6AD+SD+GA+hA/lw/hwPoKP5KP4aD6Gj+Xj+Hg+gU/kk/hkPoVP5dP4dD6Dz+Sz+Gw+h8/l8/h8voAv5Iv4Yr6EL+XL+HK+gq/kq/hqvoavDdWKdmdn2mgpLbTKlVypbIXSw9lcuVQMZX0NpvvL1kIrmPUklC7lS0VrQSjra5ues8u52vBgwVrclhu1m/SBUrUp5xyCRi7rhhnwxXBiZqshUyCWQEwfYnnSajrtsrmcVay2WsoMmYK2fA2afkTLk7ZJDYnkGxKZ5CaSdw7tk3Kl4eGsH6w93+C0TW5oO9TQdnJ/ttw05ByC3VW7MGAFbU9C3ZK9Ldl3+9nbfhd1S562r9Q9hez5bVMaGPNH7fapjVktWMbJly2rWMgWB+xccFo2V6tawYIn7dMa7ys0OMFpfqcUPGma5hZfcEdhht++6Lef0di+2Nh+ht++6HdqMTtSqlTLpZEhi81inq1iPtQjxZek+B6/+JInHT1DtWI+W64NF7K1akep0QvO8nMo+znMasyh3JjDLD+Hsi+z/VYVT9pmN3RjZdRu7s1ZA3ahkG2uihHs9ZtX/Z7odYey6g5lnz+UNX8o+6SamlTT51dT8yTQV7aL+UDNPXb0LVNZrdEL9cmQ12RVzGnIclGDPbfBXjJqB+f5NS71pHXe6PRfqsxAoVTMVwI9Q6VyMVDyjn3eseYevXUcznS2pt1c/TBZZYbSpq9Zy+/FnkohWxny7dKo3T67cUwqjU5vo1NtcJqdDAtWpTLfSyGi6b5mop5GOztFw6LRpqFSaYE4Gbd1v1UoLQpUS8VSpWPAtspWxa54Xmu6MDKU9cyWbLFUtQqWnW03Ryq20xfe6WazKte7S2K19wzb7kj6Tl/Dza09w1bev2m87dy+DCvgsZo0q5oNTMo61fkZpmIh4TXNcy6xwwv0DjlWkwsMTM2OjGSdtTncP5Cl6TWaUaOd7ZBkQDNtnjVUCsy288NZ7s3WQpINzxyyWXf+z6zYPiadau9uyGis3Fj3W7OqI9qtxvKtevl2vfzla8s29Yvz2jf1u8Xl3eICA1ahmg1JrKalbmnuxapXmhsssMArreCV5iep6VSs0WLbWflefVweKgUrbnHhgCdcdWoUPo849eWc/44bKLkd397Y52P/lWZ7qXHUao2jVlKj5qdhyEwyIqJxT2OdnS3ZQdsOd3ZGonWrK6ysiLJGr8aU1aWsuLISykoqK1W34ooWDwvfUGfqrHBMxQ2raGEVLayiRUZzVxlHVMYRlWdExYuoPCMqckRFjqjIURU5qiJHVeSo6ouoYkQVI6oYUcWIKkZUMWKKEVOMmGLEFCOmGKP9ElOMmGLEFCM22t+qRVy1iKsWcdUirlokVFYJlUtC5ZJQuSRU5ISKnFCREypyQkVOqshJVW9SMZKKkVSMpGIkFSOpGEnFSCpGSjFSipFSjJRipBQjpRgpxUgl/LnZNdoXo9HqrLBaOc4/Zak53BlVVkxZXcqKKyuhrKSyUsKvr41wWLFS/i9ELN4pKusoHhGtX4+JdonKeo9LbfGkqLDiaVFNVBc1RE3RjK8J4SeEnxB+QvgJ4SeEnxB+QvgJ4SeEnxB+QvgJ4SeEnxB+QvhJ4SeFnxR+UvhJ4SeFnxR+UrhJ4SaFmxRuUrhJ4SaFm8yop9noHJNYKWHXxyYl7JSwU8KuzyvVTnJISQ4pySElOaQkh5TkkJLa01J7WmpPCz8t/LTw08JPCz8t/LTw08JPCz8t/LTw08JPCz8tfE34mvA14WvC14SvCV8TviZ8Tfia8DXha8KXt6GYJnxN+JrwdeHrwteFrwtfF74ufF34uvB14evC14WvC18Xvi58Xfi68A3hy29qTH5TY4bwDeEbwq//1hrCN4RvCN8QviF8Q/iG8A3hG8I3hW8K3xS+KXxT+KbwTeGbwjeFbwrfFL4pfFP4pvBN4ZvCzwg/I/yM8OXtNZYRfkb4GeFnhJ8Rfkb4GeFnhJ8Rfkb4GeFnfH6XvB13ydtxV2dENCoaE+0SjYsmRJOiKdG0qCaqixqipqjww8IPCz8s/LDHD5t+fo6GfY2aopngnHw563woLfJljv8Bs8iTljn117qWRXXLb5eWeGmJ5693R4Xnr3dHu0TjognRpGhKNC2qieqihqjk66/3sKkJXxO+JnxN+JrwNeFrwteErwlfE74mfE34mvA14WvC14SvC18Xvi58Xfi68HXh68LXha8LXxe+Lnxd+LrwdeHrwteFbwjfEL4hfEP4hvAN4RvCN4RvCN8QviF8Q/iG8A3hG8I3hG8K3xS+KXxT+KbwTeGbwjeFbwrfFL4pfFP4pvBN4ZvCN4WfEX4mHJzrT9wlnshZoWeEnhF6RugZofurPZyJeZRIp79KHA2LRkSjojHRLtG4aEI0KZoSTYtq3u+z+3mQ7KgVB2SHbqC/0LFXzfkcdrcoyhVrIDhsF70tEivnfFG1WItzzmebc1f7UqtcqtRGrLJdKrcPlmrlUcdeaNWdtoq9uG53VJyYReVZdn6oqhoV7aJq1KJu8nNMpmLh4IhVcb4f/eTTWpNZK5e8q/FwRN7pHUvecePhaJffT2Hn68eqVO3hbNUaaCkVLY861F4dKltiV9rchMVu93IUhwYH3SAZze98RyOiUVGv8zOm/8jNZPxHsqNGU7FWKAS6J2YL1dZubxr4pvcMc82x3aNbNK7f0V1/mvk3ejtIrtkmG4L+aW/ryD/tbwe59phutZPjusHuKX7E+ne76zW7nmuMa9wM8O5T36nLeHHPyy0p24WCnfO447ztrsbNzQZ7fINddslWy0C2YmdLi+1sW81/IfES9+1M3XYfPA122rWXG+0br8Oc0P0N57z+dM9NGD3nbvz86zavC91zY7zsVSTfVUE6PLfe3r+omo6rd4B7vWANOmXWe8SZI865Pv3fZ6bpzc7ATBwp1oZD7iKZWKoE3ROOVBe5XrM3+Rwj5C4bT50J6F53Fot73ZuDruHNQ/cGd3U4Gsh7Uye/7NRpzatZ0exuRnuj3LgH7Z74P1CaGBgAeJw1hztOw0AURecxjqNUYxJhAf488wmNO0yfKIVxPISfeVKcSKnoKSY9NEhpgtgEtcdd9pCCBVCwAAqWYBwQR7pH5/bfWgdJQAH4hEk9H4Tf8wufX8UuXo4cHMX7eHJmUfc4wb1OhU2jQpNXeCFdlLGDnahNDeBkRJyQg+A9XnC+Tj/Sr5Svh5DEbTyvN4zhKDkkN3LIjnZoGwRZkaB3AShAiE9RCW5uASOIGD2wR1awb2ZYDJ5saMAKXsu7LAzlqlndSt26nmpY6G62cf9mos2FZjSZjkuAl/x5uWQDT+rTbKwDL5f6vg7LK202yJUKw5maz8MNtZVSf/3P792d/QCGZUb6AAAA) format('woff');
+	font-display: fallback;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-weight: bold;
+	font-style: normal;
+	src: url(data:font/woff;base64,d09GRgABAAAAAPhMABIAAAABrWgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABlAAAABwAAAAcXdIvb0dERUYAAAGwAAAAHgAAACAD3gADR1BPUwAAAdAAAAAgAAAAIGyRdI9HU1VCAAAB8AAAAb8AAAKKSI+4209TLzIAAAOwAAAAYAAAAGCibaElY21hcAAABBAAAAMiAAAEfs0qHI1jdnQgAAAHNAAAAC4AAAAuDTMOJGZwZ20AAAdkAAABsQAAAmUPtC+nZ2FzcAAACRgAAAAIAAAACAAAABBnbHlmAAAJIAAAz9oAAWmEjWYqp2hlYWQAANj8AAAANAAAADb62rYGaGhlYQAA2TAAAAAhAAAAJA4pClxobXR4AADZVAAABxkAAA68MmkHXWxvY2EAAOBwAAAHNwAAB2T62VfObWF4cAAA56gAAAAgAAAAIATnAsduYW1lAADnyAAAAPgAAAG8JDFAPHBvc3QAAOjAAAAPFgAAH3APmSRLcHJlcAAA99gAAAB0AAAAiOowEl8AAAABAAAAAMmJbzEAAAAAyUIXoAAAAADLBqideNpjYGRgYOADYgkGEGBiAPKZNwBJFjCPAQAL8QDlAAAAAQAAAAoAHAAeAAFsYXRuAAgABAAAAAD//wAAAAAAAHjaXVJNaxNRFD1vTpM0g4tAkqqxFHFRsijFKmTZlRRSkkwRKV0FgtCiTBNlJkaEfmptq7b18wfEfqlV202LS3+DC7dSiiAiIhKki0J638uAKMOcc9+95368OwMFwMYVfIZyS34Z7YjByju5s0hfdvKCQLOJqKgUiDaEEEZEVFHjt43f+i9iu9fGSuh3y9VxXHIrV10MVrQ9dEPjiFdyfRQ973wfRgUvoCx4Eb6vo3dMxVa/iMF2Qcv00Kc2c9LWX9avxpZPz2GjA13oRi8y6McAChhGMdAOBTwa8IeAPwb8LeAfATcCPmyxSpgZlEpJrxhCfMt3fM9t7kg8hEF8wT4O8FWivUhwgpOc4jRnOMu7vMc53uc8F7jIB3zIR3zKZ3zOF5KbQA+WsYLHeILv0v0nfuE3Guq6qql5tav2rLI1YTWsP6INc0XqK8TRae6cgs2XXOM6N7jJV3zNN9ziqtlaXB4gKUrFOuuyW52/ZPaV0PbRTV1L8rfMPcNHno6J0tRFXKyk7PMkTuG0eM5IpX/0zU/6H1AF5QhnzBcL4YTU7sQ5pHlbZsjCYc1wjrck22FVMEdfMGsmyR4DxINgFwAAAwUcArwABQAABZoFMwAAAR8FmgUzAAAD0QBmAfwIAgILCAYDBQQCAgTgAALvQAAgWwAAACgAAAAAMUFTQwAgACD//QYf/hQAhAiNAlggAAGfAAAAAAReBbYAAAAgAAN42s3SXVBWRRzH8e+e/wPiSz0ogiZ13HNIrDQ1KUhEQCQUU8p84QEUtDDzNVSydEq0lMwUzUqbygbC0tIAx96zZvKipi6aqQvHxsE853DdNONVL885beA4TV10287s/vd/sTufnf0BwsC8EWVWrGbTqf4+ZiVMPcQOUhnBdtWiDqkO1aN+UZGVbRVYZ62vrW+sXuuKKBEZLHHJkb2yTzrkO/lBzsdaUzJsZZfYu+1fx87XQ3WmtrWrc/UUnacLdZEu1w26SW/VLfqYPq5POSlOhpPlaMd1cp1JTr1rualu3B3hjnFtd4I7x13urhz37WV+j4VRlIwiY9O0G1O76jam36zR/aavjOmCMXHNtMuY2qRTvjcmYnts7GJ7h91uTOh0PUprY5qsp+pp10zNxtRpTCf/Yaq7ahr+N1Njvwlj+iOKoiA6F/VEndHhqDqqivKj7PBI2BbuD1vCNWF9uCxMhAvD0uTl5E/JS8ne5MXkhWR3sqvvXF9rX0XfxODHYHyQE7iBE9hBVpAZpAfxIM3/2b/kX/TP+2f8036Xv8Sv9Gf7xf4Mv9DP8wd5jd4Kr8ZLeAu8Kq/My/Xi3rDeEzmb05pj22T7wJ/+z0aqNeSvoviXTmFd3Vn/ccfASSFGiknnINIYzBCGMozruJ446Qw3mc1gJJlkMYrR3MAYsk2qb8JmrEmOg0sONzOOXMZzC7dyGxOYyO1MYjJTuIOp5HEnd5FPAXczjUKmU8QMiimhlJmUMYty7qGC2cyhkrncyzzmU8V93M8CHmAhi1jMEqpJUEMtdSxlGfU0sJwVxt/KszzH87zIK7xBJ29yjLd5i+O8w0ne5RTv0U0XPZzmDB/wPh/yMR9xls/4nC9kJptoZCWrZRZP0EETa6WBLayRR9nDq7KOzdIkG1nF4/KwrJZH1FFZzzqeVK2c4FN28hAbZK0qkw2yivU8JeU8yNPs5ogaqTIlXwqkWEqkUKbziWziS1Uo86RWKmWuPCZbpIytUiSlUsEu9vEM+9nLAQ7yAm28zGHzwpd4naO8xhW1SNWxUVWrhKphm1qqatXiPwFf+f3NAAD+FAAABF4FtgECAOIA9gD+ATEBMQE2ANQA9AD8ASwBJgENAMkBHAEXAQgAhwERAAB42l1Ru05bQRDdDQ8DgcTYIDnaFLOZkALvhTZIIK4uwsh2YzlC2o1c5GJcwAdQIFGD9msGaChTpE2DkAskPoFPiJSZNYmiNDs7s3POmTNLypGqd2m956lzFkjhboNmm34npNpFgAfS9Y1GRtrBIy02M3rlun2/j8FmNOVOGkB5z1vKQ0bTTqAW7bl/Mj+D4T7/yzwHg5Zmmp5aZyE9hMB8M25p8DWjWXf9QV+xOlwNBoYU01Tc9cdUyv+W5lxtGbY2M5p3cCEiP5gGaGqtjUDTnzqkej6OYgly+WysDSamrD/JRHBhMl3VVC0zvnZwn+wsOtikSnPgAQ6wVZ6Ch+OjCYX0LYkyS0OEg9gqMULEJIdCTjl3sj8pUD6ShDFvktLOuGGtgXHkNTCozdMcvsxmU9tbhzB+EUfw3S/Gkg4+sqE2RoTYjlgKYAKRkFFVvqHGcy+LAbnU/jMQJWB5+u1fJwKtOzYRL2VtnWOMFYKe3zbf+WXF3apc50Whu3dVNVTplOZDL2ff4xFPj4XhoLHgzed9f6NA7Q2LGw2aA8GQ3o3e/9FadcRV3gsf2W81s7EWAAAAAAEAAf//AA942qy9CXgUVbYAXLequnrvdPWaPemshBCadJPEZgcRMEKEGEKAyCAGZF9ERMQMIiLuiAgiMg4iIDKMVndaRAaVRTYZZRye8Bh01OcaRXEXIan859xb1WmQee/7v/8X0119+/ate8899+znFMdz+zhOtBh2cgJn5PpwMY5wpXHRwNnE0hgR4NpIr4liCircybho4qxiqSI6owZSGhfop6iZlHI9ysNyQC4MyIF9wrXtOfyi9hWGnReqp4qfczy3oOMzcgLuYeVSuPFczAbjKuZgXBA5Nw7txKEVWyguWbhsGN2uX7U4JM5UGk8xcanQnBKMO+hVVCalUUeK7IqahUiEi9oE2aU4Ij3Kq3pWhkM+r0fKzytyB4T8BePqbxjfWFvXKJJx4Z9W1tU31F4/fqzhjrYgB//x3HJhqzBIW/twWDvOSwzjvExwPylEW7SPFALCyThv4mT4kndGjQABiX5CCESNPEyIiDChHuV4cwJ/y4m/5CBpxlfDzvbveGf7d3jfMoC5aohzGVwOaeJiPoB5zJuWHg6HFS7Y4vGnZhT4w1FiaG3h5cysAn9IEYMtgjM7B5sN0CyZLXZojhlES2nLAIPRXBozWW2hUIgouUEl/WQ8jc0yzRn1wSy99FPM68PeXre5tMXk9QFgjayXMRg3sR5GE/YwiuZSxeuMWuGnNrbAAClVKtN399v943Wct9Syu9+ZH3/CCyXd2cKnG92lLQJ9lfAVbttiTjPBhc/ZYvFZ3Thai91rgw5O+irTVw++Yh8/7QO/SqW/gjEz9HEy9XGysE9Ltt4zB9uFAU5eQFg4ZQRaZlZ2TvfL/lMGpON+VASq8isC7rAQxj9vwBjwwva48+GvMFyVX0a8wTYSGHFmxKGaUzXfqa1BwqunRrxfs3/4qWrCvRl8k6x958t3yZPqNPx798t31OlkLf698yXgSEPHA+JgycXlckVcN+5xTvEFFXc4mmloVYpDMV8mAtXnBaBag0phOCpJrYoQiklWbJcA2EQpo0cgNRQNmFqVgDPqJaUxIbMAdjTuoYcsZrAWwyfF44yWALI5Ta3R7vhegqfAhKcg0wenIDWiWOWXObMzraBbgT+iSC7FBAfD3bOyqiLs9fmNRcVyNg8nxOjNr8Br4peLu5NCj89fIZHKip5FxQ2fHHvgs1cnbNh8YMuIz48/8NOuMT9PvPrQFlLWd/BSYrl/8GAxbdXfPE+tsdR+NcChnr5u9r0Nf97nfvuoYRQxlQ6CQdJrXlnRLZL9tbvtpP8PXXvl4FkzcP07vpV+MRzjLJyHS+Xy4QwoXMyLmB+Al2ixoTXmg9MW4+El6jK0xk2OAG8vjZrgMqOUXmYYWonSndIhKyMJVmfUCUhqYJ8MzmgafCpgnwoopOLZjGQEEVhW2RUz8d5IJKIYZIBVtCANYOaLKCVyLCPgjyAYTcWyqyUtu6AEwBd1ZcAHg9XJwQeAojOgU5cqjy8cquiZnye5SdhMrvRFfzL2hZdjO7bE28pCEyeGykYKpd+1vUfevKxZ5MnRb97//Itv/r2kue3C4otLkWyS3dj42RfffEAbOcCx2o6zEgfwywIcK+eauVgqwi4DYRcQW2NmBFsQARRCAEWzLa1KtlMpzj0pRyXAKSkYLTZhU7QbQMIG6BOG92wJ1i9Eot1g0XFzRqAgBZHGJsecafkUGoFU6JAWUYKAVJLNR6HC0Kk7qdCprZFUVgUk3kgCxQCCgkIEQRVxELfH3w96FQEwahetvm5w64HdHz64nmQO7Un6FfxxJClTV8x/4/uf1P8hA5dO/uNkNd7r6vo/1DcOi1w9gjz0wL66+j/duG73X1ctPDhW/XrBrhVqx83qmXnLP3q/fkpfUt1tIt/cML3Hjf0q+g7ggGsBLScbKC3P4y6l22IS3Ua2pdHn5TpVRvwkXK26h18Ev7cDVY4J8HuiOCiqAZEshB+msB86XVVhCQ6Qy59fxNc+/fiFRx5bff/51ev5cmIm77y4Tw399LNa9ep2cgjG7AtjNuljcvqYVspGk8YM+1yykzfmV7oqevJ9L6xe//Tj51c88Zhh50tqufob/Ou1bRc5+stP5B0Ysz9fL2ZJHs7Bce4qgxAQCv0Gt9FKit39i8msEiKVkAUBdceHn2x44OwHouvCVDJXfWxqW6p6ahGJqEcXkhK23gbuEzEiHgSePBpOYlAxUoajGIDpEaRLnAWYCuHwkghIomxBxXJS4UNxM+MaYihmtuDXZmQ/FjNeWjhzadTOVlURkEEk8AbkfLmBLDtDlqnNZ/imM+Q+9c4z6hKyFNeinifHuG85iSvEOcR5kTPjjhmDCn8yKgKSmgBJRWCsikTZqqsq4JeE/gMLSGpKz7vg15az/rfUr3E9fck2vp7fRPcfxooSqRX/cPujHMoqFsQGff8rAt6+fBrZduEC/pbKJyQCsOjOdQomCfnERvGAiSTam7bIZIEjIWzocgaDM+yTMJjiJRcmAeLgA8Tb/iEeciaDVHecFYcZ3oZ7+7nBXMyMBzpFaqUoGPXiAlLpgYYjq9icURcARLK0IqGLumwJEciL0pDERSiVcgVCHCBUII8jTjiKlbITj2D1BSK2E+GierFd7SDhG2fPnHjTjFkTeNgZMke9W31UXao+Ru4i89UfW88SC7F/TeG6COZfA/O3wB7FRKQ5hCIysDLxZFSAqdhgKoIIe0ToHhEUBPsTKYUsIqdU9ZhgGJG9TexPFl6oFmoeWjcidQWFSw3IQCMpPbuBi8m4ageQMRFXnS7CqrODiv9k1GRqjZn8iFomJ2CZn8onfhmwLAc2IOqQ4bauiJIuQ68spOuiS+EQCP34cCibeD0OkkIABwMVpB/PSJGxZuaj26Y+8M/bhq7Zs4dvbuPJnOeaut00avTGMeKFxuElTfHbJkd374g61LZTZP7zS2f3bqivGcbmDHs1COZcxN3GxQpxziLsVCrlWFJr3GYtTAU2ZZNaW7yFqSYAUjGcq5PRPKDFTiTEGbAaZwYuwWmFJXTBJYiFMk4Z2HaU5MECbK5odg68e2XFGVFcLiUjoqTKwKQA24Bdw3bCMkpJBb3A5RRXBkIi5ei4XjGQVzP6701PPb5t15x52//0j2Frxq88QryfEOPWtdGd6jvqp9/2JsbSyqnzb6n/ZuzMrT16v/fYrs0P7C2QfH9ZdeJrhpP5sDfz6J67uSaGk5QvxzmrGRgxyMhRDmQYCcRNT1Axo+yOO4VCjYnSAZMEm2Wmm2VGkgDiTNRkBu7LO2XKV6wcxReFx1XieSRALbz5VIUAvlKVLxnz+aUkS1HUf6obyUSLYCrsSYKnBKVt2nfquyT43fl+Z921NeyMNcG+VMB8M7g6LpZO98XYGrPjvjjFVpCg0u2wLx48TJlBRToZ9QPaZsGc/MD/QJPAGYnpbB9McoxYURRQPK6oTY7ocM+t6BlAaLsBmYQqduy5QF7T9f+cQDLUMxV3d1lcJaS1/5KR33fcf12EWX/xU29i7Vrx5Qde2yC+Vb2gfmx0fHv8Z/U8g/EwmPNIw2GQhQq4OUwSimbq594E2JSS5xXslBYQpZCSgDQAMUj0OXj0gTYWwXsawDFmtdlxvjlyTEihwo3LFTVQmTAvE9bHuaApRVZssDgkpEgiuEDI74XT4CDGsLYWIGE8Zd2V7JwMI3PI7OahY8f8+WiT2X7zv978t3r+q03fLyPh5ok3T7+5acJyfhaJkW0pv3om7vnr9l9Of6WeW0tyGxduXr54xuI7cV+q6BmPA33P5WIGWCElzHi6jUEk7VyUcFQAgSkBqwDyWCWmtZ8CrlkoKkTcf9EhKij7IKyqDUeBQuYBhb5dgxaIg0zs6YZiT5CCKBVFHTxq+XCR6oxmM1gpLqdiw+YSuC4JUvmnB3yVqsk/Jfkg53kzAmYUf7JlJQVg1w1kv5c5m0sIFF0i9BSE2XGjp00Xd6jkLLlBjNYlnmHLVzfPJuK7/yTkrgc3r1Q///w79VuSfcfU+bfOW/JeaMTkSTVNNdffROY376++Pj7jT/vf2DT3pWsa3rg1fubvb9dPvHnU1QsGTeKr+vwh1H1i/2tGjkKcGUThcJhLA1o8i4tZLuEV+YAz/iwL4owfcaaIAiQdFpzujOaiggqLLob3dMQZiy0FMSVXhuUrRlfM5fbQg+kHRqLYI0qWrLgjSr4ramRMpScHWOLyAuLkFVfAgvuRqnwHAZxJRplBxPr5ph/vUZ9QV95zdV3j00emm2y91t36xvukdFLThPuab5o4Uzj2NZHXqR8eUUeq9Y7z3vEH/jJh+M//nn7X4pELN9+r2wrE+ZQfRrhYCg9kx0sZcbLJIPUyk4FLv0LGeBljlq/EpPH9xlGdzFp4CC9GjW1AOKNcgnOQOBfXG+CMc3Bqd3YjSY/b2W3FkGJ3RnmAMR+MegC2dpBVYpLFGYl0yitWkjQBXXbZqk8gIcSI7yZmwOSzY2LEwMEcOKCOXjPxNggft9fxO/ilK8l336kH1C/O4VwbyCaQ4zhqw0hnkg+IcSD0GPBUmIKadQYlHgJ/MEhbjvAx2XQG+P6ZM7+7V1WFmcDtGvgd7XXCx8fOkTTS9zvVuZLSLKnjM2Ej8D/EPziFVFUDXFPyg/EstkVpQYp46SfjucyCY89NN1ErAsi7Sq6TAsmgIaLNDloHL/uz8vHY5cpRM1CqqMEjo9LKRdOyAJYGjw1gGeX9ssbYdZ3DQbIIZRXagTO6k6AsfXjhnR+bHp4YVn+tnTXt6on1a/cu1XfeUNN8aMvsjU1Dq/v0qZ746MjrJvQaOHhSW2ZCauO5KR1TpMNAb3py/bmnOSqUxAsNnAeWEArGu7ErV1CxheNV7EN2SOkbjKfSD0QZQAXGEiYnl1BtPl7BPlU40Zai2VuiAwEKgQrZNcBsE12phd2Cod4ACqA9IVhuDyDkshKMKFUuIEhKXzlu4rwB1MCUVBQL8FS6CoD5u1DMgVUX5+PaK+hR9Qseeiy7wxcij+c2VFnllQK5HMEv+hM8r1NOk1XE8D4Zt6dx25zqW9OcM5+P/p3Y/rv++NX+4QOG3/fjhrfUk38mxSR1urr4pHpRvVcdw9+0Y9wEiz08oPkhftyvZPVncTV++rFz9w/ttfS9V08QPuBX/Q/97clnf71nq3r4bfWsejpYtnc8eYw0n1iy8gPrBoQvGgSWG/YAxtq565jNURHCzN4omTgCJExCLkEVsKgRxCejMyqimAl8OwVVAiPQa8KbzBRaxATQsgE8yoGDBEAlcgd4oMa8SBbzkhqb3v719F2keXWhKWDYc2EwaVQ38xPJ6bsK7sZTswt41E8gO6QAvcnlbgGKQ5jYwNA719gaT/WnoPkhFalqgE7JCVNKDSlOhs82+JSJ3MUA08tDBAcUBnmH0lMnnRuIcLRByXUphgg1luYmCW35At2sQH6FLt/tIodJFUlbPOWhxeqH57956+471ba98T/OW7z8OcPO6L5l22RLzvZHjnxEuEmTd/5SM67uWoDiQuAP78L59HHXcDEP5Q66TG0RW1uMHhGFUj9dgh3mmoosOMXDZGijHOPsKJ1FRYusyQmAX+GQ34hIBDgUCFXJUn4ut3ArqXr3vVNNtVtHvrSXzFl/Jv5vdZ/6In/6UzLmlVvainupv32t+keobdeRZZRuAIwNCwDGJoDyVVzMhDMz6xBOMbZqJuCoGQBpdlKFAkEp0+mB2JgAGag1XEAI58rOQP4ucoxMIQ+rk9W7pi4ne9WJWww71fvUv6pPqncTjnxMTlHahvvLU9vzUIZp9M6IaigkoukI0c2Ak7AlJoG6LVV9zSCng87LlFxN6WNaLf2TdwnV7WfJOVXmPXB39Q1VXdHB6fcVVLivmRvA7tt5T5OB3tOE97Swe5qS7wnqtnZD62U33CUMaf+aAD3Gm61ob3+d3Qv23VAM+54O2hq1C1FdikmSIP+63KkoFbjwSGXQ+1lhjcx2FvWaqNLv9FK1xAU3zdRNZYIpNcI0EdC+ow40BXkjUbcLZUprBEVl+EIR2PYwmdJYhJhCDUAywgfoEuALWUNu+fjdWzb+9egPB3bf1KR+zQ9+5Ld71JfV5/gPyCTy8LjzI9UfPv32ooeUE77d0r2QLNdhaJhC966/RiWMjEoohjAq9AhFQUzsHK6KD+HCQLYEeCLl6NyzxL9dpJK/mlSox9pfM+xsP8D3vVDNL2x/gN2PfEt19UDSnlELEsd0XfwzJEaEkTRFnnRMVWvpb+1cGReTcI7WYJTXqJgBNFlGurgob2USliRThmak4hMM5uTz84rXjRw0pYFUfvXZtJq1niUrDOMubOvg1J98CZwyjIR72LgeGjxMCXgQxc7sBBQIUYcuXcOUI+z0yFUkYAYKacR530keJg0qz/PqRnXpMoDDzTvI9+2L2t7lp05o/0U7N/3hXgaum3ZuBO3cEEXS4RETKMYKBkAbYxKgEcSjDDsvVnfo85bQ/+PhHtHGMqaE2cyjvCEMc/fSET2m1rhs4nKAT3qo+4GZLp26/GALojsDHRH73//GQ/0PKd0dinNvVLD9ZlD4vQIXFZzdu5MWXkhxaub/qBWpscGBurUMgNeUDhsDCgkTnHDPSnc+gCbf5YW5byXjJFB+tqofCjazukL9VN1odsNqNokTAFXi5XcTz8UV4mJ104L2hsS+HKU85EZtX8zavhjDOm1LgZWkOKMSasJwaXKiERBXCqIa+rNScK+sIOwAYkR5CzNlCBF9E60Rfb48Ios+1RX8YmMK8au3t99Lp/gqybqdj1+oFmvVM83tI4H2Im34gtqXvJ32JZ06uBE/fQm8sTnpVNC+5Id3Ge1LAmVjbrQvcVJEO+iMEKMs4aPEOE9aSKaRUfBvsrpOVeDfOnLN7lfJfHXlq3v4D8ksslS9C9SCNeqd5D4y4+fz5Bvy7W86bxC3a7aGQdqpo3zBDZTSbOWQ85qRUnroNC1IuUKKxUnlAOQSXsR0t1W+hLGKgfw00slLTxAL8aqn1e+WT1n56MIljxh2fvbJ2Qvt5wVp3sxZU+k8FqqbKZxSQLqdwMXshIEnZncjhtuBDzCQ+RFk6QkpwEmlOwqyDKSmwO5bBKuNKpJwwi0IOxBzFXNE8cuXQRAt5kgfrwDFV6Jkojpf/cn/H0Gpqs+NUheSYVeAp2EYwNMB8sx4DRstYU1WB5DaUyhI7caEZdEBy0gJKQ5n1K2BFI2LbgcTXAwguFgRBVLsVC6HZVwqwXB+WEQysLeTriT70XtIdZO6TX1uS9Pqh1eunWDYefqDpUcjqvsxvrz9uFA2adpUdnYmgMziB95VzM3jYkXUdgNQd+F000Bm8RW5UGbpElRSTkYz4eBkUscr1e+9IeoLy0xhMzXKL4tWV1ouquuoufoC1K5TxOw6PrmFpGTmU69OGuVkSQa17qS4O09Vex+TdiSvJ5v4NRV/whNvj54yq8eNK++7byQxfnnr8XlNC56qbphQdMPTb69TP1G/GkxyB1XWjCi9ut/g/retv2X/vyvLv+9RVDuopG+ketLBlYc+hXWWAJ6jf8HI9QL+kJAHOBHNZtS5LJ1E4McMEvXpghAQkwzUQ4gWNE2L01hYiTgSsOMtMU54Vb04XIwz/vAinHWANGitVVzMibCUNJoNKEBVV0a2FcFJXdZw5qkAa0YHujOi3cCjcySPJAJ2vkgq7v/TugdIxSr127+pn6tHeJPwYtvSF57583ahua1m00/3kADcG2X6MOXVfbmYFddH3emmsM6dCdyXUNaMIhbyZbgGqmKh2MXpBxhIG0C+sgpFeRIhbn+5ZB1AvCSipqgvGna2rR/xdpfGz4UpzH5O72vcA/fNIj4uloXY7g7TW0dNMnKWbHZzE725rJnOcjR3tvO7PyAXcSgGp2LcG82w/6ak7d299+Vf7mPNqU7Ftzdqdfym2Pfu7rfrxwHQbIXOLZLB6C7dvffcz1m0xepssVnt7lL4QYs/1Qdf9Xv2h/+iX2U4W9Iz0ty4mcbcB3MfzJfgYEVi0IZv8KukRvgpvHEDbEZ7aoZBstp8/rT0ZG82+c9fAacjsD4AqDuLAhS0Z0WkAHWjVarKHXADYOkFKElFfLGDGIUAKf9buU8qdb9HCt9zdLVaurl2k3L1YfXPh6wVotTDflDdCED/nw82Rc4NEsJtb1f9z6ia1mFC9oVqgSshpFvluXA7r+2DoZ7uf1GnbMLrsglwbjsVfpCZiVQiKTdTcYT+Tz5Te5F60ptUkBq1gnyrPqPuUHfwP/Bvtv/AO9pL23P4kvZT+n6LKtUlQAYyJvBMgJuYqbUdSbEFSTLoiAqPkGAXCAkUfwCxyUgSBFGzRs1Q/w6iz1Z+XNuy9sN8EMcv12zfZq67LqvoOhQVNS1BKpVHjcyCHRUFTVkKow0bjZhyOf9ae72Y3j6YP35U+IZwR9pcTA5aqe7h5+s0gFJk0dCKtlDNVkPdjRb0gaGfzUDlA71BCHXSAG++HPauJJ9+9JG6R7pw4sKOE+ws2EDnYPEsHG6yjXj5gPq17msiXBju76f3v5rTlsTuz2n3N56E+6AlDe8IchdhIgoJ4gdtIkbdpOQPy/kVsOTwhx+ST9XMeYa6E79J9D4m3iT2NbxObVcgYOWbiYnsfIycO6e+rn4J5GNnWzW/rL2Zys1t6h6hpmMYzDmLU4RgnKPxRtob9d4xeRsjNkShtu3FXQ/j78hw8bTwiBQAPOjCgUCKvkNqnzOzOCXm7bNQnJPoTvUoJxUBn9+b3x1+TOr773ir/0+SzTv5SEa3g8A364EP9RYXcKlcHncP80jRwBxqZrbxiAeG1riQ67PZS+OCZujJZ3Z5C7XLZzOlAwS9aIFmmgdKF0GDcsxo86EqleJS3ICRGTJ85XIz+ytHVSge+RdKCTYXCA3U2tyfoIPHWEzNWnJ+sW5vBerclxgdpP63i/tfvO/lyfu+/vi793qbRjy37NlXSeSJ6UtuX34PqYm9YJbKt496Z/KbR9r96266bte2pXdObhTFBljrRlhrXPIAn8jhZmgylwPX6pNaYyZe80SYaNyKiaDzN5cu1G2iCpabxlmguoW2rKgb7ckGCW2eShpICw4kPz6OshQlU1as1O+gyQyyhzocXEzdyTe6k8zHxo2k3Gab8c9DH31x+OBcb3jYjNsmzJl707ypvORR116zbqt6TP1R/Vr9x8rFfDi+4a9btmx5aCPiW2PHWeEDcT5IuH01u4cdreK4ELOUkHCtTKzlona0eMgRxSzHODbtS3VYFABkJ0yriuqvjSSTmPevHzfsrn7fftuw9rrqJ+e3/8KXkCxSNvxsVqH6ororGFIvBguo/AVzEedpsB3FxWwIWzQpJWAIyOJmbNAC4ARBlrp14ISFKTRNbtkVFxxOXxaKMQBPgx0maEEJh8UfhEP+cBGy53xq7+MJhWAVA2HjZ0dPzLH4Seir3vap7x38mFTcOn3BLMOc5inz+DICh3Fz8yQy5bezq7aQELFu2XL/cwEApD7vSQBDD5fBTeNiLoSi1aBBMQ1Q32tyCYD6Xg31M+lqQKsFMQy0GVTMUFujbjWfCa0HVleEaTPMwWZ1ydSOaZIVR0TxauZcJxcOAe8OUEGsykvtBSRARbBGknb+G2JqDxoeu2dyfNLIncvUH9R/kD5kB3/rTTfN5osJSJ3qD98+cc/jXbuf7VIMYue6eYsXM1lLWCDlAD6MY/hA3QgYVaRwoRjPM+Vc0lDDg1ENFLcdoZjbg0jvlkH68lDJ34PSF0UbawqT40GspzFVFVU0AobaPCRYAjUIlWzbc/yZxTWNNQN7EZN6Xj0uLFpdW/uGEvwoa0SfIZ+1rRAWIS0WOEn1iLMA3iVcJTeA+5iL9USI5wLeFnNcabyMgjnmQtdDf0oLFU+IeUP606/i6b16psB+pGv7MTCo2E5GqzDGJ6RwuSfleFdGvKucaFPFiChQ26uc0b7o94RufqdSgN16MN26RxADpzAqZRB06MocY0oVpUl9XfHMlNziMsTIHrISACUABWgu2rMMCFkBl3AkpbuiUjZ86iVHzZnw3t8V8/rRgA/cQo8ZSkQO+QNeI7XXBwmI270JGu/FQJJHqZTkSTp9ABD/8c7gkOohDbd8+0FwqYvc91KPix9WlQW3vb5rn/qq+s5XvxLTolmbd8+e/0zdvDk3jK4fuXXbzsn3Z3nGhweMLinadusrR2Tx6bLrbowfFQwF3QY989Sb//3cX/oPG1fTv8f1wojx06ePfwtpCRAUcRucXy96n6gcYw/rFMTL6J/XieaVqN3E1GQvRyUAxSFHjWbq96F0LoUwzypaF1ChkIG6GY3OKf8++Hf1ePzuW4GmHSh8YNzm/zrUXsw/8sOLB9p/wHO4GibxIdzfBNy8SvO9owMKozSBx+XjXtup050L0aAQkRp7ojYzbIWRZ36nnuEQdYSgOL9669YbbthqJ+WGJWvWDL3+ol+ccHET9UF3NKseei875+OuBamdQ3sMYKCE9/MG0edF7+dHCxacDmq5cIXQbhw1GeB+Ti+e7P9k0cIZFBN9LsuGXDtiKCl/57UFdcRH5/SJu75O3H6xJLYvzViLc9Ph/wuNb6rq1F6NPBLQFKau0k2gtksHlSYNOAcjvbTppi5jOGHsArA7xeWgSjSog8kpdaP6+jLJ016tbid1akb7CnJwmrqZ3Ze8C/cVuEx234TZD7YZ/zrNfjCi5PntLJOp4HfGQXCO87m5mrwop6NtC2ZMpw3oE82RWhUfKHkFdEBUXfOd1FygeWcxqEeGWxSiYstRuV3JkBUjPVAWdBu4NMtVDpoXRLOFeqTDctgf7keQIeArQ7UiimuJi42tJXLZ9tkXx2aUvTT79QPqO6PGzJ2jHh81ZsF0ccLKEWM219QfOIUIuGjRxhfbj+P7joOIiYmzQHnCcG0vrEkrizqRgCYsd2iyQ8u9FRaCzMCjLcSGC4GpO9GYJEaS5+27bKLhllsPvKUer59w960wuVE3nDjMZvaXQ+xsII9aB/Oxc2loy6L+b1nn9NTpnZ6waDiYb8aoGWY8Ds0UykX9KH1pbm1k+Jpb+9Loh0bQQoVnf7lX/UjtgDdSNWvxnTNmLr5zJl9OXKTHw+oFRT2n/v0RYlK2bn/h+a1bt6BcBTQ9DvNzA++/RbMhwbQYyCRNrlK4YLI85UnIU+ZkeUpM0eUpyU4nbYdJYxtKVECSiQ5MNwKTSlQeHs9bvs+bRkUCWZOpzpc6UKSatn/ZwblO54zb3p48EyQq1SNVr9qqvqN+16Kef3Dlwz61t5gT30BqmUwFsIa1zKN7n4t2JJQKdc6pe8G8yPwZIqMDw+zEvUfOij4wqxflmBRXag5yjQwQgSUHC7AFahGXHOwLTaLx+cNV1AzLggoukWkaPzs8/Zk+pgzCq+/Y7eWbph/6iFTNmHfbTMOcxadAqHGRniPrVv62k7zXd8aoOlDrbNu2Lt9aGN+QwGFhIazDiZ4nZtNPILANFTqZ2fIAa/EYOhnWAr7afo+vfkHD1S/KUnpGp/Yr8RdWPP6cOGHPhPlm9X8sa1e0H+Z0eXQH3LMQpWsW2aNLUmaDHpqB0d4UXokoFeoUp5FR+ag0vCyYHd7MPASfyxWTUgwUfJleFuZtlls4yZWG3+rSK5NGUHbyenx+GuaNXuEKlK00G1fjF//11huNdY8PXzFm9bI7e5379s4d141+b9TWbjPHLV1UJfRe81zD+wXdry3p07ui8Y4bdsQDuW1dKicWlEWKKhsX0rUFYW1VhuHAH+dqcXs2wHADrs3E5CsDjfsyiGaGMJqMlfBxefSYURS3POZkGStq9mg6u01OFhYNTH9zV/QnYS/KWdTB5KXebjm4reEAiaiHr+0zcu6tW195Xli0dMrZbz9r/2xgv/xPwq++ymfQea8H2rFJnMBoGZ5MJuJK2vGkBjKvTvB1A5lOy6iBzIVBejQ0SLJrYWOXGcx0HW09KUcaRsq/KnGWx+cfPEKW86fb5yMh4x0XN62sGX0iYct4BOZkRX8Ts5nxCZsZM5hQu1jCjBOupNYb0v+/C8ySocsp0l+tVw+LE9qXLZo5cTnfTBk7gTVy0kEYN4v7XLOJ+cN06BZi8foK/JebxbxUZk+Yxfa7zr1PnSucU8na64AeCr93977/+u4dbDUolu4OxbE3mm6g1rK+h88NZdYyr1Px7DUoPqfih+5rvz9NDWAWZ4vV4nCXttjoqx1fY9DSafdC4y1wt1d4qyct3WZ3dFq7rLzF6vGnpWcltWq2LmbhiopOugsMOP0JGrkEPKwUTlaSLwQ8pMfSnFxJzHE+SEYuE2WnnUjm7pb7SKn6uhqvv834d3WXOEGVl381fMtoPrX9S1/9TTdmDrvYjZy7uImsIN+2PYQwtcBeraV7lWzf4v+zfSsM4kcGFUKsxEIWq+vIuNNnyDj1CdKsbvn6LN+bz1c3kKb2D9oPkiXqUooPQHMRH3zoQ7RzLKy0Eyf8Qeaxd9nZ4eBkbflJuIH4RwO0ABik5kSGRbLmHidD1eKB3z97/fCqgaMW5bkAXx6qnXvLeH7BRfdLL8o/2G9uquK0eD1hO9w/yfYFdEvkmaHo/7B9YYBRwFvFS2qaMEg18ZY4v6/1UPuoVkaHc9Q9/HuGncAZZ3MsbM9iQL03mopUI8hitYEtZp4EKoEZSzk0EyzmpVYIbxrQC3Molknd1JlIL5BVejOZ4TrKpaLhE1UOIkdTZKoxR5HhINVAewkGgYF26ZUlo9eXReDM+r1IPXoW5fzxnv0/3Xyd9OlX1U0/7V9G9p1rqDWRfk81fywMGay+tyfPlh81q+8NHiL8T/N60ntMI10POawG+U2Sg9qtNFER8+FksVR70wRGIodlcviMGjR+eD7A8gwEE8AhD+HgpAEQAIA8aoMD8SWahnDIx5QFxRrC7JUcpvplC7jy7HT0Q2VTpysAQUkJUVtTtqDFTGFsX9SQzSQHzAtSUlxRq4cqYP1IhYz6F+b99AS2gPHRMvrqvcjTMISo9ubrbp//iVTd9PzroxYvb15W+9rzk/jBQ0mptX6GbMvbQ0qHDBY+rpg/W91vqas7V3uTenDurRVaDBlfLEaEZuALYY4G7oSRH7S4TQ4TMzNaQ8gJmCqtOZeA1Mo6aacaIeX6lK4XI6dtuOWpa5det3RSxR8rJz896I5xyyZWNfPFX8zKza0aEPliVnrhVVdTm8sCdSU5AXgrcCncEI7y9ri9M7lQRF0pbmEhe4J+BbRQNJViXoieUsij9dxopypUBgm7k+P2FoR/CqtbMWAP48jUlcLxtnJD4aixDbV19Q3Utgv8xWk4xmVwd3CxNMyilEXOAio8jR6ziTRv0uakoMDAaWY/SbFQrzCIfzixVJZdaQjFUtNwi1O9gOdoUElNk1kwMheV8dKbTr3ZMc7s0cxXJiZKaVlezIXlZNDEVK+Cle+eiG1djjasRbd9U3tv05IHY2oj/xkxkMycrc+YB36dVfD8X9RXc8rUvuY9b/bWcmKA5k2nMfq3a/QgQ2yl6ZsodseNEmezI29BMqF4Q5SrALBNIWrTAqRNo/mJaVkY0JLmB9QV6bpEjgXwR9MwbSADLaIaRZGNjLTZZJrQGa7oR/qS/Irw5ZYWr8cYkGtvGRGLffbugQM3/ml+TR1ZqD7wJP/O+W63Nq06c+Do6drPB4y9Yd+Zldtr1DbAkXmcKgbE7bA/xdxdHCNqhTBtVzCag7StS1BJOxnPZFF6mU6UYTHLDA8ydTIC2F/mPV7iz0CRK0+OukA2VKyulyWj2Z7ipIFoOS7oZHc4gbhgp0I5mmaljvyXOV4ymTOYwFvlx7VU+dH4YfQbMWeq2FhcVVTRs8qfpIHMW71k/PRp45esXVpR0fz4kj9Mnl/XvGpJZeVTs0aOmjPv+po5on/1koqqpSuXjp09o7F5VXM4vHhV841Tp/zh4Ig5s2tGzp5L91CCPXwA6I2Pu5OjRl7dXxJ3yg7OjqEKcScLYgR64/HSNkM47mFtxhBV/x0nUe+3Y+BCKGZ36C5xzJF12PGTw2lGMkVNA3aH7nnxap4XN9XFw958L/4FKnBH4U8ifYhETCC9LT3wyy+/qB//+uuvrzOHTLs39mDsgw/gheOTaK0R9GwtExfZhJaMK+lXmmeChGX0SCPdPXOGTGh7V1SEYNu7lFZMB/l1iVQCHPYqbh0X66blO+NaM4IJ62YkqNhxyfHujKSzLEKluxPT5tBQhjfzl4RCSkGSeS3aC1bfHYVDK/DlqJQtu14RLd6MQLfySnQ8F4RBs0vNK6KCvNiNOaYz5JeJK7WE9kCzKOJIVZLMTm1mRRWdwr1EpXsCyIMvaOWBzzQA3UGmjzo0ZH/huJGvPDis7/IPd27fVzv4kZpR1Tff+tz65n79zx091njPbTWTlxdW9D5eEllQ3COcV/2nBdcv61K3Ztkzda/nhrv3KK8uG/DCrOgNXaZVP/GScP3VU7tHxg6eUO64HvbBL54XDkoijc0OYqaU4g2jVwzZEHWOsYACFrRDjQGo1bCI7GRiWph0TfzXDRh03fCBA64jq0f1GTiiZkCfUYbmgUOq+/a5dkj/IQOH9e87bCDsfFPHWWkw0KIUkCAquFXMso5YatNpbCbzHIXLbKId3piVNL8L/ZSv7Wsl5dNORmedNC4+XsqQqNSJyIuRuZjTXoVUt1R27bSJmfmFPcL0fJfB/inlEaWL/LIpNZcr6sEiDZTCRKwkxuLymBXAV3lcYjhUgCl9BRiC6++kYDphhtU3HSET3sK//eqmfxxXNx14dDPJ3LSZZDy3Wf1002b1s+fOfHB4zYbqeVNvmn4scm/kjnv//hF/hv5I3fTWQXXrP46TcYewX9LvNr7/c822Xk8sU7/MznojcoHlmwT57/hdhsOwcwHuYZaDH5eYYdkbjGewq5yglvtPQCJBSKUy2KTq3i3MxceGFCcGaiEQ5WA0H2HFaSGv6O2SbDQNhepMQNu9aCnE0G4xh9IDZkFHT5dZ93RRR5dmEsovpkoUzaRFT5cU3PLqzUtG3T9o0J9vfmDNipzSu6oXNL/dPXfE2JtXCcdnzTKLC/quyA09ukwdMrvXgAUziwpuGFggWWDNtdwEcb0oAg20cz04PZ5YxABPFkVi1eKJjcCHorwUoWlYBoEZUSuI30yM2lstmX9GbSX+MyvIre/jxft8fjo5vFDdrG5eSA4mLrV4+vMgC/XnDCgLsYh8PauSZntLyCY1MRFwN8ESjYnMyXy5QfgY0yXbXyUzuf9v+Y3iJWenG5yeZ//z6cmroOclj31TkYdzq8gF2t4ldOXT040hRFlI6eaMlkNDIWso/N1xKgeC12LL7CpqvLG4JEIj2bsAjlSA4v8ykNHCrmVass3/fpqITDOujZjB3xl79H+fJlJGTC+/sPIbNRbMGRS56pqs//Mwta8Wnnh45fb+6lxSq75ILkQGDaxEv/UFySNK0gfMb80F44TRG6IRmoTfWoCtkESb5Dl6lPkHhTQB5UQHl87VaLkFLG8AlMi4S/s5DdPtPGw0g0DLGcDwXJruacNaE9FUDMc1aUk6eIJY1mPiAGnmzMaNExqfvfHGjTeuOvrG2EGDxo0fOGC8OA9bNzXe+Oy4w6sGjGvs139CI50jCLRixMBTebpJk/xYVolipQUoUBUTaXCS6ACprrMMBZW3QVgAjmxnk++UFwTAIktCXkDtRQzRGG+U82h2SmfCMGap6EnDZ87wm86Q5epiljaMNii+mn+dxrmPY3EUurQCEDRrEAShRT6JMRR4xgwynSAG8cl02rINjhtVps025rzwyNCLOun5SzNNUlDerEikmQRXv/bAMxOWTiMT2xd9NCXSo8uomw3VS5cvGL12wR+ObDvTNDZU1KUB5tibj/A7DUe5Qpqrj3OUGY0tCGL4gI3lM1k0aluEHpZ4gIHMgW65DDZzB00XdZhhumgdzECvS1Y2brxQwOQHsxwlAabw4heKLEc9GexkealmRQsSJFJGqVFYI7Ueln4AjKj3E4tXNtTMbbxhVCgcrItM7vfkLUs2bZ8wVdm9kl/y+rgZFRUbe0aKYGmPBPvdPXVlld0z+/pFD/0uDoPrzNBicRiGRBxG1KBZVjEOo7IqAMq4kQzf0Z/U97w4VDydcWSyt+fbIc1mq3rEbaDPpeL+XtFWR43oaYmUPz6ELEq32KVr/AjWD9ChdjtXwm4Xc9Acyf9guSvOIejeaZjwx1tJ+RelKV3vaOg3NddgQHM5GvD++iYa8NaOHt292+g/qXthrvPUNnGl5IGTcj0HgqkWGhIzUapusqPmY7KYUamjZ8NyEvPnkX6anXHOwhlFTIpE27nECllYmTJKff2VYTwM+A9lhXn/+pJvfHbrpn51/31MdBFRPf+lNPI3kORdFzCHnS8hJ0D//n+dw+6+PD0OlVz+RGcyGuk4o3oIWhZdSLEwe0OrChRzoqta0HDYTXGYHXuWDGfQImAwKltPMolyGM9gYlEuAhNzi6vCuixbXJgxPm3Y1pp9GdUNTz5TM1h91+jod0Pa+r6pkwfcfauX4UcjnP9hek56Ujq6bnnRM9KjxMhYeSEoBCwnvZGUvfGtYMjoUSMe+7rtCfL63D8UdO0LNC8C8tHHIB+hbFvDKkCgNqCd0xRtjVTA1YriaOn4eg2gREY+i5hOzshPgnAyUY60PLdu9yt/furVYwOHDevff9iwgWLjC/sPbv3LvoPPN02e3NR0881MdruCHENosCiWPDFpgZw0HppaMMw0NyNqYZaMKjOpIl5SyN5qiU/96gyZrz5CchKX7wFYGheqkXS198LOS7h1RwdgEyc9btjpLOIW/5NzFgvDeeBjTqNwvbCh/RXt+/jvv+duE36h34+D7xXDUfh+QQ79XnBqv9/d/gqsra+6SDgFZx318sVcLAdtN4V6MiHaP6lq3hlAD+wvnscMOOa8TBMFfw7VvvBg5WjqegrLK45KmAAtIsaZ5bjNlZZTSAV5l1b3pVCOcUZvIj4BjQ0BllzoZR4oP6UKybpL35tW/qGCmMbOnBUZM/b6+MQpk36d/v5FUqObhrJmPjMNlJfe1ZMeHVHT0D9S3avrB1dds0+8U7cVdXSw/DfjfFcRV0BhdTUnkdortN/OvXuldlLH1Se1T0y0j7+kvT4xzvRL2i1au0TGLmjgtHw8YyHNX3DT+lw0UzvcmaIlGtHtH3c4bRg67hAxbYpeGrTAfNCV5VAic4oyeDNP2b2WyOSlpKacdGZOYRo9AfLGrxTXtr/NO9p/4MNtT6retcAW7lzSmUzF0vX4GoTbQuAL7xqOwfyL6Lru5LMojtIcLwqfLgyeHa/Q9V7efjvXSNtfgnZPZzup6/g5qX99ov/0jt+wveMQAMlI+3dj46t30v7PQ/uXSe23d4yn/dHnaOhsJ3Xq57S9Hfr/hY7P+k/HdtTNtPw4G3C8WzS/tl2POvUYW+OgPIBUjto2B1vhD1HeZ6VxS3YLtbTZaTEpO9rYrBT+VhSw7CzHC53g6YmEICNzmVToCXUlRCbhXBlFBKzBEHygM7FOnUQql5H9//jnc998w9epfJOeYAcfdpCPvzynrlcZ3AxHKR6Wa3h4gsKH5p5QOIQ0PF9wxfbbyZArtQOeH0hqn5hoH39Je31inOnYDvxhKbGJTnE90HLODeQP9TczKSZL14H4X/6UepyUrVGPqyfWkhKRW6++R0rXwsd34Vv1PXhh8VkLO7YavpCAEAFlyuNmat78bD1zJk1s1cM/PRYa+4Ap9hYLi/30aNGPufLLBiHF7s9ElcdCq9hEs1EIAebA3PstnMWXx5y4MYPRFElEJVADoUzz7dE4SDx+mrLrxlSRnsU0UeTQ43UbG/Zjws3Bh8ZtGneIXHMVuVA37dU9bwyfSuaHWbLIkOapy/bDtq1R7xy4Yub9+8nSN27jfyr7rf2aYvJNfAE9PzRvgML9Km2fSil8L2+/nTiu1A77tD6pvT7Rf7rWTmO2af8+2jlcSvFez/2xcV49D5glAVvtNLfPKrXGBS9L8zMmZypFeXsopKcrGfW4Ti/6xYwsAshLqzRclgZUGVOJTf1EvfBU06pHl9x/l2HnZ99+/Nl59QyfM+3OGVOZ7AlrmCqhjWmJNiOaUJkDSk95EOu9aGpwtAL4UYUTi7jQkCSHk3mkABm6Yy4wzgq13i4VcOQyUSDvLsdTc8TCcrQEBhx6zkoUMYGL5nDUEq6UyzGjNzPCwg56FtDSLg7xP/nzSVICPI0wKyT8T6So64DqAV0rBj0+Ldz6yc2P9anYMmBbbm31HycNGTKi35Km2+4R5x/9JLpmwE3De/Xo6svo2WX8pDtrdryYlfdDQWhxSbhP12ELRw2YXl41snufUdMmXlxHcYTGR0sB2MPByDu4q5/jrth++6zk9ly9ndT92pHU7ki0j7ck9xcT40yXkttjif5jS9j5hHZJFRcApQ4Btu3mYrnItYrC0XTYqVIgiKgouKgTSqkKxcP+XHvCKqgIISXsjPfoNPbCfpbAzpU4saoe6qUYIRkOKX5ntCdLkqW23RJOS1iBzYyZ7GjIVfyuaEo+vPeUY670XJowCxtOczDSc1Fbwy/9IGhklmBytQltiJaIYpej1pRIZ6R3kRbq7UfVTI+IpQGxeUXFl0V+swDZ+h++f2PsiIe33Pxa6yfzB/31jg8I115meOyeN3ddv+u+Bz4eNungM88eIJGHJ98x7667+E3kRX56w2kWGF53zaARb01eNmCg+k3rE/c83nC2uMvkaQvGvvYcixEfQ4xz7wLYN6oejKsG2A9h/BbzubEdY4Xpng9juPACd8X22+dfsZ3UmZLbxUT/6S7a3vE0HMT3af8fNX57Pe2/CvjnP5Pab++4hva/D9q/7mwHfvt32v4JtK+i4/+o8du/J2K010n5VOacxLx19IAXBpmfmwmcmZZWzREU9cFhpl4guv8oTubJOwWz5HCmWZF4+1wx2e2iZv3CHOjiw5BYQY4apETxFH9VESXkxVU+Stox6Cw/j7s05kz84O0hpqubP29SRg6b/NitHzdt3/CE+u+On9V/kao75i6efueMRXNIayuRJ4mbFj66YUZFsTJw+EPrp65U13ypfqkeJq7Whx/d/NzMex6g8GKxrHjWRrGzFu6E+zoKr1q2f89eqR3p9Ior9Sd1tuT+jkT7+EvaxcT4023szDZwH4gR8TC1K2VwPTnFHowbRS5DLNXrlqQF427aQB2k4knFGaJh8r4Q+kE1y6bhPxR3wQIpy6oHDbq2euDA66oHXT0M3/mmM2fODb+u5tohtTWCeN2IUUOHjKqBGTR2xMV14irK3/OBU2n8XY8mpG74gmT+HtD4e6HO31MiSkBuETq5u+H33N3C+fL/33F3RIZiGn14721V63o9igGIf5x59frB60iVm/Qt7X/nzIeLKu+cYWOBiD1rZ9Y9rV7EWMSyydOaNhDPhGHkjH+LmprywvOj+rD9oLFPdP8aLjmvl7bjfm+9Un9SV57cX0yMMz3I2mncCu3fyM59X6a30nhIGksd4G7WKmsAYGNmnoGaWnHy9NDqKO8LhfSAQmTy+VpwdYtBkl0sijBqprkEaahcI5CxWBOwUbMWAQdaRQqhoXp6gkkOuTQaEmOwHaFN0w599OHh96Y6jMbOgEgTpy66Y9io0TTLBOD5QL8JyUGRiXWKiXVOf19bP+pVkprQw+q5Bir3UN5l2JHgXfWWpP7G5kT/MZp+xnhdaaL/GFsCvlgvJdF/nLCY8UaYz3BxgdYf2vkdtJ3WAaHyVpEmt1no+BiX2Eb3aQjbpznclfqDPLdd7y86OvuTunPJ/ack+jeQ04nxP5A8Or+A9t5XHH80tyMxfk7S+KM5TtfnDAto/2Kt/1S9v1RIxx9KbQiPCnNof01/cknc4zp9N9gkzGTpwq3Rqsym0vDlIIgEcRsTApyhmI1qTTYHGq5Lkom+mWDwEQ3QTQGN1p2oBeIGhmDCeB0sReGm7hE3Fs3oilGCmRjy6kvLKWIhApgU4GaJEhgN+7Ik+Pw5RZdEvRb1xcApoGlY/E5L6Cm8JKHn0EczX6iw+NWDpDcJPf30+QG2qW/vfZ8Mb5o1e5o4efmcG3gHSSf2upHLJocPP/vs4Yt1q7aQXHXN2sVrM5WlD3bqxxQ/mb5b3/FrAv6TKH4yvlx/kUvSp5sT/cd0fNXZn+In6z+GS+5/baJ/AwmSikR/j9Yf2/uz/oC3POyX3n8cX8H4htoFc5AS/cfx/TnPFfT10Zq+frlcMZpP4KehmPbvquHzLtqf5tzQ/tUMn99P7t+c6D+Gez2pf2mi/5j/Se4/JdG/gbQl9fdo/bHdxPqrvbE+i95fWEn8tP2y+QiPjevE/yl0/qXa/DfS8Sk/N26H9uu09gryALPfSDmgR7k5P7eQ5W4p9jBVVAFN4x4nZm5FPWJrnHD00uoLhzVXVdRgxrLhqXAyqD1BBsIrekKhmIv6TFxoRpBZwovkDTF7wyUxIJp/X65AJ46OyszCY4CPWrWVV1/FeivqW/ip/TWx7PB++O/wxRNYeUUsi8ep7iVquTeZuAosbQynldWm1SaLoVHJNWmzgkoGnXU6sA/RBLNOp/6SdCxJm5GOlxm4gHRW2wCjETDWOj0D2LcVDqcctdFsRS6D2gOpVQRXQQOMLkvfCcjiBlJOeqsHHa4p/z74lno8vmS+elzcgafOdcPOzf883N7Ej/zhpf1qUKR0uONlIEY/ULsFswON1+xAIN/y/03lph+1diqvYt4u/wI9p6x/vfol7d8K7SvpOf1Ra3+Hjn8M2v9N8Zb1H6P1h/PC76d4+6PWzsafrXp4kZ67bhSfxzUxfCtleUDQPpy1B1g7rIKcp3jOxm/g0qh9hebK0Hi7QFJM/f+aMMOSjujZrzVYqb2Y2cDKBGbDWw1noUTyONkcjNwIvpqucapaK5jpWSjTZHtKizB3if8Czw6p1dqPaOP3xho50L87O2vcBiYLAy//ha6xhp61lQs6c1x+gbXQylSa5ZNmOyjkktotfChRpoWacUxo6sfcTLZEEDuSM44EQXyE9CLXqMPICXWzemilOEE982ztdjJb5do3ke3jVEWjm/3p2oKaPvOGfs75n4y439dr7beQh9jasCaP1h/WUM326Wa1N+Yu6f2FlR2GBF3ub3hFH194lCzoeI6NLyxP6v8odzypvz4+7DcfbJ+r9X+S7s31Gl3b1X4VwI7XagTZ8ckRGL+O5aaoyZj6KGwnFRKiKaJYGNZm0VxhWhkkE7qwKfzcWCuqym+gNMPI7ySVKxeobfyotkXX8Cvm8Hvb2xrefEZt6ODI2RI9bp7fDHTCymWzDDnq3zKz29E6tJpvS2YjG3HcXaR8yIK/qceH8gvnCmXtj5YenNs+lXxQmrBfztftlyAvDe6kt5Q+j9Lk4+0JHDtK4VSu4dj5BI5to/xrVCeO/X58kGe+vcL4wL9qWH8J+m+CM1IM7RfoSL2/oXWG4OxgnaF01FcS1jLFFAZFKrm8l5ZWJpLSuIX5RDK1up9Rnx8DEuWXeaPJnuLSFBeUUDqDytFwSVwxweuLJIoOFRclEvpkKp0k1R8yGYn/+49uveHGa2fdbm5TsQ5R2/InZz1GvrhQffxDH+E9428Qa1g9It23Ox9ofJOeeY6B7m49TYom5tBSe1lMIGM1X7yabzdb08Ixs8wrxxxGWmqTBRQ76ezlSJSkXjHXjE6fusP1jMzWEndIue3AW3temjGid5/FcZp3dv3oE4fbXmzZm/adezv/3RlMPtNtzZQ2hzQZ/0BCBllHaTPTgettnTLCF5Q2hzSZ4mBnf0qbay+R8S+3fTeSQUn9O3XvxsVMt4L+xpGGtzkfaK/NSRW0afp7OlxgDTKsnMTs1QFg/ha7B5m/xZhQbf0WzAOmIcaYM2cOxRxZNN4AwyNQ0c3ygzorC6w2LI3rzAKMkaMcohFoXdmJJDp/kmvHoVc1whR6GrK4kNxA+vW9N19o6vT1FD1apu5TFdJ/x+aBdxblL6/auoP/kMwgyxxm3fljtpIHyS0//eZ1CQ+5fRc5qrefNS4G/MkB2SgE55EJ9pnhqGxoZabafE2Hh3MRLdH1+R6G1ng3O9bB0+p3EiVMQZAL68510mLKmhm3TEM1NPwVoQUvU4jQ7F4Jo67LXC0mOZU+XMMqRz00AVZO1WKyo/Z8AJEnonSTY1wumgejQg85qeiyD2N/0brnTUp4xwjgS7MPDXoGfAbh5x4Z+ti5n4iz3Wdcs3zG7qZRr61Qv1/zyIVN55d3ZiUKRrKfXzB1wl18OfGSsutHbMDEeNOSR7p2P1vc5emnHyamqJan2HVO83yNJg2j+Fah0bZVOk0SVlN8G810RM0OizRvGKV5FRrNi+u8B/PrtP6X8J7k8YHmhen4N8D4uzrHJ6OfYuPTOlC0f6U2n5qETrmD9q9n87FcsT+p69RRhP2d/UmdZqeeAHTHT2XwSs2WOUnTOTyYq6f1x/ayK44/Omn8vyeNP/qvbPwSGH8RhU+VNg6TO4IwfpVhOLSP0doHsf5YD4qOX6WNT2VDml/3ptRF7w8828F5kupH0RpzlsvqR8VtdguhcdtRm7GVBm3TWBPM2da9spZLa0smPbEBXvG8y0klppgMn18RZqWmfv1Vfev8eVZuSn1Gbd/B16kIv6R8wGzuSfYkI0wL/t/yAeMZmT6RxZ1n6HHnRMnB8Hsli8aYM0neTlMF7Jgo6AppFdjSqGszjc45LQPmjE43e5oWbu7EJ+C4aeq0KxI1dOaWaGmDTK73JczqLLNAzx/EaAjMIey55trd25cs0dII9x16AvMI09J37nni0L6Ej2tiwvc1nttA943ZxhwJm9l4zWZG+1O+cZXGN9Z39qd8g/WvDyb1p3zjKo1vJPWnfIP1H5M8vklM9B+r6bqsfyzRf2wNdyVfH/CZrET/9zptgaSR28P6qx6sKZboP44fxmyBgO+bxAmJ/uP487pty7iHjt+LnUsyj45PcxLp+OO09oQtLNk3CDqth/kML7UpJnR11r8+4Uuczrlof1q3iY7T9xL6QXPa6Dg3MvrhYeOw/lP0/iDT+pP6e7T+qPPsTOqfGB/O6/eJ/rs6x2f0TMs77i/lcDbM5WM1ITX3oV1/ngcr0mnmqNcShDKWSicnAsVBQNnz9jN3DG0cvkRUaAmRBy424tgHATZBmpczB/RkvWpDIi/H48+wMWLgMbQmJeVgpJw7FEul0ZqpPkzHSaUxnJL+PA0+g3F4Py1L5KH1/mSZJuSwJ6z5qfSUn1z6JAvzOphsdbB37+Zt217av3busNr+sz79dI8yY8Qn7u3CvNW1ta/FcP5DPmubFN2fRv3rZ6VTIMO7YRXZGHVCJRg/CC7ZSNyo0JKBIm1OshE+jUkq9NynYV1PQaa8OWYw2qiMkoECi41z0LQoOVHVJ9dfWRHwO4jR572scCVZSKaTWjIudiMpcxQ8urjv7wtYipuYXHKs73u+6NHQn09eVseyrTuTSwxvGySQx/JAIoP1uKkgBvuST9fDs+ouV5C8nJpTAWWtqIBVoZxyTDKxbPncdAxZdHLaepIFCVwQzxZ0mfhAqP8ABIc1pCwlY8yj03r+royBcBPzH1xzTdl3vvv+NCO9ef1l9Qzau1A5E+iFsYTaZLKwRki6XlUwK6F+WBLpxEmlBX20TidN8qLJ0+mYUo9P28DUgEuDL739CFuKVnCQvEgqHlmHFQerh8Ce5M7Y+aBeetAwgRYfnLZh9VPrhDV70tdO961//hZP+35ahVD9EeYLdEyaD/uQDRJiIxfz4zQz9ejRHN1WQSede3m6N9Z3gUkH9Eln0uLHaRg5inuTmsbyS/+3JeiBpIZEDvjQGtiE3JmvPPpViatHy/yDR8RtyengC3yrb/Nt2DbF23Z85Yj6E29wmm2jNcm2MVp9C8me5jfYzjlpFkcZd69GWWxhJSUYlUEUKA3qSR2BIBYd0J6XppcqFTB4joWf5tHQBS0YlT4ejcZopqDhuoXIqbSyQBdXizczIOGlWY5aaaRCqSy7XhZAMvcWUFN2OSnSnwRm1KqvC0XFklGo6EdYmK/gQRVMQ82fSu+fO+uxIPlFjU9vb52pkFVT6h3uwQXdp/tIvf+VmbF6d1GosmvXKkN+rzGz7146Y3S/Cx+QanUnX0MCn18z9E2h2tn1jhxb+m1V6plGkQ+XloXDnIH5TgA2+DyV7sCrBnPvJ1dxK76kilu3pCpuSl4w3ofBbFBQS4NQrgpGwwi9ayj0Ci2tLWmF+CjKCANeoRMN/lq1N6U/xmvnMEAOSa78Fo0Uwun1BXvg6e0v7zTa8orDV6G7MJrTFT1YbvpklmjPCgRscaIqXLcrV4WLDuoDPXLSIv9bfbjkWEV3ImLAnbQZnXTiihXkClfMm/3Yo3Pn3u9hpeSG0Z3xbr77sfIeXStxZ65QXE48P3PpvbfMvPfutmytzJwhTLcpddpg9UBZz55luEu6fFBI+ej9jE/zG3Xfl6RSPrpNs8G8q+nFWzW9eL3WXq7J4XFNL97N+PpiXc7vnSTnS8JKzafRCHpKp5wP7Ud0ub13ktwO7SWcJrf3TpLbof0dytdpzSS0fdq54GUVkxKVvk3/R6VvyiuTyiEl1UFi904T9pHN6M8SelNZYrd4Gv1kcM8AfVabKZyI63YE2b0Ejpq0aSZ1VSCb+L35eAh3v3Y1mZzz1LBjfxpR86R4OuO1uT1bhmTceMOoPySP6wCOhbkTrIYiTU8GeuKka7BpTzWltnHgOlWYRm8E/XT3sdW1dWuP1T2Soz6dNVOSYNQxYzPqng8Fl2FeQIZ4Wthn2NGZr2Roxb/kfCVjZ5I85n9k8FvF0ydOwLw+gd/+IpXCekdwWE/GAIfXQF11BhOoA1xIfzYfYceRsIexarlGGAhNS3zb6elh5QfNNA48nM2D9B+mB+WT7WJw9Oh3nC/a3t/64nGpNFiZ2rx+106Ey2qQO1gNri5cZ92tRPkts55GRv8sWhS9VuaKldtitbaAf5I68ZRQLcVoXPlwrjOWHLPuhMujyq2XRJVbk6PKf/ecN/IfospJnX6A1/VgB7bScFA7nbP1k0g4C+AxyKicjLX1BVojD4P5LZpxxKU/+xBD29F3YmQR1VzUoj0hSJCjnE0jRQhSb2dRFsvwqS1Dasryq/rUVs97QL1w9e0jBs3q2bWLK+ZfgvA9Lp4SbRJWqH6ZQ0zjnOEwPhWBJRy3eEwpJizjqxHoqGhlHiqaJl+ZvvtsvwO5tD6Ju7ti7I4uWVH+DR8R4pR/2/3ZpoMv0bojorPFINJn0uIr9GqR3U746MLXGHyVVIBEisSgGa/kCEfDDWj9kVdEg2SEZvclhUfw6XKYZ8WjAYfiUnceYwuOW1feXnL9iOqCnIh9jXXVbfq1eGrV5kBxbs9KfAtUVDL73QY4e2lw9sycC2QrPNWWcFxkB9AewmwKzKGgES866Q7reTMb+s3xkrLcT6vPPnQVKUs7OhNO9uiXSrwVRyoz9s7ylr4yit2joX0bX9Ox7P9/3PtPGQ0Nv0M9de3lqNfR0eYTT6tjpABGdl14i/mQ2/4hnu6QadvtF+9lbRc/Ek91ZEkO1LIvyhylv22nxQPqRmkz6A03Im1AZ76NPo0nkbnqwVrhGuq2WIyAS5jIj8uD7haNRlgxL4DKMzYrK+vokmlRMCy7z4rFajlSKSS/WJNe2k5nTyt5+KFNlhf911V2zRto+GybxT5nyoaSoatt4cLcPID5xSWwti/ovrq5XKQeijOsE1YrfWAeEFVjZ0VaSqq7k8LE1cUlpCzQVLLp2nfJbHr1bL9/STbvsL9elRE5EqLv5cc0WKi1amFHM9Cpgv+TTtEUbI1GtZ3eurWudqv6xdq1Q2uAVp8CejtYmpDI4RJptQo9h0uycH4th0viaJVujoEHkFEyklOuCivJqJklns6pfL8udXcLi/XaLZ4XPpHigHseWgkVB8ti2eL+kCZ7J3I3WIJjOvNV0DBaCdU4J61ukS5HXbT0hYBPELTZPZHLUbBQn0xVz0Tb7qG9ItXVkV5DQfouNhGp190zl2FDn6GG5qEDBgwdPHBgz/TyPQM8d7c4V9CPLPbwCH020c+JWJum9u87ngSevIAvJieExYCfgIk8teF1/AmE8lWGn53FALeVWu9DHU/q3xl+pt+VXuk7/iv6XTeu7bLvDoEcFIHvirhQLfvmHN6/A6QlKYv+pg/J0X4T1X8D383E35D7xiX/5mjHWcEvxUGPWEt/MbkjpTP+yLDHJeEaNb/fTzR+pjDxzJy65Gd/aM+uQXWcPfuDFqrn9EL1lz77Q9jQvt6ws4O7WI1jR+BeFryXcEtnrAi9V5dOuwr93Lcz9oF+LtXi8PXnV/i5DG705U+w8Iqt8bRUM/o10oytelkV7WEW+sNSszRC1iKYU9NpAlBaKnySbC79wc6XPtJCJ2cYbPj7B1v0f2P3a3v2/O1vexfwpt8/2+KHixd/+KHtIvRW9fXgc2FgPd0S6xtJP3fXfZm0br4NaxcnPwkr+YEuts7HX2EghkiFMqz1yQQdk/7sK9KdYFl3Qr4jteR79bB6ztLHbAvbWRFwYU7Wd5X9/l3StprNA5/JAvPo0emjpJ/LKdxrNd8u1tywciV6FjDA3aA/xwh0R4P+dA6tABZDAqI9bK5W+Katj7ChbSd/nnAdnLhLVdv3aXDR9hXuF0o8Q6UvrU0evBQO7FFgpis9Csx8ybN9donL1WPtn+NKxfjF4RqubadrCieeOcts6JVaNKJdX4+RPYWKPXPKnsKeTmrUnsRiYEl9mKdsxnUF8orNBJMza8gptUL4RK0OK+SQmv9dGTn+E28hx75RrWrf9p9sHVynrZ/Oo6rThkk/9+E0n5a0nD5XLw+wfppWsxgdeHFflkeylyr5YazNrcihuJhLG7qG0ZiomICUdkv2+dLn62WHaOha1JgfotUli7VqtWW4uFwsm2bX2XhBb1xQOCT6MNW+lGBxlrwCtCb1JjJKk3r2RONK4nilgvgrdhLHY8+qX+72qa2+3eqXz5L8+GZHyertfLPj2Ve2ry7hf3n6t0fi8Ud+e3qjemHZxx8vI9Kmx3bw0zarvV9Yff8Wnf7U0/Uz/WYW4OJa+vzW6zWLTQruCTGBWJgm+VPsaK/ByFHFk6icpJlt/ARFRqxep5hDio8FKsmsDnXieRa9sei//pglLkBdG7ncLJK3NpZDfDkvrif56kn1RFj9KqweV88IJ8gnauBPDwumtvOrnsBr9Qv1F3U4iROzXidNcgFNytVzRBQ5jEeDxgomsoMCVBvMBEqZSXPOM3MxVZ6WMzNgUFImK5oN5ztm89E4RKw67aNxEj6MKcTI80wDK5nhS4S+EgyItblztBKwgSK+AoslAP3y8EY8B/gY8SKtTIxcReav2/IX0udd0p8s2vo0ub29+aF7D8ZffvPe+4h4Ixl4aBfxr1Vj6heH1Dcnqm3EP4zwRw6fef/IsfZhaut/ylm7oh3eo/vHDJw0AXjOo9Qe3qT5KfDZyYW0/XHWXshpMRMecRttf4K1L9TaKe+akOBdTR122r6y41txD+Vpm2j/yYO5RMwncBIum+vKTeGoyU/xhaN5gDTOEI04ZjbYErTBllIUygFqkuOktlcHYEw3eKfR+5q/t0UypzFuQR+j60brXwlNJzfrHl0WxMnUH9nTma/xu8LsjT/+6/anQimppW25xXW5Gc7x2XNvz/PO/tfbrVjL9PYZItYyLSU+0qOubkLVTRenqkdut3xncY4Y9zzpQexbtqxsscU3aDHVAN8ckKpKuKWa1TyVhlIrOUG0MCvFmp+ha6IyrzeEtvMMzctfQNOTTK2xAiOiWkEOoFopfFfgQV+/SJ/5liFHrTRxO1VmPrUcOep10OcXsvyXYplmWrnlxPNwtScZ5hWnkcsfUw0AkDeSVPVrkrLukT2vqhc/PfLHHg/3ufuu5UuGVdw8e/bNH6geqedHv/7j1TV/9Uup+1785w/921sFOaf4rrmz5/8wa0pjk4o57jzgykPiBJCskVdqlQCcQSryOxPF1CxaYRcMGUlx4vNYDW5qS+ec2jNm2KNQtCqREu8N9HRV8aTvZu8ghyRGcjaTvurNZZXqa1d1Eyeo7n4/XNvts7Gk7WL8NvWLefUk+97OHJIcLgv24TYWrRgNAPRBnTUZEtDPhillOxUXfTokPmkvSB9HnO2kaYKpMEuEvCubVVsvkF9OMXkzAsXsGZ9AFqx04ikB2RXnDLZU+oVJZoaeRFko36V1odAfkPRUYgdp3Hfkm+/fm/PuI4sa/x/23jy+qSr/G7/nJrlJszU3S/ctXSmllCa0pew7yFIYxAqIyL4pIAIiIiIiIiIqLoi4DLKJiJqkEREdN0RFVIZhgC+jjDoKyqoyjiI0h9/5fM65N2kBZ+b3PM8/z+vRV7W9XJqzn8/y/rzfW4dd1e/++7e/RI/RX3+mn5P2t02ZcfsNU+YvJdu2/dj+ibcfXl/e/VB5TXXr6im9R/2ylsboD+e+nLDgvsXXr2pf8KqmgV5knCUVg0pGIdZMmASi32U6Hk1JL0xiNkEKDEFJAoAn5IEgqcK55pWKqAe/i3hQ7MiTytXQw1mKCDLkALlFPrIYSkBukcK8NQNmRpAPGXagXYxB1SWD0IH48BtN8rSw7q6HD9ATs44PGzX3/oEzpy95aM3mRx4l9klfDN9Kz7OT/TtSdeO9WdbKfStWty4+0iY3UN29Zn+3vgvKS38euBH4BugSw1kFmJAHSShdbdKVQAXVdBZnUGV3EJ7aSEwO9R6hLLXB4EnP5UVCYW8aMiCbdVk+T1upiB0ZAJtVJNnnzZE5s5cfPc6SwpFEIW2zHgrSvxvqd9NzS0qumtRt07P30097DRo0EcCF+8imRrP1y23Pswvsu0f7jajKcvgXTHz83eufqsgr9QxM5NNI4PFuSuLNjLf/0zzeFzoY52k83mjvGFcpZcyudDObZ5Bm05ugJWEP+1+qKMTK0C1gT0AY9EAyp6mtJQQnPPZ4cCLRmucwmyINT2MnySSJpNB/0jP0V3qG1BinzJ1zo4m2Jx9Yptxy03SDnTxB7qNT6G30RjqHPEXST546fuabY0cPiNpQQ6oe+02kJNG4pQxa7FcRUQUixCLURNLitaTyqo5/uHnamrciZJRBikmcqliv2frFOIrZRue5lg4bq68VP7MMOyTWo7qNeJhYeRkynCZS2C04T0xqlJidObkC3QefH4Ri0YJ8M9BssqOPJBYXynBfmQ0WcrigcOQNgbaDrp21flaQpBcNqPEXpt5SMv2B0lvKHErrnM+M/pEj+jka1d6PPtjYOHms9ZTdfdNc0mNJ2zUDaKZ2l2Pb5+rcg7NwvFoIHhc8tEEU0YlaTboopuTQdOD9HnahulW/y0rMfoXU/q2XZdZE0nbY22vpGeOo2GPfPkkeIGUXJbqCvro2YW+2lu6XgDGCnTxgxyfZgsGwMy4Mz+s68BTi/HSg3gxGsnYEJSeJgwjsslKuMIca8XAmhQ3ltQAXhxktdUfyilvBJVmghv1FKHYDnJzifBLCueJcqlHKwL5uei4JZTltk7cmIx9Z9vnSJz/tkWIo7P/6yUWPbtr80pqKMffpG/3wl2TbnW9XW9t+fOOiIseXf1k254Yhf5k/v881VZkJm734b3rtnXEWm4MhOAfpzC4C3utUaQzH53DHJ4ktXBlp803Hw0aPKAFIwUKsSAqy7KaAkeoTXjR7qrhRjc6YBIEsRP2Hk1J4GXOquJKqakCbKgFig1qVanrEeOhUdYseXUoXVq96hr5M9xrmLJ54PPZxsLLg8/ScDevl7o3LDXPQjpvH1tAqdlapzJIbJnaZTxEsxJmiZoxjAlRUo4DqBBSkELAAFXaBExSXIzaHEe9PH0T7HE60a8R21Ij/ZY0yX7NZYIbmEZ908alTd//rb2sWul1lszveMm7M7JlTWcuyiYdUrKDnXqE/0M8Gbh1NvzMUlJU9Ew49++RGwU0D6xHxrYMlbnFa4mBWobubymsRQqYA4lltovY7VY0aLMm+DI3x3cVhl0iS21RiN3ERVYs1RBwkf/tLw16afOctgfFLnn+GrZ3HhoxjS+cM6Us6Df6++/s7+42qzS64e+rqTw6OKSzztjyu2c0u42i2RzOkejHeqrY4gJvZGNBgxU1lFSJmZHI3G4VkMCgsQLLFrGIhJBiOYcnMD+RS5lemIC1ZQoClBE5kea7ciX4bXXrhedpIvybt5946+7YOPQPr7pX9cpcv3/r+kW9uB862pzc8+fCMV6/ewMe4lK1xia1pN9xnzibL2S1a7AH6L75sVW3ZRlTc6ipQ7Xlx+YoqfHfC8m1KLl8aMpTQWQALu/GptyKGeQsnNiWWJ9wfYW3xSUMF5gPuBLtWQJDSHGPgskAmPuSAgwjkWyBwIoRk7Aa4wzwYlFYQz5yIMmAD5ufWXZ78EAlMuWXBLVllJNgimy3FYzR2kVB5dGzVI4t27Lnx4GvPnL6VfkA/JgZJaDmYzhvnsru2QLqFe9ghbxC0CEIZvFI+nMe+T6nQ0CnMO4A4C4jtMosGYBEZWJmZzTuALpNICDHPlFkH4WwfZoWkcB4Eac0Sqlc4VKSu9zDzOpV5SC4TYpskiDQAJL9QMuncBSOn33ZkRD/iPLjjayI9Tn+K0KP0ND1m6Lts86gRtV3lsqdI7iMP3753Hj3RVja+foh+ceFFeuEpleaRr3JIwQj7J089/fygMTxHu5ft1N3Gacxe68bxUcBmk2I8HnHJQk0nbOIeOlhr7PwG2FM6XJyvErMmWeHiN6eBGBJuzlxC/MTDb08kYzCQSvLLvem927XrcMtVI24ZXNqP3a5BWrszq3enyrbXTF/wx7aT2Ux4DXPI6N6dPT/nBmfOP0JOxxRa1LXKcSZ36bOkd+xx1Ab0Kr0VsIemxmdI4VR7SiouYUBtInjFGcS5ykhcWzBXCp8rC86VXQRCsJrWx89ElesXABAnpOqrK5X9FybC4Hezc9GEM/MQKbhrPckMrRhMMuvofnqIzcff6RdymRyM7XrpUbupw/kP1Y0NX5GO9DtmQ5+hf1FpMflbEmqBTrt4SpnP9kQJ8EYXQV9ygrBF2WnNkdmgQNCiOVesIHgCty3TwuvtFbHG7GrYWMTJzP35KEkeTgWuu0yQwmD7uIi95seUpCOzVqw4v5ygZIrfuAx+ceQXc7CEPK1NV1K0YNzoqweQ9AFDR41fQIq6Vp45cPvTpdbWT809eErOXUOMz7H+7duwdfa9pIQeXjrrhfVsXyvrKH2K/kb/OmXK9PGkNbt37RivMGrxCmkq/VdCvMKoxSukqSWJNfKjdFz/+O5Swvuj9PjGeIHbxDHF55t4PIRU4d5mZ6HpWeQzrpbWS5F81G1jQ50NiSckw6gMNMgZ2Rbm5LPHbSvgxiehmopQC6RHBC+sBcanWsB938IFaXRw0rxwQrW2IMeYky2uygAETLDSrh1ct1yqI+xszfa7LT+VZ2qQjL8MxOMtReXwKJs5cKba2nDbDATGx2kVfYLetaS4kDtwkifoK0jlaDb2gDNisMsiFU330sdXj5iUPGbkykflr+hH677e9RPJavXIIpnupJ99/rk9M6tlG/LN3u0pyyd06C1/WT9qWJd7+/QfdOzXXL88e98Dz71NP6efHy0rZ7bH0xs3VU0pa5mVLW+55S75hTfb6TqyJsW0k53jnUX81WzgB4dd14kD8T48qT26TgnETKwy0t0iUgcFbDsbgoFUHxacK7KZC46Wd75t8pwbruneKr1FVUaPbdWoPPrsff8Kdc88ai8rGU2ffjB2ACRI2ZwGL54y70GtkhbSUzxSDQFQCPP4A5G0ZMRvZgk8NYA8w8ZisOBKoYgTLTi3Ty/eFAX1OfGwA8R+zIX65Q2lyz43r1vIVMPJJVBWz+wl0CIvVMPWYugbZzdIE1LLXhH9wQsTIsdgRUHMq6ptjUdMLIdaA5uBXwm+rJygtMvRI6evtg45c+Rol8MjJw0dQNIGDJ00smvj2s54se6LNNKzf/kLcTZG9tGlq1bOWrps2dJZDz/6wl93X5bj6/YrcHb9hDWKpRfPKEbTNmZFzuYaKJzgwW0+3gQ4b8p0AL2QSSBNs7mnYAxEsrAQJgtkmLMxZpudELO1ClszBQKDDozLurM5ei5T1e9tP5DUZhO9agro5diq5gLOI2g/MvLbXz/9ePa1466qDqRffQMN0T0CYv/jZ39atO8wqGHn9qxZOLxPbJQxKvo6FMaAzBQY5yXYV8ilFJj2MJtztEBoejX2MJvxeNSpZhiBt818vMGSYbSUadaoakXJQxXzeKqLLYUcuA29sFVT8bJIqQ05gWQ0bLQJaiVOzJuSakaBBhBlxcsQhTKluREy8B93H7lpxrUPLtly0C7Piy1x7H7zxX9O/fR2upk+Jh/+hly7vaZNY1HHt7fQyHsDaWOLAqCU0estTHuY31J9ubzZleLQUB8q3ivHveNie2cd1sgVSCEeH4VNnGk+HiIBTvViYINjMfBRiloL0i0JRVFs/2RiJVQo04XoVSdH5wLupMsD56Yg7sTS2hlS3jGFve7fnKGUd9gF1mBWLJ6yUIqrwZfi9bCzQ7Ek6DqzZ6DrHPEpZoCVRC1e/p2mZFOQqXJ4dQ0qt2QQj18Noox9KVH9ZitRSvL1kKqrfbCqc811eYZhs4iTXUl/o1/RKfSIq/MN254aatwyasXixev7ytQ7hpjla4kttvf7v3571Bi9lxI6brNM3BMmjruOc2+ZN6NWeKY0gVvRME4esT9AAsDAZtWBwxUyB8DGyIxnWN1WZF11u8B/ByAk6JoqmG1KFfFXyMCEVQ+w4adqZbJYW6L3TC1K4OYiR0hVYo8KDO5RK+5ZurYvOyd3yp14P6BcnE6YOGE49wMkCfe4BzwXt9AKbLK7XW59d3txclW+u1X0ZVXY3U3r3G1id/sS9db1AFd86y768zG6p/dg+lh8z+7bEftOlvlmjdd9jsb9ulvs13PamWU6gs8/FHxrQ3lOhe3jWvNK9vwvWPuzQhqF+3s7rcfcqE3qyz20kBmRFBEbsszarEll2qRpausCim2Na7MZBVWao0nSFBOnpFrOIFV0KD1g2gZq8uf70XqyRboUKyA4297CtnhB3xb9Rbt2qBqBGtJrIxo1pE+P37Ext+M5YwcaaDvnJQTFuxQ8cuwqJ4MP6ivE5S/RFwcgCm5nHnq72IbZk5955LHoIMAXULYiaA2uhuYYBu2shJ/hrGTttrIx/BlrlQE5xNvtNB4PS0ogELEhm4HNkYR81XhwqkaN2pK7abjQIfLYkKQkM2MKUJ5gqtodPFeczExUJ2ebDfINzEcXRMEV2Tpz5eZSw9Cd9EDjTfQAeU3uQA/lPU5kki/3IIMuDIgNJVtovbzVEDlKpUtxEkLnfjlrvwra4ZiLtzmDQX6OySZQuncD7gnlQMGmDgBqTwpbgD/HaHa4OFZbE0DXldBlC/WRLuQw+/Ew6Uq97OcoTaVf0lT5nPxWrKP8Pn51j1nko7FM+GKfDWf1IXbfFIOv4tKEoxGPUagcj2ZnuQCPka3wHEDaQRQO8YvQW8SPXrg/i8f8mfcluIGzmPUO6OdsIZvNbA+lmKvbcD7uppkmf16Jyu6evKZ5JvOoBSTtxR9I9kcv7j5EX2cdeWvnqNh0MvP098vmf//XJUs+e8dUdvXAj9av2J6ueLc98vGJQcRYHjw0ZvLZYRP7D5+rYxGOIE5gsFa7E+TmoOAEILrbJTYYcgMYCBeCtaphczImKTDoJMRJm3AFEFQ79BSwgy/VaFXk9WQWPeW2xEaww67znw4Z68/3k99aQXwX1kr6ebFSOy/YudDIzwU4X5AHuQ3nZQbuAqPWThtuPise1OBgSWGjRdWRDPFVANvfTvrFTsqVdG2M3aWJM47jwe5UPH880qNCp87d5B51iL1iO6idnZe9Lh1wXSYnXJfJrgZnsuOS65I9w+vSqV2XDmeT69Jg48znDhVBdAmXpl+7LfVL8im6h67hd2P8TgSAiLgPtb12CRZGxyA1x6qIP++EZ8ud+l7VcSYa3xHaMsWX4j9gL8M5j+NZLk4iFxtKSTvBvRV4/YRdAj8uqWHZyXXekGWCOOV4HX5fMtnqJq1JF9rxmsc/eWTBTcMWXz0x37StcV9Ajl34ZeeWq3OItXDgDcLnBJwJa/di6XI4DHbPKKl4tteJM8aA7ULliitfMuJmabCamXGJu8GhQdIxCZZw9cdvm79pl82FrrHReNkgDsSUiePST+QLrHwxR1XFYXXgoRxKgnPEqfAVF2+Eg8eq7CLx6zBgiENKiKDVYBMwLD2NVI2dM2T9XFJNP17z6fX7vjGMkEfGGqfe6C+VH2Jbjx0lu/n+Mn+H49ElPh7MFuKQIZIUvMJIQOzMIqygy1635APSjn1ViRHAKxfuVlpveRfPHRfwpSV+opgEUFuAAzexBervt6DBabNYOP7HrU+LzZ44LdrU+BOaxuaHWOPtE7OEXEOCq9gH9z/nKk5wqqIGnzWRsJWdCQ48gprxEl+euTWdJNiHuskrb5gPtz/dSw8ww6QKTICGwWB2acZtYz9hExpwLy/FMxHYkK7mLYRYmk2zbH3MsvXE25imR+aZPWvj17wYQYh0p1q5glHYY4uzy4o2xk0Uwud1PElndtQ+emjEH558cNnWHobxMMexvcf3f3uUGSoTh8XmATwt0Y4C/Hd3kQG1iiZGDe4kvX2ehGM8ZOUAJxg4jGC7rc0alWg2kermRlMsbjLBfusr7vF08BstGh4OKb9T2Ey6VQuQfDOXuSHdIoPfmAE4i5AngPhPF0aNXCq7xzMRNWfhzKYq1ly4IWIQllNU7fYWOVnt4PJX8Zysue/30kXSi4yjj9LNp3f+88W3dyfF7pVvU95ZO+7t603jJ9GZ9Bm6ii7oT4wDd+ygW95uV4Ljd/GUJd30KRu9bIhpS7qHD3FeGES8sKGElPkxDjP3Y7RCxbj34op7Lx6eR4IbDBw/jyiHS2NmiRnzMCrEejxptfrWcccTzQZ2nWJNKYazYR/l5JOrSBrpSOroK3QXM0SiGfR7uX7zc2TAxvUbXgCvBjTR6G10Nft3LhlIOseWyUd+/o2c/hlkeyT54i9sjaxBmzUFKkoTLRGkBberEnTMDsskFap8tRQNs0pArw3sa+iSE7UQADdhBbpE5pXZudHq5QH6AgJMwoXokhUQj4b9s5K1d9xDsomNfEE/foduWXTXPSufvO0eeXFg34O7D7NjsjK210DH3EyW1ydw9RrnsPukp86z+qxSJKUxX3yoYAcABey8CsCKaMmGdAC4BkLpXAeZ+5GYYciBtKorhWdeIfyUB+EWiVfIcvyHSyqqLvIoJqdsFkiEOIhXdRXkO8lIUkRqniCtCu6mr955RydzctXL4/ceo0cuSsyD+JrU3H3b4ferbxwuP0sWkYeqMlrQX5IrvYMfmz9kWOwU/ZHuJzNIyz2HSBkpCPwBzhfIz+9Bvqg0KQ/Y2jGdyrrDg3F5JsAjJ8O+SY+jRCDpkx6ACkwvR/yFshERxOYH4CImrxDPksJpLh5hS1e5mlYeT/0Fud6RjrIqagqwKvCvlTsdOzpz+tzlF6Uz9OdzY9hhc/bImPHrLkrGUY8/PGKh2+JcOm79i/uv6t69w952XSbqNeobWF8ScN7QB6MpjvO2XB7n7fOraw1GWm4cdbRxKc51Np1hqsRcvwfuLu5fmS7vX8GHqCbNv4LikyJefJLMU83cxRKB6Ct4WTXBancTL6tAkbNHjb47w5CygZ6JuegZ8gxZdzT92i8fZ9dZYeOi2MNkJZ0h3yyv2UEjCfzDmCvvq/lYSiPrQzMfCyfWZLmijyX/Gx+L7KTjSQfyIMliXx3Y9zvpDlpPv2UOX285Lfa1nItf38d2yDWx3fAlcFYFxlnM+5sjRUoIn5ZIBjTFw9aY3VaSAVsfRrEUsBTAlFtgYc4XD+mbMXxptov4bjZAjnLzUHewhFvPNjVMgJrazv8AyPBSsiGInyhBWP37ykEQ9aur/3T04489ve7Wm19aOfX2gTsHj5j71f37Gr9cNuee8y/Q7ysbW7Tu0blnt/3tOlVXF/sPlJesXfanWmv+ggkTn63na9BUgOumLq6rrGjpU2eirwXpU1FcyX0tE5YlK0JQBg42BT0t3bjxGrijVUPWkpJU2Uhm0MPeGDWOor170x8NrgvryFtzDzee5bgbU4HShflY3wkfa5XOD/cza19TH0tu6mNZ/p2PtZZUkq1kMO1F/kE30RrjqMQZ13wC4zJce+0Ev4tLM8C5Vj3MtBtIXdDCxoVnsPKptHNHqBOBm9XN/SDmBhXkV1bWDuyUYqhjltN3eSOfvGOq/WfvBrKQDLqwzjCPLqMPbdT6qPhRb+k5wYMsudm61wvl40JLadzQdgaQvyKDO3qdp6LUt9UYcjJPz/VO2OL5jTl8cT/P5WpIdjkv8fPYM/Dzoooz2Wzhit8NivgWPL2wA3iVZMShEofK1yUbVABvdpaxm2bFbCgwFFfACG94JyeY5C9qFSZr6Teu6rIPDu8uq/SwuS4Y+FGfVYunkwjr9czO+2+idnJu+oc9Gx/S5ncr6noLGx+IXYksIqBWLj5gOq4Z+jaLZidauOVgtlzOxof53kIq2bjXswYMIS+zlfYpDV4GnwOfv5p9PtY9GMX6wmNYMcXrHizxugdL87qHtYZz9DN6IzAsGuY1LhU4rCh+xtXaOYc87grw7AJnD/vMTviZ7JxT9HMfFKgNAfxMRRz9inb0RxS09hTATiTpTNzw8RVGJ32E7jXMO8quAsM8nQ8acWAjeX0D9Solipet7TQpF7g9kzlrQdgHlN8iJ6wEEbuVy35ENLwBgEbOCo2mAUw2N7d+DchDCgyT6YEA+BJZIpboR18imeNQADGPNOxsCZk1rCWweEo+r0hyF0Hu20kIx2GNJG1JMclkNltn+gE7nY+yf98l7dfcu+iPcoclq1ctlStipMhDQnRwKv3r2V/poVSaRb7NIBVnVoTd8lp1Oy11Rx6451UPjIHQi2djcJ3AYM4wjcd11k/z7EyJnh241ybtWLEnZvaNPGXH3WsouinStbsS/WpYcm+RwHqAycFE8BsPP3s+a8taxMtcxTku+QJH5V87LHC0xjyJH8rOMqCMARCoV0BTMLdrcmFMQrjVTb3q+aRy6bAnBsKyn7rtmtc+kt9iO3HSIy3yyDds+b/ZrvUbfL2b/Yn7TRsHXIKmRJ+6Sfd1j/aK+20u/xK9Z18X1iFefoZ5F9prLs2Ghk8Mm22BS73qhDaov9+GZl71ZXzphCZtoKdJcrxdYma4Lz0Rx8IDvjT6gOyc13cj81OT9PPHi2e/Hc+fiNWukXdpZpOZx6M5EhZdQhUEFfOYRcxdae5JrzpE5F+pJ3aSBP66Z9LkP7NtSwdv2ESfNsyLjVjRrb0kbFylHO88N/M8NB/aw3xo0TjmTzMf1aq3LbXZ2eiMj5eHI6O52KK7qQ+NpZolommET+OjRPrll389u2LP5EnLDGUwndC+cMN+1jhaxGlksQ6CrWnANSaxU0X3n0XzmMcXHzd3whUN/rNDDBbeoKq1WYPQf8b2sLawsTpH3d8cYG3Zx9tBn96Pg0SkfuxMfZPZZ+mAq0wTqyriFld11GJOczvKRFE7Os7KQcRSMcdZ8WlwHu44G9L4NW6GaxwsGZ8QQAcnOlmPcGouM9pgwpnu9/KT02+z0hFkk+XG8XNX1Pf/0yjCDnT6E/3XXyrPDL7rrj3z7+iyr6CcHWff0i/oATF2F08pgAd3SzmgbJTgOzdh4cxS4r6zSWdiclua+84W9J3TE/Li6ZD1a+I1p+tecxDi+ND6gvzCkgI1sd6SDfmn2UQ9eJqk0xO/HKG/Zu0mjWNnzhg77uYZY+EePXia7qb/oqfpZ+eO06Bc+fwLLzz//MZNQsPMmIt2ZFNfWSAkdF/ZFPeVLU18Zct/5itXoq8MxX/M5TDovjIpv2nGP/8iW+jezY3B6cO37Ot/DdlRvmXWuu3s6FtLRxvk3oNIxlXSf6CfkqCHInNsihFrpLxSsfQwx1NFfBInl/pdduySilARsmMXapx6hUVY8QNAsiIEgBTBCVLIb1Bgx4YijMIifoFmqQ12py8VK6AyfBwTUKSG0mpDkpt5dHm1tZcnzE6kWS2+LHW2oFsdVd+cQLvxpKBdjUyfHufRRj8VOdzIPzjXS7bA2rI9+CPuwQkcM4ckoAbBPRi1OVOB79MW34PSwaiD844AJMYhAZORxeZUeSfVVI6fd6oAhbHhnrQgi7/hEgCuhnxAHe88aSRxEv/2l4ZtuXHKrGSykV7nnD5p0B8nPhilJ+hRuZS0JHn9Dne7fcGexQsKW524ihTodtlWtMvqOQc26xTwcCvAgX3x4sWjbGE/2kS/hvN+LxB83Yo0kOv3sf28HzHeubD2MSKRxkYipYkH4WZDkpSbArsgCXZBHhZNpXHAYBpHCcF9hlYUIn2k2nAuu/gjBFB1TRwMjLSwe6UA3YwicWQKd6PgwXM/0Fza4Qy6HMaMJW+PHbNI8zy02wa9j+/gMMWzHNuv8tPUIbAIbu22AUvcBTidUFpQmAsa+lHlpxFnqIfTyI2OORxPGmUwnrEukEm2+ZokI0QfEIagHflkJKkUzacb5BXYdG7B84aDFc+vgP/7+Oq5r4v77LjAK7ysPWe+sV/4xuy8sifqvnTROBoNKy5o9UYzjO+iXdM/Aa9gaoJXuLytayWahatDFq5o7zFjl96mWbsX1tEZzKZCLJSlk2m3FJBWSJE28Nktg5BeC6UGIq42GLH2JHF+wVBhMGwFqGRAIwOGPLWDVzyAkJvPhVrCJYIMGCiyI2YDsnn51IjiR4RjhjuSV9gSkfou4Poth5ujQTLnlXDhn7Dir42z9mlFam4ATfkhFO5OiKyIWx0Fv/KkuaSU2Pu90v2mntcV3/XgjtDV15DqvjeFtj+0sGREz5u6hvoTOyml2+nB2ZGBA1+eTQ/R1wwSGULmtg8eKvf/8x8X6K+9yAN0di+SdOHrn/3lhyo70vvpS2znjevbv39fIKjFGh1lF/r+4wSXsjfIy/mAlUfz/QkbDcIjMJCJsHL8hsp1JdljiLqk4Z0ZsaQgFtTlFuTIScy6iRjtnEzc4/dgwazHoNf5yGa/jfgV0vU9v93i6jhtIRm2vbNl0vWk7Ud/pmc2bKUfGEfFFo5fdPUjxEduij327VPkUZJPH479/ROygC4Wd79JQf8yA3IByRrQT1QbobJUk50YzUhKBohChplzprtwU7qtYlO6XQgJgk3pQqCQCzalm2P/HOytLDhSMtzCFVJRwQX+xQxMYuaKSKSKzKNL5/NEDGSvpkAuZrBx/LGPPz72JaRjjOMb14j0leiL0VSCZ6Hel/hBiE66uUlf0nlf0kXBnOiL5d/1xSeOezwe0y/Xl6auA5HZnptEn0SjGByISrSLmQOxe/fRPU1dCMidXjxlHmLaI+VLi4WFmX1pdsYB2Rl/NruSQKoPUp2uQIM12wy5Ji6umc8zNfmor6llalyBiCdPl94BSKsnj7U/F0qxJCSbDPmBt5FHjTRcUdCNtzfPOrFDhF/fHLloKID03aFW5A5SeOzz8SOi167/s1ceH1vj+POWMe/eMnn3XLqLPpP+GWZt0kj7SY0l7V9eR+mrf21RhCjGOtIptkzUCCrZzCbJAzVj7DeWBqeYEi1rB/h2uZlav6FkLaDlCvL4jZaH6ZDEHufoPeZFCxIvWsgFk4znu21Yb2hNNLRTmporWLUAZjc7QI+kEXL8urcH1q+4bfyNFrKJjkiaPWt16L4//0jPph+BS+/rf7Qq3Ndl5s3f3HXn4DO9zv5Ag/E1esj0JjvfXcwCET61Oajxlqi6N8jDZMDFBDELOFYtUIpF7BwunSwITBpMSfZkQSbpJ34DEjQYiF8uUeRyMl+uoPv3jac/TNxLskntvR6b6c3zPQEJCF+G8WR4r7bxduXivROP4PN2YYkm8wQtSAyVq3GaWURUQ2uE65JGePwlxSUKOURmkMP089V19NzgJ44SR0Hf7AzwRWHU4EueM/jpa68XeV2LlY2Nh+1fbQWYbclBMTpoy7g5b4ojGORJSW7KePhS9/CzVVRD2AmyVxUJkxXq2UMquIcRownZkWy8BMIA9g0cuLAC0jQrxxPvCPteJdgZSE4+8bk+rD9O2kv3/Uj3yCtJbXCk1YZwyx7xAeaDvOxMSVvN7zbXYA1+mnQjj4hHJN4/caWz/lni/YNTCe8QKPkGsifeRdEvmAm4QeweHs7XKfXj/TGpWtz30v4EWXfWEgtZ+RqZDvOzvjs9130T/eI9+qm84sToVJ8efN1Dq/CLmW/ymr/1vIrXTrC7r7dpG5upLOl2UUkmeVhPUDshw6jX7UGKMp0n74S36xQ3QY7G9wlSj8xHDBtBJMCD9XxONZyUBWVQ7rAFfeEMp+qOGpPcvkwwDRSgBECD1NOZ1CBnTg5J9fgNrUkJhtTMhky5dHX7zffQZSYfXbR0c+1q+tH80qE96Kd96lvM/7yRkl0NOwrJgeXLaVnR2y/RDmTRHeNdsYfkma4J8+lCY5R+SGpZP73MrvuOzRn0815e3RCWHEGeZ4EaEdHPaDqfIt5VMWERD9b5eSxc/Yx1POrgE/cf9J312ftf9tmTWuOd02LBdfRLY1v6+fB5LWdTOiqjXQU9V90xddS2SJSMWPBwHpk2dSpdmffwfLqJlAzsbqNdyE5rzzp62PDQ118LHIhlGpvbXHYSF0BljBNXqicdVmqexq/DlitKYxhynApAHXx8S4byA1p2OpfvylxuCl55IUDCOj0D2Saya8Vw+Plw5PPhKEhcCoYcvJmYcQjjFwdJXXZI/J7qGnaek0yCalp00+WWA939RKsg3Vwrd2ikeE1FrrAsyK6FwdgysTj0eB9oIPGxelWLCCWOlSzGCi6uHEnhIaH4MAH9rdjcfKT+y6X0H42eFM6B1eb2cS7s/3b0UmvgqNh7UTIG2bq6vXQOW1epHcW6onROdh7dP4l8EnkVD42eCeurb1+rvr7IiGtyaJCvMsSgM+9pm/KjdJX0jhSpxhuHuRR9KsId2fhYK7AWq6Qimi/ICfvhompvOR5pjxZc++5sLNq7wgobgCAc+YALaMX+OLkV/HEy6CX1Z3/WHm4ory8Dd1Gy2tVhNLjTsnJKK9pUd+nVBxiFWwFlHrvb0RPp2Ictr261oWqgng1bwTgI4ukKXMShEndDWk5RK65S2JCRlcmZnFPbVhdhKiQRT8vckpriEqB+7SyLqiYzpH51GG4+UH8GA10I+0NmWyWT/OLSU9LFnVs1xO3et+67+rW5oxfvq36q7toJHfu1yeh8/Q2bt7/2x+176Cv0f0aOLV05fPKaB3JcI6pf/SHy6cyXnjYbJ0zXALl7qweocxdntnhqfF1r9Qn7mvztdz3werrifW3l7pNqSekwk6n0qCvdyDxYIuWyuSgwjZcGSG9IkRott8CGvE8w3Il91y2AM8K+a1ERLRAzMhDXb3u+QMWk9NQnJZQcCLe1HI+W8zu4TpsKX0pmFj/QulqtBnd6dm5Ntz794Em5u6GgZZtKjCh16scGvkdtqCY+DW1xGtpU1iK7dnpucTn8pQK1ITM7q0ibhssn3msqyO/NAy+pqwFefh8auQX5xbnHTt9zT2JuvtvCztdf+37t6iH14zr0DeZXD+13571TJi+aQb+gP900pv/wawbVtbkvR61v27PhjnB4wSsbu3aL5+7T/NabbsgsXTNxQLlrtWNG/ooxN8zPglT+5khJ27YtYSrUNMuTvF6Rc3q5FbKE1zXy+lb288ZmvH5Q83oJr18qO5Q9duT18xj/QyYQQ9LvMIEUcXOfS2crl7L69fC+tmX9nzyxLPmr9NeeeXZHc2a/C9Hd7/yJyC80vCxpnG2Qx5UcEuiMBgUSUk3QD476nFZov8+EVTO8HsbnBFCsFI8IuDX+/mZMJTnE8Nwv92i8/R2Tp08cc7OTdibvOadNHHszJ+9/gJ4PCdb+vrPZP/tvnjlTq2XchLWMk7j6Kfj0NlHO6DIe18rSCcdfQg6/44FT2QjW9rZ2hjzvhBXvbyEzO9EUs4fn5c0ebxyB7fKxXjiNYH6q3G30E+CG9uhrUzEzI7qW+Mt8avWWmpG31c/uHaxs3bUlG++XTdsaZ61dfteLsuXFp/uXnE3tc+uFRg1/Y9xnnCilAD8fclVgHT1rtKroWSZiFckkNYUdeCZjMtwXmC6BZojwQtN2dPk0YDE6Ws0PDrjxmgF9y0rygj76Cd1tHBV7cP2gGXeQYQ9Orcw65WlV03hWx0VvgvocuQBrbceaSnTOs30QB5M5N+hY4x6+lqnXukJwVLYGq1hfy0UQp2+pxMkqI2nQo7ygxkvSjKmyTdO13BJC8SWAcgm1gOrnUGvAI0Ylu+LOupS50gXRWdUFvS7SBsJPIDWL4fjqLmQuGUB6kR6kP91Gd9A36auky4atL61/7qVX1hv7kbr9mVbFlreX9KEl3X56rm5gTbc/zMt3s51wG7mVLqXL6Ap6N5nPvr946ii7Sk3HzyyKLR9y86Tr5DkXPK+8rJ51jBtfw/P9SaW4N9KlNlAjou+NEhiPVgoHMoXyg3yzpMLsVl6GYyIcEMQSSJckhVsBdqkUUzMta0Ps+zbAmtFglnJy9eFI2FKJrNiXH5Dm+yyuj5FEBu7PsCmOnL2kLw7HwEG1XXE4mm89TTCD3Btb3n9us8EQWm2LlVqlku3HFhBlK4IUpWKUrMw+UiuiWfidJkAMwhkpXG0csOwA3vKnIHVpsgfvlCyV/ZQsOKWK1Ihk98MOUOCVghJtGIoQp5VqhLVhgoRMIYAiU/nTQtVVBM+Mc0lrUujq2amqr5vkkkq6n/6jYOat2fRrupd0eXB5Sq825b1SSSo9XTJxYik9yVZCDzK/uGOgVfdieg9bP2/Tu1vMmlVIFpKeH5wtapmT07IfeZQ8OLB//4Ec/7nS5DZGWb/LpDFSyFURzeS9ZgaRSfS6VfNeQw6xXO+12cF7nckc3waHJy0Hel2iRlKs2GsTvFLYkve6rRsvPzb/XtnMuY3YInCJTnOQB3+sjPznMc/0qb6vYj8cS+pbXdsn6cuzpOZZT21tWeeMqwcNvkrt3Km6p2eVXHmaFPiHDMmnn584Sb8qrmrfobqEFH1Dz3YuKfMHc8N33r0xu6JdZXU37U6zdLKskCqlPtJw6e9SpALO3lIef04J8KBzAQ86ZwVCXSpCgSBoT3iNZQ09O3axlIVr4K4YkRiLZjsg2ofTV/dxha9hP9Uhs3XkmjpmqkjX/IGZKn0DoTqegC22HA9fx/4fgFC11VABY9QHirVD17gjNT0V+LlOjXpadeueByOZ7n41t6C0fafOOMiuCralWsH2ikpmD5exhgB2HspXRPrW/QH+fk93qP9lA9rVNXCHXTmezSaAE6cjEVIJD8SlajzO5iqYodYyRr3/sKbjMIx6v7x29I5+/XfcsG4rRr2HdXxqsBb1vjEydGAIo97ygi7Tp7S/ee6SOqcret+kQHrrMltmXZ+6oQ13t+1a1KqIR8U7V2BU/Bz98eZxE6YT9y8YE6/orMXE+wzpX0eeNn1UOXZ2dXF58XvVpY5ghyFV7UcMuP4Bc72zfY7H7crQ+Vp3modIpVJXaYh0jOMzYWKdpjjHRTYnWEkNMAM02l+TFQm1DEar+Ix3qmpnQWFCEro6kR2IbfloVz7jXV1gccL8w4zX9YEZr+vHZpxZsn14CDePbZeh7P9dW+IhUeKESatTG5Q2nUzwbR/3qxmuovYd0HHwqdvcqdkF7BzE+XbCcVoE10tUUlwZeWK+TZm1teF2/dmp260Pm+9OaqinxnbJp5tT5HBODZxqNoVuDu5XxDzL/3aeR5761+N31HfpXrRj7k2P3H33o9Nu3VHSrXP9HY/9coqepxdeuuP2Vyil58iH+e0nDr3c5G5bGOjOJpd9SgbJ6bgvx0G3RHYsXfpGmNQ7s/d1pP+gx+gR+tebbyalxouBXhM6F4pZbdvhD23bDx84arlSb++Qi7Mq871r7i4F2Jy+9p9njkKdK0K1wWhbPr9tXeGuxuPhmg7AxtDt36SUuouU0qtmQ5tg2858fqKKv7x9J/g+wx3NK2xZVct35hUzS+G2ndlEBav/f+aYwGM2F5QU8K+me29HaPAwUj38OpFxusLe62boOqQm8GRlu8onAzVNdtoF+ms/spQuHqrlny7Za2OGD986if3Dxh/zUKYNUpbUUrpN8LemBTGFE07yBoPAF1MQjObwgc5h24QNtL8IBroMtH+1vJSXDzSyuVqTVHfUkpFZ1AIGzKs2pLFbE8dTyoKklCsDFDpzWrABzM6Lp6c6E0hP5RiaJKg8TQYK0lVFdkVxb1xOuuw2ez1uU9LU0aTth1/Sb5aspm+UG7oMqalcU4lfzM5cPOPWzGryNJkTeyy1c5cOvifI/aSCPhC7eJz5GAtNA4YN2zqR/QP5S+pFLodUsJt8mh3pQ84PH6y/ZEQPJbtBvg2MSqvxeIPZh7QOvJQJyq0cIkbFi5fCXrgOjNZkjA2YQcdBcrCeG62aNimyOvCFI/tcfg7rE4QOX5+YcN3rI3YeIs+2b6ije+iT9B7O5ABJEHr+FE31qDGZ/A8UFRLU0wRMhg9qitwgKeI0AuIi4sTsk9OVVJZAi5aSePC5BWMREAiobuCQcRqwxU7BTmJRw5JSezk4Bnd9WZuLdSgGEKEtmrtgMd3bSCmHYAz+vvsLLzy9tShmJ194gEWftXfyxfPGeSaoFpM8NSZPEftKNZjMRfhV4pncm+R+QL/tQ7K3LdxGcvvRox+RrD70m+iiqFwwfwMZsWHBBlJ7FX1/w/wNdNMm9p8P+5EO7PdGjfMNu5hP4JJaoU6FjAs3YpMxAw6IQxkUbSTZlIQpEwEj9LQN+qu5TIMfbZXoNLLHOnZadS2tUqrbtAsaz88ZNau2b1mwD48//YxaKl423q+giohdxx4YAg0uIlmQnNpsOo6yPilawQWIYAjXz937vS3o+hlah1Tm/RlcYY/6mwkwFYr62w6vdWc7FFQxuBqMBsVT1mCC/4KgitujemAVKglSKiaQUlEB193gMZq4jso2j8GoiaokqKhUBQN4T5BsUsAvCaXgZ2fdkrk3t58yvcs2W1nrnKv63fua8fDOovLi6jljKju0TcupkQj51LjTYFSGSSrztkLJFVGnCOVw0Robvy1tEMqRbMlJZVqhRlwzxykDV66vNftV1wzsU1dUXtSz8s7XTJGBw9tXZWaoqievvb1egXwe2cM+S9Y+K6kCBHK0z3KggAV8lgNw0pIjCcWJmn2WfuGRPfzWatOLfZ7peJW4gmwd8th4McPCIpXSd83vmlYyvymT2RY1Uk9mXYyWppH7pEgumBT1wWgxP/+uD0SKc2ElFQMNUP7VwwOBQKhtRbScr7K25fBnbVuy9rQJwLEwKBhV+d/sG4ikIeNFGqxBb6/+8DetFaGpQSEJExoXYJajBi+NKGMmwhvdKqLt+e/u1h7+rFs79rs7sRU1naOquL3i4DCcrEA0kz8oRR4Vs64pI6Q+QgWBqFfo0CE3NaiptQtEa/iznoFQjStcyZ51DkTb8GedAqE2rnAv9uzqQHQIfzY6EBriCo9hv30afzDNFR7A3hgRiPbnD4YHQv1d4UnsjYl8zc8AdjFwKK3saAkrZmY0qWlo6YYra9jj8vbs8bQx7PGg+uv7wuP+A9jjcVM5tQN3JcRqbfqToclPpOmfVV/5j5r+ysQXS00TJo2cpQw2dexZFzBNbPLTgCY/kbOm8fDjIFPHXuzH/rZd1880ix/Iud/5i7NsH2g/BE1kz4jJE0eWl5VUUvuIKROvh+8Mn2vfXUgePmXiyFatSisU53sTrodvLlgufY2mvzd5RKtWLdrgel5oXmDaL5klJzufsqUiZCnrLN0lhWoqorV8uZFAyJR3UA110hdgUQUB3yjnIPOZooV8ItOAPjpDWzLhrsCencOt10I1nO3nhUsg1Vhj4nzFoE/VkT2udYfagaP8qtvjLSkr565iFdv97LbzVNekmtmo1yChEamuCYJGKJuSmqBiLjDVsG9S2RTVpOYQuBw9VTUg0lNcemSRs/vbt4ZvGys/9YLaY/6AseoQcqRKXW5TexeO8VyVO6atezl5U+7xVo9e4dtqx6olI1J65N693tnno25H5Kox/M3Y9unDxrqGdzGV9/5g3Fj5gfP34K8dpBjZa1/cPd9VMiy95/RhjW+NlXu917F3YCf5+3Ib/PIqzG/RenOZeSW7t4AbeEUCihc54DS6ilBuRTSNb9w0PDDSMpPKUEahQCutavAaiKUs6uOwKwNPaQEcFoAVBihNBDsTlDA9QAcVMWfmghvInAaoystCe8rME+hWVVMl0EguME8LRBcGgbfgt1oC7wWpi9DNb3L2i91ENQ+fNW6CjXg9Px87/Y2pUOPDuDA0NoBsEZwY5pWTrr7uhjde3PAb1ypZS2codUoXdkbnsdFYLcYCCx38CdmrUHZFNIWPRQqWx6Wko7g0CeUnlJlxpnI3Hw23xlSujQvUnxXAuEB+2sTr5iAhz8ZFScfUlUVtsNldXDhAwWGxJLn0YeEVaXxUapJI4qCw20irUiNlj9C/L8NaNfojcSUNnzlpvIX4fP889tyeScY39Po1XknAa9iULjfV3XDdn17ot+p8H2Y1V4j6csBETU/ARIH7Ek3KQMhQkvl4lEjwLaKkzICS+t+Ah4qDEi/BQ1UsI9WkjB64XcdDVfPadKOfPvEEfRrxUP7GI3E8FGAs1yG2Kx0qIXU8lMB2XRZo+b8XEqV355JqCgRYzqNLeZ1A7JSARBlnfPDllx/QLoCJMs5oHC8wUbLGEyIls/t9tFilWG2fySbC6ZJkztKmcWwlI/AHUCBgEZuEkFGqqG8yAdJH4lTzyJfjUsMWGyfFFCXDeUiXw442pYykk2BNSU2qRg2wn1iJ74brh62eVX/LkpWp7dcMKZ27cIVp29FvFu3uvODmDb7YOYMiD5kxp2rEtMlCdwJqyphf0gJwaag7kamVC+AGA2JmHsNMhUrBAOgb54uAHoQxU1lLIwYPolby1Ygx2QzfWYH5TELWZo2iOWLnLxF3g8Fo5Ukxj8Y171Zd2CONtxkA+FrH4NJce67MVb1u3AdfrRz17E1tO+262eW6cbbqnvj8kNQJN82cLFOv0m/l1VfTz+iPdN/a+bcudz30QArtYMyNPi0vnD++7qaNG5evFRpYC5RTvEYuroEF0sdEiSN6m+gSyczO4JSazaWJ5NeJPTbTtI1Uxz6+0E+rvd5reoj9/hptJYiiv4iMv19O/P0W7fdDWV7z+j85i3iobBxFKmMnGpeK+r7ByBswVNR7YfpBYatMInax3SUz0Nxhia0d94cNK+8jNiwtsiUBH7qNOScROypv2qHyL1lU/vEKcFH/t8ywOvYs1FbTj+WhVB5P6Roa2yoPlTSMtOEtrMvQ2yJzkuTEtpiat8Xy37XFx9tiXGaopBIZQKN0L1l3kuw7d/gkHUXWIbeNZJqHfJDTm2iamVGyA2TEMs1Y7JkgOp7Dicty8GDJAeKyHM4RAbDyPGGCRMzJ7lpNHxF4rCS8KDPdYVuaACawtjG7zghxaSQNVvW8hFndDqN34+Pvksonl194cvryfouWLF937NeqfqZtlM6wb6H7Pt1JDz2Xkk5cFZ+G3v/IEftZYKytWC+cDRy7CbX7it6fDN6fjDjtRbYF+5ON/cmG/mTH+wOcF9mwC5nvhuzp5mRfvF8q9ssNVlZiv3xgr4p+IR0XhAT9rFtrYSL69X/2wv23f/Xog7eUz6ucvYDuatnaOOrcT/YHaONLDZQuCRJzWs76J0ilQlcgfo/WW9xsjnxSCtQBSBxRj2c+TwcmsJ2lVoQ8B5sC/p3i+MYyHowfgFQN8kQl1XIqtFeNZptd9V5aqI/MF/hDc0Y0MoR0ogc2c1I0pUtTWjR26oNZolGjYR9mmIchH3iKNP5yfUhgE7h8H8CZgiNE60bYYsVOhG2YE5T/s25cQjrgI1Z65mHOO2Da1pR5gD4JdoTOPsB1lL3ADeMuJh9gPfyz5Fmu48SeF4COMjkmnlfyu4391m/Y3DnZ7XatWJE2TW4gTkrm0rN8ckBUX+n8aVYnRKkUM7cukfHDKGESyOLQDajEburMZWQa6UMPbI+dMdyi0ZfFZ0bUvNEZpio2L9C+EZe2T27aPktC+7SSW62JbI9hA8NmU+0VmxgUTYwX/peep2eW0RpDgVb8Hx90jXNuMHJf9dQrYFBMDJvlvRQhykyeaDJ3iMwBXvqZ5IBMqarBoboQNejjBAS+AtUMCOfb5XuJkQyjsizTtRele+9gwzVuq0zG7iB9YvMa95Gn/042jYj9Ium16XuwbrgnP7uhTRZtqDzNygE5EWjUKRz9AGcostibtKmGNakGmmRgTSpR15KscSu3k45IjLDj0MoxMDjzScdFx4EcgVhDZPw8Pj7sHjEVsfHxSqNE/bhbYBoMQTBibU2NWB9urSZGrEe3+jxo9XngFkH6SYmdcJEkhyuhoi3ImlfDx86MFwupXrbsdvKANnZ00WL6sbGSLl1K6fdbyU8wePLkUbFfjJX6vWf8hdmtKdI0wULrDSLV/u8WCLETwYfN9mrGqhfDvV5otg/Rcz5oNpwNXgBhwAknhR0gtmB1NynIU83BxA6IWiCXcQmpZZ3oSQ6xTry1WCsIohG6hQylmbGlZNcUugEKgjie+ojY0705qiFkF2eZADMD5RfuGgfHMsiBiAMvbQc0E9UUJVAEMJitOLpA8JXQLIM8fz5Znjioe15HYq9xTcY0emGA1p6H2Hq0M2uit2DjsAa504v1EUY0JdCOsGk1vxGbVeMdE1ozFmiPkoTtgSJpnanFIC9im7UD7U2+pm/QGvrNWsO8o4lMHVC/zc86ZaXgabsu8SxxJYxM1OCUiEY7peoGvRwQsG4kj+B2o9XGD0HkZ3NeSpun/4vwT1IFHhTdE/uTsZJz4wrneC5UIGhn3btNa94T2yc3bZ8p3j5L8/ZZ/rv2CdoL4qOn6ae03jCf46+Fm/qpVj8AHG1b0T51QnW5Vqvr1IjtAGlqAVSuHYHyOILJem5DRs4HG2+hxXo8YkGj0AL11K5LKsW0UZPn0x2JY0bphQF8xHj9oQtt1Mu0RyBfoaBUa48p3h6L1h4rbw8bpkgSLrikS9rjSxwl+XH6NNCDaGN0tHGpGCC0VS3A+5UHdYXYmizBa5xrPB5yVAAkLppuwunTpCahcoQNTh4X6cji4yToymHu8gVdecSE55wU9jiw+AHMOhWAAOGkFI62N4iZvaLJysVWR87a9DrJf4QZrdOWDl60ZPGWA0fbj6V7aDIb32muF+n+z8Bu9WYyu/XA5vc/8sUa+TbmtqtygI13jt6/DMF5ks01wNzQP0O8f8Ic5xT2gPfL4OOewX12izDHoU4y7EzmAhF2VPcGMBVU0ktQbQK9tOg1oDWXWK7gGgtKlcODn/jpnnlfPY6m66yFT61S2GQxe5vmGlfQ2EsNF6Wlwnp9/Gm6VJwLcy9uNZ03fSqVSm2lPwrWJiebsQIA9eZoKLAk8/FICnQ2AOuoKjEDBkUpLVnXWroQCZbO+lUNjzyqO2pOMrgw8dtGjaQUIZIj3R3JyinA2Swp4BIYOSqERJ3ucBbEpgJq1CZ50iHoybWazIicVhJyxcUFeTydz8vaecZCU8Dh6XwvB88gbLIX6dzukdZ1I+voto/C6UqXgR++/cafx85s3X1Az86zX1o5+RH6MX3GMLJdcad+N9d0lneTBWRpuvvHbGo8dsE44J8L/vbN2UMP/XqzK+Wn9LH55F7S5vZXKtu9PuH4fI4X2m48b5wltZSC0mYp0gKzn4pQrMzVSruTmOuYGmgBAR6UsmjLgXScpBnA5mWYlAGDuswVruDC4uxBmJ2b4TIoRzAkJauYEq5Qw6nFvIYzO7cQB7KFUB7MVUPFKDiCseUAgO68GXwgU5sPpF5m5fu9kcyXirwiTDGSqL+1nNemx7B2MybPuCnd3jJ708bVkfq6rJYduvYd+ujCsfeepkflIwMmtSofIZcRL2mb4vk2fdP21ZuNgxYNfD78+sZbd7Q1q/tT6/NJzaE7r+36RG1f4J1ltjnwzhYD7yzY5nItrzOnXuT/KQb+H7TZ1wrsej3qIdukrlIibzoW5Vq5yrfVpDONmFxhi03IR1iQXgw44RyJTOkqZ0gfTGfhHfUx50ZvrIf7CVjRiVRBZyD3kE3qITWlHRKfabnMZ4oKsst8bJV+qnIiIuKmZzgZUWwiXDqGeZfoLROsW16NvkAboSOaFGTHKh7qnO8bS7AgvB1W0MhHfTqTQJjmEg4kRGGPUEauw16YHyF1dCD9lB0Qlqse6hgdTc5dWMd8x1M6rpV9PruNBfM45/plhqvDaZMcyH3kMHI1ZxVMF0CdA56BWYdWvNysFmb/CUPGkcRL6aw2IUIiOfEbaBza+vpMVJHBpIJdNnU0k3Sh79JP6LukCzueN8kjGheXUkrPEieRc5uMiRcsBtCxCtmwAj/kCOhD5OI6ka6DAL0GY8EWiCRjMDXZAcFUBCm43Nysxlo1bfg8lxk+MXNV/qaDSAroEWY8HCEFTQbzKP2NmI+KOj/ma+4W9le3xGi/S4uoIkmxqlmB+nCFLYrmQjcYLUlO3YFO0t1KGMGjtD2pZ85zFWtPFelIiuiBLXQr3Wq0ymeZb3lWdsbKaCnaXKWxQxwPbmU2lyxsLhV4lpq1StV8f2yaG5oWtXLH0vN7rQuyBmWC6BS2zkb8QSuZT1eTEYc/JyPoY9+x/XXm1ZOnDAGr3EEuoE+T8bEjdAPaWwvpIq1Gpd7cF8frJlHlZjIejzhxlzntGq+zOahvf2bPO/n2Nzl1BjDxvtiVCufcgjJ9u41HkLi1bxLx6KZnAj8XOtApcgbPAFyYL86GOmYWDG1yPig1OI7Xa23lIlhEFHNrx4Voo+XftdGitVGro1QvOTnw9DDU08NkFdst7ARptOAJcpPG1WSYh+tuGrP7oV4wVUoD1VJBTs22BISFQ4qLc1O7Fa3kUSNlVnVuamRrsnG9acCBqQakHLmUplon1SJxrmp+pCJftWliImO1sP+BtTo2krVzPluLETaGKayldZJG9gW84iaTzngsGBdUnegLiZtsevgpXWueF2i/vImKYZdppc79xQ9g5P8yvp/AACZ8AGABi/2QwPWNVbLoUdoF13eqkmx3YAVIJBUj4alewCHoGmi68BkfXC8Kn0GaDsIOFgyPQCjCFkDtFrAWvQaky5DCSiowyrp5wUBSggBaUBU9UsxqgWoWFOHTlgxfBRThi6YvadFCIwmfPkEmfel7jiBnCi9Po2+SSnl3Is9aOujCJ+u+lp31yZRMuL0SSTXpfTJhn0xmXK1i8cRlb8UE/V7/LAn9g3yjyZ0oG9gB4j96v3wFVYogafMsqBsFLG1TeixID+o8bUT6yVXKqdqqPWcPG9/QtRAmapzsUoLGSlRJRgMdlj7qWxvinOzxQFWCnkrY5kG4mXCImgoHY3Tq0YPXfXaM7hk7Z9Dzt7Jrak+w5MPtsQ2yceqNeS1jM+MxqV3IFXOV4BYRfIlRxYnCI0qc9CtODoPN4KRfYZvKmxEGwJLu7cSbAy4Oc9GmRq997SP62dKHX2T3UE+2bF+io8mGpX1pts65c5bZ+n6pBazgTE11CVZxuJj5L5bcTLaMQYTNIgpKMTkGQJhcDoTJ4ccCSNLkByIq1veryYKxFaXvZDToQRDbC4wvaWiWMhO0GEhGJRkDGG1RfZ5NNmej5nX+hTWqYkReg/ziIj+OcNUJi2d0aREZT4rISHLdhQOOv7x5PxkwfQH9Zit9j96d3WX9RnmPfHTb23/cZZg/e7jaN2cYySLt6Bx6R593P7q+Jz3Rvzu5hlTff1toXYM2BqbRzF7PkYqkVUJ5ygM0L2DWFTCH2ZydAXG55GDUzMNduWwYinEYTNxIN6G/CicQcCTnIkcyuHKwtEsg3SWGIRuGATQZs2pDeWrE5gHoJvg5wDbCnFmhWZUNmlXhAnOT4VFgdJB1LFtLuPsQ/FqSJ8qtSj9NHw0lTJ8zgyiWbnp86dQ3xta9dS+N0b0eul1eSHbKcyeNukPeObpXTVXd5yfoP3947O5HyspPlbQgprN7br5jlmaX4JoolMqkTYIRKCcIVN2RTIzdZWYn8XMuXAorJD87YYUUBUQxRMIK8cdXSBFbIX5thcCSRjffwmsltMXih1EKZ0M00F2G6uNhe2ltwvLJx+VT+h8sHyfG54r/kxU07eCd9NAv9POMf7+CunZOouPJuhbkKuJMWEfsvhqNnBkl4Pfh8ikCcdKKqAfBoxAAiC8if0CoRyYsotz4IvLjItKiBBk8Ce0UipLaesrV1lMOSraVoA/osRUBINiZryauq3AqFPHn4soq+vcrS4Fxa01+d20tjNDTr+5L/t2l1cVOF5KHWpzbJZbXpZpoXBMIdWF2cc5iMkerU1Makcv4qHheocWVTC9jTfwMYZ+KaBsoZgPjf5YZA1xZynGNdjVe/g72gJ3Tg4XTcwHXYnZBbQ5cpXCaooyPByMtXrby3GF7Omf50E5YUC65YhaUVK8ky8iw2NvGj0jFY1om9ME//uNf/Wewq6DrXvJTbPDT9Nt3E5KhO3enUz0Xeg5zoSJrqOVzRKwsMf/JOpMdj4pB0jMlG+xtxQEMJFreCYNjydgZV23ICJUVKekJCR4SkNRmoSO8xCC0FyHDaMlRomrRo9l3Pvtk4PZcdot4yGlqp5/Ti3r4aOPjjz3js9PN3K9xsfNjubAvN0lx+rZkTfadJ0BRmiodmMjxas24gtyOCnI7ngQaZh2x25SGWcB1I25Nbkd1J8jthK3JqqZjZOBqDiFVjRBMrTYV30FUkxDgKYor8AiAl67DY9oUV+LRLH+hxuOV9PMgKnKo/QVfBYyDQ0+iIouOS3A5Og/q7I2g6Mz8dmwsSHNK4ImgXEAzgmzeVs5ep7Fkk7KV9MgynSvbeFTjrNOcAOSs80r6XpqIc3VdAp6AOXchWwXMUNSQEg//c4s7le+lVG7T8fA/h+eDWWrDVqu65g8WtGqR7CZrTYjo9CBV9/763NtL+t8z5M4HY3/iYe3zG8L01OMVxJXhe3crOS84idj+2Ir+wLgErAC01VoBFS5Rg09qxuWawrdKCsYkNZ5rGOEUHajjUcNWF9KeWS/fZknf5TUJlNjnvh9wa9ebb7lphlHnxn79V3oiLY8o7R9bQZ7FGDjPsUSFjz/ifzHHgv6/2a6nyy6XwuALIp5iEYv2CkkWnmM5JPz9Ef+LOZb/pn1aikVbq5dPshDwVdG/SpXG/p6nGnEnYVrUmaTXj1zitDY47apFMBJV4E0KizYZ1cp9tZd1XoOX6CxReuDXy0gt0Xo5SspAbgn8JzoD/SfkHG7utaYmOkUu3WttcNhcljJO5loRh39A44Ag6Xdc12BVM9bqRnr62KXE1aAZcQS4q7k+k5+NaRrz8J4TUTLmfeC0p+uQIo5PydA48wFYC+ZcGle55im1qIujStm9m8mP7/e+OO3F49vDjm/vO2GD/TdTSH7HAAcZFODLBr0AP2wHXnyTmx9sKqjzioVDPIBHsrg0st1EDG61p4DdWwVuH6zxTWSEQmaw//Fl/qXBnkSX0m/p2iSP6S3TtgvrjKPEeo9W3kW8F5Ya59N1c2LD9PyieQCbpyx24wq2mFBKkK/8bH35g3IAv3eZmQqpKJUz7dr5vdtUOcDNe91cOcDravB43ZdcWewZVw5we+LKAZ4E5QA1SygHgHR4Mp5SwPEVsQsm0yYqAjg+cSUBfxMpAQHFjQsKmEyJkgLiamgmK3B5W820BGw1qVDoS3BbDTRzRiKHZk/OoVmaoLuJereFnPtVqtff74CcsD05R/AF/X1zEX7efZoWj0JRi2cz/nwr85u74ee3EJ/vxN/HOYe7aJzDhhXZfI43sL/vZr4MsFsM4eqq4TTNvzWxO8NH3BCm8Rk5XpXzmrLTN5KZrPGYcsoL4uO2lEkNWUBuhAdeOJe10awy81nn6OBnyAZjmWP/m4/Rd29eTlLXkxFkMX2MRulmuo50i767fqdNPt/3nd3X9SH2q3vR6fRZ9u8csvSTV9Zte0rSdYfmMn8C2j5FazvzS+0yDyeKtkd9ghmYw219FizPlNnSzMTwNrpYPklo84RkNWKyc6jf73UJ6320KkuNdmSk/L1p1b3jXr9x2FvziZcdh0cvSj/Rn0iuPHvKuFut5Dtm8xcHTrUqpAfoD/Q4/YTYXp++4NY5fG5xLmAtyPeKtXBGn7u5sBbkpXwtXJQS/IJ6zS+QppJhCX6BUfML2HOXrr18CN//QPz+cnwfNWjw/WP893/GbZ9a9nwqxu76CO5zI7tJkg083Ylnn/kgVmGCF+YDn8mlIlZKMJ07mQHpRtH0ZH421yRkYKvgzPKRFFRYy6u9/uTk5zf+ee98Mjn2neFtOvgnItE36CEa60DMraqm3DLxhsPMG5U+oOOtX7z/5zPYPuo1MttCyoCVmyZxTqaIUzAvIsJdORj2AhU7uuWKja1VoMD2Kqyp/LhAUvYMwN1FmKnPgw0YWktt0lJOOOXzKkZmn9WO/GbCs5s+/uBW8ngsYviQ9j59/iF65t0L76wqDy5deP/iw2Th8Q/o2Az61RNf3jY4rhF8RKGatieplz7HsUfOXdNWjXOX1M9JeB/n6kMxV0fi7+NccY7eqeJ95NnBcyQg3t+pr53VeI4M4e87pf/Hy/N/kpcncS5kv5iLXU3nQs7ncyH4lfvq+/IL8X4Bvo/aAzjXjfz9J8S+B11RXEt/EWupku974GmGtcR5mkn9Fwnv4+//i/j9Ce/j2hjJf3+T92fpv3+ktD3hfb/++0cOkTQOKFMm/v6DTe4wjJNj+3/hv79A86nqQbNZSmJrVReUJlCdKGE26goZaFsz0A/qRUOyBFSiG9GM0XmpUe8sSaqSEqTOrJrU2ZWzzbYE4TMOEDHSckh1GEeJRLOmI7sU+/s3cb5WaXtTKcf+nhfjcB7Hp4K6AKfP5r0r3sl/lE7hcyN1AWaePe+Gz9dKbwq+bZcpYtrmKga9VnjfsAyfW9lzu3EUe34df1/+Rss7g76rpEqdBGaSWasY8rEw10RONjlQhcdgPh6yBiBoLvTMkjGLEDYZhDhGJZxzHCXHBgC+ISvot6SULtHTpMtJCd1P4CreSrfKU6lch2nSCI2t0nKkRNPEadYe+ZL2mP5Ne4KkoCrI06JBH7NqbcRKyvYeol+JrOjnh/eR1nTjyVNk51GyDXKitN9R2kkkRGVYpcaxce1Ni6ZhakLtTReylzbT3rTqBPO69qbLoWlbti304+rLI5ocxEjSjuTMJ1W0PraBtH/kmcmDo4+S3X/9Xq4834/snjiBLBsu9v1M5PHvo9ktyg7WrkypGGps0oXqSi7OTyQ3HZZjLpTt8oYWpusNLeF2thXt7Pwm4ELQO3EJaYf8LM4ZbIZgZsgB8TopnJuukcmLfuhRBi/G6dBLElxKvG8tiW0WqTIMqh9RRyp/PH3TuyVlLy/4/gfS/vrrho7t+8wysu1/fpUrL7zevdvEmWyllO/8rK5Tl34nD4+e2K0DyZ2i93W34pXymH28QIrkcL4H0A8PJQcihZgMKbRB4UehB3zTcuyhn/XJ74LMAACMBeYHU7wVGo0WM+PCrSEU5Adcdk5hGWcMAnZZO1KTulVkzC2E8tFMndgk2JpUaV5sJ5LYd64mWV3DkTuHd+6ZajUnk8rBw67tT8pPfn/b6s6t3x/2K/0X83WnzJhonDpzt1xOXKR6Q/FDLcnEC1P695448zf67vufdhpQM4S0IL6NG5et829bw/dEOhuHtaY9zCq/R9hSyZoGazG7q/Jy06AqLM90vKFFGmqwloKtjTcuwsogAV6AKcWCXK4GpA1CS3H/Ym9zIYpnzwRFSbXBkuTFyG0Ld6igNlSMYyPrOq0JIuspiQtBMBLm8ZBt+kck9xhxbloV3nb1NcMHsXVw/MTPO1/fsoUMu3Hm00+aOjz8xnPL3ilUUl5cOWE4Xwa7Pvn2b1OnHd5XN2y8bkcqI1HjcJGIdoL+rEGE/6M52SlwT+cIjcP8g6H0ACRH4GzOx8xwfnYS5klcnI+VJ87yNYPdpYZtKWB6ZAOQxwbh6Bwhq1nkblDcHANmUHnHdWHDFKCzjK+B5kSMtbcdumfP2X2nN+P0f3uk8ZH71jz67NIJtwyMDDLmti5GecOSP92Ok77rkydXTJiI/IlF+Xy+ab1pFpvvXIhV4zRnsyWfWgEOSiiXy515ONA1U5vfTJzfzFSunOyyYSxG6HSkar3NVWFxZyONsqxeMpnZhN9c+iTCHO4jLX8iaTCHHFuw76Nt28icM89vTJy+tXCBki0wc5vGYx/q6AxTOZu3fMC243TlmvQ+5FdgbbHnYCgLVdq0GfPgjHnS9E5A9QIADaDMWPHEFVD1HuWrYSWrtjZsyNUO2gTxyab90WenDsUn9y2agTiEQ08+t+HZLQ8j9aUxNy49OQlDZb3rrhLMllzj3ryKnb1+KSIh520ohVMBOwIRA5LNG9QkEYDHErH8ilD6wUQ1BA8vDb5sLD4TYvHZCYGNbFdDVnbmJYEN9gxj8VlaLD4zKzEWj5FWADIY8rgjlckD2wlR+KaHd5UWj9fD8bfIg65lx3bgxxMnz9KdPCKfEI9/t28PbbN+tNPQScTluT6l8jVyBF8rTmsfHx87Gx88rQ1A7WLWGaXZOk47qMFvkoWaCSSPkpM45oVzILNOZDSPzjc9hKuEyowI01eIg/fbk2fON9G0jGX26yE23Ue7ZEmTtxRaBFvQXx0rIrUewplz4oHkNI8eSM7QOb9llCVOuex9inI5ZpXfoeAtIvI4Ifzd5PAsEUH7DFJ11TXXXEUqT3577KQcOyZiyx/CJQHD/v6nH71LZIwxo5aA2Yh4kkvarXOtp3l0SLpot6V5uy1XbjeYVM3ajQsofgNW8cj94yQg1/2BNbz8+D++OyGD3CQEnWPpffmYf7Bn93v1HN+PGiymH9kZh8rciIxwsSZrbEVRX0qmkUeOGsyZSFyUk0hcBBiNNOabe9LwwPAx8xv1uDmHEcTvQJPbjFi5FN/luYzyNC4jfSn5uTL03FfIwG+I99sbb3l78p8OHd6/5mW6XH6DvkLfoE/TRfKRo2Toqzeer21Jz504SZ9/wkzk+XQNc0PvF3pTxrOoN9Vb6E05lQRQstsDelOJEB67VRSTe6COzy7xwrZLBKU4XxfQLqH6hssPglK9SKt/vD+y/6t91z9FfIsepV/II2Nv0mP0I7mEZJE29ScKSp5voDtmj/v2+liYtEScHxv3sVg/OVJUaFvYuFuQ7sWi4fx0kF9KRcgrQH5eHUDnxavGKwB0NpE5h/pzmwnj6DrWt5lxwFG//euHDSCVp4+dPCPQfbu1hb3rkz1vGbrw9VHB2tkb83tXamciLli00/LftxMhfs0sOg4THjysfgCcIcfPyID0o0ZhpO365MP3ZRnaOIzN9T60y2ZLkWJoY57xOBacYXYvNaPY5hDMpaV6cjnbFfLCpY1brgKKuCJeMzY0jcN6pHBeMWteIRx6YQkY4VPdYaOhFnKqYXMy13Nw4ipmBmdrwZho1NHlyKjHYeYA8fHnFQ775LU/vnb/+T+GiOHWpe98tmTJge9vX3bi5KYtd5GkMe/St+mXdBtZ+8hrHiX99QemPH9dj0FH5/6h/8RhZyePmTSmsoKeHnSC3+msv0VsbRdKd0vIIBLOMh3nQkDJzBbzpuYnOVBJj4SKsL8cXBFSgS2DX/EhpSKq8stexctehb1bDEAMBZFWUjiLGWehPCBtDUu5wPMuep8sZJyT3FzXHXrPLC9dwCSh634EWbCe19318AFCTs44dt2QF176ZslDazY/8iiRZnw9bCs9T3+h35GqG+/NslbuW7G6VYsDfSZ3r9nf86p5rVv8PHAj+Mwu6lLGgi9NPua+tLFW97FfBl+anOC+tIHzV0uxzaYlpje1eDy5nszicfbYZtS85/F4eK7H6ZT9ZnjehmtpkZ1kKI8FmLtjrGSweH5Gj9m+CbEVqT0+7yE1YuzAC7x4+P4I8XzpZd+/ley47Pu3kvEJ79fr708lMxLeN+rvT5WoGIchTfo7ztST95cOadLfccYPE/IVv+jvjzEVJOQrNujvjwHOZP39fXo+ZJXJr79PlYXa+4ZVxl2Xff8JUy68f3E//v74+08ktsfST39/dcLv36yc099fbdyd8P5Y/f0nTdnx9ptd+vtPau2B8fn/ivsW6KiKbO1T55w+/UjS6Uc6Sefd6SSd0CRNukmakEAkvMJDiCGGQBB5BESU4SUiYoyKmlHExzgIInoRI5eJiN2dFqNyHRHQ4XcYx3GQy4qO43/HB77wPQjJya29q06nQWZd113/Wr+ukJw6+9Sps2tX1a7ae38b+Q/0HtIktJDGi/mk5PHnikjT+UHk1jtCnH3HYI+9b4euJI5fh2Lv2yEfvyT9YxyT+mL6x+L5a2iJ0e+Mp9crMfqdF9Q/9P2PX0A/9P2PAz1Et+L3twt6Ootn0mf+g9sBJZ7nxu2L5siCW/ZGldSYn6jdBwfwkSQMxU2i+iKGPBRiXh4jOrj26I2QV1cwQWpLVLmMLDslD26jiiTYToFStiRTSokusUVaLh+Htr5m2cIkFTe7EXtSBjM0hMU0+lvG3a4FlwhKg4f8WsofVwIJ5IgBP7jE0bXC7hKLPIo0ksHx5Ysy2SgqamT5wOfLHd2y78or/2TZn/jenv1vHSXtDxcaXHft2dPUuAeSE5F5ape+3VeZ3r6j98D5DnLqloLbzt3/yCOTZ8TJhpfz1EOl4hiem87mtrxeel+Ec0Fmq6P3+3gcT6O8CON46nn5+9pcI4s49or5GDsaZ9vritEv5PUw+gUx+tbBM3H0Zs0WSFrPx+Yy+Qcce8V8TB7U6HUyjr16Xo6yN3gc6x+i3yYfwrH6AdY/RL8NRgOv/zEcq8V8TMbql7txrNbz8jeH2o+yWszH5BD9IpTVel7O6J+hfLPgWC1mY3XwGzZWY3xtisvHSsfqdxp3Rby/WRDERuTvcMZHKYLvW0fLa5C/3/HynUi/j6rGZ7H/GP1iiX3nQ7Qc8nYWQX5PLO9lNho6lj7RHddsNHQOCcX6ezv2dyPv77NxNp0fY/QLdQ/F2RG6YvRafzP6tzV6OtfeFes/E/ZHI++/ty9Jv03XGeu/7XH0Wv8hPfafn8+1sfrlEPZfI++/uPqx//x8ru0caj/2XyPvvxND/MH+87PxAvyh39ckHGLPAZ+w/xr5eEK7CGlKjNnAlJNotxjP10Rn7PuPY15LZku/sf3S9OOFtkvSj386nv5HjZ72x544+i5OD/3xSRz9ghh9q/BmHL1Zq5+0pgja9ysnQW44/WJdRJMP3XGdEqt/sczW7v20fD7K3yhOz3SGHZRPu8GuILTw8lxGT987H+VpFG//fGzPDtofu1GeWnj7z2r0+hLkz0TOzzSNXlmL/JnE84d2X5J+vJByCXrKz6eEOPofNXranrY4+i6tftoeNY5+QYy+VdgRR2/W6ietAUHjj74E+TmR86Fd44+yFvk5iZenaWujrKL81bD2D95yCbsXlM/RdAOMN+T0sX5BeuT/PFauNMfV/2OMfqF8Kq7+rhj9Qnl3HP2CGH2rYIujN8fscK1/x+9V11A+VOmOW+j4aYRx9dDAT6jzjyF7xWZxtyAJ+YAdGybKafghIdkXFuhCK5kEg+wN62IBU2NEJ9l77tz/z2cbSVTaL+6gz6axZ3Wn4QefHXqgUZpHoh9/zOj1v4Be/7+jFwf71XJpxuA7lF4v5Al01xeVGYql5IsKHCvW4OOQXXoOVSVLjf374ad0832buR1AOkS66N5dL3gEBtKnlwWjHIMAUxjuF3P1l3B7W2kLBkS9y5m6pKKvzq1+Kp1sJfbV6g+fxdenQH1wzhwVeH16X0h8NyzT+gy0PlnUgnLstqArTZGcE3OJ0+y/lT5ffDz1qPoxa1+tepa8KXxF6ysEvkTFX1Zb7bgCkp488hb6tOmLtP+jfv6zb8W26S74VpF/K0RCgjs2rS3oSrW7i0SnmaQXXtZXvVC3K/WHQaGDJIAtidYnrcf6kgGpBhHaEwKcgSGzX4P1UQBmCVNS4mmBdYidkOdbRhePhHjWFl7MYnL0Z8xO1Zg+1A5FSIJ2YCCqMcAZj0mrzRq3QjLLpgtxk8lDjAP1VY+HAElxTAxc2DNn6e/05LgeGuooEfpJegL7KUmoEzjYDOssDWLtf98CrTf/eXGvap2LMXDSHiVFoB1jr9BJLqnQUWh32TeSYJCkBgGaLah+FpR2fZNDnlSvzvkmp79OeoU/9xLiWMNznqBOezhNr9Uw3edTo2T6KJIWJNPU530++Deonh5F5n6b+9EJWhe5Sf01/XXio9xvc9VOsoHWu4jsF3fJJbQ9DL9ZwoAS/otnn44qOOHwX1pouRbDT3cCi367+Z5Htv363q3iFzue6np0+5496GuybvAjZRGpwrw/buFyqD/scAUCULudVpSc6ffzv7U8efQVOSy2BzJg2tiVDVHYojl4Bbnw6OuDca8v/Bd/r5vbPKt1XmPTPHHy3Nnw15XzxHqt7IGm5pbGma1zrrjot2AQage/Mgm6NwUT3f2n05aXUt5U0VX5c4Y4j6CpoWAg7NGdDo3xR8rQ7V7SwCohj7zB7AKzJICiZHrhz9C4QDiTkpdTEZugwXCn029LQOMIROqks0gdJ70qYFcFFojJieawqxwG1jCaXY22hGvp1Ui8AtznsCUBIN1EdBvTYdLbAma5DpVYI5kuyDodrh1ttYWD5XA0bPBYbS84cwpKfCNH1wJugy0TglYSLALPkePS2BiE4zTEt7CTgJFc6ga5JHktmfO75yP7no72l/oXLPCXNkjer/tPkCMXFZNzDtLyu+dD+7ui/cOhZLgskmNfvvfxJ1/+raO9/9zG87frDpybSl6Cwo8++fJ9LBw4xgr+8SkvYLrLXdIeshP9PE3atVSH1zqcpxuF+VTeZTr+7QLOznTek004O+PaRdKMRN9I1vapp0lan+jOIG+sV7vUrvWXepbg+TB/NmgkQeIgjSRV/ayPrFW3nCDzyLz1alWGWs3aRseDnKk7YPHQ7RnuIOGcQCDqejoxAV6SJAjgkqyul7xn+k/ANzN/zRKxQvyAyqORjv56bhW16/AIFf31MEsARMuDYJjiBQpPfMEqFtaLGqhNWMfduKDHLC7eYdxAWAI9oe6mPVFa7i8r85eXsr5QA9AXt9zWsXEja1OiOFX8UXeQctkmLONzOZ1MlUA0ga3vsj8iIDaDYAD/BDskoQgl+qMGFpMm+SMGdK03KEZvxIiuREbwiYW8DAYjh25IgOWHoME2GV1IScAacLgd7gpPoGJk0Ez0ieT2L9rbv3r9dcVYkSx+uEMcN3B877Zte7uaF2Vcn8bW5iaxSnyT8jeD6umRJFhPLSxSzhnTRujMZ+faCHo/RlMZJgocraQq3AgkhGUnM8kZrRECtnPMwIknshU5DPUWUkLaqQqjj01DTf67gvtmX1E7akWhaFB3WkaNfuC5V154Qlzxat6wTbWX2bykt7fTsPW2h3YBX0tpX5/SnaRczRauw5xQqaytWb6owsCZlSx0yjQZUYkSebNztCTCwF07m0eS2EeAecgJru8mi8IAH8OiBJ+TlcrNQyAOhYDtHeAm5NhAZnJRKrrHP3cgIyF3ztQb7nzusSeOnJxQVT22pup26SGyu2t3xZ2zvb777n5w7+/vqWuaXFs5gfG9msrISVzvvcxfDTS+FKYVaYosXWVw/KD/OcbCgf5I3KRa3Kn+vp80yWrv1oESMUpHB/CmD3N/uOicvFlAa3PUy3rQ4YtmclaUISvSGSvSLaF8OIPXYiF90XztBkQYA5I1XBUDDUuNANNsOF2HzQkX50M2y8w8A0yRCTlWBsfrpXPl84IuwZbH4XdHVgaLhlBtcsQLOehR7BwkCMZY6eTZHfs3b9k7fvq0Ovfvtz35woejq6pr7lqSPbKoyD9shLdUqhq3vGzOrctu3nBtbZt32Jgpw9dtve+m0qqq0iuGDyezS/wOu9+b7fOBvHipbJ/QHRNS6V5hA9eM85jEGDHzA/yV4otmcN5g2vhoGvvoNBZdbPXzRA3oa4A4xMYEM0hKtjViS+FJRowMVznFSgUewOStcHyoeawOrbosdVzQfZEEKd4Dv+06+OMnUyrLA/dtNhgm33rzvR+Mqg5OmlBRUSc/ck/3iUNqf/LB1FWbFv32luC4Wu/4WZNBhpaK/ZJJ9wYdDzOZDGFeYv5h3ANN60NbDI8SvgUmEhtXX01WRKWkUobJ8uQqDTK5MpDnsLpZjL3DunR3pnnK/UR8vaZqbr3YL77UtOSc6iMPTb9swWo1ijLtpntLD/oMLhdYREccdrAF8HqpZs3EPJTkj+pNUBbW61nQPUPaBu8UxeSPB4eh/+rwX+MQUAzMhvaLEYU5kq97q7Ry4DXROfAJqVGPqG8RJSKpqhpSIxH1HFEEvtYJ8nI6XgqFB3i2d7d8OkT8zBXdoZyO6hQhOQlycUV1WgB61GTEsswA5PLAWZIFpevpQpng94MhL5yeR1ufjaa77EJodzY4V2X4I3oEjtdD0yE8PRsM6W4AyTUx8N9kK/qzByrGkqC7IlABPyA73MibTfgn0qnIZW1sm6aL0P/+cfKVw1fN2DSxYTq5Rn2U/mzTTZoq/unssOVXRtaG1v7pr40fZ7ubm1eH1kamXu9R+xH/n+7pT9N+gsw1JUKY+wcUoqFSxx3I7LTTnFmFoJ6lBAANPeLEqdUJTjhOSygBbJVG6LphzNERIX1ghU1mSNOgrxVTicvmIUyUJ8XIE0gikO+PFCM3ilMoN7zAjWLunpInIFtgL5FPZ5UsPJoP2+niEknWpWoROHno4e92xvzpSUUtCTg0oy3iZhVVWHvJOmIhmRCXWVG3ecutv24S5+5t2UEs6tf1gRmzFt771COAW/7FOYAsX7ZuxbKBo9df8/mXb6vHa8a73wrseZaMxbOyg7pEPHt9B89q6oRTKEN1g1/Im3SH6E70N0KkgDCMPW7nRYzqAkAwyIjJfBaVeQXLUmMB6SksIF1E54uIE1P8OLNAbJypkOgHHTdFgWWigSh0pwg+Th4YsLkcb0ywhlxVYauewdXxtKp0XBRVgBxVCjERgjMEvSON/pvq8getgCvmqbtRFm+4q5BM+O5g16KJN427+Yk08rA6XxTJYnV/gJgfuPOG8A/qkRLyYSTNUxH6ljgbP811b7mbzpauyHdVg0I1MX2Ox0p0b/CFkk35ATuDAmGEEOV7AjAJR4vZAo0bbPr5BryMlmXl0zkgWsaukmx4lcTn4/K4nDywGYBlu5BdFVpAaiB1OExnkOoT1SFHVchpjUq6ZFs6prhEFd9rjWTlp+FEXQb5unKdVNtPYnAndPMeERTMA6v5VbAhx4zmmiShch+3e4qfvGsPPLuuLbj0silT7rth7sy1//7KUabKb47seuTA849vfeHNsZMnjBkzYfJYuTnyov+xkqVXv+LtKu3tb0LNvaX70Btd+149srdtyZK2tsWLQacd/Er6gK5bYBvbwr1FLHQEWtJimeQgRUfUxSf6Ql8o412qNWIkY5Y/koGgRhmECo0Z4Q1A/81F/Rd9DGKakA8y6QADwQqWCxDKegvuhVJM3M/KZQHMO5OQyXPGVlQGrZwPoh6dHbnBawwhHOjPUbKo6eDRp15589v2msuVtxJ6X3rhj6SwZf7cCg9560hGFnms99n9j0TVwVWnX1y89L3/eOtIBwl69m7YPL2WylCnIOi/4nkOcqludJTlcwsLRro3zsYP1iCnok53FqHi4mTCYy/BK01VZXgYzE8QQmYVygYDuzKwbUAe40KeBT5fU2oBEiMZ4rYSEiEzqpVFAhrYwhjOA1yyrOwq8HylcxL9nWoL5+SCaLmdVu6QUGINp1ooMURUYjU8nhI86qwsjDJellCni5OnTjKVnLOlE5Paq4rmdKknuntHb+8TO3pTxA41OG7K5MsumzxlnO7A+a9Pd4vt56bKaergkwObxY69r73x1DOvva4WHzwodmjSBHpQo/i+7i46Lt3CSOHvdGUG2eHJTIpAaygGfub7eA4dxJVMejck+KNOBhzkZNzLZVc2hHQoYBvsBJa5EMbiMJYlqZLHpJ754j/RjbGozBzyvBoud/wUGvGqEPGMKMeQyyL2B/NNdII7vAnY/bxktKRm5cPgzbWF7ZTTYe9IysbiMgysygfVsmCY1zcSKFKtB0iSPbe0zA9XFlhEMT8PY6WnTIxfPiFrF0ZbufMLrYFMullyW4Nuif6fZm1c21LqcxdeX++5bc3Vq0aOqvEUlg6beu2kzetWku6zu7rP7JWV/Vv2KLJkeLDS484sslXUzBh51ZqR7Zl0k5g7vCBw1eS21QbxbVUk6oCPbN8wcEa0rlTnc2wG8SPdbjxjTBcO8ugUUyKVZ4WltzOYU/xUZ2DISKxI2xHgabAfIRsUxCyhLI7olJgvk4K+TIoGd0i7IZ0nPWL2boaoreE8xDoFMnU7Xg0nOH7ShUwQKJzggE4xJaQ4tEDhZHBLZECogqKFQVNRdVO+kYsZaBFHvrGX7Pznru6vgVX3P62Xda6tWweOiDX052dsoWtqUBAgRtSmkLuRR0sH35c3y/V0/5IrLBFAK0+K7T5ZEiJIwSNzCc3TdvW4WUG1w8nGN4xhhBkxgctfUgpLq8NjCAHkPCLA38zZj2Ug4H6LwTScyMQgQLDQrerSe7/fuv27zv6j5XsaN71wRf2iU9sf/+auz8Qm/1Mtz94s2p4RBu+7Xx14Wt1ZMena20seu+VhovuOOCrq1sF5xujBT5X9cJ4hTRcjYFmUZknvDPRYFGHj3+B+Nb3/tu4Y3j/L7/+I99fhechcvH/g5/elBgXuj6f3H+X3n+D3X8H7jQbgZzXYs3E/6IadPWaDzIBIRonlT4zKeQ5zEkYx9SQ4zAbtlBHcJ+EYMZyuTYJUJctgO3uZbmmsAHID/hKJMRamMfwSlshVlDHig/4dBC6aSfXWn/7t2qa0SOWjzd17PvvmWfW9g2+8Q+rartmbZ55RMWntFPLAflL5WMkXlVUkea76N/WM2q9e9ulfX9hOUv48cuT1/8nGUJUg6Ey6g3RImAHdDzV2cAvR+9n5ihQACE4M7qeCfrj8i0QUdD0VdMOrYTmVCroEgi4bQNAlORbwzTIt8YOUBNS/AQiTuCRPkccsVpGXyXzS23+dOLc/oUAUHcURnenc9yFC3+q5PSV59r1sP7FHDerqcYxXCEPpXhSCw1PG5H4XZXyRCfNAMV4AgrpH3q2+NnBKDeo7zt6utP+0CTEYgzoRsVZHCLEtFWCFGED/TvThqXPYkMB6SQGXaNBmANbTboQsrRB+5XCViLUDb8v3DySSrwZ+kurPe9QPpTrxyz39AysHElXwWxTb5Cqp9n+wX7VIH4ptfX2UvnDwW7lfeV8wCHlCRI8xWT72gNEHu006c+iHDi6oDkXcpJBMPE4+6xvY+YL6vfjOiYFjuut/cogf4pn4arJRF5TdVH/MpfuSa4VQki9kC0TzmaZMh3m2L1SMqd5SuE0E9x6AkgDzgMMCgstnBdxUFDroeiHpk2yYn1gI53Nonmxr2CRcrPIN7dJxHghyPF4q27rY4rz6+ftCa9v33hc+0BnaWP3wzC3RP04c3TKjqME/aqKob5g7asKkUbPFdx58dX/3i4/efyR0+VW922umdE4Yf/nYexqqRk8TNLxUaTri+9cIkRSIMRYZNrdBZmAVMuLPwcG+EBZT2EF1krVH0CVAkjSqjdDFckS5A86SURtLc7A9Ora+dfyvXnt5RfOciYGaI70rmo967pfPvnioWC2qH3defvlVjhHQQq6Sq+Q6i0dYSAuO0l0N/T1Yie1rER6Qq3ROujssQitQcgB6lW7ZqSAAtKuOp9xJ8WHuCOzdoIv2cJqebsFgkyF5gi2koUFdIMqbjs37Ut0/kzw5cLbj2Byyu6/7FHE2Hz7V3ad+2fR7HNvNdPNQpRsDSKiCg49tFCMq4oksehJ0pAriMBJHs/Rhv0v6cKBJ3NfXJ77yIDlzRn1N/fRrWk/LL6zHCFVRMe7PFfcNNEkf9vURw9cknYw9o1of5PU0UH1JJxiFMiGiI8yiatfWZSM3y5h8GNxJt8FwcMIOe2Cj4JYyidRCDq8hh9Uxa17+/vvvxQ/E/zuQM+ASP1CvIY8SHr8Fm6YF8gI424axLy84vwt+sH9oNyn3K7mWImEK7jmnSE6tXD4bVz49rvyzuPKZQ+UGc6zcw+qB5xRf7L5wifsz4T6V0Cb1dv0h3Ve0jUYhSbDieuIVfEKAruDVwjRhljBPWCC0CauF9UK7cLtwl3AP+TtYs3rKKq++sSAtwE9me4ZTfakgzR+VZSGTDtYb/CBZt1LJoqLf4Q+5fOFpSwJaktLw9KV+f4+pyGXwhu4IhBMozSZ/aJYv2sRUgWG+iLn17gClZ+eaobF+iH0LdfpDqb6eEaMW3gRvZluBnvKqRRvom0N2S9TGXr6RCu+9cOjeI5jMNmgVSzHaIyZaUukloMLTnTmY2tKZySmBmZyKmckJSMtyig3eqI/tKHy+0IhAtIxd+P1gj6qhpNPZg03+noSaoNkbGhWIVjKa0f7QdEt4AV2tFvqjV7Oyxf5QA2SzbAlE6/HB6Dj2/NWW8PKE+ESla4m355Zb77gbWn4ja87Nt935a/jIGy3h9bTx632hmwLhzXQOLPZZbT2uosxhcEi7oIFK6sQJdA2/up6qQkuWrcJtcZGLzjE1VaFZ1lB9VajJ9nxOQXH6hInwxDAAFx7XwpKrjbnueobcZQ1Y6VCng91J1UDJCj9UM3TYL9giM0sXHPhb6bDTflNqdhDsYNq4B+fWWCCWl8QIK3B+C+CsZg/AMR9k3HBXDL0zYG1auXLlq+rb9N+VxPfqQ50dt/66s6Ojs6OT/ldCzIBSvQFOe4jlg30rVpUNrx6xYn7T1PLCuZPqygqG+ar7iFU9Q6zbvc7m9mvnj/z28Ar1z2TECvzPA8+vf22FVIo13EOS1W9IJxmx8tDAC795bMfDD+3c+dDRo0fOP79CUVeu/Gkl/jr/tjh1/KzyCQY5acKoK+Ys9RZOXZSfl599/mV2+8RSQzP5jbrm6sUDXa+pb9My9c+Hzu3FpnYOvQfXwyb1kL6brhOSkCMMo2MxVOyL2rgG7PVBmnKYe42StnTpzSSbwJlhUDtOt8ftK5ukbmlff5O6v3HX3Nqx5fVN1X8ZPu6aKS8/PfOlqydPqptSP75+orhc6u5v7p+tWxZpGO2rmFY5YdXUap9/XHnjrS2dO0b1G2vrp4y9bEo9m7/q6OTdh3pJVRwmIBrGxXcB4TlixPMsYwIeX0VEY+wwS/ZzU3mgImj1QH50a5qjLhIRH41EQo1SpDEUauyf0ch8GYfBe8CHSmpnvlLq39Bnib5fKosrv3HwSfQ1fI+WjxsqJ02D+UhPdUgRMRQ4/XJWPvgN1rMgRt/K6Wsp/UeAicDLmwcLsFxP6TP07bHy2by8Tk0BfvByhcxdz9Za5JN+aYy+RWji9I26BIgj4O0plbLRB/ZxWv9J3Q9Up28X+vGJtoHXB7cN1QU2W4n5nf2Lb/pldJDDXD4lB5RaOrdXYq5xtsOKyGielPVccTWjnkVY0CUc8KJFinl5XJCcdRlmYV2yWMvCqtTydKuQD3u+fFw8QOXZwP2AZL6OGpmHDdWFTZpbDXruEDgJdzkUPZmf7DGQjIZm+XhG+cHLUkKbBKxPrRYPDG5i9Rl8MXcJIziFo/XZhGfRmNQX6uPVuXl901ojajPUt/c+rG+GfErco7hi7ZMuaF+sPiFWX0VlMOAwEz2ZMaMlQquUTzm678mkNbI9ywZ5meTVvYF5VGcIzA0CjVDcsGoD1QqNqpS5era312NGJz3dMfQI+kSGLUN3LRgDZofzJvBeYEY1B4CvauY0XUWwEj9uw/YtUyBLeG3d+Klkrn2YgyjDnpa/bVxln5pamG2zWTOyCkunjssY//DslPknLilTl7wGH0MuvwulrzT5jZN38FUEIBixv1Q+JVQpHVSmHIJTAOQ4KzPFC2Grg5+SMe65ICeyu8ij6AuRl4q+v3TVNaS6ojNr96rFaxaSM1dWfDN+l3wq845HZjyTmzmtdcm4wxmtv3LMWSeI5xPlU4NO+h49e4/iC4vae0QldvZGV5ZUeIn9gvedT/y2cta2rv+ib6spv7V498I1y69VljtWzclYr75O31bfNTxz3JIFk/j3DH6gnKXfkye0CqF0Hz9yDEl+yJFs5VOyyxfKepfnJu9JS8kyDB3G+MCqCAcxWel0NTZY9bm4H3GmM90+F3BPL+YIvcJpPZm4PXw+v4g5H6VOmr+6XekwBesKve4LmER2dCj1DWucY24Qc7MdOSiP/eX0OzL1FvodhSDh+VrTQ05/T6o1n7Y3m12b0aolXNwizDcOQQ780LdMhI1/f3l3HbGNuK3m/i1zZ239lfG6WYWX19dllJSYVycuv6JgWv34rGJvEm1d14KJd1ZnTr5i6gwyYeUdGTkZBSNuaHfmOF3lvG2Kcghl5spLzEQGPhOlajMR8JWw/PAGxls+J4X01p4Es9XBdkoRo81ehUCDJMAmKnZeHdTkrfwRw9qWljXGRxMO73r6JXWS7/15axXv7Fnzpz8R3deSee0Cx68W/oL2waKm/5/bF0kyo7EB2mixpfDdnPHn7bNzqe0v32FYM6d1lWGr8cWuJw+ved83adNyxTvt6tmz/v2ZHpLnWHBt5pVa+/QKymjXv2wfeHUwa/dFgntBm7Npm7kYp6dkU7HQzoF9mkCnXJLxTmvEnIwRM9m2ngTZCkIeNsARAOTQzHAynG1N2C/6XK7DaNJOhf3CL/8gdVJzm79Suc4U8FRXDHEgcZkyfsLIcbaSXxnTnSUxOVeonCcKBXRXQrdpMV6YYrxQYMsBvi6JeLTQ47DQvUY0i10n+XmkYhxT4ARcH9eRiUmQ9CekWKMmiyPLBT2pt0UM6c54adOE7V8MnB365YuOmrcae59+6lCKcdG82MBJWNaEA8dbnKSI1ZNu/822f3uxbQMOmRWr6JApKENMHDUFs/HYqKaCSDQRi0BXF3HI/q97V/NzAYt/ko53hWhhFmeDVfNw0c7MA3w98Zhqgu7SGZN6Zta57101tVF931Y8bOSKupppDb5rOrjvkEW1iCXER/lcClymk+7piIgsFnXg15SEJxkAUmrGkwwTPzZMQ8WeRdV6LNU1G4nnhd+1XfmJvZt0qE3h15yxupX/l3U3q+2s7lKqX7HztEIhImvgm6i3yohhigHvkozHggJu6jElplnUl5KTqvqmpFNKC16Wa8n6c1OlGZu3G7yu7XiG/YW8Qe5En846Df1MOQ0LICY4SI/PNgVQKwrHQ0WoM6OkZcwdgjoL+AHqLIYjwxT5pcR+7p90k/B1/zn1O+JfcsOaJUvXrlkiVpNUUqn+Uf1U/Vh9k/hJ9jPPPffMvu5nmL8+/eagvDb+m8W4bzb8/Jtd7JtJMhlDviUG9S1JlzQr/bDYT9af3yKaNm9PnmDt1PYBci397gzhCn7qki4DrA6E7muIeXbDaQ3GIwPsFnbNbsEUnHR+Bmu0RhTQc9Cck8ROY8eKHKDDozlgJUOiojqy6vG5wxuamna1PHnP550nv72556CY9xYRVzQ1jAhcdnn96+vnhnbd1LOxwwxuD4g9sleuo+0sAmRHjDgswJ7Bgxz6y+pjQdkebDHgBSWDl0MGbXpyBnqjmGh7i6G9Epjei6rCJjglVyDNV4I1nJ0Dwdi2cEoGBGdbQ46LIP/wD/yQC5ByZFe+Z8aVf2x79Dd7e1eu7n78z/VbWx/4A3H8F9EDvIr6J/UfX/WK3spla69p/nLO9XtGVJ94sLeLI6y88/lM1DXT6LdtoP0LfrkrBJYtCH0O8cuGHA6NMHgckCsbHbn1/oiMOTdlBXZlFpaXxxcxyjGnQ8A7l6mARkQ0nFzgeGhBABEqKpDz1GUtdMHm00014jRxK8kOhdQj6hNktUE2OJuzM/8o3de/7Yy6haw90+fvyx9xdyHtgzba7gp5jZAJGjKCbMI5jtOHyGJ6X9iuMIxQ3bvhVJ7FPlU3hCruRCAmupxGBBP3OQwnWPCMgjI+r2KkC9iNSK1BtsIIlNttM/8yn2SqfRW3FW8MSs6BHzPdY+b+9bz6F/WT7x8Rh1V8+r4jsU48rZ5TP9Sbv3rrB/XsTA1Tr0H3hk2h2ibIU1A9KDfIqwRFyNbykYHA01Zf5LUHmJQuEpSdAyfVg2KhdD2RXztvlkO8zqm6Y7TOTOzHOrVbnirfRd9QSPsRJDOZYfwA1I+bTyRFcVH0mPJCz1NeZMDKZEpEFSPPGpYgapWuSjZ7CvZcMpslQTaTEO/HXhVyWzXswpFCQMMuREc1cEOKB/DCQVhHEj7e/d0d6m/VB+4Y3zTvsT8sNySO3r7m9+8R76K2+Xe3L1xwvXjP58S6Xf3gD2qD2mw+62g9/Mz86T/8bfktGxvWd90J+F1qiryaymoGHYlraa/DCTjdISAADEquBkqWCUhGLJWF4tfwYOhMAsHAgEmWKWhJG+3WA1KiNTU9B3wOQy5bWJeHkOg8haPe+rwu2cHuxlC7gnSVkPm3jiHolSdegNf10bE/3WhwElH9RP3sh2ffPP25TnfdX469T4LXrb7pGmXlxpNiKaFrQ9cD53d981Pd982qbcvTpJLo9+7ZvKuw53Etf568GuK8pH0srtAsxJV7Y+WzTfHlKbxcT1pIwyXq0UsPCrsF4b8B40vjowAAeNpjYGRgYGCUnHX5TkZnPL/NVwZ5DgYQOM22Yi6M/s3zdwVXL0cvAyMDBwMTSBQAfgwNK3jaY2BkYODo/buCgYGr9zfPv0quXgagCDJgXgsAljEGmQAAAHjajZd/aJVVGMef+77nPe/bGLI/RjHGkBCJm6wxJMZtyIWbf4whF1ljSAwRkzGEJStsjBEhsUpEhggSK+UisqJCJVQuQ4SQrBjDREJkxRKJGIiUxP6o5dvnOe+5uW5btvHle95zznvfc77Pr3PMvHwh/JlmkUDRKwfDr2Qy2iLt5pjsip+XohXpC56WyeASfEm2mUEp6ljQJ8XguGwLeninLBvo6wXjoOyxCewDPaDLc0nn67v6GzWEN8TG7TIUTYpEe6QatchYdE+qZgLs43lOxuxGqQYzinQ42kn/pFTjI1K1h8Bu5lvPPYwNy25zWvK2Uc5GW0Xiy/zuAPt8CE5LJ78zxZob4a2mJEnYm66YhdwO850MRE1SMW0yCA+aWRkMWyTPt2xUkkowKseD0fRNs+zalXhBKtpvfnPzK/pOeFoq4e/wuHQwNm2Oitjb0mwq0qDt8GfpCp+RjWY49xXc57T02tOeAto3Cqybc1f2s7an7MeyL2ySDnPPv4P22mck/T0cYa2qYyIdoFv3gg6VaJuMqt65M+kC/YNhqxT0/bhRnvN4Ge23Od3XQHwKxhbODhnOKWODa2j3EVwBf2Krjpod6sG6Drk2tlgNtYXaLDqPfui+FuIBuC2zw2pggw/Q/xj8Drjr9Pd2+BfUx7Lx6dVQWzhbH8326mxfz7p39YX1GB9Vm+v+o06+pRrN/iefU1Z/dj61Dquv635ggQ0aX3R7npEQXuJ5Dj7H86vosAX+TP0xuuq+c1xjRP3UxQm+6kC86BzPr6x+xn+Ug+AMvnrIf7ueu1lXra12RdN6jr+Rsfgm+yMGNQ48v+L5JY1LjY11mZjVuKlnF8fY7P+yxruLOY33o4/iXmOvnkP1gWPypZ0mdxxgD834Z7NMO/28H2gcqC/W9lm/Xp2buywtZkFmM+Ra4buaL8ypXH9uhthfkOvmgnwYfCK7RFaeBN+K/PEjfBt+S5m5t8wpmY0m0681bqOG9KQ9m540LfD59JptS9+zvem1sJR+U8uV5k1ssp24Vh9jT+o7uk7NlWp/l/98ntTc4nLkMv3EnrlCnmYPqo+9g93IkXEgI7ZXujSuXYy2s89RKavdQxDlZUr7NL+YIxI4PRgPV3wMPiDPlLzP3ZPEzbsqVsddHC6h0wMZd/ML9JUlr79pB2hfTq/bz2n/LCP8RqP2u3fyWV+0wNxG1viQvO1zkh1l/arBfmyDXXyN+FNjgHlNicnmqFb2BPMK7En3r/q1wl5D24aNJlxNkahDdutcN1/r0bI0OQ29tjX9XB5AP/3Nmn62SP9NGUkqUk2WaN9gvdqn3ypLTzIF96XLLsfhQ1Ebut5E153SprnBruBzqvdVF8+a01RzsV/AO3yt6XK1xtUpM0KcaI15mzY1JjrEWFEmYubHd2ifZWyeuUugRXpjA1/hGz6Xan7R7xvyl/q0r3E/qU/Hray91dU449Zx1efLPVJJLhDrzeSsvTzvYN402gwx5xbP5K2kAS1Zpz2AfVakOUHLuIHxDTyPykbnZ2prH1MRMWv0Xc8NR2XsiTx6nM/i0n1vo2f9rtpbc+6iDJuDcoG4+Y34mQdz8ZLk4xnQz5r2s+b7aLQkxtlMdcNH0KJiiN3wPv2LPN9gT93s43Bmf7UB+QRbOdtUzRy8GR2Wmf8Dc6bQdZbxB+zxM77D7z4h7BF72i7WXHxUJ1yMDbEGzUPv+3wE865q1RDjn7afPHcAH78uE+o/akO4GvVjxxPMq7I2z+rj6qfqK+SqatTLNy9Ik/qaqx34if0BVpv530p6eWeYc8tM5vur61wtv+H/bzgfPCxnzPVHXPtWTRfmFNCw4OIDn/ib16kL6vfqexonzn/q2a9R41B9UePF+WzNPgvMyePbeoZTH2/NzmfsZzDeC8rSYpelEH0oLWhRTrYTrxP44C72fIp1DWGPMutpIlYXqdUdnAlex75H0GzuUf3XGNczXa1+1PO65wTH6c3/Hn88P/78kM6b2XRxjfFP3bloRo4Qvwf9eeDYevbIOF1cd9zXwsdyfd31tfNx/I+6vAbb8w9fM9xLEr2beKZuSgDn1AfGaffQnqZjXtyfu4t48E5f4qFne63NiqBfirlZaQmnMpjN3EOexu+el4kwkL32Fmfli+SeIncb7jx6FwoecO8BZoqxhodjwSbO8Al1P5FG0A/a9czteUu4V4b83acv3kRcdLozaMnqvSkv+aQg70Z3pC+iNmmdRe8hzuEvgG49j4MXia1urenRfZmh3uXdGXafbI4+ltGQXLvq7jTgmDOF2YNunfj34QzUHwfJ9OtXaDtskxJ4NuP0e7gA/woXQezHS8RzSc8d/rlQY/LssJHcbo8yNhmvvVMDZ5l2zjSNGa901kPPQ8GANCnC29w1F2Uo/AW7oZO/Oz611t1RY772/xc8SXfFAAAAeNp1wnFMkokCAHAekhkRKWdGZOYZIiJ8AvfJ8b4UiCOO41DBjMjQPPKK83nmeWTmmZmSh0ieeXzwfUREno/A90lmzjnmnHOOOddcY44515xjzTnmXGPN3Zxjrz/ev2+/Hw6H4/9PFy70jxE8iF9NaUgxpwRT1lIOCCJCA6GHMEGYP5R+qPSQI5WYakidPQwcrjocTVOkWdPepm0ewR/JOmIlQsRu4tZR/tGWo9jRGKmC1EcaJUWPkY7xj40c+0iWkM3k7eOS41PHt9Lp6fUZ9AxdhiVjOmMrY4/CokgoeoqZsv+F4Qt/JiGzMXP2hOXE0olkliLLnOU9ST6pPemjkqgt1LFT1FOmU3On4jQ7LXw69TR42n16Jpuebfhs9Az5jOnMx5yqnPazWWerz37Kbc4dy13NTXzp/nImj5hXk4edyz2nPOc994FOodfQzfRIfnp+bj43X5Ifyg/nR/I38uP5eww8Q8swMJoZHYw+xjDDwxhjTDMWCvIKgAKoQF5QVVBX0FhgY+KZZCaNyWDymSKmpTCzMLeQXSgslBWqC/UsMovGYrD4LBFLydKyDKxmVgdrl7VflFpEKcopYhUJijqLEkVJNpGdxc5jA2wHe4QdZIfYYXaEvcGOs/c4eA6ZQ+MwOHyOiKPkaDkGTiMnwUkCRCALyAMAAALkQBVQBzQCbUAPMAi4AB8wCcwBy0AUiBXLi4PFoeJwcaR4ozhevMfFc8lcGlfIlXHVXD3XyDVxu7lz3GVulBvj7nL3eak8Ci+HV8Pr4Q3yXDwfb5I3x1vmRflCvp3v5WP8Gf4i/x3//Ve6rw7ANDATzAXZoBCUgWpQDxpBE9gN2kAEHAUnwFlwCVwtyS1BSkZLJkpmS5ZKVks2S3ZK/hYQBOmCbAFTAAokApVAJ2gQtAg6BRaBXeAVYIL1r0u/HhWmC43CZWH0nw2QEJJBakgPGSET1A3ZIARahiJQ8jz7vPK89fzE+YNSqHS2dLcMKpOVVZTpyvxlGyK8iC2yiOwijwgThURLolVRTLQr2hfjxUQxVywUS8QKsVo8IZ4Rz4sPJAQJSVIqkUmaJW2SSUlIsnABuiC94JKmS7OlTCkolUhVUp20Qbr2jfYbt4wqG5YlLkIXHReXLr6TM+SAvF6+Lf/4reJbvwKnqFF4FYnvGr9bVLKUo8oJ5axySbmq3Pze/P2yqlpVr2pSRVWxclm5qry6vL7cWH5QUVcRrAhVhCsilemV1MqGyqZKU+XbylU1TW1VR9QbGoqmR2PVDGtcmhHNmGZSE9LsaZJVqVXyqsGq8CXqJeOl2UvJan31ymXGZeAycjmppWu7tH3at1ckV8xXhq4s6vC6bt2Mbl4X1yV0+1dZV/lXsatTVxM1wpqWmrlrxGv6a+5r+/oGfUgf1kdqq2rraudqw7Urteu1sTppned66nXK9ZzrrOvGely9oX7pB/YPfgPNcNPgv0G90XUj0dD0I/5H782bt9i3wFult9y34ka50Wp0GEd+Yv002Qg0+v7lajL/LPt5qZnZ3N2MNW/errk9dDv8C/DL+1ZD686v6l+nTZkmm2nWFL/DvWO6875N3ua/S7pLvUu/a7q72E5ur27H7pHvae+57sU7oI6ejuXfoN98nfLOrc5EZ/K+8H7r/Y77k12Erpqu0a7EA8UDx4N4d2m372H6Q91Dd09Oj69X2hvt3eiN9+6ZDebwI+Uj96NEn6rP3bfzu/x3h4VmwSxTlnnLW8ua5YNlx/KpH9dP6m/sj/Rv9Mf796x4K9lKszZa561vrWvWD9aP1oOBtAHjwPTAwsDKwPrA1kBiIGkj2rJseTbABtnktjabzzZpm7Mt26K2mG33seBxx+O5x+HB0sH5P0R/zAzRhsxPMp+0PlkZZg07hrf+hP602Qn2TrvFbrd77Zh9xr5of2d/b9+2f4JxMAmmwnSYC5fCCrgaroeb4HbYDA/BbhiDZ+EleBXehHfgvx0ER7oj2xFyLDuijphj17HvTHVSnDlOllPglDornDXOm85WZ49z2OlxjjmnnQvOFee6c8uZcCYRIpKF5CEAAiFypAoxIK1IF2JFHMgIEkRCSBiJIBtIHNlD8SgZpaEMlI+KUCWqRQ1oM9qB9qHDqAcdQ6fRBXQFXUe30ASa/H9c2S7IpXO1uCwur2vRtfM08yn01PDU93TbzXTL3C1uj3vfvf9s7dnms21Pqofh4Xukn9k8sefC557nYa/aO/8i7UXdi/cjppHuv9L+wkZZo6v/tvtyfAzfoM/jC/rmfCsvBS/7Xk693Pbj/Ey/27/h3wnQA4pAU8AbCAZCgXAgEogFEoHEfyYw3GcgJsFUmA5rwFqwTsyC2TEvhmEhbAFbwaJYbJw6Lhk3jg+NfxjfGf8UxAVJQUnQFFx7xXjV9io8oZqYf417DbzWv7a8jk4SJnWT4Td5b9rfdL8ZeTM2lT01POWZGpuanlr4LyeNNpoAAAEAAAOxAIoAFgBYAAUAAgABAAIAFgAAAQAB4AADAAF42m2QMU7DQBREX0hA0FBQIUSxByAW4QiAoKQIonfAJJGiGEwQgpqSE3ADLsAZqDgHx+B5vbYokPWt+bMz8/cvsMktfXqDLaCyGtxjx67Ba2peE+6zzVvCA/Z5T3idXT4T3mCP74S/WPLDKXOm1sp6oeCGYOX2ueiakjuenVerZrKBD+uIQ0bWMKERB7Lnqkt1C3MCJ+JKd/3PY37pxIwLuUIUGMsveeDYk4VTn+Qn7lzrVv/oQqe88qSSaTKD87N4n9bTOoad49Lbz2NGmx+cl0dmGj1FumfzBhO3DnazuMtZ5xlzz6NJlV9hcr31X3e9bfYLh9REjnjabZgFeBtHFscfWFJMwTIzN7XAgrIWlDjkNImbJsW1vZY3kSVXECozMzMzM7d3ZYYrMzPeXRlv4Wms9Dvni/5vdnfe7/9mZ/fbGSDw//4agAH4P398k/uDQMDQBCEIQwRGQTO0QCu0QTuMhjEwFsbBeJgAK8CKsBKsDKvAqrAarA5rwJqwFqwN68C6sB6sDxvAhrARbAybwKawGWwOW8CWMBG2gg6IQgzikIBOSEIK0pCBrWEb2Ba2g+1hB9gRsqCBDgaYkINJMBm6YApMhWkwHWZAN8yEnWAWzIY50AM7w1zYBebBfNgVdoPdYQ/YE/YCCwkugUPhMLgPTofP4HA4Ho6B8+AquBQZjoY34BA4BZswBMdhGI6Eh+AdjMD5cDX8AN/Dj3AxXAdPwGNwPfRCH5wI/fAU2PA4PAnPwdPwDDwLn7uj9yI8Dy/ADZCH7+AkeAVegpdhEL6Er+EoWAAOLIQhKEARLoQS7A3DUIYK1KAKi2AxfAFLYBkshX1gP9gX7oSL4ADYHw6Eg+Ar+AbuxlHYjC3Yim3YDn/Anzgax+BYHAd/IeB4nIArIOKKuBKujKvgqrgaro5r4Jq4Fq6N68DP8Auui+vh+rgBbogb4ca4CW6Km+HmuAVuiRNxK+yAX+FVjGIM45jATkxiCtOYwa1xG9wWt8PtcQf4AD7EHTGLGupooIk5nISTsQun4FSchtNxBtwIN2E3zsSdcBbOxjnYgzvjXNwFfoPf4SP4GOfhfNwVd8PdcQ/cE/dCC3uxD/vRxgHM4yA6uAAXYgGHsAj3YAmHcW8swyfwKVbgcqxiDRfhYlyCS3EZ7oP74n64Px6AB+JBeDAegofCa/A+HgZvwlvwNrwHr8O7eDgegUfiUXg0HoPH4nF4PJ6AJ+JJeDKegqfiaXg6noFn4ll4NlyJ5+C5eB6ejxfghXgRXoyX4KV4GV6OV+CVeBVejdfgtXgdXIDX4w14I96EN+MteCvehrfjHXgn3oV34z14L96H9+MDcAb+A/+JD8I5+BA+jI/go/gYPo5P4JP4FD6Nz+Cz+Bw+jy/gv/BFfAlfxlfwVXwNX8c38E18C9/Gd/BdfA/fxw/wQ/wIP8ZP8FP8DD/HL/BL/Aq/xm/wW/wO/43/wf/i9/gD/og/4c/4C/6Kv+Hv+Af+iX8REBIRUxOFKEwRGkXN1EKt1EbtNJrG0FgaR+NpAq1AK9JKtDKtQqvSarQ6rUFr0lq0Nq1D69J6tD5tQBvSRrQxbUKb0ma0OW1BW9JE2oo6KEoxilOCOilJKUpThrambWhb2o62px1oR8qSRjoZZFKOJtFk6qIpNJWm0XSaQd00k3aiWTSb5lAP7UxzaReaR/NpV9qNdqc9aE/aiyzqpT7qJ5sGKE+D5NACWkgFGqIilWiY9qYyVahKNVpEi2kJLaVltA/tS/vR/nQAHUgH0cF0CB1Kh9HhdAQdSUfR0XQMHUvH0fF0Ap1IJ9HJdAqdSqfR6XQGnUln0dl0Dp1L59H5dAFdSBfRxXQJXUqX0eV0BV1JV9HVdA1dS9fR9XQD3Ug30c10C91Kt9HtdAfdSXfR3XQP3Uv30f30AP2D/kkP0kP0MD1Cj9Jj9Dg9QU/SU/Q0PUPP0nP0PL1A/6IX6SV6mV6hV+k1ep3eoDfpLXqb3qF36T16nz6gD+kj+pg+oU/pM/qcvqAv6Sv6mr6hb+k7+jf9h/5L39MP9CP9RD/TL/Qr/Ua/0x/0J/3FwMjEzE0c4jBHeBQ3cwu3chu382gew2N5HI/nCbwCr8gr8cq8Cq/Kq/HqvAavyWvx2rwOr8vr8fq8AW/IG/HGvAlvypvx5rwFb8kTeSvu4CjHOM4J7uQkpzjNGd6at+FteTvennfgHTnLGutssMk5nsSTuYun8FSextN5BnfzTN6JZ/FsnsM9vDPP5V14Hs+Hm+EW3pV3g9vhDniYd4db4TZ4BA6GB+EIuIb3gEd5T94L7ocH2IJ7uZf7uJ9tHuA8D7LDC+AnXsgFHuIil3iY9+YyHMsVrnKNF/FiXgJn8lI4G86Cb+EyOBnOhSvgBDgVToO7eBnvw/vyfrw/H8AH8kF8MB/Ch/JhfDgfwUfyUXw0H8PH8nF8PJ/AJ/JJfDKfwqfyaXw6n8Fn8ll8Np/D5/J5fD5fwBfyRXwxX8KX8mV8OV/BV/JVfDVfw9fydXw938A38k18M9/Ct/JtfDvfEakVnY6ObIeoEagWE42LdopmItkhq69cKkasQMPZ3rK9yA5bvkSypXypaC+MWIG26n1Oua82NFCwl7T2jcQten+pavX12cVqS58Kw0af5aXsD8Rw81vViClAW4BmALR9aTFHEtkqjJhiww40bAYZbV9aJzWYyjeYmjSSK6/Ctkl9paEhSxr5hkbr5IY8gyNx0+Req9w06P6Eu6pOod8OO75EuqQSRyrpCipxgqHrEs9OoNQ1hZwFrVMaGAtG4rapja4WLtfIl227WLCK/U5feJrVV6va4YIvbdMarys0NMLTggEq+NI0za2+qeD+hGcE/YtB/xmN/YuN/WcE/YvBABet4VKlWi4ND9psFvNsF/ORbim+JMV3B8WXfGnvHqwV81a5NlSwatX2UmMrPCvwUA48zGr0UG70MCvwUA5kdtCr4kvr7IZhrDQM45zGbNXGbHOCNNVgROZ4t7Tq3dKe4JbWglvaI1XVpKqeoKqaL6GeslPMh2reb3vPchXWGluRHrn1NXlq5ja4XdwQz2uIl47E4flBrct8aZk/Mo2XqTBUKBXzlVD3YKlcDJX83x7/t+b9+k93NNfRkvW8BmksFUayZqCWHYxmd6VgVQaDuDQSt81uHM1KQ8PPH4tmRbVA46lma8BxOlOZWCY4oovm4s35srXIdlP0Nvu5/cgfcy9qHyyVFlq9peAKv0+8I9fmVttrF0qLvYOhaqlYqrT3O3bZrjgVv9WSLQwPWn7YbBVLVbtgO1abOVxx3NHxD48yq3K+qyRRW/eQ493boNHTcHFL95CdDy4a57iXL8cK+awmza5aoUmWOxIR4TTNdw+xywnNGXSjJg8UmmoND1vu0zrU22/R9BrNqNEuTkTINNPhWYOl0GwnP2TxHKsWERc8c9Bh3f0/s+K0dTU4GCMX1Nstliq8zW4s166X69TLXaG2fNegGL9/U69XTN4rJtRvF6pWRHI1LfNK8k5W/ZK8ZKGFfkmFoKRijZY47rPv18PlwVK44hUTDfnCVbcm4fKwW0+f+99thkreALc1ju2Yv9lrKzXenVrj3SmpuxP2bUVHyahEw/6pqD9vEh0d/iyMdrgTsh51RlUUU9HI2YSKOlWUVFFKRWkVZepRUtGSdb6hjtRZ0YTKG1XZoipbVGWLjXhXjmPKcUz5jKl8MeUzpjLHVOaYyhxXmeMqc1xljquxiCtGXDHiihFXjLhixBUjoRgJxUgoRkIxEooxMi4JxUgoRkIxEiPjrXokVY+k6pFUPZKqR0q5SikvKeUlpbykVOaUypxSmVMqc0plTqvMaVVvWjHSipFWjLRipBUjrRhpxUgrRkYxMoqRUYyMYmQUI6MYGcXIpIK52TkyFiPZ6qyoenLcfypSc7gjrqKEijpVlFRRSkVpFWWEX382olHFygTfpIlkh6hiqzkRzSTkXF07RZOiUl8yLSq8ZFZUE9VFDVFTNBdoSjykRjyoatS4RtW8jGaEn6qr+EiJj5T4SImPlPhIiY+U+EiJj5T4SIuPtLxT0jFRGau0jENaxiEt/LRw08JNCzct3LRw08JNCzedU2+2kfkmuTLCrt+n+r3ICLs+BvU5pvqJh4x4yIiHjHjIiIeMeMhI7bJ2SWSl9qzws8LPCj8r/Kzws8LPCj8r/Kzws8LPCl/WRoms8LPC14SvCV/WTglZOyU04csaKqEJXxO+JnxN+JrwNeFrwteErwlfE74ufF34uvB14evC14WvC18Xvi58+fZK6MLXha8LXxe+Lnxd+IbwDeEbwjeEbwjfEL4hfEP4Rv3pSCfqZ8SBIQ4McWCIA0McGOLAFAemODDFgSkOTHFgigNTOKY4MGUETBkBU/im8E3hm8I3hW8KPyf8nPBzws8JPyf8nPBzws8JPyf8nPBzws8JPyf8nPBzws8F/M6ODtGoaEw0LpoQ7RRNiqZE06IZ0ayoJqqLGqKmqPCjwo8KPyr8qM+PmoE/V6OBxk3RXHiu/5kfXhzI3GAds9iX5rn1b7zmxfUo6JeVfFnJFzzxrgoveOJd7RRNiqZE06IZ0ayoJqqLGqLiN3jio6YmfE34mvA14WvC14SvCV8TviZ8Tfia8DXha8LXhK8JXxO+Lnxd+LrwdeHrwteFrwtfF74ufF34uvB14evC14WvC18XviF8Q/iG8A3hG8I3hG8I3xC+IXxD+IbwDeEbwjeEbwjfEL4pfFP4pvBN4ZvCN4VvCt8Uvil8U/im8E3hm8I3hW8K3xR+Tvi5aHheMHGX+iJHhZ4Tek7oOaHnhB487dFcwqfEOoKnxNWoaEw0LpoQ7RRNiqZE06IZ0ayoFmhU8kejLQNOvla2+911u//q9dYR6fZasd8uu4t290RvoX3vmrs89jYxyhW7P+gYy4WHnKK/qeIuu4v9zfaSPnd5514dnO/MBZoSUEoMp8RwSgynxHBKDKfEcCrXVHDKVnjYrniLyP5SMd9k1sol32MyGpPPKDeSz91kNN4ZDFI01iGabLYrVWfIqtr9zaWibTv5wepgW3WwbEtcaR1wFtXjtopbYVEafoZYMKym3I6cpjQqGhONi/pV5szgZZzLBS9rV42mYq1QCHVNtArVli5/ggSh/3bzwjFdI3s4Xru9q/6eCy70tzu8sFV2DoPD/t5ScDjYL/Li0V1qq8drhrumBBnry3qvNcprecHYxr0C/zq1nl2ulfRbfUvLTqHg9Pncsf5+WOMuaEM8riEue2S72Z1kjlVa4lit8rHiG5cPiHrsvZIa4qwXTxgZG7UB1HBMbQ+NHznmbQr97TK1YzTad68yBU2VpN1v1vsHJ1XXsfUB8M4X7AG3zPqIuBPHPdaj//3INH2Ue2MmDhdrQ5Fldrk0sVQJewe8rYjFXmuUPyPdIDJQqpV9dWeld77iLPHO+xPTC/zJ6V1QdPwEobw/dfLLT52WvJoVo7y9a/8uN25Wewf+BxNpLygAAHja28H4v3UDYy+D9waOgIiNjIx9kRvd2LQjFDcIRHpvEAkCMhoiZTewacdEMGxgUXDdwKztsoFdwXUTyy8mbTCHDchhz4FyWIEcNhUIh3EDB1Q9p4LrLgaO+v8MTNobmd3KgCJcQHWct2DcyA0i2gCJzSls) format('woff');
+	font-display: fallback;
+}
+
+html {
+	height: 100%;
+}
+
+body {
+	margin: 0;
+	color: #000;
+	vertical-align: top;
+	font-family: "Open Sans", Arial, sans-serif;
+	height: 100%;
+	background-color: #ffffff;
+}
+
+table {
+	border-collapse: collapse;
+}
+
+th {
+	font-weight: normal;
+	text-align: left;
+}
+
+.dashboard___rjJwV {
+	padding-top: 60px;
+	height: 100%;
+	box-sizing: border-box;
+	width: 100%;
+	min-width: 1250px;
+}
+
+.content____c2kb {
+	min-height: 100%;
+	box-sizing: border-box;
+	padding: 25px 30px 68px;
+}
+
+h1 {
+	font-weight: 300;
+	font-size: 29px;
+	line-height: 40px;
+	margin: 0 0 15px;
+}
+
+.logo___EScpZ {
+	display: block;
+	width: 200px;
+	height: 57px;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABbQAAAGgCAMAAABFdBF7AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAADDUExURUdwTAAAAAAAAAAAAACVOQCWOQAAAAAAAAAAAAAAAAAAAAAAAAAAAACUOQAAAAAAAACPPwAAAAAAAAAAAACXNwCXNwCWNwCUNwCUOQCUOpeXlwCWOACWOACVOQCVOJeXlwCWOJmZmZqampmZmZ+fn5mZmZmZmZmZmZiYmJeXl5iYmJmZmZqampiYmAAAAACWOf///0Cwa4DLnJmZmcDlzvD58xCdRTCqXqDYtWC+hNDs2yCjUnDEkODy57DewpDRqVC3dwboLiMAAAAudFJOUwAQ4CCAwPBAwIBgoDDwsNAQUHCQIEDgYKAwQJBwUNDAsIBgoBDw0LDgIJBQMHA/uSSPAAAnI0lEQVR42uzd6VLbyhZAYUue5EEe8ICpAJUncNsUGAiQ8P5PdZJz66Y4CW53t3ZvSdb6fqdwENay3FZvt1q1M1t1vnR/6lyvWgCAShf7+tZ88PWSQwIAlU32Jjd/yDszjgsAVFHnr2T/sr7hyABA5dyszRHdK44OAFTKsmssNjOOEABUxuyLscs7HCQAqIjr3Jy05gZAAKiC1do46S45VgBQsuVX4+zLjOMFACWadYyP/JpDBgClucyNp1uWtgGgHKtbE+ArS9sAoG+5MYHY2Q4Aymad3ATLmSMFAJpu1qaQLkvbAKDlqmsK27C0DQAaZhsjgZ3tAKCgyGI2Q1sBQNVqbQQxtBUAIlp2jTCGtgJAJCcHsAYtbbOzHQBiuM5NFAxtBQBxYXvWGdoKACXwGcAagqGtACDGcwArO9sBoESXuVHA0FYAELDqGiUMbQWAgpYboydnaCsAFNHJjao1S9sAEOpmbdQxtBUAglx1TSnY2Q4A3mYbUxaGtgKAp+vclIihrQDgYbU2JWNoKwA4WnZNBbCzHQAcRBnAytBWAIjiMjeVwdBWALCKOYCVoa0AICr2ANYQ7GwHgE8pDGBlaCsACLlcm4piaCsA/GHVNRW2YWkbAD6sjGxMtTG0FQB+6+Sm8hjaCgD/ulmbWmBnOwCUNoCVoa0A4K0ye9YZ2goAJ13npmYY2gqgsVZrU0PsbAfQSMuuqSmGtgJonIruWWdoKwB84jI3tcbQVgANUrUBrCG+srQNoBmWG3MW2NkOoAFmndycCYa2Ajh7l2tzRrosbQM4Z1ddc2YY2grgfFdGNub8MLQVwJk6n8VsdrYDOHs3a3O2GNoK4Mwsu+asMbQVwBmp2QBWhrYCaLTr3DQAO9sBnIXV2jQEQ1sB1N7yq2kQhrYCqLVaD2BlaCuAhrnMTePcsrQNoJ5WXdNIDG0FUEPLjWksdrYDqJlZJzcNtmZoK4A6uVmbhmNoK4DauOoaMLQVQE1WRjYEm53tAOqi2YvZDG0FUCurNalmaCuAmliymM3QVgB10YABrOxsB3A2rlnMZmgrgLpY3RJnhrYCqIlmDWBlaCuAWmvcANagpW12tgOohktu82NoK4C6WHGbH0NbAdTFkj3rfjvbZzxnAJSHPevet/+xtA2gLAxgDbr9j6VtAGVgACs72wHUBgNYCy1t8wQCoIo96wWXthnaCkAPA1gFlrYZ2gpABwNY2dkOoDYYwCq3tM3QVgCxXbKYLbm0ze1/AGJiAKv40jY72wHEwgDWGNjZDiAO9qxHWtpmZzsAeVesjMRbI+FiG4AwPoCMerHNTdsAZJtNWKk2AJoNqg1A3BVRjV/tGc8zADJmjBrR+DSSJxoAGWxcV8GdfwBYHGGBBEDTMNRPa28kzzUAxS2pqdalNk82AMWxoq2Gr7MBUBy3jqjZ8GwDwOoI6yMAGoTNkIoYrg2gqA4p1cMX2QAoii8+4KY/ADXCXdpEGwDRBtEGQLSJNgCiDaINgGiDaAMg2kQbANEG0QZAtEG0ARBtog2AaINoAyDaINoAiDbRBkC0QbSBysi2nyPaINoA0SbaINoA0SbaRBsg2kQbRBsg2kQbRBsg2kSbaANEm2iDaANEm2iDaANEm2gTbYBoE21/L/v93d3rfv+i07zD/v3u7lnr0Yi2jnF/MJhkWfrhpEyzbDIY9MccHKJNtAWjfXj+/rD77f7H+yFu8F7uvv3/wd6e9kT7DCT9wSTd2kwng37CgSLaRFsg2i9Pu798f46Y7D8e735PtN30PxeaWbGfNl9Mt26mi7nc7/3Z5fv483+ZiB7w5PQDHvv/Ff3r/NIuFM9gP98wDQbz0Ecn2oLRPvzYferhLtLl9uvDX4/1g2g7OfK8H4YFSeYsSoaTrZ/JMJH5vbeZcxtGogf84wvbwPar9oP/1AvLTx1HeA75SCeDeUK0y4v249vumIe7GLF7+uyhvh2IdvgJlyalRbs/CjrtR3PlaAeGzqXFtjcZafB7KssPHbRKjnbQeyaiLRbt54edxbdH8dbdH3mkA9EOP+EG5UQ7GabhV2sXiWq0s2jRtvU1OLCWV4I0qUS0f+r5vPYSbalov+9OeNW4zv632kQ7/ITrtUuIdjLoFTvlB4litLfzWNFu2d5s9MJWgG1rLvNWVaL96xXE+Y9ItIWi/fhwKtq7J9n17OMPdEe0w0+4iX60h73iV2oXitEOukB1inZiOxJBV/hty0+ctKoUbffXXqItFO1vu51qtV9sLxIvRDv8hOsrR7s/lblQ66tFO2ilwu1oD7fCF8aZ+KV7vGi7Zptoy0T7ebfTrfaT3jV9w6I9VY12shA74xeJVrRDcuf4EpltRZeg59E+hYwS7Z+/45xoa0X7zSnacjfkHeyP80K0w0+4oWK0x1PJE36sFO2Q2/4coz22viz5PqhtuWXaqmK0t9tJQrRVov2+cyS10eZV90PPRkW7l6hFW2A1+z8ulKIdsIbk+oOs7zx87zYcRbnxO260T7/2Em2RaD+5RnsndOffvf1R7ol2gRNuoBXthfgJP1KKdhYt2kkq97D9reibBaVob3tDoq0Q7TfnaD/IrFycehiiXeSEa+tEexThhM8SlWj7ryE5X+/Oi72V+CiVfDulF+1TR5doi0R7505k78vjqUd5IdoFTrhMJdqjKOf7NFGJdi+JFW3r43o97ED0gwvNaNv/e0RbItoHj2iLLF3sTz2I1OCox9fv97vd2/3dvknR9l3vDIr2KNL5bq+2VLS915Dcj3S70PqP22eaWava0bZWm2hLRHvvE22JG/KUor3/sHT+9tygaKfxoz2Kdr6PVKLtu4bk8fIoNDgqE1wAU4+2rdpEWz/aAreQqET78MennW+PjYm259ppQLQvIp7vC5VoT6JF27YW7X6n3kXMW7TjR7s3JtpVinbxpGpE+5ON+c+Nibbfkq1/tPtRT/i5RrQ915B8fojE4CjbLdppUv1oW/6TRLuMaD88Vj/anw5TeW5KtP32cXhHO+nFvUpra0R7Gi3arUnYL+f6I/qtGkT7+FsZol1GtAvfQhI/2oeHqB9wVj7aXvs4vKM9iXy+ZxrR9ltD8uqnbcyT27rMXG5hp6xoH31tIdqlRLvoLSTxo31k987DoSnRziJGex77dD/eU8loe60h+YXpInD15/dbmbTwpXr50U6JdqWiXfAWkujRfo8+PaXq0faZKecZ7cTvCw+m//teQb8FkkQh2l5rSJ5Xk9Og1d7fFmIfMpcY7WPL90S7pGgXWx6OHu3j2+QPTYl2Gi3aA8fwZoPhf79Gtz8/9T3tJ3sqGm2fO+c8o13ss8ix2FJ8qdE+8tJLtMuKdqGuxo72o+osqmpG2+O+ML9oO30KmV0cW1Rvu339b1sj2lm0aBcbHDWN/ymkRrSPPAWJdmnRLnILSexo36nOoqpotN2XbP2iffpCO72wX8Imw9MTXUca0fYooO8PKPIlNhdStwWFPYdGfQfzwSILfLdHtEuLdpFbSGJH+151FlVFo+2+Zdov2qcutFOXuRj9LOwlRzjaabRo27/ExnqIbPee9JL4zyGPt2iLXsAHK0S7vGgXuGiNHW3bl6cdGhNt5+tIr2gPT8TW9XOyeRpyA4lwtN0D5X+IgwdHZaG1V4/2r6dD6n2vNtEuMdrht5DEjrbGLKoaRDuLEW17CzP3K8FkEnARLB1t5ytX/2iPA98FzYVu5NSJ9okvnEuIdsWiHXwLCdHW+RBpKB/tttxGzBMX7WONaDuvIQW8mQkbHGVdDG9XL9r2P+OcaFct2qEFJNo60XYcUuET7Yut4Jv3ofcLgHi0XbeOBkQ7CRoctRC5IUgz2rY/44hoVy7agbeQEG2daDuefz7Rll1wHfpmTT7aWbRoB32JTb/4a7B6tC3vKaZEu3LRDryFhGgrRdtty7NPtCXuVnG8cG+rRNtx62jQZ72Z/58mVblFWzjalv91QrQrF+2wW0iItlK03YYLeUS7L71VL/O7cP+HvTtrjttG4gDOo4rgVWSR8+YXl71H9mEzHCk6LVvW9/9UG8mV7HqjAbobjaOHjddEkufgj2Dj30AAtGHzV5Kj+I2jOt/PMg3aPeZGo2inRpsUIVG0Y6ENmp0h0O68i8Nw1w5x0IYhRXt7sWuRtfdTUxq0z0+1V0U7Q7QpjeGKdjS0Z160J9biiN21NhLaIA2J98QKN8Vv8UXwPNA+IO68inZ6tE8vina+aENWBxFoV+xpNEvELRLaoPsNEW3cxlFrlI2iQqBtGD4YRTsi2vgIiaIdD21A+4jxR9Oj4DpgFrGCoA2pIVF/0noAcg2+f1GrT7HQLhRtWWifvt0p2tmiDbgG4WiPnhmM98aIsTQM2m04tDEbR01xNooKgnYFb2xVtHNA+/RF0c4XbXfhAo62wZQyvBexllhoA2pI5Dk6vBvJcLTbp0K7hX8xJKJdm7Xrph/HeUxdt5pRPNrYCImiHRPtNgLaPptiDAg9AqHtNpFeWJmBf9faQLkUinYqr/vh3Y9wHtZRNNrICImiHRNt8mrZX//PLkSD9Zoebfe/n472COzV72JtFKVow8cyWHcxbIa+lIs2LkKiaEdFuwqPts+WoSYDtJ01JI8Y/AF0Qx29KlyXi7ZXPa716i2tD4BDmprBiEUbFSFRtKOi7Yr4MqDt88Udc0B7Coe2dS1yhlRRukLRjo62AX+Bql4o2qgIiaIdF21HyTYx2kUOaLtegc/r7gE31NXjSUnR5kfboL4+LGwnQBsTIVG046LtCIwxoF2IR3sOhzbgEBvrLiVG0Y6MtuOAjve+gKNItBEREkU7Mtr21gxF212W9yuOOgszk0flRtHmRntpjvjRiUQbHiFRtGOj3SrafjUkv0mwa+OoJXJEW9G2TbOHI2nMZVZoPzzzRkgU7dhoW4O+ira7huSHtjWDXdmXKtdC0Y6JdjkfiaMZc0L7+u4La4RE0Q50wQ2kxaxdoT3QgnWe5WbrITbdgV5rV7SZ0R6bI3k0S05ob0+3nBESRTvQBWdZz+oU7R/X60yqIfmuEU5UCEZFOybaPmZ79iuwo73dc0ZIFO1AF5yleGopje4LbUOKafiiXRMxOBSKdkS0rXWswBUSfrS3R8YIiaIdCm3LhtdDtmi3Z0YfBO2CVEPyTuN1NARKRTsm2vPRc3icLxQA7e07X4RE0Q6G9kJ40E6NNgM0GLQtk941HNo0D5ZC0Y6I9uHoPeas0N6AEZJHRTsh2pbQRKto/7heKTUkf7QNQYC2ULQjor0cGcYhK7T5IiSKdji0R/wqyd7QLgk1JIZmRUL8t1a0I6JdNhxokxtYg6C93cEiJLd3inY6tC2PeFWpaL9dUoQaEsMFijehKxTtiGh3LGaTCyRh0N7uYWp/uVO006FdomN/u0ObUEPimFWtyKu/KhTtiGjXR6bRZ4U2V4RE0Q6ItsWGM0vb+0N7RC/9sTwKt3GesxVtEtoDF9pVXmhv1zC1rxXtdGhbcgqDom0cMYEqINoj6tofCkFoN/BaQaZoM1W06ZmfYGhvDxwREkU7KNrY9pEdoo2uIfFMhjGRspARbXa0a/8PJjXavePjaLvevI2+cz0xTZmhzRIhCYz2w87RtvRMz4q2q778fg2JB23MbG4tBKHdI/zKFG3rAcyH/1ugXgb+1E84tFkiJHS0rx6vncOeJ392/4LHe+Fo17hFkj2ijW0dZSo7w5PAbSEJ7QHxy/JEu7SQ3b3z0FMP3DfcgGhzREiIaF8B23sYTrx8uJeMNrJ9ZJdoI2tIXGuF4LXIURLaJWaSkCfa56sj7Zl5s+WohCk3tBkiJCS0729OMcfzk2C0Le0jnaLtqiG1AdGG5soOhSS0O8wNME+0B/x6sGVHwOzQ9o+QUND+eoo8bl/kom1bVakVbUINiS2VB+vgqEpJaFtSMYUUtGdCq8x5tcfs0PaOkBDQfjjFH49y0bY8hk+KtovPd8jki1KDNv9cCkFol7gtyvNEm7Sm2HH21wRG2zdCgkf7+nTKVu0s0R4RJdudoo2K/fGhDdk4qi0EoW07n6uTgnZNC8tXjIu5gdH2jZCg0b5KYvbp9kks2phdo0OjTd3ToQuLNqqGxNi0OLkj2rUgtK1nKo5S0Da0R56OcSUyNNqeERI02t/SoH26kYt2Cd81eq9oY2pIjGi7D7HpCjlo9w22oVsU2jWtmt/miLZfhASL9tdTqnElFm1E7G+3aCNif4xoOzeOqgoxaPcVPgOTJdoL8c+IQtsrQoJF+1sytJ/lom1Z8Too2q4a0hwQbddapJGBdt0PrmeGUQzaHfGzmEWh7RMhQaJ9f0o37uSibaAl2/2ibakh9eHQdmS1h7TfoWPbucfUQrqE2kI82h3tL+SKNjBCcrr3Rvs6IdovctEG7xq9X7ThNSROtB3e1YnR5hu9HLQXYClRONrbHaxq8U4EA4n2c0K0rwWjXQNzwDtGG1xDYkTbtf/IcCloV4UctA28reHnov77TyJ9rmjTIyRItG8UbRLa0F2j94z2Apzx8qFdOrtrzIWgvVwC2sepjHRNx0F7eyGu5glC+0Yy2sD2kT2jDa0h8fnqfjfmy0C7LQShbdnkr1ouCm1oFu+7XLS/S0bb0j7yv7W6XaNdw2a8bGhDdoxaLwLtWhLahS0I0y6XhDYxQqI17Uhow04e2zXawBoSG9qQ1EXajkimsRai0LZ/LlVXXw7aGylCIig98igbbQPJ0O4bbVjrKBfasFMQJvlot4UstJ1f0vlgLgVtUoQEifZVQrSfZKNtaR9pFW1EDYkJ7bKCvXQjHW3L3rJ5og05dLmZ1vES0CZFSLAdkbfJzP6yCUe7BrSP7BxtUA2JCdfO3zwRaDdjIQztAng7babOiEebEiHBon2dc3Ukb7Qhu0bvHW1IDYkH7drntQtC22Z2rmiviNfXhoA7JtqECAkW7btUU+1vm3i0ASeP7R1tyMljPGi38BdfC0bbanauaJcN7kW23SgYbXyEBL01a6pt/q7ko21Z+vojpLB7tC01pIUT7QVjgly07Wbnijbha9oMfSkVbXSEBH9yzUMSs6+3C0DbMr0bFG1nDYkRbegq5M+3C3Foz2MhEm3cx/Nn0IfN7choYyMkhDMiUzTYPGwXgbbz5DFF211D4kAb9z40pUy0nW3fuaKNehD66RUvEtHGRkgop7E/ZDrPzh9tS/vIrGgDa0gMaNfIl3+QiHazkCVNjrblQnGFfdZSHtrICAkF7e0l7mrkt6vtUtB27RqtaLtrSAxot9jXP8pDeygLwWjjP6L/3qy6UhzauAgJCe3t7mu8E2y+PMLfvuzRtqSZ3p7BFW13DckfbYN+/a00tFvjI2kGaFsPKXayLQ5tVISEhvZrGebr9fONe9gr666ffrh+fMK8ffmjXdhLtqHR7lv7yAFtV+uoP9qEZa5VFNot8M3IGG0vtY+VkYY2JkJCRhs4rGbfb8xDANr2k8dCo03VIyrajhqSN9qUx42wa5G8tewBXMzJGW3bzRuyDFEKQxt4/NgrminRftl2iLalfWRStF01pNfWUV+064aCwCAD7WbCnNSSN9pF33i8E3MtC21EhCQl2le7RNu6a7Si7a4h+aI90RAw+aONbunOHO2ibn3uX6MstKG78d0o2tHRtraPKNruGpInqoZoQJUz2m3b9QSjckf798l2lULtNGhvj8CmFUU7OtqW9pFV0XbXkDzRtikwNbgETWi0BwMZ9Opt/mh7sU1WOxHa0AjJraIdG23brtGLou2sIfmh3VlXG63/tY6OdugNBiWg/fv1Qs6RUD+yVGhzdZsr2uxoWxoHZkXbZevshbZ1FXKxbegd8hAbRdtR0hqIS5KzMLSBERJFOz7a+LLq7tAu0VcpDO3J0UFj/WgWRTsN2q/Tbdr6cScLbWiERNGOjjY+gbo7tC01JK8pm/NZ2vbRBDvERtGGjGXAl7dpBZJ0aPMc6KhoB0AbPY/cH9rozSdAV3/lnJSVKdYiFW3gGNcJeekMwtCGRkgU7dhoo5vyEL/BXAjaJgDaHSDSZz3ralS0k6JNgLsWhjbHJqqKdgi0sdtfREJ7zAhtbA0J8Lqtq5B//vzsKHsr2mnR/gE3uFRykIY2Q4RE0Q6C9hIM7d7jtZic0Ea2mwOu/gn0GD3a/kqvaOeA9tv3owfNuBtxaPtHSBTtIGgjS7YItH027O9yQhtZQzL0W9Lx5w2hDsD/T9FOivbbDbabOe7meaHtHyFRtMOgXXuibUI8wU9ZoY2rIbmvzQo4g7auRR72i3blUzUOg/brhdRV7Km/xGh7R0gU7TBo4w5UwkwbPeaCDULECGgvrGh34Fp1zzxxuxC0vdytAr6di/WxtZWHtm+ERNEOhDYq9oeZqdPLrssxL7RRNSTj837X8L87K9qUL1zYe6CpUBdP9mh7RkgU7UBoo9pHEFeBR31kwMzeY6BdM6I9IJ6grWuRq6KN/1eOgR9cyoEz9Jcebb8IiaIdCu1i9kJ7Zg8T16gV+BhoY2pIhr4KWaFKKQE2jpKB9sFjlrBCP7a6e394VL+MRLS9IiSKdjC0jRfa56cW1I2NBtTkPQraiBqSod8h//qjpXUD152i7dOEO0Hfe0N+K6aLQtsrQqJoB0MbcYYKZu5CbljALcBHQdven4j4bSsS4SXqWqQMtM/W89wbaZXH8GifvcF3ItHe7hXtHNGGt4/gjKVtbGSZiy7J0IbXkAx1xv5+9LpFlVN2gbZxNybh12/40D77pCgUbY8IiaIdDm14+8h7P9zwPsDbFurKdGgbFrQH9MJizRz9vQC0S3rHUeWNNmDjp/7C0N6+K9oZol1WHmjDmrKhY8Wm3CKhDa4hGaL8LeWGWu8R7YKcMu0RHxs9aWkuDe3tWdHOD21w+wjySsCrvaJDbrHQhtaQDLHGMuJnh+wbRwlBuyVOtW1zEyjagPukYWtcyAVtaoRE0Q6JNrR9BLe486Y2qq5t31GvTok2tIZkaHekjlaYWfaI9oHY3D9gPjb6cuJ6UemRt/F0q2jnh/ZIR9sh7QyPa4/21b65SIo2sIZkSKuQtjVbW2GG9xAbIWj3tOcc3K4ALblwPpHQ/vDpl48fP/7t13/niDYxQqJoB0UbuGs0aY2ug8FSuqayfVq0ga2jhmeiBy3MHHaItmVxthmJH58BT+ddq+s1IUb+90//+O2P8a/PGaJNi5Ao2mHRhrWP4Kuub1cSgO2yc/0Dzkxx4qENqyEZSpljohdmxv2hbfvCnVW7Q35sPTLm43wxloDm51eyf/n0+cOvn/75yvaH/NAmRUgU7bBow9pHqFPQZrDbMg7ue0ZXpEZ79EJ7pnekxzrERgra/2nvzrvSSLo4jjegFFtQRIyaxRA1cckMJ6KJjiZ53v+regCXoNLVtXZXdX8/f8yJnqNMoPKjuH3rtuwzS3PlB7JGS/dlaxh2Wnb135gPp9Pjz0cPX5yOZ7H9ObzQNmkhIbQ9h7bS1GiLH60PB6u3yrXBUOXn02qJOYa2Ug1JGLwpZs1+Ev9a/HAJQ1ve7NQS+h/jVrxskkXZT32TrfX1X6dZZn89Wvr625fH1A4qtA1aSAht36EtzENbdVBgvd/uiL977p7otPuqLeLtpPjQVqkhCf0f3bB6t3B4E5tYQjvJeA1andrypsDsvXZoUPDr1PXrWLOd9fhFhfsxtYMKbYMWEkLbd2irHB+xqvZaSW2TyDO0VWpIQj92e3bvFt3qhXZXZX+w0FWcPyA0i2HN7qtuy8aWbAOSVtLen04PZ7vrg4Wv40WZZJbax6fBhbZ+Cwmh7T20G+ah3fMe2oMkhNBWKAQJ7Y8xQ9t3C1G50B44X19C70rC/RKbfW5sPHxm3Mp6d0h7Dk+mB/fR/Wi+xz46nid5aKGt3UJimay/JL/6ltBWusAu+21tz5ndT8IIbWEY2hu2rda53MQmmtDWu22nYWh3nD5AShn883R6eh/aX/Yfmke+PX07tNDWbSGxDG3ZDRgmhLZqydaswcGepG6bb2hnF4KEbtFf7VBjz2QXV97QbucQ2k7fGdJqWF8XW+p5aB88fH1f4T6ZngUY2potJJahfZH+my8JbeW9haS20vQZ2iIJJbQbJv+rNQeTEKXXxRpVC+1aM4cV1vG/0U6m0/Nnof34h7PpF93Qziw539knm14LiWVo//T6VylLaGfuIy2bT0x1kmBCO3OPJ/QCVzlvpTHVr1poO99qC78fH9M22t+m0+RlaD9uvXVDe+I5Q/VbSH5OfBW1bwlt5eS12qY7X/GFhHbWHk/olTbU87BjdJ22rKHteqstvG5EUst7+/MN9YvyyKLb78hDaDtJOp3bj3m78Hk9IbSVe6mSIlK7m4QU2ll/TaH1+WXDQbSpX80sUWi7Xm1CuyblpPdp/+8G+2Q8Hp+dPGy053UT7dDOuHP6lZtwU28h+c/6sVKKMVe3hLb6BiYpILW7SVihnfGhWWg9LTqP7f8mNjGFtuOzAcLn9fX0JbwU2veO9xPj0L6TZ6ir7emFamjf+drW30wIbfVaYZJ/aneT0EJb6P3rl70PDt29No2qhbbbS9/CaBOjZqMmCe2n8sjxwcHBl6e5IyblkVv/Je2Fa8XQvvW0rfdRHIk6tOV9TpmlA+c9JFtJcKEtryGpz/jUPoFe830Tm6hC2+0WIW0R9Jo+M/v+euNSTXv/eHqSmF6IlNdHfjmLN8UWkmtPxRg/mR11aA9sQjvpuT310BwkAYa2dI8nNK5CDly+Np2qhbbiDHjLplLr1N6QvjO/bPk7uz9cY9Lyl9Gp7fDgt1JqOyo8/3zRQnJ1MyG0tWqFCrvBvsN/SRuNJMTQltYphPrT2XL62jgYHBVZaBumdnNLaxFYprY8s18drtk3P1wjP7H422XAqaS2s1bqi+XC9vWPCaGtd71LaTvorETStgkan6GdqN8htuO0DO35JjaxhbbRxchmb9WPSRZBz+ZqZCvjrfTvMfZnoW1yjF0apr/cht2P61yKI481kuvFdvvq9523yI48tGVFWLXSq5tGqVYjCTa0B6qhLbuQZRKFfm9iE11oG+y15/csFXqLwOLTY/Yz9zQwajm0jQZGybqor366zribq9wyOx9xh7YkaBR/Q8++HasuLIPGa2hLtnhC9Q2wbvQyy64ZbFQvtLU7qfu11Q8ofFxgryu8jZ5Pp//M71czfugaGY/P50UTg9GsktR2n9mTya1sDsmfCaGda2hL5oCqt8XZxXa9Yx00fkO7pxbaPUct2ktPrFWrTflCW68a19xKexYzXo2GwWa7qfa0HT7dXezVt9ZNChcrWkgu/VQVvqd1q/z6PiG0cw7t9CMFOrFmfm2/NXAQNH5DO32HJxRrrqa3Luh7vBYZY2jrFC+6tdRHzFwE2tuQruoli1lEny3fbuz0YDq/CmkY2pPJ3YvN9tWdt6C7/bNiY3918WNCaOce2uJfF7+ttmVyBac+bDgJGs+hnVpDEmpXIY3zteFxcFSUoT1brmrrbPnekQODRaAT202dVTxL7ZOnzfbR+Pjp/mNmoT35cbfUJvffjd8I/d+f5xc/f99M4hR7aKdu57QTRjO368Oeq6DxHNqpNSShdhXSvKva401sIg3tWQZn52lXSK8NKD1xjaFaLebZPSoVzG/Afnz4z/7+/vjr/I/niVVoz7fANxe/Ly+vL25u88i77zcXF5eLh/s+iVYRoR2qWqerduCm2d9q8HTBTG8ovUS75erux4Nh1mo2Wcanh39vN3Y8fqqVrE9AaBcV3KLdl2256632gMCGZW63W6s2wvVux+3aanTS7gfZbLVNP+ocfT5c3Nr37Hzpm4Q2oV2whui02/3W3Hzzs/hDu70lejw1cLbG2u2HBTb7b3+2ump+Hqgn7tdyfR7VM8N2x/1DEdqENoCIENqENgBCG4Q2AEKb0AZAaIPQBkBog9AGQGgT2gAIbRDaAAhtENoACG1CGwChDUIbAKENQhsAoU1oAyC0QWgDILRBaAMgtAltAIQ2CG0AhDYIbQCENqENgNAGoQ2A0AahDYDQJrQBVMonopTQBhCPNaI0PyPWGwBLH4jS/Gyz3gBY2iZKc7PDcgNg7SNhmpddVhsAaxS1c/OB1QaA+gjVEQCVskuc5uMtaw0AW2022gAqhqo2FW0AMaGBhNYRABHZe0Om+vZxk3UGwFlqE6qeveEwJACH3rLX9pvZe6wxAFRIqI0AqKpNBmt7847MBuChRLJDvHrZZjOQFYCfzTYN2x6q2ZyDBODNNvexcWyNyggAn0YctHFonUY/AL69p4/EkR2K2QBysPmOvHVRzH7PUgKQj23a/2jzAxCTEe1/dsVsTkACyNcapW3zYjZTWAHkbpM72hgWs9dYPACKsEdp28AubX4AivKB0rZuMZs2PwBF1kgobWsVszmzDqBg25S2ObMOICYjSttKPlHMBhAG7muTjQGsAMLB0NasNj+K2QCCwtBWzqwDiAon21Pb/ChmAwgRQ1tXtvlRzAYQKIa2vi5mM4AVQMAY2vrizPomawJA0DjZvlTMZgArgPBxsv2hmM0AVgBRYGjrvJjNmXUA0WBoKwNYAUTlbaVL2wxgBRBdjaS6pW3OrAOIUVWHtlLMBhCp0UcGsAJARKo2tJUBrADiVqmhrZxZBxC/6pxsZwArgFKoxtBWBrACKI3yD21lACuAMin50NY3a7zEAMqlzCfbGcAKoITKOrSVAawASqqMJ9t3OLMOoLRKN7SVAawAym1UqtI2A1gBlF55hrZyZh1AJWok5TjZzgBWAFWx/YkBrAAQkdiHtjKAFUDFxDy0lTPrAKon2pPtDGAFUE1xDm1lACuAyopvaCsDWAFUWlxDW3c+8IoBqLaITrYzgBUA4hnaygBWAFiIYWjrOm1+APAo9KGtDGAFgGXbu0EXs6mMAMBz4Q5t5cw6AKwQ5sl2BrACwGoBDm1lACsApAttaCvFbACQCmloK2fWASBTKCfbGcAKACqCGNrKAFYAUFX80FYGsAKAhmKHtq7v8QoAgJbiTrYzgBUA9BU0tJUBrABgpoihrbu0+QGAqbyHtjKAFQCsaiR5lrYZwAoAtvIb2sqZdQBwIJ+T7QxgBQBH/A9tZQArALjjeWgrA1gBwC2fQ1s5sw4Azvk62c4AVgDwwsfQVgawAoAvzoe2MoAVAHxyO7R1d5NnFAC8cneynQGsAJADNyfbGcAKAPlwMLT1DWfWASA3I8vSNgNYASBXby1K2wxgBYC8GQ9t5cw6ABTB7GQ7xWwAKIj+0FYGsAJAgfSGtjKAFQCKpTG0lTPrAFA81ZPtDGAFgCCoDG1lACsABCNraCtn1gEgJNKhrW/WeIIAICx76wxgBYCIrB7aygBWAAjU64EkjBkBgICNdpdy++M7dtkAELjt0drc+9EmzwWAivk/ETCIwUVrwJQAAAAASUVORK5CYII=);
+	background-size: 200px 57px;
+	background-position: 50%;
+	background-repeat: no-repeat;
+}
+
+.splash___CNOqZ {
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	text-align: center;
+}
+
+.splash___CNOqZ .logo___EScpZ {
+	margin-bottom: 25px;
+}
+
+.loader___wI_2B {
+	margin: 0 auto 20px;
+}
+
+.loading___RORwK {
+	color: #00972c;
+}
+
+.error-block___EuQ3n {
+	margin: 30px -30px;
+	padding: 15px 30px;
+	background-color: #f2f2f2;
+}
+
+.error-block___EuQ3n p {
+	font-size: 22px;
+	line-height: 26px;
+	margin: 5px 0;
+}
+
+.disclaimer___VODOe {
+
+}
+.number-control___DEIQX {
+	display: inline-block;
+	font-size: 19px;
+	margin: 0 5px;
+	user-select: none;
+	line-height: 25px;
+}
+
+.btn___phnbR {
+	display: inline-block;
+	padding: 4px 14px;
+	border: 1px solid #d9d9d9;
+	cursor: pointer;
+	color: #999;
+	width: 38px;
+	font-weight: 300;
+	box-sizing: border-box;
+}
+
+.btn___phnbR::hover {
+	background-color: #ddd;
+}
+
+.btn___phnbR::active {
+	background-color: #e6e6e6;
+}
+
+.inc___uLPcK {
+	border-radius: 0 4px 4px 0;
+}
+
+.dec___DxV57 {
+	border-radius: 4px 0 0 4px;
+}
+
+.value___u1Fys {
+	display: inline-block;
+	padding: 4px 14px;
+	border: 1px solid #d9d9d9;
+	border-left: 0;
+	border-right: 0;
+}
+.settings___rm25G {
+	position: absolute;
+	top: 65px;
+	right: 10px;
+	background: #fff;
+	width: 440px;
+	border-radius: 5px;
+	padding: 0px 35px;
+	box-shadow: 0 0 20px 1px rgba(0,0,0,.3);
+	z-index: 10;
+	user-select: none;
+}
+
+.settings___rm25G::before {
+	content: '';
+	border-color: transparent;
+	border-style: solid;
+	border-width: 10px;
+	border-bottom-color: #72818d;
+	border-top-width: 0;
+	top: -10px;
+	right: 20px;
+	position: absolute;
+}
+
+.title___q3WRh {
+	font-size: 18px;
+	color: #fff;
+	background-color: #72818d;
+	line-height: 60px;
+	padding: 0 35px;
+	border-radius: 5px 5px 0 0;
+	margin: 0 -35px 20px;
+	font-weight: normal;
+}
+
+.input___ldb_G {
+	border-radius: 4px;
+	width: 36px;
+	height: 34px;
+	border: 1px solid #d9d9d9;
+	outline: 0;
+	padding: 0 5px;
+	font-size: 19px;
+	text-align: right;
+	margin: 0 5px;
+}
+
+.wide-input___eh_UL {
+	width: 54px;
+	text-align: center;
+}
+
+.btn___DwtcZ {
+	padding: 0 15px;
+	line-height: 42px;
+	height: 42px;
+	border-radius: 4px;
+	margin-right: 10px;
+	cursor: pointer;
+	border: 0;
+	font-size: 16px;
+	outline: none;
+}
+
+.save___D8Kgv {
+	color: #fff;
+	background-color: #8dc63f;
+}
+
+.save___D8Kgv:hover {
+	background-color: #add674;
+}
+
+.cancel____WqsQ {
+	color: #000;
+	background-color: #e6e6e6;
+}
+
+.cancel____WqsQ:hover {
+	background-color: #d2d2d2;
+}
+
+.section___ralhz {
+	line-height: 40px;
+	margin-bottom: 15px;
+}
+
+.help___d6hkY {
+	margin: 30px -35px 0;
+	padding: 20px 35px 15px;
+	border-top: 1px solid #ddd;
+	line-height: 30px;
+}
+
+.help-link___PyAec,
+.help-link___PyAec:visited {
+	color: #2671c6;
+}
+
+.version___FbkjX {
+	position: absolute;
+	right: 20px;
+	bottom: 20px;
+	color: #989a9c;
+	font-size: 14px
+}
+.icon___j96gU {
+	display: inline-block;
+	font-size: 0;
+	background-size: 100%;
+}
+
+.sun___OcFBl {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjE5cHgiIGhlaWdodD0iMTlweCIgdmlld0JveD0iMCAwIDE5IDE5IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+c3VuPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9InN1biIgZmlsbC1ydWxlPSJub256ZXJvIiBmaWxsPSIjRkZCRjAwIj4KICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xMC4xMDQ1MDk0LDEuMTgxODk3OTIgQzkuODI5Njg1MTIsMC43MDU4ODQ4NDIgOS4zODM3NDc5MiwwLjcwNjQ2NzQxNyA5LjEwOTIzMjE1LDEuMTgxODk3OTIgTDcuNTkzNjIsMy44MDY3NjggTDExLjYxOTk2OCwzLjgwNjc2OCBMMTAuMTA0NTA5NCwxLjE4MTg5NzkyIFoiIGlkPSJTaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTYuOTczMjU2LDMuOTc1MjcyIEw0LjA0NTY5MzQ5LDMuMTkwODIxMDEgQzMuNTE0Nzg3OTcsMy4wNDg1NjI5NCAzLjE5OTkwMTA1LDMuMzY0Mjk2MzMgMy4zNDE5ODUwMSwzLjg5NDU3OTkyIEw0LjEyNjQzNiw2LjgyMjI5NiBMNi45NzMyNTYsMy45NzUyNzIgWiIgaWQ9IlNoYXBlIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMy44MDY3NjgsNy4zODAwMzIgTDEuMTgxODk3OTIsOC44OTU0OTA1OCBDMC43MDU4ODQ4NDIsOS4xNzAzMTQ4OCAwLjcwNjQ2NzQxNyw5LjYxNjI1MjA4IDEuMTgxODk3OTIsOS44OTA3Njc4NSBMMy44MDY3NjgsMTEuNDA2MzggTDMuODA2NzY4LDcuMzgwMDMyIFoiIGlkPSJTaGFwZSI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTMuMTkwODIxMDEsMTQuOTU0NDYwMSBDMy4wNDg1NjI5NCwxNS40ODUzOTM1IDMuMzY0Mjk2MzMsMTUuODAwMjgwMyAzLjg5NDU3OTkyLDE1LjY1ODE2ODYgTDYuODIyMjk2LDE0Ljg3MzU2NCBMMy45NzUyNzIsMTIuMDI2NzQ0IEwzLjE5MDgyMTAxLDE0Ljk1NDQ2MDEgWiIgaWQ9IlNoYXBlIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNOC44OTU0OTA1OCwxNy44MTgxMDIxIEM5LjE3MDMxNDg4LDE4LjI5NDExNTIgOS42MTYyNTIwOCwxOC4yOTM1MzI2IDkuODkwNzY3ODUsMTcuODE4MTAyMSBMMTEuNDA2MzgsMTUuMTkzMjMyIEw3LjM4MDAzMiwxNS4xOTMyMzIgTDguODk1NDkwNTgsMTcuODE4MTAyMSBaIiBpZD0iU2hhcGUiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xMi4wMjY3NDQsMTUuMDI0NzI4IEwxNC45NTQ0NjAxLDE1LjgwOTE3OSBDMTUuNDg1MzkzNSwxNS45NTE0MzcxIDE1LjgwMDI4MDMsMTUuNjM1NzAzNyAxNS42NTgxNjg2LDE1LjEwNTQyMDEgTDE0Ljg3MzU2NCwxMi4xNzc3MDQgTDEyLjAyNjc0NCwxNS4wMjQ3MjggWiIgaWQ9IlNoYXBlIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTUuMTkzMjMyLDExLjYxOTk2OCBMMTcuODE4MTAyMSwxMC4xMDQ1MDk0IEMxOC4yOTQxMTUyLDkuODI5Njg1MTIgMTguMjkzNTMyNiw5LjM4Mzc0NzkyIDE3LjgxODEwMjEsOS4xMDkyMzIxNSBMMTUuMTkzMjMyLDcuNTkzNjIgTDE1LjE5MzIzMiwxMS42MTk5NjggWiIgaWQ9IlNoYXBlIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTUuODA5MTc5LDQuMDQ1NjkzNDkgQzE1Ljk1MTQzNzEsMy41MTQ3ODc5NyAxNS42MzU3MDM3LDMuMTk5OTAxMDUgMTUuMTA1NDIwMSwzLjM0MTk4NTAxIEwxMi4xNzc3MDQsNC4xMjY0MzYgTDE1LjAyNDcyOCw2Ljk3MzI1NiBMMTUuODA5MTc5LDQuMDQ1NjkzNDkgWiIgaWQ9IlNoYXBlIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8Y2lyY2xlIGlkPSJPdmFsIiBzdHJva2U9IiNGRkZGRkYiIGN4PSI5LjUiIGN5PSI5LjUiIHI9IjUuMjM5OTQ0Ij48L2NpcmNsZT4KICAgICAgICAgICAgPC9nPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+);
+	width: 21px;
+	height: 21px;
+}
+
+.snowflake___YGGkC {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjE1cHgiIGhlaWdodD0iMTdweCIgdmlld0JveD0iMCAwIDE1IDE3IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+c25vd2ZsYWtlPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9InNub3dmbGFrZSIgZmlsbC1ydWxlPSJub256ZXJvIiBmaWxsPSIjMTRBMkU5Ij4KICAgICAgICAgICAgPHBhdGggZD0iTTE0LjY0MTgwODYsMTEuNzUyNjc3MiBMMTMuMzY5NzI2NCwxMS4wMjk1NzI0IEMxMy4yMjYzOTMyLDEwLjk0MTM4ODggMTMuMjI2MzkzMiwxMC43NDczODUxIDEzLjM4NzY0MzEsMTAuNjc2ODM4MyBMMTQuMzczMDU4OSwxMC4yMzU5MjA3IEMxNC42NTk3MjUzLDEwLjA5NDgyNzEgMTQuODM4ODkxOCw5Ljc3NzM2NjQ2IDE0Ljc2NzIyNTIsOS40Nzc1NDI1MSBDMTQuNjU5NzI1Myw5LjA3MTg5ODM0IDE0LjIxMTgwOSw4Ljg3Nzg5NDYxIDEzLjg1MzQ3Niw5LjAzNjYyNDkzIEwxMS42MTM4OTQ3LDEwLjA0MTkxNyBMOS45MTE4MTI4OCw5LjA3MTg5ODM0IEM5LjQ0NTk3OTk3LDguODA3MzQ3OCA5LjQ0NTk3OTk3LDguMTM3MTUzMDkgOS45MTE4MTI4OCw3Ljg3MjYwMjU0IEwxMS42MTM4OTQ3LDYuOTAyNTgzODggTDEzLjg1MzQ3Niw3LjkwNzg3NTk1IEMxMy45NDMwNTkzLDcuOTQzMTQ5MzYgMTQuMDMyNjQyNSw3Ljk2MDc4NjA2IDE0LjEyMjIyNTgsNy45NjA3ODYwNiBDMTQuNDA4ODkyMiw3Ljk2MDc4NjA2IDE0LjY1OTcyNTMsNy43ODQ0MTkwMyAxNC43NDkzMDg1LDcuNTAyMjMxNzggQzE0Ljg1NjgwODQsNy4xODQ3NzExMyAxNC42Nzc2NDE5LDYuODQ5NjczNzggMTQuMzczMDU4OSw2LjcwODU4MDE1IEwxMy4zODc2NDMxLDYuMjY3NjYyNTggQzEzLjI0NDMwOTksNi4xOTcxMTU3NyAxMy4yMjYzOTMyLDUuOTg1NDc1MzMgMTMuMzY5NzI2NCw1LjkxNDkyODUyIEwxNC42NDE4MDg2LDUuMTkxODIzNyBDMTQuOTI4NDc1LDUuMDMzMDkzMzggMTUuMDcxODA4Miw0LjY5Nzk5NjAyIDE0Ljk2NDMwODMsNC4zOTgxNzIwNyBDMTQuODIwOTc1MSwzLjk5MjUyNzkxIDE0LjM1NTE0MjIsMy44NTE0MzQyOSAxMy45OTY4MDkyLDQuMDQ1NDM4MDIgTDEyLjcwNjgxMDQsNC43ODYxNzk1NCBDMTIuNTYzNDc3Miw0Ljg3NDM2MzA1IDEyLjM4NDMxMDcsNC43NTA5MDYxMyAxMi40MDIyMjczLDQuNTkyMTc1ODEgTDEyLjUwOTcyNzIsMy41MzM5NzM2MyBDMTIuNTQ1NTYwNSwzLjE5ODg3NjI4IDEyLjI5NDcyNzQsMi44NDYxNDIyMiAxMS45NTQzMTEsMi43OTMyMzIxMSBDMTEuNTc4MDYxNCwyLjc0MDMyMiAxMS4yMzc2NDUsMy4wMDQ4NzI1NSAxMS4yMDE4MTE3LDMuMzc1MjQzMzEgTDEwLjk2ODg5NTMsNS43OTE0NzE2IEw5LjI2NjgxMzQ2LDYuNzYxNDkwMjYgQzguODAwOTgwNTUsNy4wMjYwNDA4MSA4LjIwOTczMTA4LDYuNjkwOTQzNDUgOC4yMDk3MzEwOCw2LjE2MTg0MjM2IEw4LjIwOTczMTA4LDQuMjIxODA1MDUgTDEwLjE4MDU2MjYsMi44Mjg1MDU1MiBDMTAuNDQ5MzEyNCwyLjY1MjEzODQ5IDEwLjU1NjgxMjMsMi4yOTk0MDQ0MyAxMC40MzEzOTU3LDIuMDE3MjE3MTggQzEwLjI1MjIyOTIsMS42MjkyMDk3MiA5Ljc2ODQ3OTY4LDEuNTIzMzg5NSA5LjQ0NTk3OTk3LDEuNzUyNjY2NjQgTDguNTMyMjMwNzksMi4zODc1ODc5NSBDOC4zODg4OTc1OCwyLjQ3NTc3MTQ2IDguMjA5NzMxMDgsMi4zODc1ODc5NSA4LjIwOTczMTA4LDIuMjI4ODU3NjIgTDguMjA5NzMxMDgsMC44MDAyODQ2ODYgQzguMjA5NzMxMDgsMC40NjUxODczMzEgNy45MjMwNjQ2NywwLjEzMDA4OTk3NiA3LjU4MjY0ODMxLDAuMTEyNDUzMjczIEM3LjIwNjM5ODY1LDAuMDk0ODE2NTcwMSA2Ljg4Mzg5ODk0LDAuMzk0NjQwNTE5IDYuODgzODk4OTQsMC43NjUwMTEyOCBMNi44ODM4OTg5NCwyLjIyODg1NzYyIEM2Ljg4Mzg5ODk0LDIuMzg3NTg3OTUgNi42ODY4MTU3OCwyLjQ5MzQwODE2IDYuNTYxMzk5MjMsMi4zODc1ODc5NSBMNS42ODM0ODMzNSwxLjc3MDMwMzM0IEM1LjQxNDczMzU5LDEuNTkzOTM2MzIgNS4wNTY0MDA1OCwxLjU5MzkzNjMyIDQuODIzNDg0MTIsMS44MDU1NzY3NSBDNC41MTg5MDEwNywyLjEwNTQwMDcgNC41NTQ3MzQzNywyLjU4MTU5MTY4IDQuODk1MTUwNzMsMi44MTA4Njg4MSBMNi45MDE4MTU1OSw0LjIwNDE2ODM0IEw2LjkwMTgxNTU5LDYuMTQ0MjA1NjYgQzYuOTAxODE1NTksNi42NzMzMDY3NSA2LjMxMDU2NjEyLDcuMDA4NDA0MSA1Ljg0NDczMzIxLDYuNzQzODUzNTYgTDQuMTQyNjUxNCw1Ljc3MzgzNDkgTDMuOTA5NzM0OTUsMy4zOTI4ODAwMSBDMy44NzM5MDE2NSwzLjA3NTQxOTM2IDMuNjQwOTg1MTksMi44MTA4Njg4MSAzLjMxODQ4NTQ4LDIuNzc1NTk1NDEgQzIuODg4NDg1ODYsMi43NDAzMjIgMi41NDgwNjk1LDMuMDkzMDU2MDYgMi41ODM5MDI4MSwzLjQ4MTA2MzUyIEwyLjY5MTQwMjcxLDQuNTc0NTM5MSBDMi43MDkzMTkzNiw0LjczMzI2OTQzIDIuNTMwMTUyODUsNC44NTY3MjYzNSAyLjM4NjgxOTY1LDQuNzY4NTQyODQgTDEuMTMyNjU0MTEsNC4wNDU0MzgwMiBDMC44MjgwNzEwNTEsMy44NjkwNzA5OSAwLjM5ODA3MTQzOCwzLjk1NzI1NDUgMC4yMTg5MDQ5MzIsNC4yMzk0NDE3NSBDMC4wMDM5MDUxMjU2Miw0LjU1NjkwMjQgMC4xMTE0MDUwMjksNC45ODAxODMyNyAwLjQ1MTgyMTM4OSw1LjE1NjU1MDMgTDEuNzQxODIwMjMsNS44OTcyOTE4MiBDMS44ODUxNTM0Myw1Ljk4NTQ3NTMzIDEuODg1MTUzNDMsNi4xNzk0NzkwNyAxLjcyMzkwMzU4LDYuMjUwMDI1ODggTDAuNjg0NzM3ODQ3LDYuNzA4NTgwMTUgQzAuMzgwMTU0Nzg3LDYuODQ5NjczNzggMC4yMDA5ODgyODIsNy4xODQ3NzExMyAwLjMwODQ4ODE4NSw3LjUwMjIzMTc4IEMwLjM5ODA3MTQzOCw3Ljc4NDQxOTAzIDAuNjY2ODIxMTk2LDcuOTYwNzg2MDYgMC45MzU1NzA5NTQsNy45NjA3ODYwNiBDMS4wMjUxNTQyMSw3Ljk2MDc4NjA2IDEuMTE0NzM3NDYsNy45NDMxNDkzNiAxLjIwNDMyMDcxLDcuOTA3ODc1OTUgTDMuNDQzOTAyMDMsNi45MDI1ODM4OCBMNS4xNDU5ODM4Myw3Ljg3MjYwMjU0IEM1LjYxMTgxNjc1LDguMTM3MTUzMDkgNS42MTE4MTY3NSw4LjgwNzM0NzggNS4xNDU5ODM4Myw5LjA3MTg5ODM0IEwzLjQ0MzkwMjAzLDEwLjA0MTkxNyBMMS4yMDQzMjA3MSw5LjAzNjYyNDkzIEMwLjgyODA3MTA1MSw4Ljg3Nzg5NDYxIDAuMzgwMTU0Nzg3LDkuMDcxODk4MzQgMC4yOTA1NzE1MzQsOS40Nzc1NDI1MSBDMC4yMTg5MDQ5MzIsOS43OTUwMDMxNiAwLjM5ODA3MTQzOCwxMC4xMTI0NjM4IDAuNjg0NzM3ODQ3LDEwLjIzNTkyMDcgTDEuNjcwMTUzNjMsMTAuNjc2ODM4MyBDMS44MTM0ODY4MywxMC43NDczODUxIDEuODMxNDAzNDgsMTAuOTU5MDI1NSAxLjY4ODA3MDI4LDExLjAyOTU3MjQgTDAuNDE1OTg4MDg4LDExLjc1MjY3NzIgQzAuMTI5MzIxNjc5LDExLjkxMTQwNzUgLTAuMDE0MDExNTI0OSwxMi4yNDY1MDQ5IDAuMTExNDA1MDI5LDEyLjU0NjMyODggQzAuMjE4OTA0OTMyLDEyLjgxMDg3OTQgMC40Njk3MzgwNCwxMi45Njk2MDk3IDAuNzM4NDg3Nzk4LDEyLjk2OTYwOTcgQzAuODQ1OTg3NzAyLDEyLjk2OTYwOTcgMC45NzE0MDQyNTUsMTIuOTM0MzM2MyAxLjA2MDk4NzUxLDEyLjg4MTQyNjIgTDIuMzUwOTg2MzUsMTIuMTQwNjg0NiBDMi40OTQzMTk1NSwxMi4wNTI1MDExIDIuNjczNDg2MDYsMTIuMTc1OTU4IDIuNjU1NTY5NDEsMTIuMzM0Njg4NCBMMi41NDgwNjk1LDEzLjQxMDUyNzMgQzIuNTEyMjM2MiwxMy43NjMyNjEzIDIuNzQ1MTUyNjYsMTQuMDgwNzIyIDMuMTAzNDg1NjcsMTQuMTMzNjMyMSBMMy4yMTA5ODU1NywxNC4xMzM2MzIxIEMzLjU1MTQwMTk0LDE0LjEzMzYzMjEgMy44MzgwNjgzNCwxMy44ODY3MTgyIDMuODczOTAxNjUsMTMuNTMzOTg0MiBMNC4xMDY4MTgxLDExLjExNzc1NTkgTDUuODA4ODk5OSwxMC4xNDc3MzcyIEM2LjI3NDczMjgyLDkuODgzMTg2NjcgNi44NjU5ODIyOSwxMC4yMTgyODQgNi44NjU5ODIyOSwxMC43NDczODUxIEw2Ljg2NTk4MjI5LDEyLjY4NzQyMjQgTDQuODc3MjM0MDgsMTQuMTE1OTk1NCBDNC41OTA1Njc2NywxNC4zMDk5OTkxIDQuNDgzMDY3NzYsMTQuNjgwMzY5OSA0LjY2MjIzNDI3LDE0Ljk4MDE5MzggQzQuNzg3NjUwODIsMTUuMTkxODM0MiA1LjAyMDU2NzI4LDE1LjMxNTI5MTIgNS4yMzU1NjcwOSwxNS4zMTUyOTEyIEM1LjM2MDk4MzY0LDE1LjMxNTI5MTIgNS41MDQzMTY4NSwxNS4yODAwMTc4IDUuNjExODE2NzUsMTUuMTkxODM0MiBMNi41MjU1NjU5MywxNC41NTY5MTI5IEM2LjY2ODg5OTEzLDE0LjQ2ODcyOTQgNi44NDgwNjU2NCwxNC41NTY5MTI5IDYuODQ4MDY1NjQsMTQuNzE1NjQzMyBMNi44NDgwNjU2NCwxNi4xNDQyMTYyIEM2Ljg0ODA2NTY0LDE2LjQ3OTMxMzYgNy4xMzQ3MzIwNSwxNi44MTQ0MTA5IDcuNDc1MTQ4NDEsMTYuODMyMDQ3NiBDNy44NTEzOTgwNywxNi44NDk2ODQzIDguMTczODk3NzgsMTYuNTQ5ODYwNCA4LjE3Mzg5Nzc4LDE2LjE3OTQ4OTYgTDguMTczODk3NzgsMTQuNzE1NjQzMyBDOC4xNzM4OTc3OCwxNC41NTY5MTI5IDguMzcwOTgwOTMsMTQuNDUxMDkyNyA4LjQ5NjM5NzQ5LDE0LjU1NjkxMjkgTDkuNDEwMTQ2NjcsMTUuMTkxODM0MiBDOS41MzU1NjMyMiwxNS4yODAwMTc4IDkuNjYwOTc5NzcsMTUuMzE1MjkxMiA5Ljc4NjM5NjMzLDE1LjMxNTI5MTIgQzEwLjAxOTMxMjgsMTUuMzE1MjkxMiAxMC4yMzQzMTI2LDE1LjE5MTgzNDIgMTAuMzU5NzI5MSwxNC45ODAxOTM4IEMxMC41MjA5NzksMTQuNjgwMzY5OSAxMC40MTM0NzkxLDE0LjMwOTk5OTEgMTAuMTQ0NzI5MywxNC4xMTU5OTU0IEw4LjE3Mzg5Nzc4LDEyLjc0MDMzMjUgTDguMTczODk3NzgsMTAuODAwMjk1MiBDOC4xNzM4OTc3OCwxMC4yNzExOTQxIDguNzY1MTQ3MjUsOS45MzYwOTY3OCA5LjIzMDk4MDE2LDEwLjIwMDY0NzMgTDEwLjkzMzA2MiwxMS4xNzA2NjYgTDExLjE4Mzg5NTEsMTMuNTg2ODk0MyBDMTEuMjE5NzI4NCwxMy45MjE5OTE2IDExLjUwNjM5NDgsMTQuMTg2NTQyMiAxMS44NDY4MTExLDE0LjE4NjU0MjIgQzExLjg4MjY0NDQsMTQuMTg2NTQyMiAxMS45MTg0Nzc3LDE0LjE4NjU0MjIgMTEuOTU0MzExLDE0LjE2ODkwNTUgQzEyLjI5NDcyNzQsMTQuMTE1OTk1NCAxMi41Mjc2NDM5LDEzLjc4MDg5OCAxMi41MDk3MjcyLDEzLjQ0NTgwMDcgTDEyLjM4NDMxMDcsMTIuMzUyMzI1MSBDMTIuMzY2Mzk0LDEyLjE5MzU5NDggMTIuNTQ1NTYwNSwxMi4wNzAxMzc4IDEyLjY4ODg5MzcsMTIuMTU4MzIxMyBMMTMuOTc4ODkyNiwxMi44OTkwNjI5IEMxNC4wODYzOTI1LDEyLjk1MTk3MyAxNC4xOTM4OTI0LDEyLjk4NzI0NjQgMTQuMzAxMzkyMywxMi45ODcyNDY0IEMxNC41NzAxNDIsMTIuOTg3MjQ2NCAxNC44MjA5NzUxLDEyLjgyODUxNjEgMTQuOTI4NDc1LDEyLjU2Mzk2NTUgQzE1LjA3MTgwODIsMTIuMjY0MTQxNiAxNC45MTA1NTg0LDExLjkxMTQwNzUgMTQuNjQxODA4NiwxMS43NTI2NzcyIFoiIGlkPSJTaGFwZSI+PC9wYXRoPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+);
+	width: 19px;
+	height: 21px;
+}
+
+.ok___ix_Sd {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI2cHgiIGhlaWdodD0iMjZweCIgdmlld0JveD0iMCAwIDI2IDI2IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+Y2hlY2s8L3RpdGxlPgogICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+CiAgICA8ZGVmcz48L2RlZnM+CiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgICA8ZyBpZD0iY2hlY2siPgogICAgICAgICAgICA8Y2lyY2xlIGlkPSJPdmFsIiBzdHJva2U9IiM1MUJEMjIiIHN0cm9rZS13aWR0aD0iMiIgY3g9IjEzIiBjeT0iMTMiIHI9IjEyIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBhdGggZD0iTTEyLjIyNjc5OTgsMTUuOTA4MjgzMSBMOS41ODQwNjI4MywxMi44ODkxMDAzIEM5LjA2NTc3NDY1LDEyLjI5Njk4NDMgOC4xNzQ2NTQ0NCwxMi4yMzI4NTM0IDcuNTgwODExNTMsMTIuNzMxMTQ2NyBMNy42NzcwNzI0MywxMi42NTAzNzQyIEM3LjA3ODI3MDcyLDEzLjE1MjgyODUgNy4wMTczMDYxLDE0LjAyNzI3OSA3LjUyOTgyODM0LDE0LjYxMjgwNzcgTDExLjM3MDgzODMsMTkuMDAwOTUyIEMxMS40NzQ0NDk2LDE5LjExOTMyMjQgMTEuNTkyOTYxLDE5LjIxNjU5MjEgMTEuNzIxMDE4NiwxOS4yOTI0ODYyIEMxMS42ODQ3MTYzLDE5LjI3NDM0MDcgMTEuNjQ4ODM4LDE5LjI1NDY1MTIgMTEuNjEzNDY0NiwxOS4yMzMzOTY3IEwxMS44MzcyNzcsMTkuMzY3ODc2OCBDMTEuODAxNzMzOSwxOS4zNDY1MjAzIDExLjc2NzQxMjcsMTkuMzIzOTU5MiAxMS43MzQzMzI1LDE5LjMwMDI4IEMxMi4yNDUwMTU1LDE5LjU5NTUzNzYgMTIuOTAzMDY1OSwxOS41NTQxNDEzIDEzLjM3NDA4OTYsMTkuMTU4OTA1NiBMMTMuMjc3ODI4NywxOS4yMzk2NzgxIEMxMy4zMzk4MjEzLDE5LjE4NzY2MDEgMTMuMzk2MDQ5NCwxOS4xMzE2NTUgMTMuNDQ2NDczNCwxOS4wNzIzOTYzIEMxMy41NTU0NTQ5LDE4Ljk3NzE1MTIgMTMuNjUyNTI0OCwxOC44NjUxNTg3IDEzLjczMzUyNjMsMTguNzM3NDg3NSBMMTkuMzE2NTA0NCw5LjkzNzgyODc1IEMxOS43NjIwMzksOS4yMzU1OTU1NCAxOS41NDQyMTYsOC4zMDQ4ODA5MSAxOC44MjIzMDg4LDcuODcxMTE1MjkgTDE5LjA0NjEyMTIsOC4wMDU1OTUzNSBDMTguMzE3NjUyNiw3LjU2Nzg4NzI1IDE3LjM3NTAzLDcuNzkzODU1ODYgMTYuOTI2MDU5NSw4LjUwMTUwNDU3IEwxMi4yMjY3OTk4LDE1LjkwODI4MzEgWiIgaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjNTFCRDIyIj48L3BhdGg+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=);
+}
+
+.warning___awNmI {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI2cHgiIGhlaWdodD0iMjZweCIgdmlld0JveD0iMCAwIDI2IDI2IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+d2FybmluZzwvdGl0bGU+CiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4KICAgIDxkZWZzPjwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJ3YXJuaW5nIj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgc3Ryb2tlPSIjRkZBQjA4IiBzdHJva2Utd2lkdGg9IjIiIGN4PSIxMyIgY3k9IjEzIiByPSIxMiI+PC9jaXJjbGU+CiAgICAgICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUtNCIgZmlsbD0iI0ZGQUIwOCIgeD0iMTEuNDk1NjA1NSIgeT0iNi4wODE1NDI5NyIgd2lkdGg9IjMiIGhlaWdodD0iMTAiIHJ4PSIxLjUiPjwvcmVjdD4KICAgICAgICAgICAgPHBhdGggZD0iTTEyLjk4NDMwMTgsMjAuNTk5OTk5OSBDMTMuOTc4NDE0MywyMC41OTk5OTk5IDE0Ljc4NDMwMTgsMTkuNzk0MTEyNSAxNC43ODQzMDE4LDE4LjggQzE0Ljc4NDMwMTgsMTcuODA1ODg3NCAxMy45Nzg0MTQzLDE3IDEyLjk4NDMwMTgsMTcgQzExLjk5MDE4OTMsMTcgMTEuMTg0MzAxOSwxNy44MDU4ODc0IDExLjE4NDMwMTksMTguOCBDMTEuMTg0MzAxOSwxOS43OTQxMTI1IDExLjk5MDE4OTMsMjAuNTk5OTk5OSAxMi45ODQzMDE4LDIwLjU5OTk5OTkgWiIgaWQ9Ik92YWwtMiIgZmlsbD0iI0ZGQUIwOCI+PC9wYXRoPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+);
+}
+
+.danger___YLbXm {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI2cHgiIGhlaWdodD0iMjZweCIgdmlld0JveD0iMCAwIDI2IDI2IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+ZGFuZ2VyPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9ImRhbmdlciI+CiAgICAgICAgICAgIDxjaXJjbGUgaWQ9Ik92YWwiIHN0cm9rZT0iI0UxNTY0QiIgc3Ryb2tlLXdpZHRoPSIyIiBjeD0iMTMiIGN5PSIxMyIgcj0iMTIiPjwvY2lyY2xlPgogICAgICAgICAgICA8cGF0aCBkPSJNMTMsMTAuOTAwMjE2NSBMOS44MjQ1NDI1NSw3LjcyNDc1OSBDOS40MzU1ODMwMiw3LjMzNTc5OTQ4IDguODA1MDY4MTksNy4zMzc3ODg5NSA4LjQxNDk1MTM5LDcuNzI3OTA1NzYgTDcuNzA2MzY4OTYsOC40MzY0ODgxOCBDNy4zMTMwMDgxMiw4LjgyOTg0OTAyIDcuMzE0ODQzMyw5LjQ1NzcwMDQ1IDcuNzAzMjIyMiw5Ljg0NjA3OTM1IEwxMC44Nzg2Nzk3LDEzLjAyMTUzNjggTDcuODAzNzI3MjcsMTYuMDk2NDg5MiBDNy40MTUzNDgzNywxNi40ODQ4NjgxIDcuNDEzNTEzMTksMTcuMTEyNzE5NSA3LjgwNjg3NDAyLDE3LjUwNjA4MDQgTDguNTE1NDU2NDUsMTguMjE0NjYyOCBDOC45MDU1NzMyNSwxOC42MDQ3Nzk2IDkuNTM2MDg4MDksMTguNjA2NzY5MSA5LjkyNTA0NzYxLDE4LjIxNzgwOTUgTDEzLDE1LjE0Mjg1NzEgTDE2LjA3NDk1MjQsMTguMjE3ODA5NSBDMTYuNDYzOTExOSwxOC42MDY3NjkxIDE3LjA5NDQyNjcsMTguNjA0Nzc5NiAxNy40ODQ1NDM2LDE4LjIxNDY2MjggTDE4LjE5MzEyNiwxNy41MDYwODA0IEMxOC41ODY0ODY4LDE3LjExMjcxOTUgMTguNTg0NjUxNiwxNi40ODQ4NjgxIDE4LjE5NjI3MjcsMTYuMDk2NDg5MiBMMTUuMTIxMzIwMywxMy4wMjE1MzY4IEwxOC4yOTY3Nzc4LDkuODQ2MDc5MzUgQzE4LjY4NTE1NjcsOS40NTc3MDA0NSAxOC42ODY5OTE5LDguODI5ODQ5MDIgMTguMjkzNjMxLDguNDM2NDg4MTggTDE3LjU4NTA0ODYsNy43Mjc5MDU3NiBDMTcuMTk0OTMxOCw3LjMzNzc4ODk1IDE2LjU2NDQxNyw3LjMzNTc5OTQ4IDE2LjE3NTQ1NzUsNy43MjQ3NTkgTDEzLDEwLjkwMDIxNjUgWiIgaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRTE1NjRCIj48L3BhdGg+CiAgICAgICAgPC9nPgogICAgPC9nPgo8L3N2Zz4=);
+}
+
+.gear___Oqj4Y {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+c2V0dGluZzwvdGl0bGU+CiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4KICAgIDxkZWZzPjwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJzZXR0aW5nIiBmaWxsLXJ1bGU9Im5vbnplcm8iIGZpbGw9IiNBMDlEQTAiPgogICAgICAgICAgICA8cGF0aCBkPSJNMjMuOTIwOCwxMC42NzA0IEMyMy44ODI0LDEwLjMzMiAyMy40ODg4LDEwLjA4IDIzLjE0OCwxMC4wOCBDMjIuMDQyMTQ1NCwxMC4xMDQzNDE0IDIxLjAzODM2NTMsOS40MzY3MDkzNiAyMC42MzMyOTU3LDguNDA3NDI1MzMgQzIwLjIyODIyNjEsNy4zNzgxNDEzIDIwLjUwNzc2MjUsNi4yMDU0NjY0NyAyMS4zMzM2LDUuNDY5NiBDMjEuNTk0MzE2NSw1LjIzMzQyNTkyIDIxLjYyNjg3MjYsNC44MzU0MDE2OCAyMS40MDgsNC41NiBDMjAuODQ3MzM3MiwzLjg1MDg5NDIyIDIwLjIwODk1MTEsMy4yMDY4NzI5NSAxOS41MDQ4LDIuNjQgQzE5LjIyODIxOSwyLjQxOTMwMjQyIDE4LjgyNzY2NTEsMi40NTE4OTM0MiAxOC41OTA0LDIuNzE0NCBDMTcuODIxODg4LDMuNTIzNTgwNDkgMTYuNjQxNDMzNiwzLjc4OTc5ODUzIDE1LjYsMy4zODg4IEMxNC41NjY0NDY0LDIuOTQ2NDk3OTkgMTMuOTE5OTkzMywxLjkwNDg4MzYzIDEzLjk4MjQsMC43ODI0IEMxNC4wMDEzODEyLDAuNDI5MTMzODIyIDEzLjc0MzIxOTgsMC4xMjE2NDg5MTUgMTMuMzkyLDAuMDc5MiBDMTIuNDk1ODg0NywtMC4wMjM4MzQ2OTkzIDExLjU5MTA1MjUsLTAuMDI2MjQ5NzMxNyAxMC42OTQ0LDAuMDcyIEMxMC4zNDgzMzAyLDAuMTEwNTU2OTM4IDEwLjA4OTU3MDMsMC40MDc5MjIxMjggMTAuMDk5MiwwLjc1NiBDMTAuMTM4ODk3NiwxLjg2ODM0MzM0IDkuNDgzNDcwNzUsMi44ODgzMjE1MyA4LjQ1NTIsMy4zMTQ0IEM3LjQxODc1MjgsMy42OTk1NzI0NSA2LjI1MjYwMDAyLDMuNDM0ODgwMjYgNS40ODQsMi42NCBDNS4yNDgzNjIxNSwyLjM4MjIwMTg0IDQuODUzNzg0NTEsMi4zNDk3NTY0NyA0LjU3OTIsMi41NjU2IEMzLjg2MTM5MzMzLDMuMTI5MjExNjUgMy4yMTA3MjU5MywzLjc3MzQzNjggMi42NCw0LjQ4NTYgQzIuNDIwNTEyMzEsNC43NjE3MDMwNyAyLjQ1MDg1MTU2LDUuMTYwMjk4MSAyLjcwOTYsNS40IEMzLjU1MDcxNjU1LDYuMTUzOTM5NjYgMy44MjMxNTU4NCw3LjM1NzI5MzM5IDMuMzg4OCw4LjQgQzIuOTIyMDcxNzcsOS40MTM5MTY0MyAxLjg5MzE4MTMxLDEwLjA0OTQwNzYgMC43Nzc2LDEwLjAxMjggQzAuNDI1NTE3ODE3LDkuOTkwNDk5MzkgMC4xMTk0MTY4MTIsMTAuMjUxOTYwNyAwLjA4NjQsMTAuNjAzMiBDLTAuMDE4OTc4MTI1MywxMS41MDg5NDUzIC0wLjAxODk3ODEyNTMsMTIuNDIzODU0NyAwLjA4NjQsMTMuMzI5NiBDMC4xMTc2LDEzLjY4IDAuNTI1NiwxMy45MiAwLjg2ODgsMTMuOTIgQzEuOTUwOTA1MywxMy45MTEyNzc3IDIuOTI4NzU2ODQsMTQuNTYzODEyOSAzLjMzNiwxNS41NjY0IEMzLjc1MjM1ODUxLDE2LjU5ODE1NjggMy40ODU1OTYxNywxNy43Nzk5NDI3IDIuNjY2NCwxOC41MzI4IEMyLjQwNzE0NjI0LDE4Ljc2ODcwODEgMi4zNzQ2NDU3MSwxOS4xNjUwMDUgMi41OTIsMTkuNDQgQzMuMTQ5NzE1NzgsMjAuMTUwMTIgMy43ODY2MzUsMjAuNzk0Mjg2MSA0LjQ5MDQsMjEuMzYgQzQuNzY1NzU2MzEsMjEuNTgxOTA2IDUuMTY2MjAyMjgsMjEuNTUxNDI1OCA1LjQwNDgsMjEuMjkwNCBDNi4xNzQ0MTI0NywyMC40Nzk4ODM1IDcuMzU2MDUzMjEsMjAuMjExOTMxMyA4LjQsMjAuNjExMiBDOS40MzcwMzQ4NiwyMS4wNDg0NjAzIDEwLjA4NjA0ODUsMjIuMDkxNjg5NyAxMC4wMiwyMy4yMTUyIEMxMC4wMDEwMTg4LDIzLjU2ODQ2NjIgMTAuMjU5MTgwMiwyMy44NzU5NTExIDEwLjYxMDQsMjMuOTE4NCBDMTEuMDY5MzU4NSwyMy45NzA2MDU4IDExLjUzMDg4MjIsMjMuOTk3MDQ3MyAxMS45OTI4LDIzLjk5NzYgQzEyLjQzMzA3NTYsMjMuOTk4NTM1MyAxMi44NzMwMjgzLDIzLjk3MzY5MjggMTMuMzEwNCwyMy45MjMyIEMxMy42NTgzNjM4LDIzLjg4NDUxMTEgMTMuOTE3NzgzMiwyMy41ODQyOTYgMTMuOTA1NiwyMy4yMzQ0IEMxMy44NjM3MTc5LDIyLjEyMjg1NjMgMTQuNTE3NDc4OSwyMS4xMDI0OTEzIDE1LjU0NDgsMjAuNjc2IEMxNi41ODA3OTUzLDIwLjI5MjQ3MTYgMTcuNzQ1NjMxMiwyMC41NjEyNzk5IDE4LjUwODgsMjEuMzYgQzE4Ljc0NDQzNzgsMjEuNjE3Nzk4MiAxOS4xMzkwMTU1LDIxLjY1MDI0MzUgMTkuNDEzNiwyMS40MzQ0IEMyMC4xMzAzMTM5LDIwLjg2OTU1MTIgMjAuNzgwODQ3OCwyMC4yMjU0NTgyIDIxLjM1MjgsMTkuNTE0NCBDMjEuNTc0NzA2LDE5LjIzOTA0MzcgMjEuNTQ0MjI1OCwxOC44Mzg1OTc3IDIxLjI4MzIsMTguNiBDMjAuNDU0MDg2NSwxNy44NjkwNDMxIDIwLjE2ODEwNDgsMTYuNjk4OTYxNyAyMC41NjY1NzcsMTUuNjY3OTY4NSBDMjAuOTY1MDQ5MiwxNC42MzY5NzUyIDIxLjk2MzYwNzYsMTMuOTYzMzYwMiAyMy4wNjg4LDEzLjk4IEwyMy4yMTc2LDEzLjk4IEMyMy41NzA4NjYyLDEzLjk5ODk4MTIgMjMuODc4MzUxMSwxMy43NDA4MTk4IDIzLjkyMDgsMTMuMzg5NiBDMjQuMDIxMzE4LDEyLjQ4NTk4NjggMjQuMDIxMzE4LDExLjU3NDAxMzIgMjMuOTIwOCwxMC42NzA0IEwyMy45MjA4LDEwLjY3MDQgWiBNMTIuMDE5MiwxNi4wMjQ4IEM5LjgwOTYxOTE3LDE2LjAyNDggOC4wMTg0LDE0LjIzMzU4MDggOC4wMTg0LDEyLjAyNCBDOC4wMTg0LDkuODE0NDE5MTcgOS44MDk2MTkxNyw4LjAyMzIgMTIuMDE5Miw4LjAyMzIgQzE0LjIyODc4MDgsOC4wMjMyIDE2LjAyLDkuODE0NDE5MTcgMTYuMDIsMTIuMDI0IEMxNi4wMTczNTUxLDE0LjIzMjQ4NDMgMTQuMjI3Njg0MywxNi4wMjIxNTUxIDEyLjAxOTIsMTYuMDI0OCBaIiBpZD0iU2hhcGUiPjwvcGF0aD4KICAgICAgICA8L2c+CiAgICA8L2c+Cjwvc3ZnPg==);
+	width: 24px;
+	height: 24px;
+}
+
+.pencil___opMoj {
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjEzcHgiIGhlaWdodD0iMTRweCIgdmlld0JveD0iMCAwIDEzIDE0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+cGVuY2lsPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPHBhdGggZD0iTTEwLjQwNjU1NDgsNi4wMDM2ODQ5MyBMNC4wNzkxNjA2NCwxMi4zMDMxNDg4IEwwLjY4ODY1NzE0NSw5LjAyODk3NzY2IEw2Ljk0MTkxNTY4LDIuNjU3OTIxODQgTDEwLjQwNjU1NDgsNi4wMDM2ODQ5MyBaIE0xMS4wOTQ5MTUzLDUuMzE4MzYyOTQgTDcuNjIyMjEwOTcsMS45NjQ4MTEzMyBMOC42ODA3OTQ4OSwwLjg4NjI4NjA3MyBDOS4wNzA0MzAzOSwwLjQ4OTMxMDcxOSA5LjcwMzE1ODE0LDAuNDg0MzY0Mzc0IDEwLjA5NzcyNjMsMC44Nzg5MzI1MzYgTDEyLjEwODQwOTIsMi44ODk2MTUzOSBDMTIuNTAxMzIzMywzLjI4MjUyOTUgMTIuNTA1Mjk0MSwzLjkxNDIwOTc5IDEyLjEwOTI2MjMsNC4zMDg0OTM0OCBMMTEuMDk0OTE1Myw1LjMxODM2Mjk0IFogTTMuMzkwODAwMSwxMi45ODg0NzA4IEwzLjM2NTkxOTc1LDEzLjAxMzI0MTMgTDAuMDAyNjM4MDIwNTgsMTMuMDEwNTM2MyBMLTUuNTA2NzA2MmUtMTQsOS43MzA2MDc1NSBMMC4wMDgzNjE4NTg0OSw5LjcyMjA4ODE3IEwzLjM5MDgwMDEsMTIuOTg4NDcwOCBaIiBpZD0icGVuY2lsIiBmaWxsPSIjQTA5REEwIj48L3BhdGg+CiAgICA8L2c+Cjwvc3ZnPg==);
+}
+.header___mMg5R {
+	position: fixed;
+	top: 0;
+	left: 0;
+	z-index: 10;
+	width: 100%;
+	background: #f2f2f2;
+	padding: 0 0 0 26px;
+	height: 60px;
+	box-sizing: border-box;
+	min-width: 1250px;
+	display: flex;
+}
+
+.logo___HNRkp {
+	width: 180px;
+	height: 44px;
+	background-size: contain;
+	padding: 8px;
+	background-origin: content-box;
+	flex: 0 0 auto;
+}
+
+.logoactive___eLC8E {
+	background-color: #fff;
+}
+
+.nav___wOlIg {
+	flex: 1 1 auto;
+	display: flex;
+	flex-wrap: nowrap;
+	overflow: hidden;
+}
+
+.nav-small___X0qYu {}
+
+.nav-wide___X3fQ5 {}
+
+.nav-flex___HqPK6 {
+	flex: 1 1 auto;
+	display: flex;
+	flex-wrap: nowrap;
+	justify-content: flex-end;
+	overflow: hidden;
+}
+
+.navlink___b0uZ6 {
+	display: inline-block;
+	vertical-align: top;
+	text-decoration: none;
+	color: #333;
+	padding: 16px 20px 17px;
+	border-left: 2px solid #fff;
+	line-height: 26px;
+}
+
+.navlink___b0uZ6:hover {
+	background-color: #fafafa;
+}
+
+.nav-flex___HqPK6 .navlink___b0uZ6 {
+	flex: 0 1 auto;
+	white-space: nowrap;
+	overflow: hidden;
+	text-overflow: ellipsis;
+}
+
+.navlinkactive___tYjQt {
+}
+
+.navlinkactive___tYjQt,
+.navlinkactive___tYjQt:hover {
+	background: #fff;
+}
+
+.anchor___DpiCF {
+	border-bottom: 1px dashed #333;
+}
+
+.navlinkactive___tYjQt .anchor___DpiCF {
+	border-bottom: 0;
+}
+
+.status___xPNOZ {
+	vertical-align: middle;
+	margin-right: 5px;
+	margin-left: -10px;
+	width: 26px;
+	height: 26px;
+}
+
+.settings___V7caw {
+	padding: 0 10px 0 0;
+	width: 60px;
+	height: 60px;
+	line-height: 70px;
+	text-align: center;
+	cursor: pointer;
+	opacity: .8;
+	flex: 0 0 auto;
+}
+
+.settings___V7caw:hover {
+	opacity: 1;
+}
+
+@media screen and (max-width: 1640px) {
+	.nav-wide___X3fQ5 .navlink___b0uZ6 {
+		padding-left: 10px;
+		padding-right: 10px;
+	}
+
+	.nav-wide___X3fQ5 .status___xPNOZ {
+		width: 20px;
+		height: 20px;
+		margin-left: auto;
+	}
+
+	.nav-wide___X3fQ5 .settings___V7caw {
+		width: 40px;
+	}
+
+	.nav-wide___X3fQ5 .anchor___DpiCF {
+		font-size: 0.9em;
+	}
+}
+
+@media screen and (max-width: 1500px) {
+	.nav-small___X0qYu .navlink___b0uZ6 {
+		padding-left: 10px;
+		padding-right: 10px;
+	}
+
+	.nav-small___X0qYu .status___xPNOZ {
+		margin-left: auto;
+	}
+
+	.nav-small___X0qYu .settings___V7caw {
+		width: 40px;
+	}
+}
+
+
+@media screen and (max-width: 1390px) {
+	.logo___HNRkp {
+		width: 127px;
+		height: 36px;
+		padding-top: 12px;
+		padding-bottom: 12px;
+	}
+
+	.nav-wide___X3fQ5 .anchor___DpiCF {
+		font-size: 0.8em;
+	}
+
+	.nav-small___X0qYu .anchor___DpiCF {
+		font-size: 0.9em;
+	}
+}
+
+.footer___lPmop {
+	padding: 15px 30px;
+	background-color: #e6e6e6;
+	margin-top: -53px;
+}
+.loader___KsW7O {
+	border-top: 4px solid rgba(0, 151, 44, 0.2);
+	border-right: 4px solid rgba(0, 151, 44, 0.2);
+	border-bottom: 4px solid rgba(0, 151, 44, 0.2);
+	border-left: 4px solid #00972c;
+	transform: translateZ(0);
+	animation: load8___bmZDw 1.1s infinite linear;
+}
+
+.loader___KsW7O, .loader___KsW7O:after {
+	border-radius: 50%;
+	width: 50px;
+	height: 50px;
+
+}
+
+@-webkit-keyframes load8___bmZDw {
+	0% {
+		-webkit-transform: rotate(0deg);
+		transform: rotate(0deg); }
+	100% {
+		-webkit-transform: rotate(360deg);
+		transform: rotate(360deg); } }
+
+@keyframes load8___bmZDw {
+	0% {
+		transform: rotate(0deg);
+	}
+
+	100% {
+		transform: rotate(360deg);
+	}
+}
+
+.gray-loader___uNaZG {
+	border-top: 4px solid #f1f5f7;
+	border-right: 4px solid #f1f5f7;
+	border-bottom: 4px solid #f1f5f7;
+	border-left: 4px solid #989a9c;
+}
+.box____RyIu {
+	padding: 10px 15px;
+	border: 1px solid #dfdfdf;
+	border-radius: 4px;
+	box-sizing: border-box;
+	flex: 1;
+	margin: 8px;
+	min-width: 225px;
+	max-width: calc(20% - 16px);
+}
+
+.header___Es3z5 {
+	position: relative;
+	background-color: #f9f9f9;
+	margin: -10px -15px 20px;
+	padding: 0 55px 0 15px;
+	border-radius: 4px 4px 0 0;
+	height: 55px;
+	line-height: 55px;
+	font-size: 17px;
+	text-decoration: none;
+	overflow: hidden;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+	color: #000000;
+	display: block;
+}
+
+.status___aq8nz {
+	position: absolute;
+	top: 50%;
+	right: 15px;
+	margin-top: -15px;
+	width: 30px;
+	height: 30px;
+}
+
+.box____RyIu h4,
+.box____RyIu p {
+	margin: 0 0 8px;
+}
+
+.tooltip-container___S804X {
+	position: absolute;
+	z-index: 100;
+	top: 0;
+	left: 0;
+}
+
+.tooltip___vBln_ {
+	padding: 15px 20px 15px;
+	border-radius: 4px;
+	background: #414c57;
+	font-size: 15px;
+	position: absolute;
+	color: #fff;
+	margin-top: 10px;
+	white-space: nowrap;
+}
+
+.tooltip___vBln_:before {
+	content: '';
+	width: 0;
+	height: 0;
+	position: absolute;
+	border: 6px solid transparent;
+}
+
+.top___u8nTI:before {
+	top: 100%;
+	left: 12px;
+	border-bottom-width: 0px;
+	border-top-color: #414c57;
+}
+
+.top___u8nTI.center___idHAW:before {
+	left: 50%;
+	margin-left: -6px;
+}
+
+.top___u8nTI.start___UM0_B:before {
+	left: 100%;
+	margin-left: -20px;
+}
+
+.right___bizIf:before {
+	top: 12px;
+	right: 100%;
+	border-left-width: 0px;
+	border-right-color: #414c57;
+}
+
+.right___bizIf.center___idHAW:before {
+	top: 50%;
+	margin-top: -6px;
+}
+
+.bottom___y_Zuf {}
+
+.bottom___y_Zuf:before {
+	bottom: 100%;
+	left: 12px;
+	border-top-width: 0px;
+	border-bottom-color: #414c57;
+}
+
+.bottom___y_Zuf.center___idHAW:before {
+	left: 50%;
+	margin-left: -6px;
+}
+
+.left___WCTfv:before {
+	top: 12px;
+	left: 100%;
+	border-right-width: 0px;
+	border-left-color: #414c57;
+}
+
+.left___WCTfv.center___idHAW:before {
+	top: 50%;
+	margin-top: -6px;
+}
+
+.list-row___l2GN2 {
+	display: flex;
+}
+
+.list-label___fNQPr {
+	flex: 0 0 auto;
+}
+
+.list-space___BSJbp {
+	flex: 1 0 auto;
+	min-width: 5px;
+	border-bottom: 1px solid rgba(255,255,255,0.3);
+	margin: 0 3px;
+}
+
+.list-value___wsECc {
+	flex: 0 0 auto;
+}
+
+.row___BfGB7 {
+	margin-bottom: 10px;
+	white-space: nowrap;
+}
+
+.row___BfGB7:last-of-type {
+	margin-bottom: 0;
+}
+
+.red___FIiiS {
+	border-radius: 4px;
+	background: #e37358;
+	line-height: 20px;
+}
+
+.green___n7ZTr {
+	background: #9ac355;
+}
+
+.icon___a8iyc {
+	vertical-align: top;
+}
+
+.release___UNwFy {
+	display: inline-block;
+	margin-bottom: 12px;
+	font-weight: bold;
+}
+
+.release___UNwFy,
+.release___UNwFy:visited {
+	color: #2671c6;
+}
+
+.table___kliKd th,
+.table___kliKd td {
+	padding: 0 6px 8px 0;
+}
+
+.table___kliKd td {
+	font-weight: bold;
+}
+
+.uptime___w8TZO {
+	border-bottom: 2px dotted #000;
+	cursor: default;
+}
+.table___Utl7H {
+	font-size: 13px;
+}
+
+.table___Utl7H thead {
+	border-bottom: 1px solid #ffffff;
+}
+
+.wide___Eyv03 {
+	width: 100%;
+}
+
+.thin___IyGow {
+	min-width: 500px;
+}
+
+.table___Utl7H tr:hover {
+	background: #f7f7f7;
+}
+
+.table___Utl7H tr:hover td {
+	border-right-color: #f7f7f7;
+}
+
+.table___Utl7H th {
+	text-align: left;
+	font-size: 15px;
+	line-height: 30px;
+	padding: 0 8px;
+	border-right: 2px solid #fff;
+	font-weight: bold;
+	background-color: #e3e3e3;
+	white-space: nowrap;
+}
+
+.table___Utl7H td {
+	padding: 8px;
+	vertical-align: middle;
+	border-bottom: 1px solid #e3e3e3;
+	border-right: 2px solid #fff;
+	white-space: nowrap;
+}
+
+.table___Utl7H th:last-of-type,
+.table___Utl7H td:last-of-type {
+	border-right: none
+}
+
+.bold___NVbjB {
+	font-weight: bold;
+	font-size: 14px;
+}
+
+.right-align___H0LAo {
+	text-align: right !important;
+}
+
+.center-align___fJEv0 {
+	text-align: center !important;
+}
+
+.left-align___PBC6u {
+	text-align: left !important;
+}
+
+.sub-header___ITHoC th {
+	font-weight: normal;
+	text-align: right;
+	border: none;
+	font-size: 11px;
+	line-height: 14px;
+	height: 30px;
+	padding-top: 4px;
+	padding-bottom: 4px;
+	box-sizing: border-box;
+}
+
+.bdr___CNbbc {
+	border-right: 2px solid #fff !important;
+}
+
+.no-bdr___EKNxu {
+	border-right: 0 !important;
+}
+
+.px60___xSrQT {
+	min-width: 60px;
+}
+
+th.sorter____Ty9O {
+	background-color: #eeeeee;
+	cursor: pointer;
+	border-bottom: 1px solid #fff;
+	border-right: 1px solid #fff;
+	vertical-align: middle;
+	font-size: 14px;
+	width: 10px;
+	padding: 0;
+	line-height: 8px;
+	color: #999999;
+	text-align: center;
+	user-select: none;
+}
+
+.sorter____Ty9O:hover {
+	background: #aaaaaa;
+	color: #fff;
+}
+
+th.sorterActive___XeeMr {
+	background: #999999;
+	color: #fff;
+}
+
+th.inlinSorter___SQLy1 {
+	border-right-width: 2px;
+}
+
+td.status___ky3iH {
+	width: 10px;
+	border-bottom: 1px solid #fff;
+	border-right: 1px solid #fff;
+	padding: 0;
+}
+
+.ok___Y9dZI {
+	background-color: #6bc544;
+}
+
+.warning___eF9BG, .checking___Rqhpk {
+	background-color: #ffab08;
+}
+
+.alert___tOpDm {
+	background-color: #ed1c24;
+}
+
+.up___Cr1UF {
+	background-color: #8dc63f;
+}
+
+.unavail___WYVka, .unhealthy___bhtZo {
+	background-color: #f26c4f;
+}
+
+.draining___d7Exa {
+	background-color: #55b2da;
+}
+
+.down___RBm9r {
+	background-color: #dcdcdc;
+}
+
+.flash___ZwB6G {
+	transition: color 6s cubic-bezier(1,.005,.665,-.045), background-color 6s cubic-bezier(1,.005,.665,-.045);
+}
+
+.red-flash___F62Kn {
+	background-color: #f43636;
+	color: #ffffff;
+	transition: none;
+}
+
+.collapse-columns___GwwBZ {
+	background-color: #e2e5e8;
+	cursor: pointer;
+	padding: 0!important;
+	color: #989a9c;
+	width: 20px;
+	text-align: center;
+}
+
+.hovered-expander___Jp2NV .responses-column___IRgR5 {
+	color: #ccc;
+}
+
+.checkbox___JxU4t {
+	border-right: none !important;
+	padding: 0 !important;
+}
+
+.checkbox___JxU4t input {
+	margin: 18px 4px 18px 8px;
+}
+
+.edit-peer___hfSEP {
+	display: inline-block;
+	vertical-align: middle;
+	visibility: hidden;
+	width: 16px;
+	height: 1.8em;
+	background-position: center;
+	background-repeat: no-repeat;
+	background-size: 16px;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDoxQ0I0OTREQTQxQzExMUU1OTY4MkM4NTUxNjJBNEVBNSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDoxQ0I0OTREQjQxQzExMUU1OTY4MkM4NTUxNjJBNEVBNSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjFDQjQ5NEQ4NDFDMTExRTU5NjgyQzg1NTE2MkE0RUE1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjFDQjQ5NEQ5NDFDMTExRTU5NjgyQzg1NTE2MkE0RUE1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+K4Fu+QAAAe1JREFUeNrEl0soRFEcxscjj0lNhIU7WVrasBLKLMgjzQh5ZMGGUgoL1rKShQUrGyUslImdBVYWU5QoCykbpIg88hjP79T/1Ol2H+6Zc+/96teduffW953H/Z9z0kbHxgN+Kp2uBWANvIFfCV5Bg4lHCTgFl2AT9IEM/jCTrgugS7IRLHQMbBs8KwZ7oIz+a6AVdIIo+OY9EHXBnOkOLIJ33f0W3mAeIEexuUat/AGzoAbc6N7pFodAr3IaMyt9ghcT813q9kEa8wNQS8Oh0XsVVgEewYNEr4jmTBGQAE3ghLp+HwTBkzgEKqQ35wqDHVAKjsAkOKNwygKYmXMVgWX6PQ+qwZWqAHbmXGwOtFHduNUXIrfNA9TtCbNK6IV5hHe7igBKzGUDqDJvlgmgyrwRbDgNoMqcrZpxkGVVCY0058C8DlwbPKsn82yZOdALZug7ljEvJPNcJ5Mwn8poO0iCCTBAC5ET8wDV/6DTryBMY7lO6fPAEujX9YSdue2W7D+K0trPWrECplM1l/kMq2iHwzQFVlMxly1EPaADfNHElDZPpRQPqdpE2NWBc1BpcP/CqwBs43no5sHELECIaoBKhZwEOPb6aPbsw7HwQwyw5UOAuDgEI3RgjIkrlUtK0l5gWAxwz49KXutPgAEAcGF9b+OFPlUAAAAASUVORK5CYII=);
+	cursor: pointer;
+	opacity: 0.7;
+	margin-left: 8px;
+}
+
+.edit-peer___hfSEP:hover {
+	opacity: 1;
+}
+
+.address___Us_1T {
+	max-width: 130px;
+}
+
+.address___Us_1T:hover .edit-peer___hfSEP {
+	visibility: visible;
+}
+
+.address-container___w0w6n {
+	vertical-align: middle;
+	text-overflow: ellipsis;
+	overflow: hidden;
+	white-space: nowrap;
+	max-width: 140px;
+	display: inline-block;
+	border-bottom: 1px dotted #999;
+	cursor: default;
+}
+
+.hinted___oiVPn {
+	border-bottom: 1px dotted #999;
+	cursor: default;
+}
+
+.chart-container___hk_EK {
+	cursor: pointer;
+}
+
+.chart-container_active___lw8_x {
+	background: #f7f7f7;
+}
+
+.chart-container_active___lw8_x td {
+	border-bottom: none;
+}
+
+.chart-icon___ryBCV {
+	width: 20px;
+}
+
+.chart-icon__icon___MSJrS {
+	width: 18px;
+	height: 18px;
+	vertical-align: top !important;
+	background-image: url(data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzEwMHB4JyB3aWR0aD0nMTAwcHgnICBmaWxsPSIjMzMzMzMzIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgMTAwIDEwMCIgc3R5bGU9ImJhY2tncm91bmQtY29sb3I6I2ZmZmZmZjAwOyIgdmVyc2lvbj0iMS4xIiB4bWw6c3BhY2U9InByZXNlcnZlIiB4PSIwcHgiIHk9IjBweCI+Cgk8cGF0aCBkPSJNIDEwIDIwIEwgMTAgOTAgTCA5MCA5MCBNIDMwIDcwIEwgNDUgNjAgTCA2MCA0MCBMIDc1IDU1IEwgOTAgMTAiIGZpbGw9InRyYW5zcGFyZW50IiBzdHJva2U9IiMzMzMzMzMiIHN0cm9rZS13aWR0aD0iNyIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIj48L3BhdGg+Cjwvc3ZnPg==);
+	background-size: cover;
+	opacity: .7;
+}
+
+.chart-container___hk_EK:hover .chart-icon__icon___MSJrS,
+.chart-container_active___lw8_x .chart-icon__icon___MSJrS {
+	opacity: 1;
+
+}
+
+.chart-row___Aocb0:hover {
+	background: #fff !important;
+}
+
+.chart-row___Aocb0 td {
+	border-bottom: 2px solid #999;
+}
+
+.table___XKEid {
+	table-layout: fixed;
+}
+
+.tabs___shv8R {
+	margin-bottom: 30px;
+}
+
+.tabs_ssl___Ffvin {
+	margin-bottom: 11px;
+}
+
+.tab___nUg_1 {
+	display: inline-block;
+	width: 118px;
+}
+
+.tab-s___tpylK {
+	width: 45px;
+}
+
+.tab___nUg_1 span {
+	border-bottom: 1px dashed #000000;
+	cursor: pointer;
+	white-space: nowrap;
+}
+
+.tab-active___HKVLY {
+}
+
+.tab-active___HKVLY span {
+	font-weight: bold;
+	border-bottom: 0;
+}
+
+.counter___LiSy2 {
+	float: right;
+	color: #929292;
+	letter-spacing: -1px;
+	font-size: 15px;
+}
+
+.table___XKEid {
+	width: 100%;
+}
+
+.table___XKEid td {
+	font-size: 24px;
+}
+
+.h3___nMTa1 {
+	font-weight: bold;
+	margin: 0 0 30px;
+	font-size: 16px;
+}
+
+.current___xNZ4J {}
+
+.current__sec___uS8fO {
+	font-size: 16px;
+}
+
+.ssl___spYo8 td {
+	font-size: 22px;
+}
+
+.ssl___spYo8 td:first-child {
+	width: 16%;
+	padding-top: 4px;
+	font-size: inherit;
+	line-height: 26px;
+}
+.alerts___xHUNF {
+	font-size: 24px;
+	padding-top: 34px;
+	margin-bottom: 24px;
+}
+
+.num___QK37d {
+	padding: 0 10px 0 0;
+	border-radius: 4px;
+	position: relative;
+	margin-right: 20px;
+	text-decoration: none;
+}
+
+.ok___Vb8j2, .alert___U9hyo, .warning___jb5kC {
+	color: #ffffff;
+	margin-left: 20px;
+	padding-left: 10px;
+}
+
+.ok___Vb8j2 {
+	background-color: #6bc544;
+}
+
+.alert___U9hyo {
+	background-color: #ed1c24;
+}
+
+.warning___jb5kC {
+	background-color: #ffab08;
+}
+
+.label___ofh6Z {
+	position: absolute;
+	top: -28px;
+	left: 0;
+	font-size: 16px;
+	color: #000;
+}
+
+.red___WBszV {
+	color: #d00a0a;
+}
+.icon___ynQ3g {
+	vertical-align: top;
+    margin-top: 3px;
+	margin-right: 7px;
+	width: 17px;
+	height: 17px;
+}
+
+.snowflakeIcon___MWCYj {
+    width: 15px;
+    margin-right: 8px;
+    margin-left: 1px;
+}
+
+
+.row___DEXUd {
+	display: flex;
+	margin: 0 -20px;
+}
+
+.row-wrap____ZDpW {
+	flex-wrap: wrap;
+}
+
+.box___oEQWK {
+	min-width: calc(20% - 16px);
+}
+
+.connections___IwPXb {
+	min-width: calc(60% - 16px);
+}
+.container___YVzdT {
+	position: relative;
+	display: inline-block;
+}
+
+.svg___eHjy0 {
+	user-select: none;
+}
+
+.x-axis___W3AjO {
+	stroke: #ccc;
+	stroke-width: 1px;
+}
+
+.x-line___Cx3aM {
+	stroke: #eee;
+	stroke-width: 1px;
+}
+
+.x-label___GmWIU {
+	font: 10px Open Sans,Arial,sans-serif;
+	fill: #888;
+	text-anchor: middle;
+}
+
+.y-label___rzfcN {
+	font: 13px Open Sans,Arial,sans-serif;
+	fill: #666;
+	text-anchor: end;
+}
+
+.line___vFLjn {
+	stroke-width: 2px;
+	stroke-linecap: round;
+	stroke-linejoin: bevel;
+	fill: none;
+}
+
+.area___GUBYy {
+	opacity: .5;
+	stroke-width: 0;
+}
+
+.faded___lrP7E {
+	opacity: .075;
+}
+
+.legend___LRo5H {
+	display: block;
+	margin: 0 0 5px 50px;
+}
+
+.legend__item___En1zx {
+	display: inline-block;
+	vertical-align: top;
+	margin-right: 14px;
+	padding: 0 5px;
+	font-size: 12px;
+	line-height: 12px;
+	opacity: .8;
+	cursor: pointer;
+	user-select: none;
+}
+
+.legend__item___En1zx:hover {
+	opacity: 1;
+}
+
+.legend__item_disabled___ffZ8U {
+	text-decoration: line-through;
+	opacity: .6;
+}
+
+.legend__color___TwTL5 {
+	display: inline-block;
+	width: 20px;
+	height: 12px;
+	vertical-align: top;
+	margin-right: 6px;
+}
+
+.cursor-line___SBRws {
+	stroke: #ccc;
+	stroke-width: 1px;
+	stroke-dasharray: 6,6;
+	fill: none;
+}
+
+.tooltip___AGAsM {
+	z-index: 1;
+	position: absolute;
+	top: 2px;
+	padding: 4px 6px;
+	border: 1px solid #ccc;
+	border-radius: 2px;
+	background: #fff;
+	font-size: 14px;
+	user-select: none;
+}
+
+.tooltip__point___PXs8R {
+	display: table-row;
+}
+
+.tooltip__value___SgGBA {
+	display: table-cell;
+	padding: 0 8px 4px 0;
+	font-size: 18px;
+	line-height: 18px;
+	text-align: right;
+}
+
+.tooltip__metric___Nfcq6 {
+	display: table-cell;
+	padding-top: 2px;
+	line-height: 18px;
+	color: #666;
+}
+
+.tooltip__time___MmEuT {
+	margin-top: 5px;
+	font-size: 12px;
+	color: #666;
+}
+
+.mouse-tracker___mRKMk {
+	z-index: 2;
+	position: absolute;
+	background: transparent;
+}
+
+.mouse-tracker_drag___s8IsU {
+	cursor: grab;
+}
+
+.mouse-tracker_dragging___cRbNt {
+	cursor: grabbing;
+}
+
+.timewindow___o2E7P {
+	position: absolute;
+	top: 16px;
+	right: 20px;
+	white-space: nowrap;
+}
+
+.timewindow__item___C7mk9 {
+	display: inline-block;
+	vertical-align: top;
+	margin-right: -1px;
+	padding: 2px 8px;
+	border: 1px solid #ccc;
+	cursor: pointer;
+	user-select: none;
+}
+
+.timewindow__item___C7mk9:hover {
+	background: #f3f3f3;
+}
+
+.timewindow__item_selected___IqY1F,
+.timewindow__item_selected___IqY1F:hover {
+	background: #ddd;
+	cursor: default;
+}
+
+.dnd-controls___q1mgS {
+	position: absolute;
+	top: 16px;
+	left: 50px;
+	white-space: nowrap;
+	font-size: 20px;
+	font-weight: 100;
+	line-height: 18px;
+}
+
+.dnd-controls__control___KjxMy {
+	display: inline-block;
+	width: 26px;
+	vertical-align: top;
+	margin-right: -1px;
+	padding: 2px 0;
+	border: 1px solid #ccc;
+	cursor: pointer;
+	user-select: none;
+	text-align: center;
+}
+
+.dnd-controls__control___KjxMy:not(.dnd-controls__control_disabled___P3Y1U):hover {
+	background: #f3f3f3;
+}
+
+.dnd-controls__control___KjxMy:not(.dnd-controls__control_disabled___P3Y1U):active {
+	background: #ddd;
+}
+
+.dnd-controls__control_disabled___P3Y1U {
+	opacity: 0.4;
+	cursor: default;
+}
+
+.upstreams-container___UTnYc h1 {
+	float: left;
+	margin-bottom: 0;
+}
+
+.upstreams-list___mxwmg {
+	padding: 15px 0;
+	clear: both;
+}
+
+.title___vOE04 {
+	margin: 0;
+	display: inline-block;
+	vertical-align: middle;
+
+	font-size: 22px;
+	line-height: 29px;
+	font-weight: bold;
+
+	max-width: 500px;
+	text-overflow: ellipsis;
+	overflow: hidden;
+	white-space: nowrap;
+	cursor: default;
+}
+
+.head___pKgqd {
+	margin-bottom: 18px;
+}
+
+.btn___eI9BD {
+	display: inline-block;
+	height: 24px;
+	line-height: 24px;
+	font-size: 13px;
+	border: 1px solid #bbb8bb;
+	border-radius: 4px;
+	padding: 0 15px;
+	color: #989a9c;
+	margin: 0 3px;
+	cursor: pointer;
+	vertical-align: middle;
+}
+
+.btn___eI9BD:hover {
+	background-color: #eee;
+}
+
+.edit___jQjMI {
+	width: 24px;
+	padding: 0;
+	margin: 0 15px 0 20px;
+	background-image: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjEzcHgiIGhlaWdodD0iMTRweCIgdmlld0JveD0iMCAwIDEzIDE0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0My4yICgzOTA2OSkgLSBodHRwOi8vd3d3LmJvaGVtaWFuY29kaW5nLmNvbS9za2V0Y2ggLS0+CiAgICA8dGl0bGU+cGVuY2lsPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPHBhdGggZD0iTTEwLjQwNjU1NDgsNi4wMDM2ODQ5MyBMNC4wNzkxNjA2NCwxMi4zMDMxNDg4IEwwLjY4ODY1NzE0NSw5LjAyODk3NzY2IEw2Ljk0MTkxNTY4LDIuNjU3OTIxODQgTDEwLjQwNjU1NDgsNi4wMDM2ODQ5MyBaIE0xMS4wOTQ5MTUzLDUuMzE4MzYyOTQgTDcuNjIyMjEwOTcsMS45NjQ4MTEzMyBMOC42ODA3OTQ4OSwwLjg4NjI4NjA3MyBDOS4wNzA0MzAzOSwwLjQ4OTMxMDcxOSA5LjcwMzE1ODE0LDAuNDg0MzY0Mzc0IDEwLjA5NzcyNjMsMC44Nzg5MzI1MzYgTDEyLjEwODQwOTIsMi44ODk2MTUzOSBDMTIuNTAxMzIzMywzLjI4MjUyOTUgMTIuNTA1Mjk0MSwzLjkxNDIwOTc5IDEyLjEwOTI2MjMsNC4zMDg0OTM0OCBMMTEuMDk0OTE1Myw1LjMxODM2Mjk0IFogTTMuMzkwODAwMSwxMi45ODg0NzA4IEwzLjM2NTkxOTc1LDEzLjAxMzI0MTMgTDAuMDAyNjM4MDIwNTgsMTMuMDEwNTM2MyBMLTUuNTA2NzA2MmUtMTQsOS43MzA2MDc1NSBMMC4wMDgzNjE4NTg0OSw5LjcyMjA4ODE3IEwzLjM5MDgwMDEsMTIuOTg4NDcwOCBaIiBpZD0icGVuY2lsIiBmaWxsPSIjQTA5REEwIj48L3BhdGg+CiAgICA8L2c+Cjwvc3ZnPg==);
+	background-position: center;
+	background-repeat: no-repeat;
+	background-size: 14px;
+}
+
+.edit-active___bvRp1 {
+	background-color: #6e6c6e;
+	border-color: #6e6c6e;
+}
+
+.zone-capacity____XVvY {
+	display: inline-block;
+	vertical-align: middle;
+	margin-left: 20px;
+}
+
+.list-toggler___lhgLX {
+	float: left;
+	font-size: 14px;
+	font-weight: 300;
+	height: 30px;
+	line-height: 30px;
+	margin: 7px 0 0 20px;
+	width: 150px;
+	background-color: #f1f5f7;
+	text-align: center;
+	padding: 0 7px;
+	cursor: pointer;
+	user-select: none;
+}
+
+.list-toggler-opened___vodX7 {
+	padding-bottom: 30px;
+}
+
+.toggle-failed___EjYQ0 {
+	font-size: 19px;
+	line-height: 40px;
+	float: right;
+}
+
+.toggler___L_QPv {
+	margin-left: 15px;
+	cursor: pointer;
+	background: #fff;
+	display: inline-block;
+	width: 56px;
+	height: 24px;
+	border-radius: 28px;
+	border: 2px solid #e5e5e5;
+	transition: all .2s ease;
+	transform: translate3d(0,0,0);
+	user-select: none;
+	vertical-align: middle;
+}
+
+.toggler-active___edGMH {
+	border-color: #f26c4f;
+	background-color: #f26c4f;
+}
+
+.toggler-point___UwBrE {
+	position: absolute;
+	width: 24px;
+	height: 24px;
+	border-radius: 28px;
+	border: 2px solid #e5e5e5;
+	background: #fff;
+	transition: all .2s ease;
+	transform: translate3d(-2px,-2px,0);
+}
+
+.toggler-active___edGMH .toggler-point___UwBrE {
+	transform: translate3d(31px, -2px, 0);
+	border: 2px solid #f26c4f;
+}
+
+.filter___yIP5V {
+	float: right;
+	height: 30px;
+}
+
+.msg___eJG14 {
+	padding-top: 15px;
+	padding-bottom: 15px;
+	clear: both;
+}
+
+.upstreams-catalog___Q08HJ {
+	background-color: #f1f5f7;
+	margin: 0 -30px;
+	padding: 20px 30px 20px 55px;
+	clear: both;
+}
+
+.upstreams-summary___l1VzK {
+	margin: 0 0 35px;
+	font-size: 18px
+}
+
+.red-text___aEue2 {
+	color: #d00a0a;
+	margin-left: 30px;
+}
+
+.upstreams-navlinks___ymkqi {
+	display: flex;
+	flex-wrap: wrap;
+}
+
+.upstream-link___JybKs {
+	font-size: 13px;
+	cursor: pointer;
+	float: left;
+	width: 16%;
+	padding: 7px 20px 7px 0;
+	box-sizing: border-box;
+}
+
+.upstream-link-failed___X0LPY {
+	color: #d00a0a;
+}
+
+.dashed___W6sOQ { border-bottom: 1px dashed }
+
+.upstream-link-failed___X0LPY:before {
+	content: '';
+	display: block;
+	width: 14px;
+	height: 14px;
+	background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAcCAYAAAByDd+UAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAx9pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIFdpbmRvd3MiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6Qjc0MzE4QTg0MTNEMTFFNUE5NUZFOTk5NUIyQ0M5RkMiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6Qjc0MzE4QTk0MTNEMTFFNUE5NUZFOTk5NUIyQ0M5RkMiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpCNzQzMThBNjQxM0QxMUU1QTk1RkU5OTk1QjJDQzlGQyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpCNzQzMThBNzQxM0QxMUU1QTk1RkU5OTk1QjJDQzlGQyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PtJBKfQAAALjSURBVHjazJZNSFRRFMefb96MQSY1QQVSIeRCFya4cVfZIrAW0ZiBLoTgmbipzbRy26pNEQxpi2phUNHHwoLAapkJQbWJsFn0IWTgB2OB42N8/c/wv3C73nnPJsQu/Hjv3nvuOffrnHNrljzPiSkJcAx0gQ7QBOrZVwDTYBI8Bc/qgqAUpawmwmASDIEsaHDWV2bAZZCD4eBvDLaBO6CZ9VlwH7wA78Ec23eCVtAJToPdbP8AemH07RrNYtAgA5ZBCGaBD1IWuTJhGJahjM8xIXVkVL/CXGEG3AMuGAf9YD5qD+uMnfuZTKbxuQ1OgFXQA5kHqt81tnGMbaPgZJyxChOY59hR6hrDJNrMM5QL8o5nNs4BpXUasLbDiNzux1ypnOlBuUhqhUM09oPbWHL+sdA9+qmzmTbKS07w6ksZrmYbY7Z3mNWsrFq2VBz6Ca/+PrBijDsK9oKHdPQ1WwpFEghOga+oPze2NoXPF7rMcZcRxKGfmcZk5RPgJngFUpazSrFPZCZQzxoTWqFuKV0uw5VDpzZLt/bfQsxitndbZJTuDpex0WEEMctr7V/OI2+RyWuRxxzjGLqbPC0Qz1kEL8q58GyvS2CynOEStvEQfgd5VtcsepTuerk0ISs7wGIVNzFWBhPajs+CcouCFog3qijdBY/5rJ1RPx8xaCs4Qtk9bPuO2b/B9yVW+itibCu/0x6TZztTzCOLcAPd4xzYUkHhMgyPSC6E4RlLfye/k3GOfwbcANtY/8Qr/pn1/VR2QGU74MPo3UqOL3ksAb4xh/larmsEq2yfAocr5UP2TVFWxjRqedJnu9hIqGxxHlzRAq34XC24BT6CSyCIuqVYSZJxU1Z7Fu1F5kbJFLvABbRd3bT0JKN6QZECOWaRqgqN5airyPdNYGZ8efD08VkwwNmlqzCW5tgB6urTH1OuIS9vjx5tpbIVvi1L2LIG8DlGreyP98ymPBP/m4fwhj31fwswAN7qWj+PKnUeAAAAAElFTkSuQmCC) 0px 0px no-repeat;
+	background-size: 100%;
+	position:absolute;
+	margin-left: -20px;
+	margin-top: 2px;
+}
+.progress-bar___GnMC7 {
+	height: 22px;
+	line-height: 22px;
+	padding-left: 10px;
+	position: relative;
+	border-radius: 4px;
+	border-top: 1px solid #babdc1;
+	background-color: #e1e5e9;
+	overflow: hidden;
+	display: inline-block;
+	vertical-align: middle;
+	width: 130px;
+	cursor: default;
+}
+
+.fulfillment___osexh {
+	height: 22px;
+	padding-left: 10px;
+	position: absolute;
+	left: 0;
+	top: 0;
+	background-color: #5191d1;
+	border-bottom: 1px solid #1a6baf;
+	color: #fff;
+	box-sizing: border-box;
+	white-space: nowrap;
+	overflow: hidden;
+}
+
+.danger___UUH5W .fulfillment___osexh {
+	background-color: #dc3609;
+	border-color: #6b1a04;
+}
+
+.warning___bpfEj .fulfillment___osexh {
+	background-color: #F0C946;
+	border-color: #F0C946;
+}
+.disable-scroll___rurS_ {
+	overflow: hidden;
+}
+
+.fader___ETVzC {
+	position: fixed;
+	top: 0;
+	left: 0;
+	bottom: 0;
+	right: 0;
+	background-color: rgba(0,0,0,.5);
+	z-index: 10;
+	min-width: 650px;
+}
+
+.modal___viaqq {
+	position: fixed;
+	top: 0;
+	right: 0;
+	bottom: 0;
+	left: 0;
+	z-index: 11;
+	overflow-y: auto;
+}
+
+.popup___zhF5j {
+	/*position: absolute;*/
+	/*left: 50%;*/
+	/*top: 50%;*/
+	/*transform: translate(-50%, -50%);*/
+
+	margin: 20px auto;
+	position: relative;
+	box-shadow: 0 0 20px 1px rgba(0,0,0,.3);
+}
+
+.editor___mSYKf {
+	background: #ffffff;
+	width: 550px;
+}
+
+.content___dFNzp {
+	padding: 20px 35px;
+	font-size: 14px
+}
+
+.header___mBJxs {
+	padding: 15px 80px 15px 35px;
+	background-color: #f1f5f7;
+	font-size: 19px;
+	font-weight: 300;
+	line-height: 30px;
+	max-width: 450px;
+	text-overflow: ellipsis;
+	overflow: hidden;
+	white-space: nowrap;
+}
+
+.close___mYnly {
+	width: 60px;
+	height: 60px;
+	font-size: 34px;
+	font-weight: 300;
+	line-height: 60px;
+	position: absolute;
+	right: 0;
+	top: 0;
+	text-align: center;
+	cursor: pointer;
+	opacity: .3;
+}
+
+.close___mYnly:hover {
+	background-color: rgba(222, 229, 232, 1);
+}
+
+.form-group___qoVB9 {
+	margin-bottom: 20px;
+}
+
+.form-group___qoVB9 label {
+	font-weight: bold;
+	margin-bottom: 10px;
+	display: block;
+}
+
+.input____rEfy {
+	display: block;
+	color: #595959;
+	border: 1px solid #c2c2c2;
+	outline: 0!important;
+	line-height: 34px;
+	padding: 0 15px;
+	width: 100%;
+	box-sizing: border-box;
+	font-family: "Open Sans", Arial, sans-serif;
+	font-size: 16px;
+}
+
+.footer___YrhLx {
+	padding: 25px 35px;
+	background-color: #f1f5f7;
+	overflow: hidden;
+}
+
+.button___sZqkh {
+	width: 120px;
+	border-width: 1px;
+	border-style: solid;
+	line-height: 34px;
+	text-align: center;
+	cursor: pointer;
+	display: inline-block;
+}
+
+.save___S20KG {
+	color: #00972c;
+	border-color: #00972c;
+	margin-right: 20px;
+}
+
+.cancel___mv9SA {
+	color: #636363;
+	border-color: #636363;
+}
+
+.remove___bbt0v {
+	float: right;
+	color: #9e0b0f;
+	border-color: #9e0b0f;
+}
+
+.forms-mini___hF0D_ {
+	display: flex;
+	flex-wrap: wrap;
+}
+
+.forms-mini___hF0D_ .form-group___qoVB9 {
+	max-width: 100px;
+	margin-right: 30px;
+}
+
+.checkbox___psLWs {
+	margin: 10px 0 20px;
+}
+
+.checkbox___psLWs label {
+	cursor: pointer;
+	user-select: none;
+}
+
+.checkbox___psLWs input {
+	margin-right: 4px;
+}
+
+.checkbox___psLWs .title___C_0wt {
+	font-weight: bold;
+}
+
+.radio___AWKDb {
+}
+
+.radio___AWKDb label {
+	margin-left: 20px;
+}
+
+.error___QvqIL {
+	margin-bottom: 20px;
+	font-size: 14px;
+	padding: 15px;
+	color: #be0000;
+	background-color: #ffdedd;
+}
+
+.error-close___KmVyV {
+	width: 30px;
+	height: 30px;
+	font-size: 18px;
+	font-weight: 300;
+	line-height: 30px;
+	float: right;
+	text-align: center;
+	margin: -5px -15px -9px 0;
+	cursor: pointer;
+	opacity: .6;
+}
+
+.loader___hvHyn {
+	margin: 30px auto;
+}
+
+.servers-list___RDIdE {
+	list-style-type: none;
+	padding: 0;
+	margin: 10px 0 30px;
+	overflow: hidden;
+	font-size: 12px;
+}
+
+.servers-list___RDIdE li {
+	width: 135px;
+	float: left;
+	margin: 0 20px 10px 0;
+}
+.row___jkQpB {
+	white-space: nowrap;
+	margin-bottom: 5px;
+}
+
+.h5___NgOls {
+	font-size: 18px;
+	margin: 0 0 5px;
+}
+
+.status-tag___Q2cP5 {
+	display: inline-block;
+	width: 26px;
+	height: 12px;
+	border-radius: 2px!important;
+	margin: 2px 5px 2px 0;
+	overflow: hidden;
+	padding: 0!important;
+	vertical-align: middle;
+}
+
+.status___WHAsP {
+	padding: 0 7px;
+	border-radius: 4px
+}
+
+.status_up___dNdnt {
+	background-color: #8dc63f;
+}
+
+.status_unavail___zzv8R, .status_unhealthy___Uw2fq {
+	background-color: #f26c4f;
+}
+
+.status_draining___bNO72 {
+	background-color: #55b2da;
+}
+
+.status_down___n5PuM {
+	color: #000000;
+	background-color: #dcdcdc;
+}
+
+.status_ok___MV3NO {
+	background-color: #6bc544;
+}
+
+.status_alert___d2T5W {
+	background-color: #ed1c24;
+}
+
+.status_warning___b2306,
+.status_checking___iU6IZ {
+	background-color: #ffab08;
+}
+
+.columns___scITK {
+	display: flex;
+	flex-direction: row;
+}
+
+.column___adgR2 {
+	margin-right: 30px;
+	line-height: 25px;
+	min-height: 100px;
+}
+.gaugeindicator___WVSuk {
+	position: relative;
+	width: 74px;
+}
+
+.value___HGEUr {
+	position: absolute;
+	left: 0;
+	bottom: 0;
+	text-align: center;
+	right: 0;
+	cursor: default;
+}
+
+.canvas___JJf3z {
+	display: block;
+}
+.icon___sFUdJ {
+    vertical-align: top;
+    margin-top: 1px;
+}
+
+.updating-control___l69pr {
+	position: fixed;
+	padding: 10px 20px 10px 8px;
+	background-color: #ffffff;
+	top: 50%;
+	margin-top: -49px;
+	left: -50px;
+	box-shadow: 0 0 20px 1px rgba(0, 0, 0, 0.3);
+	transition: left 0.2s ease-in-out;
+	z-index: 10;
+}
+
+.expanded-control___zGi5b {
+	left: 0;
+}
+
+.button___k1ZvA {
+	font-size: 14px;
+	line-height: 34px;
+	height: 34px;
+	width: 34px;
+	cursor: pointer;
+	color: #ffffff;
+	background-repeat: no-repeat;
+	background-size: 34px 34px;
+	background-position: center center;
+	background-color: #989a9c;
+}
+
+.button___k1ZvA:hover {
+	opacity: 0.8;
+}
+
+.toggle___FIcUr {
+	background-color: #afb1b3;
+	width: 12px;
+	height: 100%;
+	position: absolute;
+	right: 0;
+	top: 0;
+	cursor: pointer;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAUCAYAAACEYr13AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NkIzREQ3QkMyNTJCMTFFNUE2NDJFMUNGNzNBRENFRTciIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NkIzREQ3QkQyNTJCMTFFNUE2NDJFMUNGNzNBRENFRTciPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo2QjNERDdCQTI1MkIxMUU1QTY0MkUxQ0Y3M0FEQ0VFNyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo2QjNERDdCQjI1MkIxMUU1QTY0MkUxQ0Y3M0FEQ0VFNyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/Pl3wNvMAAAAzSURBVHjaYjx/4eJ/BiDYvWsniGIoLS1lBNEXLl4iSpyJgUIwasCoAaMGjBoweAwACDAAxg8TxXeZRJMAAAAASUVORK5CYII=);
+	background-position: center;
+	background-repeat: no-repeat;
+	background-size: 8px 10px;
+}
+
+.toggle___FIcUr:hover {
+	background-color: #b6b6b6;
+}
+
+.toggle___FIcUr:active {
+	background-color: #afb1b3;
+}
+
+.play___YvmME {
+	background-color: #00972c;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEQAAABECAYAAAA4E5OyAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QjQxRjlFRTIxRjZGMTFFNUEzMTNEMTA4MDRCRjkwMDMiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QjQxRjlFRTExRjZGMTFFNUEzMTNEMTA4MDRCRjkwMDMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjc2Qjk3MzY3MURFRjExRTU4QTdFREQzMjM2MEI5NDhFIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjc2Qjk3MzY4MURFRjExRTU4QTdFREQzMjM2MEI5NDhFIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+1LeOdAAAAUJJREFUeNrs2+ENgjAQhuFiGIARHMERcBJ1A91AN3ADdRJxAnUC4wZugG0oMRj0F23vwvslFxN+PjnaXolZXdeGfDKBABBAAAEEEEAAAQQQQAABBBBAAAEEkBCZAtJkbcvdST5snW2V2kCyAe9UZ7auPc8rWzv/O6oOKX48L323qOiYmIuqCpgUu4xomJTbbgvjFuAFIN0t+igFRtLBTASMxJNqUhjJR/ckMBpmmagwmoa7KDAap92gMJrH/xbmAEg3Sz9YAsIa0p+TrRsgxjxtrfwrM1hypRBbv6AOnhwIfSBRIDSARIWQDJIEQiJIUghJIHdb+9QQEkAuviMqSe9rDkQ6ENEQIUBemiFCzDJuwNp8QcxN8/1FBYZLFugPRMWfjhkliNpwQQQIIIAAAggggAACCCCAAAIIIIAAMvK8BRgAsSFJdSfsPT0AAAAASUVORK5CYII=);
+}
+
+.pause___yY6mJ {
+	background-color: #ff5e00;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEQAAABECAYAAAA4E5OyAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QUZGMTYyMEUxRjZGMTFFNTk3MzNCM0ZFRDdFNTQ4NkQiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QUZGMTYyMEQxRjZGMTFFNTk3MzNCM0ZFRDdFNTQ4NkQiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjdFNkM4QzQwMURFRjExRTVCN0I3QjQ0QzFEODFEOUE1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjdFNkM4QzQxMURFRjExRTVCN0I3QjQ0QzFEODFEOUE1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+L/jxlwAAAQtJREFUeNrs2+GNgjAYBuBibgBHYAO9CXQUR3MER/AmUDdgBJwA26SJxsiVGLkc+rzJF36UfMAD1oSUquu6INfMEAABAgQIECBAgAABAgQIECBAgHx2vkbqW8da5e19jrF+YrWFHvPcY/lgrMk9mlefeDXCK8SEcMgX1JeE8l3ok/ZZ/DLe5h7Nf//JbAoYId/1ujC+GPAEbd5pDqkLF2tS9S8DBAgQIECAAAEiQIAAAQIECBAgQIAAAQIECBAgf5HmybHbtFMA2cY6F/Y5DQA5FXqkY+xeffLVSB8Q1bHWoX85xD4MWw6RevQth9iHiSyHMIcAAQIEiAABAgQIECBAgAABAgTIdHMRYADylih+nZZMVgAAAABJRU5ErkJggg==);
+}
+
+.update___V4ERr {
+	margin-top: 10px;
+	background-color: #2b8cc3;
+	background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEQAAABECAYAAAA4E5OyAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QjhDMDJDMjYxRjZGMTFFNUFCNTRFMDBGOEU1QUZCMjQiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QjhDMDJDMjUxRjZGMTFFNUFCNTRFMDBGOEU1QUZCMjQiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjg1QzcyRDM4MURFRjExRTVCQUY5ODhBQjVBQjg3QUQyIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjg1QzcyRDM5MURFRjExRTVCQUY5ODhBQjVBQjg3QUQyIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8++XXJYQAAAX1JREFUeNrs2+tNwzAUhuET1AE8QkfwBjBCNoAR2IAyATABZQLaCYAJGjYoExAmMLZyUIjUoLaJY4u+n3T+9GK5T53TXJrCOSekzRkEgAACCCCAAAIIIIAAAggggAACCCCnnVnEsY3WdsD7z33ZHc+FMd8GjN2fcAoxQt27No++zBFjVO7vfPqajz33GBjljslvfNkDxrBuvyzGnn+MHmJ7HnvxVR6wufz7pho+5LOvG35lulkojAGkTambkAXk+L5yEjtmP33lDpBurnW1GEDaXPjapO4rM8krc10pa1ZIt69cAkJTBQQQQAABBJAE+fL1BEiTD92FXwLSnEUPxzEVm4zIg66MOvVEUh/chX5x5WtFUxV511WxymizTQayVoxKMksKkFtpzqPWkmGm7CHZ9YupVkg1Qr/Y7vm68VfZBBe7l5EudtcxLnYXkW8gMgO+RaOrqu/vEK8S4e8QBXdUcbQLCCCAAAIIIIAAAggggAACCCCAAEJ+5VuAAQDLjrsXMnA/DwAAAABJRU5ErkJggg==);
+}
+
+.disclaimer___avRSQ {
+	position: relative;
+	overflow: hidden;
+}
+
+.disclaimer-close___rgyTM {
+	position: absolute;
+	top: 30px;
+	left: 4%;
+	margin-left: -30px;
+	padding: 4px 6px;
+	cursor: pointer;
+	font-size: 14px;
+	line-height: 14px;
+	color: #999;
+}
+
+.disclaimer-content___qXAZf {
+	margin: 30px 4% 10px;
+	line-height: 1.5;
+}
+</style></head><body><script>(()=>{var e={10450:(e,t,r)=>{"use strict";r.d(t,{Z:()=>l}),r(41539),r(12419);var n=r(15671),a=r(43144),o=r(79340),s=r(6215),i=r(61120),c=r(98770);var l=function(e){(0,o.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,i.Z)(t);if(r){var a=(0,i.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,s.Z)(this,e)});function u(){return(0,n.Z)(this,u),l.apply(this,arguments)}return(0,a.Z)(u,[{key:"shouldComponentUpdate",value:function(){return!1}},{key:"render",value:function(){return c.ZP.createElement("div",{className:"footer___lPmop"},"© NGINX, Inc. All rights reserved.")}}]),u}(c.ZP.Component)},65120:(e,t,r)=>{"use strict";r.d(t,{B:()=>$n}),r(57147);var n=r(98770),a=(r(41539),r(12419),r(15671)),o=r(43144),s=r(79340),i=r(6215),c=r(61120),l=r(12827),u=r.n(l),f=r(35703),h=r(97326);function d(){return d=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},d.apply(this,arguments)}function p(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=new Array(t);r<t;r++)n[r]=e[r];return n}function v(e,t){if(e){if("string"==typeof e)return p(e,t);var r=Object.prototype.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r?Array.from(e):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?p(e,t):void 0}}function m(e){return function(e){if(Array.isArray(e))return p(e)}(e)||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||v(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function y(e,t){return function(e){if(Array.isArray(e))return e}(e)||function(e,t){var r=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=r){var n,a,o=[],s=!0,i=!1;try{for(r=r.call(e);!(s=(n=r.next()).done)&&(o.push(n.value),!t||o.length!==t);s=!0);}catch(e){i=!0,a=e}finally{try{s||null==r.return||r.return()}finally{if(i)throw a}}return o}}(e,t)||v(e,t)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function g(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}r(24812),r(21249),r(57327),r(26699),r(32023),r(15218),r(92222),r(26541),r(26833),r(69070),r(68309),r(66992),r(51532),r(78783),r(33948),r(89554),r(54747),r(83710),r(39714),r(3843),r(88674),r(91038),r(32564),r(84633),r(47941),r(82526),r(38880),r(49337),r(33321);var _="".concat("/api","/").concat(9);function E(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}var P=function(){function e(){(0,a.Z)(this,e),this.SETTINGS_KEY_NAME="__NGINX_PLUS_DASHBOARD",this.defaults={updatingPeriod:1e3,warnings4xxThresholdPercent:30,cacheDataInterval:3e5,zonesyncPendingThreshold:70,resolverErrorsThreshold:3},this.settingChangeCallbacks=new Map,this.currentSettings=null,this.subscribeCounter=0}return(0,o.Z)(e,[{key:"saveSettings",value:function(){localStorage.setItem(this.SETTINGS_KEY_NAME,JSON.stringify(this.currentSettings))}},{key:"setSetting",value:function(e,t){var r=arguments.length>2&&void 0!==arguments[2]&&arguments[2];this.currentSettings[e]=t,this.saveSettings(),r||this.settingChangeCallbacks.forEach((function(r){r(e,t)}))}},{key:"getSetting",value:function(e,t){return e in this.currentSettings||this.setSetting(e,t,!0),this.currentSettings[e]}},{key:"subscribe",value:function(e,t){var r;return"function"==typeof e&&t&&"string"==typeof t&&(r="".concat(this.subscribeCounter++),this.settingChangeCallbacks.set(r,(function(r,n){r===t&&e(n)}))),r}},{key:"unsubscribe",value:function(e){this.settingChangeCallbacks.has(e)&&this.settingChangeCallbacks.delete(e)}},{key:"init",value:function(){try{this.currentSettings=JSON.parse(localStorage.getItem(this.SETTINGS_KEY_NAME))}catch(e){}null===this.currentSettings&&(this.currentSettings=function(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?E(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):E(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}({},this.defaults),this.saveSettings())}}]),e}();const b=new P;var Z={__STATUSES:{server_zones:{status:"ok",ready:!1},upstreams:{status:"ok",ready:!1},caches:{status:"ok",ready:!1},tcp_upstreams:{status:"ok",ready:!1},tcp_zones:{status:"ok",ready:!1},shared_zones:{ready:!1},location_zones:{ready:!1},zone_sync:{ready:!1},resolvers:{ready:!1},workers:{ready:!1}}};window.STORE=Z;const w={STORE:Z,handleDataUpdate:function(e,t,r){var n=e.path,a=e.processors,o=Z;n.forEach((function(e,t,r){o[e]||(t===r.length-1?o[e]=null:o[e]={}),t!==r.length-1&&(o=o[e])})),a.forEach((function(e){t=e(t,o[n[n.length-1]],Z,r)})),null!==t&&(t.lastUpdate=Date.now()),o[n[n.length-1]]=t},get:function(e){var t={};return e.forEach((function(e){var r=Z;e.path.forEach((function(e){r=null!==r&&r[e]?r[e]:null})),t[e.path[e.path.length-1]]=null!==r?r:null})),t}};var S=new(function(){function e(){(0,a.Z)(this,e),this.firstLevel=[],this.secondLevel={http:[],stream:[]}}return(0,o.Z)(e,[{key:"getFirstLevel",value:function(){return this.firstLevel}},{key:"getSecondLevel",value:function(){return Object.keys(this.secondLevel)}},{key:"getThirdLevel",value:function(e){return this.secondLevel[e]}},{key:"firstLevelIncludes",value:function(e){return this.firstLevel.includes(e)}},{key:"fillThirdLevel",value:function(e,t){this.secondLevel[e]=m(t)}},{key:"secondLevelIncludes",value:function(e){return e in this.secondLevel}},{key:"thirdLevelIncludes",value:function(e,t){return e in this.secondLevel&&this.secondLevel[e].includes(t)}},{key:"fillFirstLevel",value:function(e){this.firstLevel=m(e)}}]),e}()),x=new Map,O=!0,k=function(){O=!1},R=function(){O=!0},N=null,A=function e(){var t=arguments.length>0&&void 0!==arguments[0]&&arguments[0];if(clearTimeout(N),!0===t||O){!0===t&&R();var r=Date.now();Promise.all(Array.from(x).map((function(e){var t=y(e,2)[1];return t.api.get().then((function(e){return e}),(function(e){return e})).then((function(e){return{data:e&&e.error?null:e,api:t.api,timeStart:r}}))}))).then((function(e){e.forEach((function(e){var t=e.api,r=e.data,n=e.timeStart;w.handleDataUpdate(t,r,n);var a=x.get(t.toString());a&&a.callbacks.forEach((function(e){return e()}))}))})).catch((function(e){throw e}))}N=setTimeout(e,b.getSetting("updatingPeriod"))},T=null,C=w.STORE;const I={availableApiEndpoints:S,unsubscribe:function(e,t){e.forEach((function(e){var r=x.get(e.toString());r&&(r.instancesCount--,r.callbacks=r.callbacks.filter((function(e){return e!==t})),0===r.instancesCount&&x.delete(e.toString()))}))},startObserve:A,subscribe:function(e,t){e.forEach((function(e){var r=S.firstLevelIncludes(e.path[0]),n=x.get(e.toString());if(r&&S.secondLevelIncludes(e.path[0])&&(r=S.thirdLevelIncludes(e.path[0],e.path[1])),r){if(n)return n.callbacks.push(t),void n.instancesCount++;x.set(e.toString(),{api:e,callbacks:[t],instancesCount:1})}else n&&x.delete(e.toString())})),window.clearImmediate(T),T=window.setImmediate(A)},get:w.get};const j=function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[],r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{ignoreEmpty:!1},l=function(l){(0,s.Z)(v,l);var u,f,p=(u=v,f=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,t=(0,c.Z)(u);if(f){var r=(0,c.Z)(this).constructor;e=Reflect.construct(t,arguments,r)}else e=t.apply(this,arguments);return(0,i.Z)(this,e)});function v(){var e;return(0,a.Z)(this,v),(e=p.call(this)).forceUpdate=e.forceUpdate.bind((0,h.Z)(e)),e}return(0,o.Z)(v,[{key:"componentWillMount",value:function(){I.subscribe.apply(null,[].concat(m(t.length?[t]:[]),[this.forceUpdate]))}},{key:"componentWillUnmount",value:function(){I.unsubscribe(t)}},{key:"render",value:function(){var a=null;return!1===r.ignoreEmpty&&t.length&&(a=I.get(t),Object.values(a).every((function(e){return null===e})))?null:n.ZP.createElement(e,d({},this.props,{data:a,store:Z}))}}]),v}(n.ZP.Component);return Object.defineProperty(l,"name",{value:"".concat(e.name,"_binded")}),l};function M(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}r(69600);var B=function(){function e(t,r){return(0,a.Z)(this,e),this.apiPrefix=t,this.path=[r],this.processors=[],this.__API_PROXY=!0,this.proxy=new Proxy(this,{get:function(e,t,r){return t in e?e[t]:(e.path.push(t),r)}}),this.proxy}return(0,o.Z)(e,[{key:"getUrl",value:function(){return"".concat(this.apiPrefix,"/").concat(this.toString(),"/")}},{key:"doRequest",value:function(e,t){var r=function(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?M(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):M(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}({method:e,credentials:"same-origin"},arguments.length>2&&void 0!==arguments[2]?arguments[2]:{});return t&&(r.body=JSON.stringify(t)),window.fetch(this.getUrl(),r).then((function(e){var t=!1;return e.status>299&&(t=!0),e.json().then((function(e){if(t)throw e;return e})).catch((function(t){throw{error:t.error?"".concat(t.error.code,": ").concat(t.error.text):null,status:e.status}}))}))}},{key:"get",value:function(e){return this.doRequest("GET",null,e)}},{key:"post",value:function(e,t){return this.doRequest("POST",e,t)}},{key:"patch",value:function(e,t){return this.doRequest("PATCH",e,t)}},{key:"del",value:function(e){return this.doRequest("DELETE",null,e)}},{key:"process",value:function(e){return this.processors.push(e),this.proxy}},{key:"toString",value:function(){return this.path.join("/")}}]),e}(),U=function(){function e(t){(0,a.Z)(this,e),this.apiPrefix=t}return(0,o.Z)(e,[{key:"getPeer",value:function(e,t){return ve[this.apiPrefix].upstreams[e].servers[t].get()}},{key:"createPeer",value:function(e,t){return ve[this.apiPrefix].upstreams[e].servers.post(t)}},{key:"deletePeer",value:function(e,t){return ve[this.apiPrefix].upstreams[e].servers[t].del()}},{key:"updatePeer",value:function(e,t,r){return ve[this.apiPrefix].upstreams[e].servers[t].patch(r)}}]),e}();r(2707);const L={is4xxThresholdReached:function(e){return e.responses["4xx"]/e.requests*100>b.getSetting("warnings4xxThresholdPercent")},calculateSpeed:function(e,t,r){return"number"!=typeof e||"number"!=typeof t?"n/a":e>t?0:Math.floor(1e3*(t-e)/r)},calculateTraffic:function(e,t){var r=e.traffic;r.in+="number"==typeof t.rcvd_s?t.rcvd_s:0,r.out+="number"==typeof t.sent_s?t.sent_s:0},createMapFromObject:function(e,t){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2],n=Object.keys(e);return r&&n.sort(),new Map(n.map((function(r,n){return[r,t(e[r],r,n)]})))},handleErrors:function(e,t){var r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"responses";e&&t[r]["4xx"]>e[r]["4xx"]&&(t["4xxChanged"]=!0),e&&t[r]["5xx"]>e[r]["5xx"]&&(t["5xxChanged"]=!0)},pickZoneSize:function(e,t,r){if(e.zoneSize=null,t){var n=t.get(r);n&&(e.slab=n,e.zoneSize=n.percentSize)}},countResolverResponses:function(e){var t=0,r=0;return Object.keys(e).forEach((function(n){"number"==typeof e[n]&&("timedout"!==n&&(t+=e[n]),"noerror"!==n&&(r+=e[n]))})),{allResponses:t,errResponses:r}}};function D(e,t,r,n){var a=t&&t.get(n);if(a){var o=Date.now()-t.lastUpdate;r.sent_s=L.calculateSpeed(a.sent,r.sent,o),r.rcvd_s=L.calculateSpeed(a.received,r.received,o),r.zone_req_s=L.calculateSpeed(a.requests,r.requests,o),L.calculateTraffic(e,r)}return L.is4xxThresholdReached(r)&&(r.warning=!0,e.status="warning",e.warnings++),L.handleErrors(a,r),!0===r["5xxChanged"]&&(e.status="danger",e.alerts++),r}const F=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.server_zones.ready=!1,null;var a={total:0,traffic:{in:0,out:0},warnings:0,alerts:0,status:"ok"};return e=L.createMapFromObject(e,D.bind(null,a,t),!1),a.total=e.size,e.__STATS=a,n.server_zones.ready=!0,n.server_zones.status=a.status,e};function z(e,t,r,n){var a=t&&t.get(n);if(a){var o=Date.now()-t.lastUpdate;r.sent_s=L.calculateSpeed(a.sent,r.sent,o),r.rcvd_s=L.calculateSpeed(a.received,r.received,o),r.zone_req_s=L.calculateSpeed(a.requests,r.requests,o)}return L.is4xxThresholdReached(r)&&(r.warning=!0,e.status="warning",e.warnings++),L.handleErrors(a,r),!0===r["5xxChanged"]&&(e.status="danger",e.alerts++),r}const q=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.location_zones.ready=!1,null;var a={total:0,warnings:0,alerts:0,status:"ok"};return e=L.createMapFromObject(e,z.bind(null,a,t),!1),a.total=e.size,e.__STATS=a,n.location_zones.ready=!0,n.location_zones.status=a.status,e};function W(e,t,r,n,a){var o=null;if(r){var s=r.get(n.name);if(s&&(o=s.peers.find((function(e){return e.id===a.id})))){var i=Date.now()-r.lastUpdate;"upstreams"===e?a.server_req_s=L.calculateSpeed(o.requests,a.requests,i):"tcp_upstreams"===e&&(a.server_conn_s=L.calculateSpeed(o.connections,a.connections,i)),a.server_sent_s=L.calculateSpeed(o.sent,a.sent,i),a.server_rcvd_s=L.calculateSpeed(o.received,a.received,i)}}switch(a.max_conns=a.max_conns||1/0,a.health_status="last_passed"in a.health_checks?!!a.health_checks.last_passed:null,a.state){case"up":t.servers.up++,n.stats.up++;break;case"down":t.servers.down++,n.stats.down++;break;case"unavail":case"unhealthy":t.servers.failed++,t.failures++,n.stats.failed++,n.hasFailedPeer=!0;break;case"draining":t.servers.draining++,n.stats.draining++;break;case"checking":n.stats.checking++}t.servers.all++,n.stats.all++,"upstreams"===e&&(a.isHttp=!0,L.is4xxThresholdReached(a)&&(t.status="warning",t.warnings++),L.handleErrors(o,a)),!1===a.health_status&&(t.status="danger",t.alerts++)}function H(e,t,r,n,a,o){return a.name=o,L.pickZoneSize(a,n,a.zone),a.stats={all:0,up:0,down:0,failed:0,draining:0,checking:0},a.peers.forEach(W.bind(null,e,t,r,a)),a}function G(e,t,r,n){var a=n.slabs,o=n.__STATUSES;if(null===t||0===Object.keys(t).length)return o[e].ready=!1,null;var s={total:0,servers:{all:0,up:0,down:0,failed:0,draining:0},failures:0,warnings:0,alerts:0,status:"ok"};return t=L.createMapFromObject(t,H.bind(null,e,s,r,a)),s.total=t.size,t.__STATS=s,o[e].ready=!0,o[e].status=s.status,t}r(69826),r(85827);var V=function(e){return G.bind(null,e)};function Y(e,t,r,n,a){e.history[a]||(e.history[a]=[]);var o=e.history[a],s=o[o.length-1],i=s&&s._ts>r;return o.push({obj:n,_ts:r}),o.length>t&&o.shift(),i&&(e.history[a]=o.sort((function(e,t){return e._ts<t._ts?-1:1}))),{obj:n,history:{ts:r,data:o.reduce((function(e,t,r){var n=t.obj,a=t._ts,s=o[r-1];return e.push(Object.keys(n).reduce((function(e,t){return s?(e.obj[t]=n[t]-s.obj[t],e.obj[t]<0&&(e.obj[t]=0)):e.obj[t]=0,e}),{obj:{},_ts:a})),e}),[])}}}function K(e,t,r,n,a){if(null===t||0===Object.keys(t).length)return null;var o=b.getSetting("updatingPeriod");return e.prevUpdatingPeriod!==o&&(e.prevUpdatingPeriod=o,e.history={}),L.createMapFromObject(t,Y.bind(null,e,1800,a/1e3))}const X=function(e){return K.bind(null,e)},$=V("upstreams");function Q(e,t,r,n){var a=t?t.get(n):null;if(a){var o=Date.now()-t.lastUpdate;r.sent_s=L.calculateSpeed(a.sent,r.sent,o),r.rcvd_s=L.calculateSpeed(a.received,r.received,o),r.zone_conn_s=L.calculateSpeed(a.connections,r.connections,o),e.conn_s+=r.zone_conn_s,L.calculateTraffic(e,r)}return L.handleErrors(a,r,"sessions"),(r["5xxChanged"]||r["4xxChanged"])&&(e.status="danger"),e.conn_total+=r.connections,e.conn_current+=r.processing,r}var J=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.tcp_zones.ready=!1,null;var a={conn_total:0,conn_current:0,conn_s:0,traffic:{in:0,out:0},status:"ok"};return(e=L.createMapFromObject(e,Q.bind(null,a,t))).__STATS=a,n.tcp_zones.ready=!0,n.tcp_zones.status=a.status,e},ee=V("tcp_upstreams"),te=(r(91058),new Proxy({},{get:function(e,t){return t in e||(e[t]=[]),e[t]}}));function re(e,t,r,n){r.name=n,r.cold?e.states.cold++:e.states.warm++,r.responses={served:r.hit.responses+r.stale.responses+r.updating.responses+r.revalidated.responses,written:r.miss.responses_written+r.expired.responses_written+r.bypass.responses_written,bypassed:r.miss.responses+r.expired.responses+r.bypass.responses},r.traffic={s_served:r.hit.bytes+r.stale.bytes+r.updating.bytes+r.revalidated.bytes,s_written:r.miss.bytes_written+r.expired.bytes_written+r.bypass.bytes_written,s_bypassed:r.miss.bytes+r.expired.bytes+r.bypass.bytes},r.hit_percents_generic=function(e){var t=parseInt(b.getSetting("cacheDataInterval")/b.getSetting("updatingPeriod"),10),r=te[e.name];if(r.unshift({served:e.responses.served,bypassed:e.responses.bypassed}),r.length<2)return null;r.length>t&&r.pop();var n=r[0],a=r[r.length-1],o=n.served-a.served,s=n.served+n.bypassed-a.served-a.bypassed;return 0!==s?Math.round(o/s*100):0}(r),"number"==typeof r.max_size?r.used=Math.round(r.size/r.max_size*100):r.used=r.size>0?1:0,L.pickZoneSize(r,t,n);var a=!1;return null!==r.hit_percents_generic&&r.hit_percents_generic<30&&(e.status="warning",a=!0),r.used>105?(e.alerts++,r.danger=!0,e.status="danger"):r.used>100&&r.used<=105&&(e.status="warning",r.warning=!0,a=!0),a&&e.warnings++,r}const ne=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.caches.ready=!1,null;var a={total:0,states:{warm:0,cold:0},warnings:0,alerts:0,status:"ok"},o=r.slabs;return e=L.createMapFromObject(e,re.bind(null,a,o)),a.total=e.size,e.__STATS=a,n.caches.ready=!0,n.caches.status=a.status,e};function ae(e){return e.pages.total=e.pages.used+e.pages.free,e.percentSize=Math.ceil(e.pages.used/e.pages.total*100),e}const oe=function(e,t,r){var n=r.__STATUSES;return null===e||0===Object.keys(e).length?(n.shared_zones.ready=!1,null):(n.shared_zones.ready=!0,L.createMapFromObject(e,ae))},se=function(e,t){return e.current=e.active+e.idle,e.accepted_s=L.calculateSpeed(t?t.accepted:null,e.accepted,Date.now()-(t?t.lastUpdate:0)),e},ie=function(e,t){var r=t||{handshakes:null,handshakes_failed:null,session_reuses:null,lastUpdate:0},n=Date.now()-r.lastUpdate;return e.handshakes_s=L.calculateSpeed(r.handshakes,e.handshakes,n),e.handshakes_failed_s=L.calculateSpeed(r.handshakes_failed,e.handshakes_failed,n),e.session_reuses_s=L.calculateSpeed(r.session_reuses,e.session_reuses,n),e},ce=function(e,t){return e.reqs=L.calculateSpeed(t?t.total:0,e.total,Date.now()-(t?t.lastUpdate:0)),e};function le(e,t){var r=!1,n=!1;if(t.records_total>0){var a=parseInt(b.getSetting("zonesyncPendingThreshold",70),10),o=100*t.records_pending/t.records_total;o>a?r=!0:o>.75*a&&(n=!0)}else r=t.records_pending>0;return r?(t.alert=!0,e.status="danger",e.alerts++):n&&(t.warning=!0,e.status="warning",e.warnings++),t}const ue=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.zone_sync.ready=!1,null;var a={total:0,traffic:{in:0,out:0},alerts:0,warnings:0,status:"ok"};if(t){var o=Date.now()-t.lastUpdate;a.traffic.in=L.calculateSpeed(t.status.msgs_in,e.status.msgs_in,o),a.traffic.out=L.calculateSpeed(t.status.msgs_out,e.status.msgs_out,o)}return e.zones=L.createMapFromObject(e.zones,le.bind(null,a),!1),a.total=e.zones.size,e.__STATS=a,n.zone_sync.ready=!0,n.zone_sync.status=a.status,e};function fe(e,t,r,n){var a=r.requests,o=r.responses,s=Object.keys(a).reduce((function(e,t){return"number"==typeof a[t]&&(e+=a[t]),e}),0),i=t&&t.get(n);if(i){var c=Date.now()-t.lastUpdate,l=i.requests,u=i.responses,f=Object.keys(l).reduce((function(e,t){return"number"==typeof l[t]&&(e+=l[t]),e}),0);e.traffic.in+=L.calculateSpeed(f,s,c);var h=L.countResolverResponses(o),d=h.allResponses,p=h.errResponses,v=L.countResolverResponses(u),m=v.allResponses,y=v.errResponses;e.traffic.out+=L.calculateSpeed(m,d,c),100*(p-y)/(s-f)>parseInt(b.getSetting("resolverErrorsThreshold",3),10)&&(r.alert=!0,e.status="danger",e.alerts++)}return r}const he=function(e,t,r){var n=r.__STATUSES;if(null===e||0===Object.keys(e).length)return n.resolvers.ready=!1,null;var a={total:0,traffic:{in:0,out:0},alerts:0,status:"ok"};return e=L.createMapFromObject(e,fe.bind(null,a,t),!1),a.total=e.size,e.__STATS=a,n.resolvers.ready=!0,n.resolvers.status=a.status,e},de=function(e,t,r){var n=r.__STATUSES;if(null===e||0===e.length)return n.workers.ready=!1,null;var a={total:0,status:"ok"};if(t){var o=Date.now()-t.lastUpdate;e=e.map((function(e){return function(e,t,r){var n=e.find((function(e){var r=e.pid;return t.pid===r}));if("connections"in t){var a="-";n&&"connections"in n&&(a=L.calculateSpeed(n.connections.accepted,t.connections.accepted,r)),t.connections.acceptedPerSec=a}if("http"in t&&"requests"in t.http){var o="-";n&&"http"in n&&"requests"in n.http&&(o=L.calculateSpeed(n.http.requests.total,t.http.requests.total,r)),t.http.requests.reqsPerSec=o}return t}(t,e,o)}))}return a.total=e.length,e.__STATS=a,n.workers.ready=!0,n.workers.status=a.status,e};var pe=new Proxy({},{get:function(e,t){return new B(_,t)}});const ve=pe;var me=new U("http"),ye=new U("stream"),ge=null,_e=function(){var e=arguments.length>0&&void 0!==arguments[0]&&arguments[0];return pe.http.upstreams.DASHBOARD_INIT.servers.__TEST_FOR_WRITE__.del({credentials:e?"same-origin":"omit"}).then((function(e){return e.error.status}),(function(e){return e.status})).then((function(e){return ge=405!==e&&403!==e&&(401!==e||null)}))},Ee=function(){return ge};var Pe=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).inc=t.inc.bind((0,h.Z)(t)),t.dec=t.dec.bind((0,h.Z)(t)),t}return(0,o.Z)(u,[{key:"inc",value:function(){this.props.onChange(this.props.value+1e3)}},{key:"dec",value:function(){this.props.onChange(this.props.value-1e3)}},{key:"render",value:function(){return n.ZP.createElement("div",{className:"number-control___DEIQX"},n.ZP.createElement("span",{className:"dec___DxV57 btn___phnbR",onClick:this.dec},"-"),n.ZP.createElement("span",{className:"value___u1Fys"},this.props.value/1e3),n.ZP.createElement("span",{className:"inc___uLPcK btn___phnbR",onClick:this.inc},"+"))}}]),u}(n.ZP.Component);var be=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){return n.ZP.createElement("input",d({type:"text",onKeyPress:u.onKeyPress},this.props))}}],[{key:"onKeyPress",value:function(e){0===e.charCode||isFinite(String.fromCharCode(e.charCode))||e.preventDefault()}}]),u}(n.ZP.Component);const Ze="input___ldb_G",we="section___ralhz";var Se=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).state={updatingPeriod:b.getSetting("updatingPeriod"),warnings4xxThresholdPercent:b.getSetting("warnings4xxThresholdPercent"),cacheDataInterval:b.getSetting("cacheDataInterval"),zonesyncPendingThreshold:b.getSetting("zonesyncPendingThreshold",70),resolverErrorsThreshold:b.getSetting("resolverErrorsThreshold",3)},e.changeUpdatePeriod=e.changeUpdatePeriod.bind((0,h.Z)(e)),e.changeCacheHitRatioInteval=e.changeCacheHitRatioInteval.bind((0,h.Z)(e)),e.save=e.save.bind((0,h.Z)(e)),e}return(0,o.Z)(u,[{key:"save",value:function(){var e=this;Object.keys(this.state).forEach((function(t){b.setSetting(t,e.state[t])})),this.props.close()}},{key:"changeUpdatePeriod",value:function(e){this.setState({updatingPeriod:e||1e3})}},{key:"changePercentThreshold",value:function(e,t){var r=t.target.value;r>=100?r=100:r<0&&(r=0),this.setState(g({},e,r))}},{key:"changeCacheHitRatioInteval",value:function(e){var t=1e3*e.target.value;t=Math.max(3e4,t),t=Math.min(36e5,t),this.setState({cacheDataInterval:t})}},{key:"render",value:function(){var e=this.props.statuses;return n.ZP.createElement("div",{className:"settings___rm25G"},n.ZP.createElement("h2",{className:"title___q3WRh"},"Options"),n.ZP.createElement("div",{className:we},"Update every ",n.ZP.createElement(Pe,{value:this.state.updatingPeriod,onChange:this.changeUpdatePeriod})," sec"),n.ZP.createElement("div",{className:we},"4xx warnings threshold",n.ZP.createElement(be,{defaultValue:this.state.warnings4xxThresholdPercent,onChange:this.changePercentThreshold.bind(this,"warnings4xxThresholdPercent"),className:Ze})," %"),n.ZP.createElement("div",{className:we},"Calculate hit ratio for the past",n.ZP.createElement(be,{defaultValue:this.state.cacheDataInterval/1e3,className:"wide-input___eh_UL input___ldb_G",onChange:this.changeCacheHitRatioInteval})," sec"),e.zone_sync&&e.zone_sync.ready?n.ZP.createElement("div",{className:we},"Non synced data threshold",n.ZP.createElement(be,{defaultValue:this.state.zonesyncPendingThreshold,onChange:this.changePercentThreshold.bind(this,"zonesyncPendingThreshold"),className:Ze})," %"):null,e.resolvers&&e.resolvers.ready?n.ZP.createElement("div",{className:we},"Resolver errors threshold",n.ZP.createElement(be,{defaultValue:this.state.resolverErrorsThreshold,onChange:this.changePercentThreshold.bind(this,"resolverErrorsThreshold"),className:Ze})," %"):null,n.ZP.createElement("div",{className:we},n.ZP.createElement("button",{onClick:this.save,className:"save___D8Kgv btn___DwtcZ"},"Save"),n.ZP.createElement("button",{onClick:this.props.close,className:"cancel____WqsQ btn___DwtcZ"},"Cancel")),n.ZP.createElement("div",{className:"".concat(we," ").concat("help___d6hkY")},"For more information, please check",n.ZP.createElement("br",null),n.ZP.createElement("a",{target:"_blank",href:"https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#dashboard",className:"help-link___PyAec"},"NGINX Admin Guide")),n.ZP.createElement("span",{className:"version___FbkjX"},"v","3.1.0"))}}]),u}(n.ZP.Component);const xe={icon:"icon___j96gU",sun:"sun___OcFBl icon___j96gU",snowflake:"snowflake___YGGkC icon___j96gU",ok:"ok___ix_Sd icon___j96gU",warning:"warning___awNmI icon___j96gU",danger:"danger___YLbXm icon___j96gU",gear:"gear___Oqj4Y icon___j96gU",pencil:"pencil___opMoj icon___j96gU"};function Oe(e){var t=e.className||"";return xe[e.type]&&(t+="".concat(t?" ":"").concat(xe[e.type])),n.ZP.createElement("span",{className:t})}var ke=r(99190);var Re=[{title:"HTTP Zones",hash:"#server_zones",statusKey:"server_zones"},{title:"HTTP Upstreams",hash:"#upstreams",statusKey:"upstreams"},{title:"TCP/UDP Zones",hash:"#tcp_zones",statusKey:"tcp_zones"},{title:"TCP/UDP Upstreams",hash:"#tcp_upstreams",statusKey:"tcp_upstreams"},{title:"Caches",hash:"#caches",statusKey:"caches"},{title:"Shared Zones",hash:"#shared_zones",statusKey:"shared_zones"},{title:"Cluster",hash:"#cluster",statusKey:"zone_sync"},{title:"Resolvers",hash:"#resolvers",statusKey:"resolvers"},{title:"Workers",hash:"#workers",statusKey:"workers"}];const Ne=j(function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).state={settings:!1},t.openSettings=t.openSettings.bind((0,h.Z)(t)),t.closeSettings=t.closeSettings.bind((0,h.Z)(t)),t}return(0,o.Z)(u,[{key:"openSettings",value:function(){this.state.settings?this.closeSettings():this.setState({settings:!0})}},{key:"closeSettings",value:function(){this.setState({settings:!1})}},{key:"render",value:function(){var e=this,t=this.props.statuses,r=Re.filter((function(e){var r=e.statusKey;return"server_zones"===r?t.server_zones.ready||t.location_zones.ready:t[r]&&t[r].ready})).map((function(r){var a="",o=null;if("status"in t[r.statusKey]){if(a=t[r.statusKey].status,"server_zones"===r.statusKey&&"status"in t.location_zones){var s=[a,t.location_zones.status];s.includes("danger")?a="danger":s.includes("warning")&&(a="warning")}o=n.ZP.createElement(Oe,{className:ke.Z.status,type:a})}return n.ZP.createElement("a",{className:e.props.hash===r.hash?ke.Z.navlinkactive:ke.Z.navlink,href:r.hash,title:r.title},o,n.ZP.createElement("span",{className:ke.Z.anchor},r.title))}));return n.ZP.createElement("div",{className:"".concat(ke.Z.nav," ").concat(r.length>6?ke.Z["nav-wide"]:ke.Z["nav-small"])},n.ZP.createElement("div",{className:ke.Z["nav-flex"]},r),n.ZP.createElement("span",{className:ke.Z.settings,onClick:this.openSettings},n.ZP.createElement(Oe,{type:"gear"})),this.state.settings?n.ZP.createElement(Se,{statuses:t,close:this.closeSettings}):null)}}]),u}(n.ZP.Component),[ve.http.server_zones.process(F),ve.http.location_zones.process(q),ve.http.upstreams.process($),ve.stream.server_zones.process(J),ve.stream.upstreams.process(ee),ve.http.caches.process(ne),ve.slabs.process(oe),ve.stream.zone_sync.process(ue),ve.resolvers.process(he),ve.workers.process(de)],{ignoreEmpty:!0});var Ae=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){return n.ZP.createElement("div",{className:ke.Z.header},n.ZP.createElement("a",{className:"#"===this.props.hash?ke.Z.logoactive:ke.Z.logo,href:"#"}),this.props.navigation?n.ZP.createElement(Ne,this.props):null)}}]),u}(n.ZP.Component),Te=r(10450);function Ce(e){var t=e.gray,r=e.className||"";return r+="".concat(r?" ":"").concat(t?"gray-loader___uNaZG loader___KsW7O":"loader___KsW7O"),n.ZP.createElement("div",{className:r})}r(28594),r(35666);var Ie=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e="box____RyIu";return this.props.className&&(e+=" ".concat(this.props.className)),n.ZP.createElement("div",{className:e},this.props.title?n.ZP.createElement("a",{className:"header___Es3z5",href:this.props.href,title:this.props.title},this.props.title,"status"in this.props?n.ZP.createElement(Oe,{type:this.props.status,className:"status___aq8nz"}):null):null,this.props.children)}}]),u}(n.ZP.Component);r(54678),r(56977),r(74916),r(23123),r(47042),r(28733),r(23157);const je=function(e){var t=arguments.length>1&&void 0!==arguments[1]&&arguments[1];if(e<6e4)return e<1e3?"".concat(e,"ms"):"".concat(Math.floor(e/1e3),".").concat(Math.floor(e%1e3/10),"s");var r="",n=e/1e3,a=Math.floor(n/86400),o=Math.floor(n%86400/3600),s=Math.floor(n%86400%3600/60);return a&&(r+="".concat(a,"d ")),(a||o)&&(r+="".concat(o,"h ")),!(a||o||s)||t&&a>0||(r+="".concat(s,"m")),r},Me=function(e,t){var r,n,a,o=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{0:"B",1:"KiB",2:"MiB",3:"GiB",4:"TiB"};if(isNaN(parseFloat(e))||!isFinite(e)||0===e)return"0";t&&Object.keys(o).forEach((function(e){o[e]===t&&(r=parseInt(e,10))})),n=e>0xffffffffff?4:e>1048575999&&e<=0xffffffffff?3:e>1024e3&&e<=1048575999?2:e>1023&&e<=1024e3?1:0,"number"==typeof r&&n>r&&(n=r);var s=Math.floor(e/Math.pow(1024,n)).toString().length;return a=s>3?0:3-s,"".concat((e/Math.pow(1024,n)).toFixed(a)," ").concat(o[n])},Be=function(e){return void 0===e?"–":"".concat(e,"ms")},Ue=function(e){if(!e)return"";var t=new Date(e),r=t.toTimeString().split(" ");return"".concat(t.toISOString().slice(0,10)," ").concat(r[0]," ").concat(r[1])},Le=function(e){return"number"==typeof e?e:"-"},De=function(e){var t=[];return e&&("no_common_protocol"in e&&t.push({id:"no_common_protocol",label:"No common protocol",value:e.no_common_protocol}),"no_common_cipher"in e&&t.push({id:"no_common_cipher",label:"No common cipher",value:e.no_common_cipher}),"handshake_timeout"in e&&t.push({id:"handshake_timeout",label:"Handshake timeout",value:e.handshake_timeout}),"peer_rejected_cert"in e&&t.push({id:"peer_rejected_cert",label:"Rejected cert",value:e.peer_rejected_cert})),t},Fe=function(e){var t=[],r=0;return e&&e.verify_failures&&("no_cert"in e.verify_failures&&(t.push({id:"no_cert",label:"No certificate",value:e.verify_failures.no_cert}),r+=e.verify_failures.no_cert),"expired_cert"in e.verify_failures&&(t.push({id:"expired_cert",label:"Expired cert",value:e.verify_failures.expired_cert}),r+=e.verify_failures.expired_cert),"revoked_cert"in e.verify_failures&&(t.push({id:"revoked_cert",label:"Revoked cert",value:e.verify_failures.revoked_cert}),r+=e.verify_failures.revoked_cert),"hostname_mismatch"in e.verify_failures&&(t.push({id:"hostname_mismatch",label:"Hostname mismatch",value:e.verify_failures.hostname_mismatch}),r+=e.verify_failures.hostname_mismatch),"other"in e.verify_failures&&(t.push({id:"other",label:"Other verify failures",value:e.verify_failures.other}),r+=e.verify_failures.other)),[r,t]},ze={"tooltip-container":"tooltip-container___S804X",tooltip:"tooltip___vBln_",top:"top___u8nTI",center:"center___idHAW",start:"start___UM0_B",right:"right___bizIf",bottom:"bottom___y_Zuf",left:"left___WCTfv","list-row":"list-row___l2GN2","list-label":"list-label___fNQPr","list-space":"list-space___BSJbp","list-value":"list-value___wsECc",row:"row___BfGB7",red:"red___FIiiS",green:"green___n7ZTr",icon:"icon___a8iyc"};function qe(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function We(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?qe(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):qe(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}const He={Component:function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this)).state={top:e.top,left:e.left,movedToLeft:!1},t}return(0,o.Z)(u,[{key:"componentDidMount",value:function(){this.reposition()}},{key:"reposition",value:function(){var e=We(We({},this.state),{},{movedToLeft:!1});if(this.ref){var t=this.ref.getBoundingClientRect(),r=t.width,n=t.height;"center"===this.props.align&&(e=We(We({},e),{},{top:this.props.top,left:this.props.left-(r-this.props.anchorWidth)/2})),"top"===this.props.position?e=We(We({},e),{},{top:e.top-n-40},this.props.left+r>=window.innerWidth?{left:this.props.left-r+this.props.anchorWidth+10,movedToLeft:!0}:{}):"right"===this.props.position&&(e=We(We({},e),{},{top:e.top-this.props.anchorHeight,left:e.left+this.props.anchorWidth+10})),this.setState(e)}}},{key:"render",value:function(){var e=this,t=this.props,r=t.children,a=t.position,o=void 0===a?"bottom":a,s=t.align,i=void 0===s?"":s,c=ze.tooltip;return ze[o]&&(c+=" ".concat(ze[o])),this.state.movedToLeft?c+=" ".concat(ze.start):ze[i]&&(c+=" ".concat(ze[i])),n.ZP.createElement("div",{className:c,ref:function(t){e.ref=t},style:{top:"".concat(this.state.top,"px"),left:"".concat(this.state.left,"px")}},r)}}]),u}(n.ZP.Component),styles:ze};Element.prototype.matches||(Element.prototype.matches=Element.prototype.msMatchesSelector);var Ge=null,Ve=!1,Ye=null,Ke={closeTooltip:function(){Ve&&(n.ZP.render(null,Ge),Ve=!1)},renderTooltip:function(e){Ke.closeTooltip();var t,r,a=e.getBoundingClientRect(),o=a.top,s=a.left,i=a.height,c=a.width;o+=i,o+=window.scrollY,s+=window.scrollX,"hint"===e.tooltipStyle?(t="center",r="top"):"hint-right"===e.tooltipStyle&&(r="right"),n.ZP.render(n.ZP.createElement(He.Component,{top:o,left:s,anchorWidth:c,anchorHeight:i,align:t,position:r},e.tooltipComponent),Ge),Ve=!0}};const Xe=function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"";return{"data-tooltip":!0,ref:function(r){r&&(r.tooltipComponent=e,t&&(r.tooltipStyle=t))}}};var $e=function(e){var t=e.data;return n.ZP.createElement("div",null,n.ZP.createElement("div",{className:ze.row},"Last (re)load: ",Ue(t.nginx.load_timestamp)),n.ZP.createElement("div",{className:ze.row},"Reloads: ",t.nginx.generation),t.processes&&n.ZP.createElement("div",{className:ze.row},"Respawned: ",t.processes.respawned))};const Qe=j(function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data.nginx;return n.ZP.createElement(Ie,{className:this.props.className},n.ZP.createElement("a",{href:"https://www.nginx.com/resources/admin-guide/nginx-plus-releases/",target:"_blank",className:"release___UNwFy"},e.build," (",e.version,")"),n.ZP.createElement("table",{className:"table___kliKd"},n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Address"),n.ZP.createElement("td",null,e.address)),n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"PID"),n.ZP.createElement("td",null,e.ppid)),n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Uptime"),n.ZP.createElement("td",null,n.ZP.createElement("span",d({className:"uptime___w8TZO"},Xe(n.ZP.createElement($e,{data:this.props.data}))),je(Date.parse(e.timestamp)-Date.parse(e.load_timestamp)))))))}}]),u}(n.ZP.Component),[ve.nginx,ve.processes]);var Je=function(e){(0,s.Z)(l,e);var t,r,n=(t=l,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function l(e){var t;return(0,a.Z)(this,l),(t=n.call(this,e)).state={sortOrder:b.getSetting(t.SORTING_SETTINGS_KEY,"asc")},t.changeSorting=t.changeSorting.bind((0,h.Z)(t)),t}return(0,o.Z)(l,[{key:"changeSorting",value:function(e){this.setState({sortOrder:e}),b.setSetting(this.SORTING_SETTINGS_KEY,e)}}]),l}(n.ZP.Component);const et={table:"table___Utl7H",wide:"wide___Eyv03",thin:"thin___IyGow",bold:"bold___NVbjB","right-align":"right-align___H0LAo","center-align":"center-align___fJEv0","left-align":"left-align___PBC6u","sub-header":"sub-header___ITHoC",bdr:"bdr___CNbbc","no-bdr":"no-bdr___EKNxu",px60:"px60___xSrQT",sorter:"sorter____Ty9O",sorterActive:"sorterActive___XeeMr",inlinSorter:"inlinSorter___SQLy1",status:"status___ky3iH",ok:"ok___Y9dZI status___ky3iH",warning:"warning___eF9BG status___ky3iH",checking:"checking___Rqhpk status___ky3iH",alert:"alert___tOpDm status___ky3iH",up:"up___Cr1UF status___ky3iH",unavail:"unavail___WYVka status___ky3iH",unhealthy:"unhealthy___bhtZo status___ky3iH",draining:"draining___d7Exa status___ky3iH",down:"down___RBm9r status___ky3iH",flash:"flash___ZwB6G","red-flash":"red-flash___F62Kn","collapse-columns":"collapse-columns___GwwBZ","hovered-expander":"hovered-expander___Jp2NV","responses-column":"responses-column___IRgR5",checkbox:"checkbox___JxU4t","edit-peer":"edit-peer___hfSEP",address:"address___Us_1T","address-container":"address-container___w0w6n",hinted:"hinted___oiVPn","chart-container":"chart-container___hk_EK","chart-container_active":"chart-container_active___lw8_x","chart-icon":"chart-icon___ryBCV","chart-icon__icon":"chart-icon__icon___MSJrS","chart-row":"chart-row___Aocb0"};var tt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).toggle=e.toggle.bind((0,h.Z)(e)),e}return(0,o.Z)(u,[{key:"toggle",value:function(){var e=this.props.order;e="desc"===e?"asc":"desc",this.props.onChange(e)}},{key:"render",value:function(){var e=this.props,t=e.singleRow,r=e.firstSortLabel,a=e.secondSortLabel,o=e.order,s=e.isActive,i=e.isInline,c=et.sorter;return s&&(c+=" ".concat(et.sorterActive)),i&&(c+=" ".concat(et.inlinSorter)),n.ZP.createElement("th",d({rowSpan:t?null:"2",className:c,onClick:this.toggle},Xe("asc"===o?a:r,"hint-right")),"asc"===o?"▴":"▾")}}]),u}(n.ZP.Component);tt.defaultProps={firstSortLabel:"Sort by conf order",secondSortLabel:"Sort by status - failed first",isActive:!0};var rt={responsesTextWithTooltip:function(e,t,r){var n=function(e,t){var r=[];return e&&Object.keys(e).length>0&&Object.keys(e).sort().forEach((function(n){"".concat(n).startsWith(t)&&r.push({code:n,value:e[n]})})),r}(t,r);return rt.tooltipRowsContent(e,n.map((function(e){var t=e.code;return{id:t,label:t,value:e.value}})),"hint")},tooltipRowsContent:function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:[],r=arguments.length>2?arguments[2]:void 0;return t.length>0?n.ZP.createElement("span",d({className:et.hinted},Xe(n.ZP.createElement("div",null,t.map((function(e){var t=e.id,r=e.label,a=e.value;return n.ZP.createElement("div",{key:t,className:He.styles["list-row"]},n.ZP.createElement("div",{className:He.styles["list-label"]},r,":"),n.ZP.createElement("div",{className:He.styles["list-space"]}),n.ZP.createElement("div",{className:He.styles["list-value"]},a))}))),r)),e):e}};const nt=rt,at="table___XKEid",ot="tab___nUg_1",st="tab-active___HKVLY tab___nUg_1",it="counter___LiSy2";var ct=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).state={tab:"conns"},e}return(0,o.Z)(u,[{key:"changeTab",value:function(e){this.setState({tab:e})}},{key:"getCurrentCell",value:function(e){return n.ZP.createElement("td",{className:"current___xNZ4J"},e,"number"==typeof e?n.ZP.createElement("span",{className:"current__sec___uS8fO"},"/s"):null)}},{key:"render",value:function(){var e=this.props.data,t=e.connections,r=e.ssl,a=(this.state.tab,"tabs___shv8R"),o="conns"===this.state.tab;return o||(a+=" ".concat("tabs_ssl___Ffvin")),n.ZP.createElement(Ie,{className:this.props.className},o?n.ZP.createElement("span",{className:it},"Accepted:",t.accepted):null,n.ZP.createElement("div",{className:a},n.ZP.createElement("div",{className:o?st:ot,onClick:this.changeTab.bind(this,"conns")},n.ZP.createElement("span",null,"Connections")),n.ZP.createElement("div",{className:o?ot:st,onClick:this.changeTab.bind(this,"ssl")},n.ZP.createElement("span",null,"SSL"))),o?n.ZP.createElement("table",{className:at},n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Current"),n.ZP.createElement("th",null,"Accepted/s"),n.ZP.createElement("th",null,"Active"),n.ZP.createElement("th",null,"Idle"),n.ZP.createElement("th",null,"Dropped")),n.ZP.createElement("tr",null,n.ZP.createElement("td",null,t.current),n.ZP.createElement("td",null,t.accepted_s),n.ZP.createElement("td",null,t.active),n.ZP.createElement("td",null,t.idle),n.ZP.createElement("td",null,t.dropped))):n.ZP.createElement("table",{className:"".concat(at," ").concat("ssl___spYo8")},n.ZP.createElement("tr",null,n.ZP.createElement("th",{width:"16%"}),n.ZP.createElement("th",null,"Handshakes"),n.ZP.createElement("th",null,"Handshakes failed"),n.ZP.createElement("th",null,"Session reuses")),n.ZP.createElement("tr",null,n.ZP.createElement("td",null,"Total"),n.ZP.createElement("td",null,r.handshakes),n.ZP.createElement("td",null,nt.tooltipRowsContent(r.handshakes_failed,De(r))),n.ZP.createElement("td",null,r.session_reuses)),n.ZP.createElement("tr",null,n.ZP.createElement("td",null,"Current"),this.getCurrentCell(r.handshakes_s),this.getCurrentCell(r.handshakes_failed_s),this.getCurrentCell(r.session_reuses_s))))}}]),u}(n.ZP.Component);const lt=j(ct,[ve.connections.process(se),ve.ssl.process(ie)]);var ut=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data.requests;return n.ZP.createElement(Ie,{className:this.props.className},n.ZP.createElement("span",{className:it},"Total:",e.total),n.ZP.createElement("h3",{className:"h3___nMTa1"},"Requests"),n.ZP.createElement("table",{className:at},n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Current"),n.ZP.createElement("th",null,"Req/s")),n.ZP.createElement("tr",null,n.ZP.createElement("td",null,e.current),n.ZP.createElement("td",null,e.reqs))))}}]),u}(n.ZP.Component);const ft=j(ut,[ve.http.requests.process(ce)]),ht="label___ofh6Z";var dt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"shouldComponentUpdate",value:function(e){return this.props.total!==e.total||this.props.warnings!==e.warnings||this.props.alerts!==e.alerts}},{key:"render",value:function(){var e=null,t=this.props,r=(t.total,t.alerts),a=t.warnings;if(void 0!==r||void 0!==a){var o=this.props.alerts>0?"Alerts":this.props.warnings>0?"Warnings":"Problems",s=this.props.alerts>0?"alert___U9hyo num___QK37d":this.props.warnings>0?"warning___jb5kC num___QK37d":"ok___Vb8j2 num___QK37d";e=n.ZP.createElement(n.ZP.Fragment,null,"/",n.ZP.createElement("a",{className:s,href:this.props.href},n.ZP.createElement("span",{className:ht},o),this.props.alerts||this.props.warnings||0))}return n.ZP.createElement("div",{className:"alerts___xHUNF"},n.ZP.createElement("span",{className:"num___QK37d"},n.ZP.createElement("span",{className:ht},"Total"),this.props.total),e)}}]),u}(n.ZP.Component);var pt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=[],o=0,s=0,i=0,c=null;if(t.server_zones){var l=t.server_zones.__STATS;o+=l.total,s+=l.warnings,i+=l.alerts,c=n.ZP.createElement("div",null,n.ZP.createElement("h4",null,"Traffic"),n.ZP.createElement("p",null,"In: ",l.traffic.in?"".concat(Me(l.traffic.in),"/s"):0),n.ZP.createElement("p",null,"Out: ",l.traffic.out?"".concat(Me(l.traffic.out),"/s"):0)),a.push(r.__STATUSES.server_zones.status)}if(t.location_zones){var u=t.location_zones.__STATS;o+=u.total,s+=u.warnings,i+=u.alerts,a.push(r.__STATUSES.location_zones.status)}return n.ZP.createElement(Ie,{title:"HTTP Zones",status:a.includes("danger")?"danger":a.includes("warning")?"warning":"ok",href:"#server_zones"},n.ZP.createElement(dt,{href:"#server_zones",total:o,warnings:s,alerts:i}),c)}}]),u}(n.ZP.Component);const vt=j(pt,[ve.http.server_zones.process(F),ve.http.location_zones.process(q)]);function mt(e){var t=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}();return function(){var r,n=(0,c.Z)(e);if(t){var a=(0,c.Z)(this).constructor;r=Reflect.construct(n,arguments,a)}else r=n.apply(this,arguments);return(0,i.Z)(this,r)}}var yt=function(e){(0,s.Z)(r,e);var t=mt(r);function r(){return(0,a.Z)(this,r),t.apply(this,arguments)}return(0,o.Z)(r,[{key:"render",value:function(){var e=this.props,t=e.title,r=e.stats,a=e.status,o=e.href;return n.ZP.createElement(Ie,{title:t,status:a,href:o},n.ZP.createElement(dt,{total:r.total,warnings:r.warnings,alerts:r.alerts,href:o}),n.ZP.createElement("h4",null,"Servers"),n.ZP.createElement("p",null,"All: ",r.servers.all," / Up: ",r.servers.up),n.ZP.createElement("p",{className:r.servers.failed>0?"red___WBszV":void 0},"Failed: ",r.servers.failed))}}]),r}(n.ZP.Component),gt=function(e){(0,s.Z)(r,e);var t=mt(r);function r(){return(0,a.Z)(this,r),t.apply(this,arguments)}return(0,o.Z)(r,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.upstreams.__STATS;return n.ZP.createElement(yt,{title:"HTTP Upstreams",stats:a,status:r.__STATUSES.upstreams.status,href:"#upstreams"})}}]),r}(n.ZP.Component);const _t=j(gt,[ve.http.upstreams.process($)]);var Et=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.server_zones.__STATS;return n.ZP.createElement(Ie,{title:"TCP/UDP Zones",status:r.__STATUSES.tcp_zones.status,href:"#tcp_zones"},n.ZP.createElement("p",null,"Conn total: ",a.conn_total),n.ZP.createElement("p",null,"Conn current: ",a.conn_current),n.ZP.createElement("p",null,"Conn/s: ",a.conn_s),n.ZP.createElement("h4",null,"Traffic"),n.ZP.createElement("p",null,"In: ",a.traffic.in?"".concat(Me(a.traffic.in),"/s"):0),n.ZP.createElement("p",null,"Out: ",a.traffic.out?"".concat(Me(a.traffic.out),"/s"):0))}}]),u}(n.ZP.Component);const Pt=j(Et,[ve.stream.server_zones.process(J)]);var bt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.upstreams.__STATS;return n.ZP.createElement(yt,{title:"TCP/UDP Upstreams",stats:a,status:r.__STATUSES.tcp_upstreams.status,href:"#tcp_upstreams"})}}]),u}(n.ZP.Component);const Zt=j(bt,[ve.stream.upstreams.process(ee)]),wt="icon___ynQ3g";var St=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.caches.__STATS;return n.ZP.createElement(Ie,{title:"Caches",status:r.__STATUSES.caches.status,href:"#caches"},n.ZP.createElement(dt,{total:a.total,warnings:a.warnings,alerts:a.alerts,href:"#caches"}),n.ZP.createElement("h4",null,"Caches states"),n.ZP.createElement("p",null,n.ZP.createElement(Oe,{type:"sun",className:wt}),"Warm: ",a.states.warm),n.ZP.createElement("p",null,n.ZP.createElement(Oe,{type:"snowflake",className:"".concat(wt," ").concat("snowflakeIcon___MWCYj")}),"Cold: ",a.states.cold))}}]),u}(n.ZP.Component);const xt=j(St,[ve.http.caches.process(ne)]);var Ot=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.zone_sync.__STATS;return n.ZP.createElement(Ie,{title:"Cluster",status:r.__STATUSES.zone_sync.status,href:"#cluster"},n.ZP.createElement(dt,{href:"#cluster",total:a.total,alerts:a.alerts,warnings:a.warnings}),n.ZP.createElement("h4",null,"Messages/s"),n.ZP.createElement("p",null,"In: ",a.traffic.in?a.traffic.in:0),n.ZP.createElement("p",null,"Out: ",a.traffic.out?a.traffic.out:0))}}]),u}(n.ZP.Component);const kt=j(Ot,[ve.stream.zone_sync.process(ue)]);var Rt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.resolvers.__STATS;return n.ZP.createElement(Ie,{title:"Resolvers",status:r.__STATUSES.resolvers.status,href:"#resolvers"},n.ZP.createElement(dt,{href:"#resolvers",total:a.total,alerts:a.alerts}),n.ZP.createElement("h4",null,"Traffic"),n.ZP.createElement("p",null,"Req/s: ",a.traffic.in?a.traffic.in:0),n.ZP.createElement("p",null,"Resp/s: ",a.traffic.out?a.traffic.out:0))}}]),u}(n.ZP.Component);const Nt=j(Rt,[ve.resolvers.process(he)]);var At=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props,t=e.data,r=e.store,a=t.workers.__STATS;return n.ZP.createElement(Ie,{title:"Workers",status:r.__STATUSES.workers.status,href:"#workers"},n.ZP.createElement(dt,{href:"#workers",total:a.total}))}}]),u}(n.ZP.Component);const Tt=j(At,[ve.workers.process(de)]),Ct="row___DEXUd",It="box___oEQWK";var jt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"componentDidMount",value:function(){}},{key:"render",value:function(){return n.ZP.createElement("div",null,n.ZP.createElement("div",{className:Ct},n.ZP.createElement(Qe,{className:It}),n.ZP.createElement(lt,{className:"connections___IwPXb"}),n.ZP.createElement(ft,{className:It})),n.ZP.createElement("div",{className:"".concat(Ct," ").concat("row-wrap____ZDpW")},n.ZP.createElement(vt,null),n.ZP.createElement(_t,null),n.ZP.createElement(Pt,null),n.ZP.createElement(Zt,null),n.ZP.createElement(xt,null),n.ZP.createElement(kt,null),n.ZP.createElement(Nt,null),n.ZP.createElement(Tt,null)))}}]),u}(n.ZP.Component);const Mt=X({history:{},prevUpdatingPeriod:null}),Bt=X({history:{},prevUpdatingPeriod:null});function Ut(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function Lt(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?Ut(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ut(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}r(50915);var Dt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"streamZonesSortOrder"}},{key:"render",value:function(){var e=this.props.data,t=null;if(e){var r=Array.from(e);"desc"===this.state.sortOrder&&r.sort((function(e,t){var r=y(e,2),n=(r[0],r[1]),a=y(t,2);return a[0],a[1],n.alert||n.warning?-1:1})),t=n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Server Zones"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{order:this.state.sortOrder,onChange:this.changeSorting}),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",{colSpan:"3"},"Requests"),n.ZP.createElement("th",{colSpan:"6"},"Responses"),n.ZP.createElement("th",{colSpan:"4"},"Traffic"),n.ZP.createElement("th",{colSpan:"4"},"SSL")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Current"),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",{className:et.bdr},"Req/s"),n.ZP.createElement("th",null,"1xx"),n.ZP.createElement("th",null,"2xx"),n.ZP.createElement("th",null,"3xx"),n.ZP.createElement("th",null,"4xx"),n.ZP.createElement("th",null,"5xx"),n.ZP.createElement("th",{className:et.bdr},"Total"),n.ZP.createElement("th",null,"Sent/s"),n.ZP.createElement("th",null,"Rcvd/s"),n.ZP.createElement("th",null,"Sent"),n.ZP.createElement("th",{className:et.bdr},"Rcvd"),n.ZP.createElement("th",null,"Handshakes"),n.ZP.createElement("th",null,"Handshakes",n.ZP.createElement("br",null),"Failed"),n.ZP.createElement("th",null,"Session",n.ZP.createElement("br",null),"Reuses"),n.ZP.createElement("th",null,"Verify",n.ZP.createElement("br",null),"Failures"))),n.ZP.createElement("tbody",{className:et["right-align"]},r.map((function(e){var t=y(e,2),r=t[0],a=t[1],o=et.ok;a.warning?o=et.warning:a["5xxChanged"]&&(o=et.alert);var s=a.responses.codes,i=a.ssl;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:o}),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",null,a.processing),n.ZP.createElement("td",null,a.requests),n.ZP.createElement("td",{className:et.bdr},a.zone_req_s),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["1xx"],s,"1")),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["2xx"],s,"2")),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["3xx"],s,"3")),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["4xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(a.responses["4xx"]+a.discarded,Lt(Lt({},s||{"4xx":a.responses["4xx"]}),{},{"499/444/408":a.discarded}),"4")),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["5xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(a.responses["5xx"],s,"5")),n.ZP.createElement("td",{className:et.bdr},a.responses.total),n.ZP.createElement("td",{className:et.px60},Me(a.sent_s)),n.ZP.createElement("td",{className:et.px60},Me(a.rcvd_s)),n.ZP.createElement("td",{className:et.px60},Me(a.sent)),n.ZP.createElement("td",{className:"".concat(et.px60," ").concat(et.bdr)},Me(a.received)),n.ZP.createElement("td",null,i?i.handshakes:"–"),n.ZP.createElement("td",null,i?nt.tooltipRowsContent(i.handshakes_failed,De(i),"hint"):"–"),n.ZP.createElement("td",null,i?i.session_reuses:"–"),n.ZP.createElement("td",null,i?nt.tooltipRowsContent.apply(nt,m(Fe(i)).concat(["hint"])):"–"))})))))}return t}}]),u}(Je);function Ft(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function zt(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?Ft(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ft(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var qt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"locationsSortOrder"}},{key:"render",value:function(){var e=this.props.data,t=null;if(e){var r=Array.from(e);"desc"===this.state.sortOrder&&r.sort((function(e,t){var r=y(e,2),n=(r[0],r[1]),a=y(t,2);return a[0],a[1],n.alert||n.warning?-1:1})),t=n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Location Zones"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{order:this.state.sortOrder,onChange:this.changeSorting}),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",{colSpan:"2"},"Requests"),n.ZP.createElement("th",{colSpan:"6"},"Responses"),n.ZP.createElement("th",{colSpan:"4"},"Traffic")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",{className:et.bdr},"Req/s"),n.ZP.createElement("th",null,"1xx"),n.ZP.createElement("th",null,"2xx"),n.ZP.createElement("th",null,"3xx"),n.ZP.createElement("th",null,"4xx"),n.ZP.createElement("th",null,"5xx"),n.ZP.createElement("th",{className:et.bdr},"Total"),n.ZP.createElement("th",null,"Sent/s"),n.ZP.createElement("th",null,"Rcvd/s"),n.ZP.createElement("th",null,"Sent"),n.ZP.createElement("th",null,"Rcvd"))),n.ZP.createElement("tbody",{className:et["right-align"]},r.map((function(e){var t=y(e,2),r=t[0],a=t[1],o=et.ok;a.warning?o=et.warning:a["5xxChanged"]&&(o=et.alert);var s=a.responses.codes;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:o}),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",null,a.requests),n.ZP.createElement("td",{className:et.bdr},a.zone_req_s),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["1xx"],s,"1")),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["2xx"],s,"2")),n.ZP.createElement("td",null,nt.responsesTextWithTooltip(a.responses["3xx"],s,"3")),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["4xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(a.responses["4xx"]+a.discarded,zt(zt({},s||{"4xx":a.responses["4xx"]}),{},{"499/444/408":a.discarded}),"4")),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["5xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(a.responses["5xx"],s,"5")),n.ZP.createElement("td",{className:et.bdr},a.responses.total),n.ZP.createElement("td",{className:et.px60},Me(a.sent_s)),n.ZP.createElement("td",{className:et.px60},Me(a.rcvd_s)),n.ZP.createElement("td",{className:et.px60},Me(a.sent)),n.ZP.createElement("td",{className:et.px60},Me(a.received)))})))))}return t}}]),u}(Je);const Wt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).state={activeCharts:[]},e.toggleChart=e.toggleChart.bind((0,h.Z)(e)),e}return(0,o.Z)(u,[{key:"shouldComponentUpdate",value:function(e,t){return this.props.data!==e.data||this.state.activeCharts.length!==t.activeCharts.length}},{key:"toggleChart",value:function(e){this.state.activeCharts.includes(e)?this.setState({activeCharts:this.state.activeCharts.filter((function(t){return t!==e}))}):this.setState({activeCharts:this.state.activeCharts.concat(e)})}},{key:"getTitle",value:function(){return null}},{key:"getHeadRow",value:function(){return null}},{key:"getBody",value:function(){return null}},{key:"render",value:function(){this.state.activeCharts;var e=null;return this.props.data&&(e=n.ZP.createElement("div",null,n.ZP.createElement("h1",null,this.getTitle()),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide)},n.ZP.createElement("thead",null,this.getHeadRow()),n.ZP.createElement("tbody",{className:et["right-align"]},this.getBody())))),e}}]),u}(n.ZP.Component);r(19601),r(34553);const Ht="x-axis___W3AjO",Gt="x-line___Cx3aM",Vt="y-label___rzfcN",Yt="area___GUBYy",Kt="faded___lrP7E",Xt="dnd-controls__control___KjxMy",$t="dnd-controls__control_disabled___P3Y1U";var Qt=new Map([["1m",60],["5m",300],["15m",900]]),Jt=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;(0,a.Z)(this,u),t=l.call(this,e);var r=b.getSetting("timeWindow");return r&&Qt.has(r)||(r="5m"),t.state={disabledMetrics:[],highlightedMetric:null,mouseOffsetX:null,selectedTimeWindow:r,timeEnd:e.data.ts,dndIsInProgress:!1,dndPointsIndicies:null},t.historyLimit=1800,t.highlightMetricTimer=null,t.highlightedMetric=null,t.mouseOffsetX=null,t.mouseMoveTimer=null,t.dndStartX=0,t.dndMoveX=0,t.pointsIndicies="0,0",t.drawCursorLine=t.drawCursorLine.bind((0,h.Z)(t)),t.onMouseMove=t.onMouseMove.bind((0,h.Z)(t)),t.onMouseLeave=t.onMouseLeave.bind((0,h.Z)(t)),t.onMouseDown=t.onMouseDown.bind((0,h.Z)(t)),t.onMouseUp=t.onMouseUp.bind((0,h.Z)(t)),t.redraw=t.redraw.bind((0,h.Z)(t)),t.highlightMetric=t.highlightMetric.bind((0,h.Z)(t)),t.onSettingsChange=t.onSettingsChange.bind((0,h.Z)(t)),t.redraw(),t}return(0,o.Z)(u,[{key:"componentDidMount",value:function(e){this.settingsListener=b.subscribe(this.onSettingsChange,"timeWindow")}},{key:"componentWillUnmount",value:function(){b.unsubscribe(this.settingsListener)}},{key:"componentWillReceiveProps",value:function(e){var t=e.data,r=this.props.data;if(t.ts>r.ts){var n=this.state.dndPointsIndicies,a={timeEnd:t.ts};if(null!==n&&t.data.length===this.historyLimit){var o=parseInt(b.getSetting("updatingPeriod"),10)/1e3,s=Math.round((t.ts-r.ts)/o);a.dndPointsIndicies=this.state.dndPointsIndicies.split(",").reduce((function(e,t,r,n){var a=t-s;return""===e?a>0?"".concat(a):"0":"0"===e?"".concat(e,",").concat(t-n[0]):"".concat(e,",").concat(a)}),"")}this.redraw(a,e)}}},{key:"shouldComponentUpdate",value:function(e,t){return!this.state.dndIsInProgress||this.state.dndPointsIndicies!==t.dndPointsIndicies}},{key:"onSettingsChange",value:function(e){this.redraw({selectedTimeWindow:e,dndPointsIndicies:null})}},{key:"onMouseLeave",value:function(){null!==this.mouseMoveTimer&&(clearTimeout(this.mouseMoveTimer),this.mouseMoveTimer=null),this.setState({mouseOffsetX:null,dndIsInProgress:!1})}},{key:"drawCursorLine",value:function(){this.state.dndIsInProgress||this.setState({mouseOffsetX:this.mouseOffsetX})}},{key:"onMouseDown",value:function(e){this.dndStartX=e.offsetX,this.dndMoveX=e.offsetX;var t={dndIsInProgress:!0,mouseOffsetX:null};null===this.state.dndPointsIndicies&&(t.dndPointsIndicies=this.pointsIndicies),this.redraw(t)}},{key:"onMouseUp",value:function(){var e={dndIsInProgress:!1};null!==this.state.dndPointsIndicies&&this.state.dndPointsIndicies.includes("".concat(this.props.data.data.length-1))&&(e.dndPointsIndicies=null),this.redraw(e)}},{key:"onMouseMove",value:function(e){var t=this,r=e.offsetX;if(this.state.dndIsInProgress)if(Math.abs(this.dndStartX-r)<Math.abs(this.dndStartX-this.dndMoveX))this.dndStartX=r,this.dndMoveX=r;else{this.dndMoveX=r;var n,a=this.props.data.data,o=this.state.dndPointsIndicies.split(",");switch(this.state.selectedTimeWindow){case"1m":n=20;break;case"5m":n=10;break;case"15m":n=5}var s=(r<this.dndStartX?-1:1)*Math.floor(Math.abs(r-this.dndStartX)/n);if(0!==s){var i=a.length-1;this.dndStartX+=20*s,(s>0&&o[0]>0||s<0&&o[1]<i)&&this.redraw({dndPointsIndicies:o.reduce((function(e,t,r,n){var a=t-s;return""===e?a>0?"".concat(a):"0":"0"===e?"".concat(e,",").concat(t-n[0]):a>i?"".concat(e-(a-i),",").concat(i):"".concat(e,",").concat(a)}),"")})}}else this.mouseOffsetX=50+r,null===this.mouseMoveTimer&&(this.mouseMoveTimer=setTimeout((function(){t.drawCursorLine(),t.mouseMoveTimer=null}),100))}},{key:"emulateDnd",value:function(e,t){var r,n=this.props.data.data,a=this.state.dndPointsIndicies,o=(null!==a?a:this.pointsIndicies).split(",").map((function(e){return parseInt(e,10)})),s=o[1]-o[0];!t&&(e>0&&n.length-1-o[1]<=s||e<0&&o[0]<=s)&&(t=!0),r=t?e>0?null:"0,".concat(s):"".concat(o[0]+e*s,",").concat(o[1]+e*s),this.redraw({dndPointsIndicies:r})}},{key:"deferredHighlightMetric",value:function(e){this.highlightedMetric=e,null===this.highlightMetricTimer&&(this.highlightMetricTimer=setTimeout(this.highlightMetric,200))}},{key:"highlightMetric",value:function(){this.highlightMetricTimer=null,this.highlightedMetric!==this.state.highlightedMetric&&this.redraw({highlightedMetric:this.highlightedMetric})}},{key:"toggleMetric",value:function(e){var t=this.state.disabledMetrics;this.redraw({disabledMetrics:t.includes(e)?t.filter((function(t){return t!==e})):t.concat(e),highlightedMetric:null})}},{key:"redraw",value:function(){var e=this,t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},r=(arguments.length>1?arguments[1]:void 0)||this.props,a=r.colors,o=r.labels,s=r.data.data,i=Object.assign({},this.state,t),c=i.disabledMetrics,l=i.highlightedMetric,u=i.selectedTimeWindow,f=i.timeEnd,h=i.dndPointsIndicies,d=50,p=70;this.ticks=[],this.points=[],this.toRender={yMax:null,yMid:null,charts:[],areas:[],legend:[],tooltipPoints:[]},this.dndAllowed=!1;var v=parseInt(b.getSetting("updatingPeriod"),10)/1e3,g=1080,_=150,E=Qt.get(u)+.2*v,P=f-E,Z=null;if(s.length>0){var w=s.findIndex((function(e){return e._ts>=P}));if(w>=0){var S;w>0&&(this.dndAllowed=!0,s[w]._ts-P<2*v&&(E=f-(P=s[w]._ts))),h?(S=s.slice.apply(s,m(h.split(","))),P=S[0]._ts,E=S[S.length-1]._ts-P):S=s.slice(w);var x=Array.from(a.keys());Z=g/E;var O=function(e,t,r){return e.reduce((function(e,n){var a=n.obj,o=t.reduce((function(e,t){return t in a&&!r.includes(t)&&(e+=a[t]),e}),0);return o>e?o:e}),0)}(S,x,c);if(O>0){O%2==1&&(O+=1),this.toRender.yMax=[n.ZP.createElement("text",{key:"y-max-label",className:Vt,x:45,y:p},O),n.ZP.createElement("line",{key:"y-max-line",className:Gt,x1:d,x2:1130,y1:p,y2:p})];this.toRender.yMid=[n.ZP.createElement("text",{key:"y-mid-label",className:Vt,x:45,y:145},O/2),n.ZP.createElement("line",{key:"y-mid-line",className:Gt,x1:d,x2:1130,y1:145,y2:145})]}var k=O>0?_/O:0,R={};S.forEach((function(t,r){for(var n=d+(t._ts-P)*Z,a={},o=0,s=x.length-1;s>=0;s--){var i=x[s];if(!c.includes(i)){var l=t.obj[i],u=220-k*(l+o);0===r?R[i]={path:"M ".concat(n," ").concat(u),coordinates:[[n,u]]}:(R[i].path+=" L ".concat(n," ").concat(u),R[i].coordinates.push([n,u])),o+=l,a[i]=l}}e.points.push({x:n,values:a,_ts:t._ts})}));for(var N=x.length-1;N>=0;N--){var A=x[N];if(A in R){var T=null!==l&&l!==A;this.toRender.charts.push(n.ZP.createElement("path",{key:"chart_".concat(A),className:"".concat("line___vFLjn").concat(T?" "+Kt:""),style:{stroke:a.get(A)},d:R[A].path}));var C=null;if(N<x.length-1)for(var I=N+1;I<x.length&&null===C;)c.includes(x[I])?I++:C=x[I];if(null===C)this.toRender.areas.push(n.ZP.createElement("path",{key:"chart-area_".concat(A),className:"".concat(Yt).concat(T?" "+Kt:""),style:{fill:a.get(A)},d:"".concat(R[A].path," V ").concat(220," H ").concat(R[A].coordinates[0][0]," V ").concat(R[A].coordinates[0][1])}));else{var j=R[C];this.toRender.areas.push(n.ZP.createElement("path",{key:"chart-area_".concat(A),className:"".concat(Yt).concat(T?" "+Kt:""),style:{fill:a.get(A)},d:"".concat(R[A].path," V ").concat(j.coordinates[j.coordinates.length-1][1]).concat(j.coordinates.reduce((function(e,t){var r=y(t,2),n=r[0],a=r[1];return"L ".concat(n," ").concat(a," ").concat(e)}),"")," V ").concat(j.coordinates[0][1])}))}}var M=x[x.length-1-N],B="legend__item___En1zx",U=c.includes(M);U&&(B+=" ".concat("legend__item_disabled___ffZ8U")),this.toRender.legend.push(n.ZP.createElement("span",{key:"legend_".concat(M),className:B,onClick:this.toggleMetric.bind(this,M),onMouseOver:U?null:this.deferredHighlightMetric.bind(this,M),onMouseLeave:U?null:this.deferredHighlightMetric.bind(this,null)},n.ZP.createElement("span",{className:"legend__color___TwTL5",style:{background:a.get(M)}}),o.has(M)?o.get(M):M))}}this.pointsIndicies="".concat(w,",").concat(s.length-1)}if(null!==Z){var L;switch(u){case"1m":L=10;break;case"5m":L=60;break;case"15m":L=180}for(var D=P+E,F=Math.ceil(P/L)*L;F<=D;)this.ticks.push({x:d+(F-P)*Z,y:238,label:new Date(1e3*F).toLocaleString("en-US",{hour:"2-digit",minute:"2-digit",second:"2-digit",hour12:!1})}),F+=L}this.timeWindowControls=[],Qt.forEach((function(t,r){var a="timewindow__item___C7mk9",o=null;r===u?a+=" ".concat("timewindow__item_selected___IqY1F"):o=e.selectTimeWindow.bind(null,r),e.timeWindowControls.push(n.ZP.createElement("div",{key:r,className:a,onClick:o},r))}));var z=!1,q=!1;if(this.dndAllowed){var W=(null!==h?h:this.pointsIndicies).split(",");W[0]>0&&(z=!0),W[1]<s.length-1&&(q=!0)}this.dndControls=[n.ZP.createElement("div",{key:0,className:"".concat(Xt).concat(z?"":" "+$t),title:"Click to view the oldest data",onClick:z?this.emulateDnd.bind(this,-1,!0):null},"«"),n.ZP.createElement("div",{key:1,className:"".concat(Xt).concat(z?"":" "+$t),title:"Click to go back for ".concat(u),onClick:z?this.emulateDnd.bind(this,-1,!1):null},"‹"),n.ZP.createElement("div",{key:2,className:"".concat(Xt).concat(q?"":" "+$t),title:"Click to go forward for ".concat(u),onClick:q?this.emulateDnd.bind(this,1,!1):null},"›"),n.ZP.createElement("div",{key:3,className:"".concat(Xt).concat(q?"":" "+$t),title:"Click to return to live mode",onClick:q?this.emulateDnd.bind(this,1,!0):null},"»")],Object.keys(t).length>0&&this.setState(t)}},{key:"selectTimeWindow",value:function(e){b.setSetting("timeWindow",e)}},{key:"render",value:function(){var e,t=this,r=this.props,a=r.colors,o=r.labels,s=this.state,i=s.mouseOffsetX,c=s.dndIsInProgress,l=(s.dndPointsIndicies,1150),u=250,f=l-50-20,h=220,d=null;if(null!==i)for(var p=0;p<this.points.length;p++){var v=this.points[p];if(v.x===i){e=v;break}if(v.x>i){var m=this.points[p-1];e=!m||v.x-i<=i-m.x?v:m;break}}var y="".concat("mouse-tracker___mRKMk").concat(this.dndAllowed?" mouse-tracker_drag___s8IsU":"");return c?y+=" ".concat("mouse-tracker_dragging___cRbNt"):e&&(this.toRender.tooltipPoints=[],a.forEach((function(r,a){a in e.values&&t.toRender.tooltipPoints.push(n.ZP.createElement("div",{key:"tooltip_".concat(a),className:"tooltip__point___PXs8R"},n.ZP.createElement("div",{className:"tooltip__value___SgGBA",style:{color:r}},e.values[a]),n.ZP.createElement("div",{className:"tooltip__metric___Nfcq6"},o.has(a)?o.get(a):a)))})),d="translate(".concat(e.x,")")),n.ZP.createElement("div",{className:"container___YVzdT"},n.ZP.createElement("div",{className:"dnd-controls___q1mgS"},this.dndControls),n.ZP.createElement("div",{className:"timewindow___o2E7P"},this.timeWindowControls),e?n.ZP.createElement("div",{className:"tooltip___AGAsM",style:e.x>f/2?{right:"".concat(l-e.x+8,"px")}:{left:"".concat(e.x+8,"px")}},this.toRender.tooltipPoints,n.ZP.createElement("div",{key:"tooltip__time",className:"tooltip__time___MmEuT"},new Date(1e3*e._ts).toLocaleString("en-US",{hour:"2-digit",minute:"2-digit",second:"2-digit",hour12:!1}))):null,n.ZP.createElement("div",{className:y,style:{width:"".concat(f,"px"),height:"".concat(150,"px"),top:"".concat(70,"px"),left:"".concat(50,"px")},onMouseMove:this.onMouseMove,onMouseLeave:this.onMouseLeave,onMouseDown:this.dndAllowed?this.onMouseDown:null,onMouseUp:this.dndAllowed?this.onMouseUp:null}),n.ZP.createElement("svg",{version:"1.1",baseProfile:"full",width:"".concat(l),height:"".concat(u),xmlns:"http://www.w3.org/2000/svg",className:"svg___eHjy0"},n.ZP.createElement("path",{className:Ht,d:this.ticks.reduce((function(e,t){return"".concat(e).concat(e?" ":"","M ").concat(t.x," ").concat(h," V ").concat(226)}),"")}),n.ZP.createElement("text",{className:Vt,x:45,y:220},"0"),n.ZP.createElement("line",{className:Ht,x1:50,x2:50+f,y1:h,y2:h}),n.ZP.createElement("line",{className:"cursor-line___SBRws",x1:"0",x2:"0",y1:60,y2:226,transform:d,style:{opacity:e?1:0}}),this.ticks.map((function(e,t){var r=e.x,a=e.y,o=e.label;return n.ZP.createElement("text",{key:t,className:"x-label___GmWIU",x:r,y:a},o)})),this.toRender.yMax,this.toRender.yMid,this.toRender.charts,this.toRender.areas),n.ZP.createElement("div",{className:"legend___LRo5H"},this.toRender.legend))}}]),u}(n.ZP.Component);Jt.defaultProps={labels:new Map};var er=new Map([["passed","#4FA932"],["rejected","#FF2323"],["rejected_dry_run","#000ADD"]]),tr=new Map([["passed","Passed"],["rejected","Rejected"],["rejected_dry_run","Rejected (dry_run)"]]),rr=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"getTitle",value:function(){return"Limit Conn"}},{key:"getHeadRow",value:function(){return n.ZP.createElement("tr",null,n.ZP.createElement("th",null),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",null,"Passed"),n.ZP.createElement("th",null,"Rejected"),n.ZP.createElement("th",null,"Rejected (dry_run)"))}},{key:"getBody",value:function(){var e=this,t=this.state.activeCharts;return Array.from(this.props.data).map((function(r){var a=y(r,2),o=a[0],s=a[1],i=s.obj,c=s.history,l=et["chart-container"],u="Click to view rate graph",f=null;return t.includes(o)&&(l+=" ".concat(et["chart-container_active"]),u="Click to hide rate graph",f=n.ZP.createElement("tr",{key:"chart_".concat(o),className:et["chart-row"]},n.ZP.createElement("td",{colspan:"5",className:et["left-align"]},n.ZP.createElement(Jt,{data:c,colors:er,labels:tr})))),[n.ZP.createElement("tr",{key:"data_".concat(o),className:l,title:u,onClick:e.toggleChart.bind(e,o)},n.ZP.createElement("td",{className:"".concat(et["center-align"]," ").concat(et.bdr," ").concat(et["chart-icon"])},n.ZP.createElement("div",{className:et["chart-icon__icon"]})),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},o),n.ZP.createElement("td",{className:et.bdr},i.passed),n.ZP.createElement("td",{className:et.bdr},i.rejected),n.ZP.createElement("td",null,i.rejected_dry_run)),f]}))}}]),u}(Wt);var nr=new Map([["passed","#4FA932"],["delayed","#EBC906"],["rejected","#FF2323"],["delayed_dry_run","#861DE3"],["rejected_dry_run","#000ADD"]]),ar=new Map([["passed","Passed"],["delayed","Delayed"],["rejected","Rejected"],["delayed_dry_run","Delayed (dry_run)"],["rejected_dry_run","Rejected (dry_run)"]]),or=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"getTitle",value:function(){return"Limit Req"}},{key:"getHeadRow",value:function(){return n.ZP.createElement("tr",null,n.ZP.createElement("th",null),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",null,"Passed"),n.ZP.createElement("th",null,"Delayed"),n.ZP.createElement("th",null,"Rejected"),n.ZP.createElement("th",null,"Delayed (dry_run)"),n.ZP.createElement("th",null,"Rejected (dry_run)"))}},{key:"getBody",value:function(){var e=this,t=this.state.activeCharts;return Array.from(this.props.data).map((function(r){var a=y(r,2),o=a[0],s=a[1],i=s.obj,c=s.history,l=et["chart-container"],u="Click to view rate graph",f=null;return t.includes(o)&&(l+=" ".concat(et["chart-container_active"]),u="Click to hide rate graph",f=n.ZP.createElement("tr",{key:"chart_".concat(o),className:et["chart-row"]},n.ZP.createElement("td",{colspan:"7",className:et["left-align"]},n.ZP.createElement(Jt,{data:c,colors:nr,labels:ar})))),[n.ZP.createElement("tr",{key:"data_".concat(o),className:l,title:u,onClick:e.toggleChart.bind(e,o)},n.ZP.createElement("td",{className:"".concat(et["center-align"]," ").concat(et.bdr," ").concat(et["chart-icon"])},n.ZP.createElement("div",{className:et["chart-icon__icon"]})),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},o),n.ZP.createElement("td",{className:et.bdr},i.passed),n.ZP.createElement("td",{className:et.bdr},i.delayed),n.ZP.createElement("td",{className:et.bdr},i.rejected),n.ZP.createElement("td",{className:et.bdr},i.delayed_dry_run),n.ZP.createElement("td",null,i.rejected_dry_run)),f]}))}}]),u}(Wt);const sr=j(function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data,t=e.server_zones,r=e.location_zones,a=e.limit_conns,o=e.limit_reqs;return n.ZP.createElement("div",null,n.ZP.createElement(Dt,{data:t}),n.ZP.createElement("br",null),n.ZP.createElement(qt,{data:r}),n.ZP.createElement("br",null),n.ZP.createElement(rr,{data:a}),n.ZP.createElement("br",null),n.ZP.createElement(or,{data:o}))}}]),u}(n.ZP.Component),[ve.http.server_zones.process(F),ve.http.location_zones.process(q),ve.http.limit_conns.process(Mt),ve.http.limit_reqs.process(Bt)]),ir="btn___eI9BD";var cr=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).state={showOnlyFailed:!1,showUpstreamsList:!1,editor:!1},t.toggleFailed=t.toggleFailed.bind((0,h.Z)(t)),t.toggleUpstreamsList=t.toggleUpstreamsList.bind((0,h.Z)(t)),t.handleLastItemShowing=t.handleLastItemShowing.bind((0,h.Z)(t)),!1===t.initIntersectionObserver()?t.state.howManyToShow=1/0:t.state.howManyToShow=70,t}return(0,o.Z)(u,[{key:"toggleFailed",value:function(){this.setState({showOnlyFailed:!this.state.showOnlyFailed})}},{key:"toggleUpstreamsList",value:function(){this.setState({showUpstreamsList:!this.state.showUpstreamsList})}},{key:"initIntersectionObserver",value:function(){return"IntersectionObserver"in window&&(this.intersectionObserver=new IntersectionObserver(this.handleLastItemShowing,{root:null,threshold:.3}),!0)}},{key:"handleLastItemShowing",value:function(e){var t=y(e,1)[0];t.isIntersecting&&isFinite(this.state.howManyToShow)&&this.state.howManyToShow<this.props.upstreams.size&&(this.intersectionObserver.unobserve(t.target),this.setState({howManyToShow:this.state.howManyToShow+70}))}},{key:"scrollTo",value:function(e,t){this.setState({howManyToShow:t+70},(function(){document.getElementById("upstream-".concat(e)).scrollIntoView()}))}},{key:"upstreamRef",value:function(e,t){e&&this.intersectionObserver&&t&&this.intersectionObserver.observe(t.base)}},{key:"render",value:function(){var e=this,t=[],r=this.props.upstreams,a=r.__STATS,o=r=Array.from(r);return isFinite(this.state.howManyToShow)&&(o=r.slice(0,this.state.howManyToShow)),o.forEach((function(r,a){var s=y(r,2),i=s[0],c=s[1];(e.state.showOnlyFailed&&c.hasFailedPeer||!e.state.showOnlyFailed)&&t.push(n.ZP.createElement(e.props.component,{upstream:c,name:i,key:i,showOnlyFailed:e.state.showOnlyFailed,writePermission:e.props.writePermission,upstreamsApi:e.props.upstreamsApi,isStream:e.props.isStream,ref:e.upstreamRef.bind(e,a==o.length-1)}))})),0===t.length&&(t=n.ZP.createElement("div",{className:"msg___eJG14"},'All upstream servers appear to be just fine — nothing to show here. Toggle "Failed only" to show all upstreams.')),n.ZP.createElement("div",{className:"upstreams-container___UTnYc"},n.ZP.createElement("span",{className:"toggle-failed___EjYQ0"},"Failed only",n.ZP.createElement("span",{className:this.state.showOnlyFailed?"toggler-active___edGMH toggler___L_QPv":"toggler___L_QPv",onClick:this.toggleFailed},n.ZP.createElement("span",{className:"toggler-point___UwBrE"}))),n.ZP.createElement("h1",null,this.props.title),n.ZP.createElement("span",{className:this.state.showUpstreamsList?"list-toggler-opened___vodX7 list-toggler___lhgLX":"list-toggler___lhgLX",onClick:this.toggleUpstreamsList},this.state.showUpstreamsList?"Hide":"Show"," upstreams list"),this.state.showUpstreamsList?n.ZP.createElement("div",{className:"upstreams-catalog___Q08HJ"},n.ZP.createElement("div",{className:"upstreams-summary___l1VzK"},n.ZP.createElement("strong",null,"Total:")," ",a.total," upstreams (",a.servers.all," servers)",n.ZP.createElement("span",{className:"red-text___aEue2"},n.ZP.createElement("strong",null,"With problems:")," ",a.failures," upstreams (",a.servers.failed," servers)")),n.ZP.createElement("div",{className:"upstreams-navlinks___ymkqi"},r.map((function(t,r){var a=y(t,2),o=a[0],s=a[1];if(e.state.showOnlyFailed&&s.hasFailedPeer||!e.state.showOnlyFailed)return n.ZP.createElement("span",{onClick:function(){return e.scrollTo(o,r)},className:s.hasFailedPeer?"upstream-link-failed___X0LPY upstream-link___JybKs":"upstream-link___JybKs",key:o},n.ZP.createElement("span",{className:"dashed___W6sOQ"},o))})))):null,t)}}]),u}(n.ZP.Component);var lr,ur,fr=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"shouldComponentUpdate",value:function(e){return e.percentage!==this.props.percentage}},{key:"render",value:function(){var e,t=this.props.percentage;-1===this.props.percentage?(e="<1 %",t=1):e="".concat(t," %");var r="progress-bar___GnMC7";return this.props.danger?r+=" ".concat("danger___UUH5W"):this.props.warning&&(r+=" ".concat("warning___bpfEj")),n.ZP.createElement("div",{className:r},e,n.ZP.createElement("div",{className:"fulfillment___osexh",style:{width:"".concat(t,"%")}},e))}}]),u}(n.wA),hr=r(6400),dr=[],pr=hr.options.__b,vr=hr.options.__r,mr=hr.options.diffed,yr=hr.options.__c,gr=hr.options.unmount;function _r(){for(var e;e=dr.shift();)if(e.__P)try{e.__H.__h.forEach(Pr),e.__H.__h.forEach(br),e.__H.__h=[]}catch(t){e.__H.__h=[],hr.options.__e(t,e.__v)}}hr.options.__b=function(e){lr=null,pr&&pr(e)},hr.options.__r=function(e){vr&&vr(e);var t=(lr=e.__c).__H;t&&(t.__h.forEach(Pr),t.__h.forEach(br),t.__h=[])},hr.options.diffed=function(e){mr&&mr(e);var t=e.__c;t&&t.__H&&t.__H.__h.length&&(1!==dr.push(t)&&ur===hr.options.requestAnimationFrame||((ur=hr.options.requestAnimationFrame)||function(e){var t,r=function(){clearTimeout(n),Er&&cancelAnimationFrame(t),setTimeout(e)},n=setTimeout(r,100);Er&&(t=requestAnimationFrame(r))})(_r)),lr=null},hr.options.__c=function(e,t){t.some((function(e){try{e.__h.forEach(Pr),e.__h=e.__h.filter((function(e){return!e.__||br(e)}))}catch(r){t.some((function(e){e.__h&&(e.__h=[])})),t=[],hr.options.__e(r,e.__v)}})),yr&&yr(e,t)},hr.options.unmount=function(e){gr&&gr(e);var t,r=e.__c;r&&r.__H&&(r.__H.__.forEach((function(e){try{Pr(e)}catch(e){t=e}})),t&&hr.options.__e(t,r.__v))};var Er="function"==typeof requestAnimationFrame;function Pr(e){var t=lr,r=e.__c;"function"==typeof r&&(e.__c=void 0,r()),lr=t}function br(e){var t=lr;e.__c=e.__(),lr=t}function Zr(e,t){for(var r in e)if("__source"!==r&&!(r in t))return!0;for(var n in t)if("__source"!==n&&e[n]!==t[n])return!0;return!1}function wr(e){this.props=e}(wr.prototype=new hr.Component).isPureReactComponent=!0,wr.prototype.shouldComponentUpdate=function(e,t){return Zr(this.props,e)||Zr(this.state,t)};var Sr=hr.options.__b;hr.options.__b=function(e){e.type&&e.type.__f&&e.ref&&(e.props.ref=e.ref,e.ref=null),Sr&&Sr(e)},"undefined"!=typeof Symbol&&Symbol.for&&Symbol.for("react.forward_ref");var xr=(hr.toChildArray,hr.options.__e);hr.options.__e=function(e,t,r,n){if(e.then)for(var a,o=t;o=o.__;)if((a=o.__c)&&a.__c)return null==t.__e&&(t.__e=r.__e,t.__k=r.__k),a.__c(e,t);xr(e,t,r,n)};var Or=hr.options.unmount;function kr(){this.__u=0,this.t=null,this.__b=null}function Rr(e){var t=e.__.__c;return t&&t.__e&&t.__e(e)}function Nr(){this.u=null,this.o=null}hr.options.unmount=function(e){var t=e.__c;t&&t.__R&&t.__R(),t&&!0===e.__h&&(e.type=null),Or&&Or(e)},(kr.prototype=new hr.Component).__c=function(e,t){var r=t.__c,n=this;null==n.t&&(n.t=[]),n.t.push(r);var a=Rr(n.__v),o=!1,s=function(){o||(o=!0,r.__R=null,a?a(i):i())};r.__R=s;var i=function(){if(!--n.__u){if(n.state.__e){var e=n.state.__e;n.__v.__k[0]=function e(t,r,n){return t&&(t.__v=null,t.__k=t.__k&&t.__k.map((function(t){return e(t,r,n)})),t.__c&&t.__c.__P===r&&(t.__e&&n.insertBefore(t.__e,t.__d),t.__c.__e=!0,t.__c.__P=n)),t}(e,e.__c.__P,e.__c.__O)}var t;for(n.setState({__e:n.__b=null});t=n.t.pop();)t.forceUpdate()}},c=!0===t.__h;n.__u++||c||n.setState({__e:n.__b=n.__v.__k[0]}),e.then(s,s)},kr.prototype.componentWillUnmount=function(){this.t=[]},kr.prototype.render=function(e,t){if(this.__b){if(this.__v.__k){var r=document.createElement("div"),n=this.__v.__k[0].__c;this.__v.__k[0]=function e(t,r,n){return t&&(t.__c&&t.__c.__H&&(t.__c.__H.__.forEach((function(e){"function"==typeof e.__c&&e.__c()})),t.__c.__H=null),null!=(t=function(e,t){for(var r in t)e[r]=t[r];return e}({},t)).__c&&(t.__c.__P===n&&(t.__c.__P=r),t.__c=null),t.__k=t.__k&&t.__k.map((function(t){return e(t,r,n)}))),t}(this.__b,r,n.__O=n.__P)}this.__b=null}var a=t.__e&&(0,hr.createElement)(hr.Fragment,null,e.fallback);return a&&(a.__h=null),[(0,hr.createElement)(hr.Fragment,null,t.__e?null:e.children),a]};var Ar=function(e,t,r){if(++r[1]===r[0]&&e.o.delete(t),e.props.revealOrder&&("t"!==e.props.revealOrder[0]||!e.o.size))for(r=e.u;r;){for(;r.length>3;)r.pop()();if(r[1]<r[0])break;e.u=r=r[2]}};function Tr(e){return this.getChildContext=function(){return e.context},e.children}function Cr(e){var t=this,r=e.i;t.componentWillUnmount=function(){(0,hr.render)(null,t.l),t.l=null,t.i=null},t.i&&t.i!==r&&t.componentWillUnmount(),e.__v?(t.l||(t.i=r,t.l={nodeType:1,parentNode:r,childNodes:[],appendChild:function(e){this.childNodes.push(e),t.i.appendChild(e)},insertBefore:function(e,r){this.childNodes.push(e),t.i.appendChild(e)},removeChild:function(e){this.childNodes.splice(this.childNodes.indexOf(e)>>>1,1),t.i.removeChild(e)}}),(0,hr.render)((0,hr.createElement)(Tr,{context:t.context},e.__v),t.l)):t.l&&t.componentWillUnmount()}(Nr.prototype=new hr.Component).__e=function(e){var t=this,r=Rr(t.__v),n=t.o.get(e);return n[0]++,function(a){var o=function(){t.props.revealOrder?(n.push(a),Ar(t,e,n)):a()};r?r(o):o()}},Nr.prototype.render=function(e){this.u=null,this.o=new Map;var t=(0,hr.toChildArray)(e.children);e.revealOrder&&"b"===e.revealOrder[0]&&t.reverse();for(var r=t.length;r--;)this.o.set(t[r],this.u=[1,0,this.u]);return e.children},Nr.prototype.componentDidUpdate=Nr.prototype.componentDidMount=function(){var e=this;this.o.forEach((function(t,r){Ar(e,r,t)}))};var Ir="undefined"!=typeof Symbol&&Symbol.for&&Symbol.for("react.element")||60103,jr=/^(?:accent|alignment|arabic|baseline|cap|clip(?!PathU)|color|dominant|fill|flood|font|glyph(?!R)|horiz|marker(?!H|W|U)|overline|paint|stop|strikethrough|stroke|text(?!L)|underline|unicode|units|v|vector|vert|word|writing|x(?!C))[A-Z]/,Mr="undefined"!=typeof document,Br=function(e){return("undefined"!=typeof Symbol&&"symbol"==typeof Symbol()?/fil|che|rad/i:/fil|che|ra/i).test(e)};hr.Component.prototype.isReactComponent={},["componentWillMount","componentWillReceiveProps","componentWillUpdate"].forEach((function(e){Object.defineProperty(hr.Component.prototype,e,{configurable:!0,get:function(){return this["UNSAFE_"+e]},set:function(t){Object.defineProperty(this,e,{configurable:!0,writable:!0,value:t})}})}));var Ur=hr.options.event;function Lr(){}function Dr(){return this.cancelBubble}function Fr(){return this.defaultPrevented}hr.options.event=function(e){return Ur&&(e=Ur(e)),e.persist=Lr,e.isPropagationStopped=Dr,e.isDefaultPrevented=Fr,e.nativeEvent=e};var zr={configurable:!0,get:function(){return this.class}},qr=hr.options.vnode;hr.options.vnode=function(e){var t=e.type,r=e.props,n=r;if("string"==typeof t){var a=-1===t.indexOf("-");for(var o in n={},r){var s=r[o];Mr&&"children"===o&&"noscript"===t||"value"===o&&"defaultValue"in r&&null==s||("defaultValue"===o&&"value"in r&&null==r.value?o="value":"download"===o&&!0===s?s="":/ondoubleclick/i.test(o)?o="ondblclick":/^onchange(textarea|input)/i.test(o+t)&&!Br(r.type)?o="oninput":/^onfocus$/i.test(o)?o="onfocusin":/^onblur$/i.test(o)?o="onfocusout":/^on(Ani|Tra|Tou|BeforeInp|Compo)/.test(o)?o=o.toLowerCase():a&&jr.test(o)?o=o.replace(/[A-Z0-9]/,"-$&").toLowerCase():null===s&&(s=void 0),n[o]=s)}"select"==t&&n.multiple&&Array.isArray(n.value)&&(n.value=(0,hr.toChildArray)(r.children).forEach((function(e){e.props.selected=-1!=n.value.indexOf(e.props.value)}))),"select"==t&&null!=n.defaultValue&&(n.value=(0,hr.toChildArray)(r.children).forEach((function(e){e.props.selected=n.multiple?-1!=n.defaultValue.indexOf(e.props.value):n.defaultValue==e.props.value}))),e.props=n,r.class!=r.className&&(zr.enumerable="className"in r,null!=r.className&&(n.class=r.className),Object.defineProperty(n,"className",zr))}e.$$typeof=Ir,qr&&qr(e)};var Wr=hr.options.__r;hr.options.__r=function(e){Wr&&Wr(e),e.__c},hr.createElement,hr.createContext,hr.createRef,hr.Fragment,hr.Component,hr.Fragment;const Hr="disable-scroll___rurS_";var Gr=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"componentDidMount",value:function(){document.documentElement.classList.add(Hr)}},{key:"componentWillUnmount",value:function(){document.documentElement.classList.remove(Hr)}},{key:"render",value:function(){var e=this,t="popup___zhF5j";return this.props.className&&(t+=" ".concat(this.props.className)),function(e,t){var r=(0,hr.createElement)(Cr,{__v:e,i:t});return r.containerInfo=t,r}(n.ZP.createElement("div",{ref:function(t){e.rootElementRef=t},className:"fader___ETVzC"},n.ZP.createElement("div",{className:"modal___viaqq"},n.ZP.createElement("div",{className:t},this.props.children))),document.body)}}]),u}(n.ZP.Component);const Vr="content___dFNzp",Yr="form-group___qoVB9",Kr="input____rEfy",Xr="footer___YrhLx",$r="save___S20KG button___sZqkh";function Qr(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function Jr(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?Qr(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Qr(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var en=/^\s*((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?:\:(?:\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]))?\s*$/,tn=/^\s*\[((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\](?:\:(?:\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]))\s*$/,rn=/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/,nn=/^[\w-.]+$/,an=/^([\w-]|(\.(?!\.+)))[\w-.]*\:(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$/,on=/^([\w-]|(\.(?!\.+)))[\w-.]*(\:(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]))?$/,sn=function(e){return en.test(e)||tn.test(e)||rn.test(e)},cn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this)).state={success:!1,loading:!1,errorMessages:null},!e.peers||e.peers.size>1?(t.state.data={},t.state.initialData={}):e.peers&&1===e.peers.size&&(t.state.loading=!0,e.upstreamsApi.getPeer(e.upstream.name,Array.from(e.peers)[0][1].id).then((function(e){var r=u.normalizeInputData(e);t.setState({data:r,initialData:Jr({},r),loading:!1})}))),t.validateServerName=t.validateServerName.bind((0,h.Z)(t)),t.handleFormChange=t.handleFormChange.bind((0,h.Z)(t)),t.handleRadioChange=t.handleRadioChange.bind((0,h.Z)(t)),t.validate=t.validate.bind((0,h.Z)(t)),t.save=t.save.bind((0,h.Z)(t)),t.close=t.close.bind((0,h.Z)(t)),t.remove=t.remove.bind((0,h.Z)(t)),t.closeErrors=t.closeErrors.bind((0,h.Z)(t)),t}return(0,o.Z)(u,[{key:"handleFormChange",value:function(e){var t,r=e.target,n=this.state.data;t="checkbox"===r.type?r.checked:r.value,n[r.name]=t,this.setState({data:n})}},{key:"handleRadioChange",value:function(e){var t=e.target,r=this.state.data;"drain"===t.id?(delete r.down,r.drain=!0):(delete r.drain,r.down="true"===t.value),this.setState({data:r})}},{key:"save",value:function(){var e=this,t=this.props,r=t.upstreamsApi,n=t.peers,a=!n;this.closeErrors(),this.setState({loading:!0}),this.validate(this.state.data).then((function(){return a?r.createPeer(e.props.upstream.name,e.state.data).then((function(){e.setState({success:!0,successMessage:"Server added successfully"})})):Promise.all(Array.from(n).map((function(t){var n=y(t,1)[0];return r.updatePeer(e.props.upstream.name,n,u.normalizeOutputData(e.state.data,e.state.initialData))}))).then((function(){e.setState({success:!0,successMessage:"Changes saved"})}))})).then((function(){e.setState({loading:!1})})).catch((function(t){var r;r=t instanceof Array?t:[t.error],e.showErrors(r)}))}},{key:"closeErrors",value:function(){this.setState({errorMessages:null})}},{key:"showErrors",value:function(e){this.setState({errorMessages:e,loading:!1})}},{key:"close",value:function(){this.props.onClose()}},{key:"remove",value:function(){var e=this,t=Array.from(this.props.peers);Promise.all(t.map((function(t){var r=y(t,2),n=r[0],a=r[1];return e.props.upstreamsApi.deletePeer(e.props.upstream.name,n).then((function(){return a.server}))}))).then((function(t){e.setState({success:!0,successMessage:"Servers ".concat(t.join(", ")," successfully removed")})})).catch((function(t){var r=t.error;return e.showErrors([r])}))}},{key:"validate",value:function(e){var t=!0,r=this.props.isStream?an:on,n=[],a=this.props.peers&&this.props.peers.size>1,o=!this.props.peers;if(a||!o||e.server||(t=!1,n.push("Invalid server address or port")),"server"in e&&!sn(e.server)&&(!r.test(e.server)||e.server.length>253?(t=!1,n.push("Invalid server address or port")):e.service&&(!nn.test(e.service)||e.server.length+e.service.length>253)&&(t=!1,n.push("Invalid server address or service setting"))),t&&a){var s=Array.from(this.props.peers);return this.props.upstreamsApi.getPeer(this.props.upstream.name,s[0][0]).then((function(e){if(e.error)return n.push("No such server (please, check if it still exists)"),t=!1,Promise.reject(n)}))}return t?Promise.resolve():Promise.reject(n)}},{key:"validateServerName",value:function(e){var t=e.target.value;this.setState({addAsDomain:!sn(t)})}},{key:"render",value:function(){var e,t=this.props,r=t.upstream,a=t.peers,o=t.isStream,s="",i=!a||0===a.size;i?s='Add server to "'.concat(r.name,'"'):(e=Array.from(a),s="Edit ".concat(a.size>1?"servers":"server ".concat(e[0][1].server),' "').concat(r.name,'"'));var c,l=this.state.data,u=void 0===l?{}:l;return c=this.state.loading?n.ZP.createElement("div",{className:Vr},n.ZP.createElement(Ce,{className:"loader___hvHyn",gray:!0})):this.state.success?n.ZP.createElement("div",null,n.ZP.createElement("div",{className:Vr},this.state.successMessage),n.ZP.createElement("div",{className:Xr},n.ZP.createElement("div",{className:$r,onClick:this.close},"Ok"))):n.ZP.createElement("div",null,n.ZP.createElement("div",{className:Vr},!i&&e.length>1?n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",null,"Selected servers"),n.ZP.createElement("ul",{className:"servers-list___RDIdE"},e.map((function(e){var t=y(e,2),r=(t[0],t[1]);return n.ZP.createElement("li",{key:r.id},r.server)})))):n.ZP.createElement("div",null,n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"server"},"Server address"),n.ZP.createElement("input",{id:"server",name:"server",type:"text",className:Kr,value:u.server,defaultValue:"{peerToEdit.server}",onKeyUp:this.validateServerName,onInput:this.handleFormChange,disabled:!!u.host})),u.host?n.ZP.createElement("div",{className:Yr},n.ZP.createElement("strong",null,"Domain name:")," ",u.host):null,o?null:n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"route"},"Server route"),n.ZP.createElement("input",{id:"route",name:"route",className:Kr,type:"text",value:u.route,onInput:this.handleFormChange,maxLength:32})),i?n.ZP.createElement("div",{className:"checkbox___psLWs"},n.ZP.createElement("label",null,n.ZP.createElement("input",{name:"backup",type:"checkbox",checked:u.backup,onChange:this.handleFormChange}),"Add as backup server")):null),n.ZP.createElement("div",{className:"forms-mini___hF0D_"},n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"weight"},"weight"),n.ZP.createElement(be,{id:"weight",name:"weight",className:Kr,onInput:this.handleFormChange,value:u.weight})),n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"max_conns"},"max_conns"),n.ZP.createElement(be,{className:Kr,id:"max_conns",name:"max_conns",value:u.max_conns,onInput:this.handleFormChange})),n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"max_fails"},"max_fails"),n.ZP.createElement(be,{id:"max_fails",name:"max_fails",className:Kr,value:u.max_fails,onInput:this.handleFormChange})),n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"fail_timeout"},"fail_timeout"),n.ZP.createElement(be,{id:"fail_timeout",className:Kr,name:"fail_timeout",value:u.fail_timeout,onInput:this.handleFormChange})),n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"slow_start"},"slow_start"),n.ZP.createElement(be,{id:"slow_start",name:"slow_start",className:Kr,value:u.slow_start,onInput:this.handleFormChange})),i&&!this.state.addAsDomain?n.ZP.createElement("div",{className:Yr},n.ZP.createElement("label",{htmlFor:"service"},"service"),n.ZP.createElement("input",{id:"service",name:"service",className:Kr,value:u.service,onInput:this.handleFormChange})):null),n.ZP.createElement("div",{className:"radio___AWKDb checkbox___psLWs"},n.ZP.createElement("span",{className:"title___C_0wt"},"Set state"),n.ZP.createElement("label",null,n.ZP.createElement("input",{name:"state",value:"false",type:"radio",onChange:this.handleRadioChange,checked:!1===u.down})," Up"),n.ZP.createElement("label",null,n.ZP.createElement("input",{name:"state",value:"true",type:"radio",onChange:this.handleRadioChange,checked:!0===u.down})," Down"),o?null:n.ZP.createElement("label",null,n.ZP.createElement("input",{name:"state",id:"drain",value:"true",type:"radio",onChange:this.handleRadioChange,checked:!0===u.drain})," Drain")),null!==this.state.errorMessages?n.ZP.createElement("div",{className:"error___QvqIL"},n.ZP.createElement("span",{className:"error-close___KmVyV",onClick:this.closeErrors},"×"),this.state.errorMessages.map((function(e){return n.ZP.createElement("div",null,e)}))):null),n.ZP.createElement("div",{className:Xr},i?null:n.ZP.createElement("div",{className:"remove___bbt0v button___sZqkh",onClick:this.remove},"Remove"),n.ZP.createElement("div",{className:$r,onClick:this.save},i?"Add":"Save"),n.ZP.createElement("div",{className:"cancel___mv9SA button___sZqkh",onClick:this.close},"Cancel"))),n.ZP.createElement(Gr,{className:"editor___mSYKf"},n.ZP.createElement("div",{className:"header___mBJxs"},s),n.ZP.createElement("div",{className:"close___mYnly",onClick:this.close},"×"),c)}}],[{key:"normalizeInputData",value:function(e){return Object.keys(e).forEach((function(t){"fail_timeout"!==t&&"slow_start"!==t||(e[t]=parseInt(e[t],10))})),e}},{key:"normalizeOutputData",value:function(e,t){return e=Jr({},e),Object.keys(e).forEach((function(t){"fail_timeout"!==t&&"slow_start"!==t||(e[t]="".concat(e[t],"s"))})),e.server===t.server&&delete e.server,delete e.id,"parent"in e&&(delete e.parent,delete e.host,delete e.server),e}}]),u}(n.ZP.Component),ln=function(){return n.ZP.createElement("div",null,n.ZP.createElement("div",{className:ze.row},n.ZP.createElement(Oe,{type:"sun",className:ze.icon})," Warm – using metadata in shmem"),n.ZP.createElement("div",{className:ze.row},n.ZP.createElement(Oe,{type:"snowflake",className:ze.icon})," Cold – loading metadata"))},un=function(e){var t=e.zone;return n.ZP.createElement("div",null,"Used memory pages: ",t.pages.used," ",n.ZP.createElement("br",null),"Total pages: ",t.pages.total," ",n.ZP.createElement("br",null),"Memory usage = Used pages / Total pages")};const fn={row:"row___jkQpB",h5:"h5___NgOls","status-tag":"status-tag___Q2cP5",status:"status___WHAsP",status_up:"status_up___dNdnt status___WHAsP",status_unavail:"status_unavail___zzv8R status___WHAsP",status_unhealthy:"status_unhealthy___Uw2fq status___WHAsP",status_draining:"status_draining___bNO72 status___WHAsP",status_down:"status_down___n5PuM status___WHAsP",status_ok:"status_ok___MV3NO status___WHAsP",status_alert:"status_alert___d2T5W status___WHAsP",status_warning:"status_warning___b2306 status___WHAsP",status_checking:"status_checking___iU6IZ status___WHAsP",columns:"columns___scITK",column:"column___adgR2"};function hn(e){var t=e.upstream,r=null;return t.queue&&(r=n.ZP.createElement("div",{className:fn.column},n.ZP.createElement("div",null,"Q-Size: ",t.queue.size,"/",t.queue.max_size),n.ZP.createElement("div",null,"Overflows: ",t.queue.overflows," "))),n.ZP.createElement("div",null,n.ZP.createElement("h5",{className:fn.h5},"Upstream: ",t.name),n.ZP.createElement("div",{className:fn.columns},n.ZP.createElement("div",{className:fn.column},n.ZP.createElement("div",null,n.ZP.createElement("span",{className:"".concat(fn["status-tag"]," ").concat(fn.status_up)})," Up: ",t.stats.up),n.ZP.createElement("div",null,n.ZP.createElement("span",{className:"".concat(fn["status-tag"]," ").concat(fn.status_unhealthy)})," Failed: ",t.stats.failed),n.ZP.createElement("div",null,n.ZP.createElement("span",{className:"".concat(fn["status-tag"]," ").concat(fn.status_draining)})," Drain: ",t.stats.draining),n.ZP.createElement("div",null,n.ZP.createElement("span",{className:"".concat(fn["status-tag"]," ").concat(fn.status_down)})," Down: ",t.stats.down),t.stats.checking?n.ZP.createElement("div",null,n.ZP.createElement("span",{className:"".concat(fn["status-tag"]," ").concat(fn.status_checking)})," Checking: ",t.stats.checking):null),r,n.ZP.createElement("div",{className:fn.column},"number"==typeof t.keepalive?n.ZP.createElement("div",null,"Keepalive: ",t.keepalive):null,n.ZP.createElement("div",null,"Zombies: ",t.zombies))))}function dn(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function pn(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?dn(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):dn(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var vn={all:"Show all",up:"Up",failed:"Failed",drain:"Drain",down:"Down"},mn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).state=pn(pn({},t.state),{},{editMode:!1,editor:!1,selectedPeers:new Map,filtering:b.getSetting(t.FILTERING_SETTINGS_KEY,"all")}),t.toggleEditMode=t.toggleEditMode.bind((0,h.Z)(t)),t.changeFilterRule=t.changeFilterRule.bind((0,h.Z)(t)),t.addUpstream=t.addUpstream.bind((0,h.Z)(t)),t.editSelectedUpstream=t.editSelectedUpstream.bind((0,h.Z)(t)),t.showEditor=t.showEditor.bind((0,h.Z)(t)),t.closeEditor=t.closeEditor.bind((0,h.Z)(t)),t.selectAllPeers=t.selectAllPeers.bind((0,h.Z)(t)),t.selectPeer=t.selectPeer.bind((0,h.Z)(t)),t}return(0,o.Z)(u,[{key:"toggleEditMode",value:function(){var e=this;if(/[^\x20-\x7F]/.test(this.props.upstream.name))alert("Sorry, upstream configuration is not available for the upstreams with non-ascii characters in their names");else if(null!==Ee()){var t=!this.state.editMode,r={editMode:t};t||(r.selectedPeers=new Map),this.setState(r)}else _e(!0).then((function(t){!0===t?e.toggleEditMode():!1===t&&alert("Sorry, API is read-only, please make it writable.")}))}},{key:"editSelectedUpstream",value:function(e){if(e)return this.setState({selectedPeers:new Map([[e.id,e]])}),void this.showEditor("edit");this.state.selectedPeers.size>0&&this.showEditor("edit")}},{key:"addUpstream",value:function(){this.showEditor("add")}},{key:"closeEditor",value:function(){this.setState({editor:null})}},{key:"showEditor",value:function(e){this.setState({editor:e})}},{key:"changeFilterRule",value:function(e){b.setSetting(this.FILTERING_SETTINGS_KEY,e.target.value),this.setState({filtering:e.target.value})}},{key:"renderEmptyList",value:function(){return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:et["left-align"],colSpan:30},"No servers with '",this.state.filtering,"' state found in this upstream group."))}},{key:"renderPeers",value:function(){}},{key:"filterPeers",value:function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:this.state.filtering;return e.filter((function(e){var r="all";if("all"===t)return!0;switch(e.state){case"up":r="up";break;case"unavail":case"unhealthy":r="failed";break;case"draining":r="drain";break;case"down":r="down"}return r===t}))}},{key:"selectAllPeers",value:function(e,t){this.setState({selectedPeers:new Map(t?e.map((function(e){return[e.id,e]})):[])})}},{key:"selectPeer",value:function(e,t){var r=this.state.selectedPeers;t?r.set(e.id,e):r.delete(e.id),this.setState({selectedPeers:r})}},{key:"getSelectAllCheckbox",value:function(e){var t=this;return this.state.editMode?n.ZP.createElement("th",{rowSpan:"2",className:et.checkbox},n.ZP.createElement("input",{type:"checkbox",onChange:function(r){return t.selectAllPeers(e,r.target.checked)},checked:this.state.selectedPeers.size===e.length})):null}},{key:"getCheckbox",value:function(e){var t=this;return this.state.editMode?n.ZP.createElement("td",{className:et.checkbox},n.ZP.createElement("input",{type:"checkbox",onChange:function(r){return t.selectPeer(e,r.target.checked)},checked:this.state.selectedPeers.has(e.id)})):null}},{key:"render",value:function(){var e,t=this,r=this.props,a=r.name,o=r.upstream;if(this.props.showOnlyFailed){if(0===(e=this.filterPeers(o.peers,"failed")).length)return null}else e=this.filterPeers(o.peers);"desc"===this.state.sortOrder&&(e=e.sort((function(e){return"down"===e.state||"unhealthy"===e.state||"unavail"===e.state?-1:1})));var s=!0===Ee()||null===Ee();return n.ZP.createElement("div",{className:"upstreams-list___mxwmg",id:"upstream-".concat(a)},this.state.editor?n.ZP.createElement(cn,{upstream:o,peers:"edit"===this.state.editor?this.state.selectedPeers:null,isStream:this.props.isStream,onClose:this.closeEditor,upstreamsApi:this.props.upstreamsApi}):null,n.ZP.createElement("select",{name:"filter",className:"filter___yIP5V",onChange:this.changeFilterRule},Object.keys(vn).map((function(e){return n.ZP.createElement("option",{value:e,key:e,selected:t.state.filtering===e},vn[e])}))),n.ZP.createElement("div",{className:"head___pKgqd"},n.ZP.createElement("h2",d({className:"title___vOE04"},Xe(n.ZP.createElement(hn,{upstream:o}))),a),s?n.ZP.createElement("span",{className:this.state.editMode?"edit-active___bvRp1 edit___jQjMI btn___eI9BD":"edit___jQjMI btn___eI9BD",onClick:this.toggleEditMode}):null,s&&this.state.editMode?[n.ZP.createElement("span",{className:ir,key:"edit",onClick:function(){return t.editSelectedUpstream()}},"Edit selected"),n.ZP.createElement("span",{className:ir,key:"add",onClick:this.addUpstream},"Add server")]:null,null!==o.zoneSize?n.ZP.createElement("span",{className:"zone-capacity____XVvY"},"Zone: ",n.ZP.createElement("span",Xe(n.ZP.createElement(un,{zone:o.slab}),"hint"),n.ZP.createElement(fr,{percentage:o.zoneSize}))):null),this.renderPeers(e))}}]),u}(Je);function yn(e){var t,r,a=e.peer;return r="unavail"===a.state?n.ZP.createElement("span",null,n.ZP.createElement("span",{className:fn.status_unavail},"failed")," (Passive health check failed)"):"unhealthy"===a.state?n.ZP.createElement("span",null,n.ZP.createElement("span",{className:fn.status_unavail},"failed")," (Active health check failed)"):n.ZP.createElement("span",{className:fn["status_".concat(a.state)]},a.state),t=null===a.health_status?"unknown":a.health_status?"passed":"failed",n.ZP.createElement("div",null,"name"in a?n.ZP.createElement("div",{className:fn.row},a.name):null,n.ZP.createElement("h5",{className:fn.h5},a.backup?"b ":"",a.server),n.ZP.createElement("div",{className:fn.row},r),a.backup?n.ZP.createElement("div",{className:fn.row},"Type: backup"):null,n.ZP.createElement("div",{className:fn.row},"Total downtime: ",je(a.downtime)),n.ZP.createElement("div",{className:fn.row},"Last check: ",t),a.isHttp&&a.downstart?n.ZP.createElement("div",{className:fn.row},"Down since: ",Ue(a.downstart)," "):null)}function gn(e){var t=e.peer;return n.ZP.createElement("div",null,t.selected?n.ZP.createElement("div",null,n.ZP.createElement("div",null,"Last: ",Ue(t.selected)),n.ZP.createElement("div",null,"(",je((new Date).getTime()-Date.parse(t.selected))," ago)")):"Last: unknown")}function _n(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function En(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?_n(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):_n(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var Pn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).state=En(En({},t.state),{},{hoveredColumns:!1,columnsExpanded:b.getSetting("columns-expanded-http-upstreams-".concat(e.name),!1)}),t.toggleColumns=t.toggleColumns.bind((0,h.Z)(t)),t.hoverColumns=t.hoverColumns.bind((0,h.Z)(t)),t}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"sorting-http-upstreams-".concat(this.props.name)}},{key:"FILTERING_SETTINGS_KEY",get:function(){return"filtering-http-upstreams-".concat(this.props.name)}},{key:"toggleColumns",value:function(){var e=!this.state.columnsExpanded;this.setState({columnsExpanded:e,hoveredColumns:!1}),b.setSetting("columns-expanded-http-upstreams-".concat(this.props.name),e)}},{key:"hoverColumns",value:function(e){this.state.columnsExpanded&&this.setState({hoveredColumns:e})}},{key:"renderPeers",value:function(e){var t=this;return n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide).concat(this.state.hoveredColumns?" "+et["hovered-expander"]:"")},n.ZP.createElement("col",{width:"10px"}),this.state.editMode?n.ZP.createElement("col",{width:"1%"}):null,n.ZP.createElement("col",{width:"210px"}),n.ZP.createElement("col",{width:"1%"}),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",{width:"20px"}),this.state.columnsExpanded?[n.ZP.createElement("col",{key:"0"}),n.ZP.createElement("col",{key:"1"}),n.ZP.createElement("col",{key:"2"})]:null,n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",{width:"1%"}),n.ZP.createElement("col",{width:"1%"}),n.ZP.createElement("col",{width:"1%"}),n.ZP.createElement("col",{width:"1%"}),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("col",null),n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{secondSortLabel:"Sort by status - down first",order:this.state.sortOrder,onChange:this.changeSorting}),this.getSelectAllCheckbox(e),n.ZP.createElement("th",{colSpan:"3"},"Server"),n.ZP.createElement("th",{colSpan:"2"},"Requests"),n.ZP.createElement("th",{colSpan:this.state.columnsExpanded?6:3},"Responses"),n.ZP.createElement("th",{colSpan:"2"},"Conns"),n.ZP.createElement("th",{colSpan:"4"},"Traffic"),n.ZP.createElement("th",{colSpan:"2"},"Server checks"),n.ZP.createElement("th",{colSpan:"4"},"Health monitors"),n.ZP.createElement("th",{colSpan:"2"},"Response time"),n.ZP.createElement("th",{colSpan:"4"},"SSL")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et["left-align"]},"Name"),n.ZP.createElement("th",{className:et["left-align"]},n.ZP.createElement("span",d({className:et.hinted},Xe("Total downtime","hint")),"DT")),n.ZP.createElement("th",{className:"".concat(et["center-align"]," ").concat(et.bdr)},n.ZP.createElement("span",d({className:et.hinted},Xe("Weight","hint")),"W")),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",{className:et.bdr},"Req/s"),this.state.columnsExpanded?[n.ZP.createElement("th",{key:"empty",className:et["center-align"]}),n.ZP.createElement("th",{key:"1xx",className:et["responses-column"]},"1xx"),n.ZP.createElement("th",{key:"2xx",className:et["responses-column"]},"2xx"),n.ZP.createElement("th",{key:"3xx",className:et["responses-column"]},"3xx")]:n.ZP.createElement("th",{className:et["center-align"]},"..."),n.ZP.createElement("th",null,"4xx"),n.ZP.createElement("th",{className:et.bdr},"5xx"),n.ZP.createElement("th",{className:et["center-align"]},n.ZP.createElement("span",d({className:et.hinted},Xe("Active","hint")),"A")),n.ZP.createElement("th",{className:"".concat(et["center-align"]," ").concat(et.bdr)},n.ZP.createElement("span",d({className:et.hinted},Xe("Limit","hint")),"L")),n.ZP.createElement("th",null,"Sent/s"),n.ZP.createElement("th",null,"Rcvd/s"),n.ZP.createElement("th",null,"Sent"),n.ZP.createElement("th",{className:et.bdr},"Rcvd"),n.ZP.createElement("th",null,"Fails"),n.ZP.createElement("th",{className:et.bdr},"Unavail"),n.ZP.createElement("th",null,"Checks"),n.ZP.createElement("th",null,"Fails"),n.ZP.createElement("th",null,"Unhealthy"),n.ZP.createElement("th",{className:et.bdr},"Last"),n.ZP.createElement("th",null,"Headers"),n.ZP.createElement("th",{className:et.bdr},"Response"),n.ZP.createElement("th",null,"Handshakes"),n.ZP.createElement("th",null,"Handshakes",n.ZP.createElement("br",null),"Failed"),n.ZP.createElement("th",null,"Session",n.ZP.createElement("br",null),"Reuses"),n.ZP.createElement("th",null,"Verify",n.ZP.createElement("br",null),"Failures"))),n.ZP.createElement("tbody",{className:et["right-align"]},0===e.length?this.renderEmptyList():e.map((function(r,a){var o=r.responses.codes,s=r.ssl;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:et[r.state]}),t.getCheckbox(r),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.address)},n.ZP.createElement("div",d({className:et["address-container"]},Xe(n.ZP.createElement(yn,{peer:r}))),r.backup?n.ZP.createElement("span",null,"b "):null,r.server),t.state.editMode?n.ZP.createElement("span",{className:et["edit-peer"],onClick:function(){return t.editSelectedUpstream(r)}}):null),n.ZP.createElement("td",{className:et["left-align"]},je(r.downtime,!0)),n.ZP.createElement("td",{className:"".concat(et["center-align"]," ").concat(et.bdr)},r.weight),n.ZP.createElement("td",null,n.ZP.createElement("span",d({className:et.hinted},Xe(n.ZP.createElement(gn,{peer:r}),"hint")),r.requests)),n.ZP.createElement("td",{className:et.bdr},r.server_req_s),t.state.columnsExpanded?[0===a?n.ZP.createElement("td",{className:et["collapse-columns"],rowspan:e.length,onClick:t.toggleColumns,onMouseEnter:function(){return t.hoverColumns(!0)},onMouseLeave:function(){return t.hoverColumns(!1)},key:"toggle"},"◀"):null,n.ZP.createElement("td",{className:et["responses-column"],key:"1xx"},nt.responsesTextWithTooltip(r.responses["1xx"],o,"1")),n.ZP.createElement("td",{className:et["responses-column"],key:"2xx"},nt.responsesTextWithTooltip(r.responses["2xx"],o,"2")),n.ZP.createElement("td",{className:et["responses-column"],key:"3xx"},nt.responsesTextWithTooltip(r.responses["3xx"],o,"3"))]:0===a?n.ZP.createElement("td",{className:et["collapse-columns"],rowspan:e.length,onClick:t.toggleColumns},"▶"):null,n.ZP.createElement("td",{className:"".concat(et.flash).concat(r["4xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(r.responses["4xx"],o,"4")),n.ZP.createElement("td",{className:"".concat(et.bdr," ").concat(et.flash).concat(r["5xxChanged"]?" "+et["red-flash"]:"")},nt.responsesTextWithTooltip(r.responses["5xx"],o,"5")),n.ZP.createElement("td",{className:et["center-align"]},r.active),n.ZP.createElement("td",{className:"".concat(et["center-align"]," ").concat(et.bdr)},r.max_conns===1/0?n.ZP.createElement("span",null,"∞"):r.max_conns),n.ZP.createElement("td",{className:et.px60},Me(r.server_sent_s)),n.ZP.createElement("td",{className:et.px60},Me(r.server_rcvd_s)),n.ZP.createElement("td",null,Me(r.sent)),n.ZP.createElement("td",null,Me(r.received)),n.ZP.createElement("td",null,r.fails),n.ZP.createElement("td",{className:et.bdr},r.unavail),n.ZP.createElement("td",null,r.health_checks.checks),n.ZP.createElement("td",null,r.health_checks.fails),n.ZP.createElement("td",null,r.health_checks.unhealthy),n.ZP.createElement("td",{className:"".concat(et.bdr," ").concat(et.flash).concat(!1===r.health_status?" "+et["red-flash"]:"")},null===r.health_status?"–":n.ZP.createElement("span",d({className:et.hinted},Xe(n.ZP.createElement("div",null,r.health_status?"passed":"failed"),"hint")),r.health_status?"✔":"✘")),n.ZP.createElement("td",null,Be(r.header_time)),n.ZP.createElement("td",{className:et.bdr},Be(r.response_time)),n.ZP.createElement("td",null,s?s.handshakes:"–"),n.ZP.createElement("td",null,s?nt.tooltipRowsContent(s.handshakes_failed,De(s),"hint"):"–"),n.ZP.createElement("td",null,s?s.session_reuses:"–"),n.ZP.createElement("td",null,s?nt.tooltipRowsContent.apply(nt,m(Fe(s)).concat(["hint"])):"–"))}))))}}]),u}(mn);var bn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data.upstreams;return n.ZP.createElement(cr,{title:"HTTP Upstreams",component:Pn,upstreams:e,upstreamsApi:me,isStream:!1})}}]),u}(n.ZP.Component);const Zn=j(bn,[ve.slabs.process(oe),ve.http.upstreams.process($)]),wn=X({history:{},prevUpdatingPeriod:null});var Sn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data,t=e.server_zones,r=e.limit_conns;return n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"TCP/UDP Zones"),n.ZP.createElement("table",{className:et.table},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",{colSpan:3},"Connections"),n.ZP.createElement("th",{colSpan:4},"Sessions"),n.ZP.createElement("th",{colSpan:4},"Traffic"),n.ZP.createElement("th",{colSpan:4},"SSL")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Current"),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",{className:et.bdr},"Conn/s"),n.ZP.createElement("th",null,"2xx"),n.ZP.createElement("th",null,"4xx"),n.ZP.createElement("th",null,"5xx"),n.ZP.createElement("th",{className:et.bdr},"Total"),n.ZP.createElement("th",null,"Sent/s"),n.ZP.createElement("th",null,"Rcvd/s"),n.ZP.createElement("th",null,"Sent"),n.ZP.createElement("th",{className:et.bdr},"Rcvd"),n.ZP.createElement("th",null,"Handshakes"),n.ZP.createElement("th",null,"Handshakes",n.ZP.createElement("br",null),"Failed"),n.ZP.createElement("th",null,"Session",n.ZP.createElement("br",null),"Reuses"),n.ZP.createElement("th",null,"Verify",n.ZP.createElement("br",null),"Failures"))),n.ZP.createElement("tbody",{className:et["right-align"]},Array.from(t).map((function(e){var t=y(e,2),r=t[0],a=t[1],o=a.ssl;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",null,a.processing),n.ZP.createElement("td",null,a.connections),n.ZP.createElement("td",{className:et.bdr},a.zone_conn_s),n.ZP.createElement("td",null,a.sessions["2xx"]),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["4xxChanged"]?" "+et["red-flash"]:"")},a.sessions["4xx"]),n.ZP.createElement("td",{className:"".concat(et.flash).concat(a["5xxChanged"]?" "+et["red-flash"]:"")},a.sessions["5xx"]),n.ZP.createElement("td",{className:et.bdr},a.sessions.total),n.ZP.createElement("td",{className:et.px60},Me(a.sent_s)),n.ZP.createElement("td",{className:et.px60},Me(a.rcvd_s)),n.ZP.createElement("td",{className:et.px60},Me(a.sent)),n.ZP.createElement("td",{className:"".concat(et.px60," ").concat(et.bdr)},Me(a.received)),n.ZP.createElement("td",null,o?o.handshakes:"–"),n.ZP.createElement("td",null,o?nt.tooltipRowsContent(o.handshakes_failed,De(o),"hint"):"–"),n.ZP.createElement("td",null,o?o.session_reuses:"–"),n.ZP.createElement("td",null,o?nt.tooltipRowsContent.apply(nt,m(Fe(o)).concat(["hint"])):"–"))})))),n.ZP.createElement("br",null),r?n.ZP.createElement(rr,{data:r}):null)}}]),u}(n.ZP.Component);const xn=j(Sn,[ve.stream.server_zones,ve.stream.limit_conns.process(wn)]);var On=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"sorting-stream-upstreams-".concat(this.props.name)}},{key:"FILTERING_SETTINGS_KEY",get:function(){return"filtering-stream-upstreams-".concat(this.props.name)}},{key:"renderPeers",value:function(e){var t=this;return n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{secondSortLabel:"Sort by status - down first",order:this.state.sortOrder,onChange:this.changeSorting}),this.getSelectAllCheckbox(e),n.ZP.createElement("th",{colSpan:"3"},"Server"),n.ZP.createElement("th",{colSpan:"4"},"Connection"),n.ZP.createElement("th",{colSpan:"4"},"Traffic"),n.ZP.createElement("th",{colSpan:"2"},"Server checks"),n.ZP.createElement("th",{colSpan:"4"},"Health monitors"),n.ZP.createElement("th",{colSpan:"3"},"Response time"),n.ZP.createElement("th",{colSpan:"4"},"SSL")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et["left-align"]},"Name"),n.ZP.createElement("th",{className:et["left-align"]},n.ZP.createElement("span",d({className:et.hinted},Xe("Total downtime","hint")),"DT")),n.ZP.createElement("th",{className:"".concat(et["center-align"]," ").concat(et.bdr)},n.ZP.createElement("span",d({className:et.hinted},Xe("Weight","hint")),"W")),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",null,"Conn/s"),n.ZP.createElement("th",null,"Active"),n.ZP.createElement("th",{className:et.bdr},"Limit"),n.ZP.createElement("th",null,"Sent/s"),n.ZP.createElement("th",null,"Rcvd/s"),n.ZP.createElement("th",null,"Sent"),n.ZP.createElement("th",{className:et.bdr},"Rcvd"),n.ZP.createElement("th",null,"Fails"),n.ZP.createElement("th",{className:et.bdr},"Unavail"),n.ZP.createElement("th",null,"Checks"),n.ZP.createElement("th",null,"Fails"),n.ZP.createElement("th",null,"Unhealthy"),n.ZP.createElement("th",{className:"".concat(et.bdr," ").concat(et["left-align"])},"Last"),n.ZP.createElement("th",null,"Connect"),n.ZP.createElement("th",null,"First byte"),n.ZP.createElement("th",{className:et.bdr},"Response"),n.ZP.createElement("th",null,"Handshakes"),n.ZP.createElement("th",null,"Handshakes",n.ZP.createElement("br",null),"Failed"),n.ZP.createElement("th",null,"Session",n.ZP.createElement("br",null),"Reuses"),n.ZP.createElement("th",null,"Verify",n.ZP.createElement("br",null),"Failures"))),n.ZP.createElement("tbody",{className:et["right-align"]},0===e.length?this.renderEmptyList():e.map((function(e){var r=e.ssl;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:et[e.state]}),t.getCheckbox(e),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.address)},n.ZP.createElement("span",d({className:et["address-container"]},Xe(n.ZP.createElement(yn,{peer:e}))),e.backup?n.ZP.createElement("span",null,"b "):null,e.server),t.state.editMode?n.ZP.createElement("span",{className:et["edit-peer"],onClick:function(){return t.editSelectedUpstream(e)}}):null),n.ZP.createElement("td",null,je(e.downtime,!0)),n.ZP.createElement("td",{className:et.bdr},e.weight),n.ZP.createElement("td",null,n.ZP.createElement("span",d({className:et.hinted},Xe(n.ZP.createElement(gn,{peer:e}),"hint")),e.connections)),n.ZP.createElement("td",null,e.server_conn_s),n.ZP.createElement("td",null,e.active),n.ZP.createElement("td",{className:et.bdr},e.max_conns===1/0?n.ZP.createElement("span",null,"∞"):e.max_conns),n.ZP.createElement("td",{className:et.px60},Me(e.server_sent_s)),n.ZP.createElement("td",{className:et.px60},Me(e.server_rcvd_s)),n.ZP.createElement("td",null,Me(e.sent)),n.ZP.createElement("td",{className:et.bdr},Me(e.received)),n.ZP.createElement("td",null,e.fails),n.ZP.createElement("td",null,e.unavail),n.ZP.createElement("td",null,e.health_checks.checks),n.ZP.createElement("td",null,e.health_checks.fails),n.ZP.createElement("td",null,e.health_checks.unhealthy),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bdr," ").concat(et.flash).concat(!1===e.health_status?" "+et["red-flash"]:"")},null===e.health_status?"–":e.health_status?"passed":"failed"),n.ZP.createElement("td",null,Be(e.connect_time)),n.ZP.createElement("td",null,Be(e.first_byte_time)),n.ZP.createElement("td",{className:et.bdr},Be(e.response_time)),n.ZP.createElement("td",null,r?r.handshakes:"–"),n.ZP.createElement("td",null,r?nt.tooltipRowsContent(r.handshakes_failed,De(r),"hint"):"–"),n.ZP.createElement("td",null,r?r.session_reuses:"–"),n.ZP.createElement("td",null,r?nt.tooltipRowsContent.apply(nt,m(Fe(r)).concat(["hint"])):"–"))}))))}}]),u}(mn);var kn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data.upstreams;return n.ZP.createElement(cr,{title:"TCP/UDP Upstreams",component:On,upstreams:e,upstreamsApi:ye,isStream:!0})}}]),u}(n.ZP.Component);const Rn=j(kn,[ve.slabs.process(oe),ve.stream.upstreams.process(ee)]);var Nn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"componentDidMount",value:function(){this.initCanvas(),this.updateCanvas(this.props.percentage)}},{key:"shouldComponentUpdate",value:function(e){return e.percentage!==this.props.percentage}},{key:"componentWillUpdate",value:function(e){this.updateCanvas(e.percentage)}},{key:"initCanvas",value:function(){this.canvas.width=74*window.devicePixelRatio,this.canvas.height=37*window.devicePixelRatio,this.canvas.style.height="".concat(37,"px"),this.canvas.style.width="".concat(74,"px"),this.canvas.getContext("2d").scale(window.devicePixelRatio,window.devicePixelRatio)}},{key:"updateCanvas",value:function(e){var t=this.canvas.getContext("2d");t.clearRect(0,0,74,37),t.lineWidth=9;var r=function(e,r){t.beginPath(),t.arc(37,37,32.5,Math.PI,e,!1),t.strokeStyle=r,t.stroke()};r(2*Math.PI,"#e3e8ed"),r(Math.PI*(1+e/100),e<40?"#f0c946":"#8dc63f")}},{key:"render",value:function(){var e=this,t=this.props.percentage;return n.ZP.createElement("div",{className:"gaugeindicator___WVSuk"},n.ZP.createElement("canvas",{ref:function(t){e.canvas=t},className:"canvas___JJf3z"}),null!==t?n.ZP.createElement("span",{className:"value___HGEUr"},t,"%"):null)}}]),u}(n.wA);const An="icon___sFUdJ";var Tn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"render",value:function(){var e=this.props.data.caches;return n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Caches"),n.ZP.createElement("table",{className:et.table},n.ZP.createElement("col",{width:"170px"}),n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",null,n.ZP.createElement("span",d({className:et.hinted},Xe(n.ZP.createElement(ln,null),"hint")),"State")),n.ZP.createElement("th",null,n.ZP.createElement("span",d({className:et.hinted},Xe("Memory usage = Used memory pages / Total memory pages","hint")),"Memory usage")),n.ZP.createElement("th",null,"Max size"),n.ZP.createElement("th",null,"Used"),n.ZP.createElement("th",null,n.ZP.createElement("span",d({className:et.hinted},Xe("Disk usage = Used / Max size","hint")),"Disk usage")),n.ZP.createElement("th",{colSpan:"3"},"Traffic"),n.ZP.createElement("th",null,"Hit Ratio")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Served"),n.ZP.createElement("th",null,"Written"),n.ZP.createElement("th",{className:et.bdr},"Bypassed"),n.ZP.createElement("th",null))),n.ZP.createElement("tbody",null,Array.from(e).map((function(e){var t=y(e,2),r=t[0],a=t[1];return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:"".concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",{className:"".concat(et.bdr," ").concat(et["center-align"])},a.cold?n.ZP.createElement("span",Xe("Cold","hint"),n.ZP.createElement(Oe,{type:"snowflake",className:An})):n.ZP.createElement("span",Xe("Warm","hint"),n.ZP.createElement(Oe,{type:"sun",className:An}))),n.ZP.createElement("td",{className:et.bdr},n.ZP.createElement("span",Xe(n.ZP.createElement(un,{zone:a.slab}),"hint"),n.ZP.createElement(fr,{percentage:a.zoneSize||0}))),n.ZP.createElement("td",{className:et.bdr},"number"==typeof a.max_size?u.formatReadableBytes(a.max_size,"GB"):n.ZP.createElement("span",null,"∞")),n.ZP.createElement("td",{className:et.bdr},u.formatReadableBytes(a.size,"GB")),n.ZP.createElement("td",{className:et.bdr},n.ZP.createElement(fr,{warning:a.warning,danger:a.danger,percentage:"number"!=typeof a.max_size?-1:a.used})),n.ZP.createElement("td",{className:et["right-align"]},u.formatReadableBytes(a.traffic.s_served)),n.ZP.createElement("td",{className:et["right-align"]},u.formatReadableBytes(a.traffic.s_written)),n.ZP.createElement("td",{className:"".concat(et.bdr," ").concat(et["right-align"])},u.formatReadableBytes(a.traffic.s_bypassed)),n.ZP.createElement("td",null,n.ZP.createElement(Nn,{percentage:a.hit_percents_generic})))})))))}}],[{key:"formatReadableBytes",value:function(e,t){return Me(e,t,{0:"B",1:"KB",2:"MB",3:"GB",4:"TB"})}}]),u}(n.ZP.Component);const Cn=j(Tn,[ve.slabs.process(oe),ve.http.caches.process(ne)]);var In=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"sharedZonesSortOrder"}},{key:"render",value:function(){var e=Array.from(this.props.data.slabs);return"desc"===this.state.sortOrder&&e.sort((function(e,t){var r=y(e,2),n=(r[0],r[1]),a=y(t,2),o=(a[0],a[1]);return n.pages.total>o.pages.total?-1:1})),n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Shared Zones"),n.ZP.createElement("table",{className:et.table},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{singleRow:!0,secondSortLabel:"Sort by size - large first",order:this.state.sortOrder,onChange:this.changeSorting}),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",null,"Total memory pages"),n.ZP.createElement("th",null,"Used memory pages"),n.ZP.createElement("th",null,n.ZP.createElement("span",d({className:et.hinted},Xe("Memory usage = Used memory pages / Total memory pages","hint")),"Memory usage")))),n.ZP.createElement("tbody",null,e.map((function(e){var t=y(e,2),r=t[0],a=t[1];return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:et.status}),n.ZP.createElement("td",{className:et.bold},r),n.ZP.createElement("td",null,a.pages.total),n.ZP.createElement("td",null,a.pages.used),n.ZP.createElement("td",null,n.ZP.createElement(fr,{percentage:a.percentSize})))})))))}}]),u}(Je);const jn=j(In,[ve.slabs.process(oe)]);var Mn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).state={expanded:!1,state:!0},e.toggle=e.toggle.bind((0,h.Z)(e)),e.play=e.play.bind((0,h.Z)(e)),e.pause=e.pause.bind((0,h.Z)(e)),e.update=e.update.bind((0,h.Z)(e)),e}return(0,o.Z)(u,[{key:"toggle",value:function(){this.setState({expanded:!this.state.expanded})}},{key:"play",value:function(){this.props.play(),this.setState({state:!0})}},{key:"pause",value:function(){this.props.pause(),this.setState({state:!1})}},{key:"update",value:function(){this.props.update(!0),this.setState({state:!0})}},{key:"render",value:function(){return n.ZP.createElement("div",{className:this.state.expanded?"expanded-control___zGi5b updating-control___l69pr":"updating-control___l69pr"},n.ZP.createElement("div",{className:"toggle___FIcUr",onClick:this.toggle}),this.state.state?n.ZP.createElement("div",{className:"pause___yY6mJ button___k1ZvA",onClick:this.pause}):n.ZP.createElement("div",{className:"play___YvmME button___k1ZvA",onClick:this.play}),n.ZP.createElement("div",{className:"update___V4ERr button___k1ZvA",onClick:this.update}))}}]),u}(n.ZP.Component);var Bn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"zoneSyncSortOrder"}},{key:"render",value:function(){var e=this.props.data.zone_sync,t=e.status,r=Array.from(e.zones);return"desc"===this.state.sortOrder&&r.sort((function(e,t){var r=y(e,2),n=(r[0],r[1]),a=y(t,2);return a[0],a[1],n.alert||n.warning?-1:1})),n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Instance Status"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.thin)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement("th",{colSpan:2},"In"),n.ZP.createElement("th",{colSpan:2},"Out"),n.ZP.createElement("th",null,"Nodes online")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",null,"messages"),n.ZP.createElement("th",{className:et.bdr},"bytes"),n.ZP.createElement("th",null,"messages"),n.ZP.createElement("th",{className:et.bdr},"bytes"),n.ZP.createElement("th",null))),n.ZP.createElement("tbody",{className:et["right-align"]},n.ZP.createElement("tr",null,n.ZP.createElement("td",null,t.msgs_in),n.ZP.createElement("td",{className:et.bdr},t.bytes_in),n.ZP.createElement("td",null,t.msgs_out),n.ZP.createElement("td",{className:et.bdr},t.bytes_out),n.ZP.createElement("td",null,t.nodes_online)))),n.ZP.createElement("br",null),n.ZP.createElement("h1",null,"Zones"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.thin)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{order:this.state.sortOrder,onChange:this.changeSorting}),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",{colspan:2},"Records")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Total"),n.ZP.createElement("th",null,"Pending"))),n.ZP.createElement("tbody",{className:et["right-align"]},r.map((function(e){var t=y(e,2),r=t[0],a=t[1],o=et.ok;return a.alert?o=et.alert:a.warning&&(o=et.warning),n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:o}),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",null,a.records_total),n.ZP.createElement("td",null,a.records_pending))})))))}}]),u}(Je);const Un=j(Bn,[ve.stream.zone_sync.process(ue)]);var Ln=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){return(0,a.Z)(this,u),l.apply(this,arguments)}return(0,o.Z)(u,[{key:"SORTING_SETTINGS_KEY",get:function(){return"resolversSortOrder"}},{key:"render",value:function(){var e=Array.from(this.props.data.resolvers);return"desc"===this.state.sortOrder&&e.sort((function(e,t){var r=y(e,2),n=(r[0],r[1]),a=y(t,2);return a[0],a[1],n.alert?-1:1})),n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Resolvers"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.wide)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement(tt,{order:this.state.sortOrder,onChange:this.changeSorting}),n.ZP.createElement("th",null,"Zone"),n.ZP.createElement("th",{colSpan:3},"Requests"),n.ZP.createElement("th",{colSpan:8},"Responses")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",{className:et.bdr}),n.ZP.createElement("th",null,"Name"),n.ZP.createElement("th",null,"SRV"),n.ZP.createElement("th",{className:et.bdr},"Address"),n.ZP.createElement("th",null,"Success"),n.ZP.createElement("th",null,"Format error"),n.ZP.createElement("th",null,"Server failure"),n.ZP.createElement("th",null,"Host not found"),n.ZP.createElement("th",null,"Unimplemented"),n.ZP.createElement("th",null,"Operation refused"),n.ZP.createElement("th",null,"Unknown"),n.ZP.createElement("th",null,"Timed out"))),n.ZP.createElement("tbody",{className:et["right-align"]},e.map((function(e){var t=y(e,2),r=t[0],a=t[1],o=a.requests,s=a.responses,i=a.alert;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{className:i?et.alert:et.ok}),n.ZP.createElement("td",{className:"".concat(et["left-align"]," ").concat(et.bold," ").concat(et.bdr)},r),n.ZP.createElement("td",null,o.name),n.ZP.createElement("td",null,o.srv),n.ZP.createElement("td",{className:et.bdr},o.addr),n.ZP.createElement("td",null,s.noerror),n.ZP.createElement("td",null,s.formerr),n.ZP.createElement("td",null,s.servfail),n.ZP.createElement("td",null,s.nxdomain),n.ZP.createElement("td",null,s.notimp),n.ZP.createElement("td",null,s.refused),n.ZP.createElement("td",null,s.unknown),n.ZP.createElement("td",null,s.timedout))})))))}}]),u}(Je);const Dn=j(Ln,[ve.resolvers.process(he)]);function Fn(){return Fn="undefined"!=typeof Reflect&&Reflect.get?Reflect.get.bind():function(e,t,r){var n=function(e,t){for(;!Object.prototype.hasOwnProperty.call(e,t)&&null!==(e=(0,c.Z)(e)););return e}(e,t);if(n){var a=Object.getOwnPropertyDescriptor(n,t);return a.get?a.get.call(arguments.length<3?e:r):a.value}},Fn.apply(this,arguments)}function zn(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function qn(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?zn(Object(r),!0).forEach((function(t){g(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):zn(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var Wn={sortOrder:"workersSortOrder_id",sortOrderByPid:"workersSortOrder_pid",sortOrderByAccepted:"workersSortOrder_connAccepted",sortOrderByAcceptedPerSec:"workersSortOrder_acceptedPerSeq",sortOrderByDropped:"workersSortOrder_connDropped",sortOrderByActive:"workersSortOrder_connActive",sortOrderByIdle:"workersSortOrder_connIdle",sortOrderByTotal:"workersSortOrder_reqTotal",sortOrderByCurrent:"workersSortOrder_reqCurrent",sortOrderByReqPerSec:"workersSortOrder_reqPerSec"},Hn=function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(e){var t;return(0,a.Z)(this,u),(t=l.call(this,e)).state=qn(qn({},t.state),{},{sortOrderByPid:b.getSetting(Wn.sortOrderByPid,"asc"),sortOrderByAccepted:b.getSetting(Wn.sortOrderByAccepted,"asc"),sortOrderByAcceptedPerSec:b.getSetting(Wn.sortOrderByAcceptedPerSec,"asc"),sortOrderByDropped:b.getSetting(Wn.sortOrderByDropped,"asc"),sortOrderByActive:b.getSetting(Wn.sortOrderByActive,"asc"),sortOrderByIdle:b.getSetting(Wn.sortOrderByIdle,"asc"),sortOrderByTotal:b.getSetting(Wn.sortOrderByTotal,"asc"),sortOrderByCurrent:b.getSetting(Wn.sortOrderByCurrent,"asc"),sortOrderByReqPerSec:b.getSetting(Wn.sortOrderByReqPerSec,"asc"),activeSort:b.getSetting("workersActiveSort","sortOrder")}),t.state.activeSort in t.state||(t.state.activeSort="sortOrder"),t}return(0,o.Z)(u,[{key:"changeSorting",value:function(e){"sortOrder"!==this.state.activeSort?(this.setState({activeSort:"sortOrder"}),b.setSetting("workersActiveSort","sortOrder")):Fn((0,c.Z)(u.prototype),"changeSorting",this).call(this,e)}},{key:"SORTING_SETTINGS_KEY",get:function(){return Wn.sortOrder}},{key:"changeSortingBy",value:function(e,t){this.state.activeSort!==e?(this.setState({activeSort:e}),b.setSetting("workersActiveSort",e)):(this.setState(g({},e,t)),b.setSetting(Wn[e],t))}},{key:"render",value:function(){var e=this.props.data.workers,t=this.state.activeSort;return"sortOrderByPid"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByPid&&(r=-1,n=1),t.sort((function(e,t){return e.pid>=t.pid?r:n}))}(this.state,e):"sortOrderByAccepted"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByAccepted&&(r=-1,n=1),t.sort((function(e,t){return"connections"in e&&"accepted"in e.connections?"connections"in t&&"accepted"in t.connections?e.connections.accepted>=t.connections.accepted?r:n:-1:1}))}(this.state,e):"sortOrderByAcceptedPerSec"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByAcceptedPerSec&&(r=-1,n=1),t.sort((function(e,t){return"connections"in e&&"acceptedPerSec"in e.connections?"connections"in t&&"acceptedPerSec"in t.connections?e.connections.acceptedPerSec>=t.connections.acceptedPerSec?r:n:-1:1}))}(this.state,e):"sortOrderByDropped"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByDropped&&(r=-1,n=1),t.sort((function(e,t){return"connections"in e&&"dropped"in e.connections?"connections"in t&&"dropped"in t.connections?e.connections.dropped>=t.connections.dropped?r:n:-1:1}))}(this.state,e):"sortOrderByActive"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByActive&&(r=-1,n=1),t.sort((function(e,t){return"connections"in e&&"active"in e.connections?"connections"in t&&"active"in t.connections?e.connections.active>=t.connections.active?r:n:-1:1}))}(this.state,e):"sortOrderByIdle"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByIdle&&(r=-1,n=1),t.sort((function(e,t){return"connections"in e&&"idle"in e.connections?"connections"in t&&"idle"in t.connections?e.connections.idle>=t.connections.idle?r:n:-1:1}))}(this.state,e):"sortOrderByTotal"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByTotal&&(r=-1,n=1),t.sort((function(e,t){return"http"in e&&"requests"in e.http&&"total"in e.http.requests?"http"in t&&"requests"in t.http&&"total"in t.http.requests?e.http.requests.total>=t.http.requests.total?r:n:-1:1}))}(this.state,e):"sortOrderByCurrent"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByCurrent&&(r=-1,n=1),t.sort((function(e,t){return"http"in e&&"requests"in e.http&&"current"in e.http.requests?"http"in t&&"requests"in t.http&&"current"in t.http.requests?e.http.requests.current>=t.http.requests.current?r:n:-1:1}))}(this.state,e):"sortOrderByReqPerSec"===t?function(e,t){var r=1,n=-1;"desc"===e.sortOrderByReqPerSec&&(r=-1,n=1),t.sort((function(e,t){return"http"in e&&"requests"in e.http&&"reqsPerSec"in e.http.requests?"http"in t&&"requests"in t.http&&"reqsPerSec"in t.http.requests?e.http.requests.reqsPerSec>=t.http.requests.reqsPerSec?r:n:-1:1}))}(this.state,e):"desc"===this.state.sortOrder?e.sort((function(e,t){return e.id>t.id?-1:1})):e.sort((function(e,t){return e.id<t.id?-1:1})),n.ZP.createElement("div",null,n.ZP.createElement("h1",null,"Workers"),n.ZP.createElement("table",{className:"".concat(et.table," ").concat(et.thin)},n.ZP.createElement("thead",null,n.ZP.createElement("tr",null,n.ZP.createElement("th",{className:et["no-bdr"]},"ID"),n.ZP.createElement(tt,{firstSortLabel:"Sort by ID - desc",secondSortLabel:"Sort by ID - asc",order:this.state.sortOrder,onChange:this.changeSorting,isActive:"sortOrder"===this.state.activeSort,isInline:!0}),n.ZP.createElement("th",{className:et["no-bdr"]},"PID"),n.ZP.createElement(tt,{firstSortLabel:"Sort by PID - desc",secondSortLabel:"Sort by PID - asc",order:this.state.sortOrderByPid,onChange:this.changeSortingBy.bind(this,"sortOrderByPid"),isActive:"sortOrderByPid"===this.state.activeSort,isInline:!0}),n.ZP.createElement("th",{colSpan:10},"Connections"),n.ZP.createElement("th",{colSpan:6},"Requests")),n.ZP.createElement("tr",{className:"".concat(et["right-align"]," ").concat(et["sub-header"])},n.ZP.createElement("th",null),n.ZP.createElement("th",null),n.ZP.createElement("th",null,"Accepted"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Accepted - desc",secondSortLabel:"Sort by Accepted - asc",order:this.state.sortOrderByAccepted,onChange:this.changeSortingBy.bind(this,"sortOrderByAccepted"),isActive:"sortOrderByAccepted"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Accepted/s"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Accepted/s - desc",secondSortLabel:"Sort by Accepted/s - asc",order:this.state.sortOrderByAcceptedPerSec,onChange:this.changeSortingBy.bind(this,"sortOrderByAcceptedPerSec"),isActive:"sortOrderByAcceptedPerSec"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Active"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Active - desc",secondSortLabel:"Sort by Active - asc",order:this.state.sortOrderByActive,onChange:this.changeSortingBy.bind(this,"sortOrderByActive"),isActive:"sortOrderByActive"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Idle"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Idle - desc",secondSortLabel:"Sort by Idle - asc",order:this.state.sortOrderByIdle,onChange:this.changeSortingBy.bind(this,"sortOrderByIdle"),isActive:"sortOrderByIdle"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Dropped"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Dropped - desc",secondSortLabel:"Sort by Dropped - asc",order:this.state.sortOrderByDropped,onChange:this.changeSortingBy.bind(this,"sortOrderByDropped"),isActive:"sortOrderByDropped"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Current"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Current - desc",secondSortLabel:"Sort by Current - asc",order:this.state.sortOrderByCurrent,onChange:this.changeSortingBy.bind(this,"sortOrderByCurrent"),isActive:"sortOrderByCurrent"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Total"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Total - desc",secondSortLabel:"Sort by Total - asc",order:this.state.sortOrderByTotal,onChange:this.changeSortingBy.bind(this,"sortOrderByTotal"),isActive:"sortOrderByTotal"===this.state.activeSort,singleRow:!0,isInline:!0}),n.ZP.createElement("th",null,"Req/s"),n.ZP.createElement(tt,{firstSortLabel:"Sort by Req/s - desc",secondSortLabel:"Sort by Req/s - asc",order:this.state.sortOrderByReqPerSec,onChange:this.changeSortingBy.bind(this,"sortOrderByReqPerSec"),isActive:"sortOrderByReqPerSec"===this.state.activeSort,singleRow:!0,isInline:!0}))),n.ZP.createElement("tbody",{className:et["right-align"]},e.map((function(e){var t=e.id,r=e.pid,a=e.connections,o=void 0===a?{}:a,s=e.http,i=(s=void 0===s?{requests:{}}:s).requests,c=void 0===i?{}:i;return n.ZP.createElement("tr",null,n.ZP.createElement("td",{colSpan:2},Le(t)),n.ZP.createElement("td",{colSpan:2},Le(r)),n.ZP.createElement("td",{colSpan:2},Le(o.accepted)),n.ZP.createElement("td",{colSpan:2},Le(o.acceptedPerSec)),n.ZP.createElement("td",{colSpan:2},Le(o.active)),n.ZP.createElement("td",{colSpan:2},Le(o.idle)),n.ZP.createElement("td",{colSpan:2},Le(o.dropped)),n.ZP.createElement("td",{colSpan:2},Le(c.current)),n.ZP.createElement("td",{colSpan:2},Le(c.total)),n.ZP.createElement("td",{colSpan:2},Le(c.reqsPerSec)))})))))}}]),u}(Je);const Gn=j(Hn,[ve.workers.process(de)]);n.ZP.Component;var Vn=u()(),Yn={"#":jt,"#server_zones":sr,"#upstreams":Zn,"#tcp_zones":xn,"#tcp_upstreams":Rn,"#caches":Cn,"#shared_zones":jn,"#cluster":Un,"#resolvers":Dn,"#workers":Gn},Kn={basic_auth:"Access to /api/ location is forbidden. Check NGINX configuration.",old_status_found:"No data received from /api/ location, but found deprecated /status/ location. Сheck NGINX configuration.",api_not_found:"No data received from /api/ location. Check NGINX configuration."};const Xn={Component:function(e){(0,s.Z)(u,e);var t,r,l=(t=u,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,c.Z)(t);if(r){var a=(0,c.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,i.Z)(this,e)});function u(){var e;return(0,a.Z)(this,u),(e=l.call(this)).state={hash:Vn.location.hash||"#",loading:!0,error:void 0},e}return(0,o.Z)(u,[{key:"componentDidMount",value:function(){var e=this;Vn.listen((function(t){var r=t.hash;e.setState({hash:r||"#"})})),pe.nginx.get().catch((function(e){if(401===e.status)throw{type:"basic_auth"};return window.fetch("/status").then((function(e){if(200===e.status)throw{type:"old_status_found"};throw{type:"api_not_found"}}))})).then((function(){return _e(),function(e){var t=e.subscribe,r=e.unsubscribe,n=e.availableApiEndpoints,a=[pe.nginx,pe.connections.process(se),pe.ssl.process(ie),pe.http.requests.process(ce),pe.http.server_zones.process(F),pe.http.location_zones.process(q),pe.http.upstreams.process($),pe.stream.server_zones.process(J),pe.stream.upstreams.process(ee),pe.http.caches.process(ne),pe.slabs.process(oe),pe.stream.zone_sync.process(ue),pe.resolvers.process(he),pe.workers.process(de)];return window.fetch("".concat(_,"/")).then((function(e){if(e.status<=299)return e.json().then((function(e){e&&n.fillFirstLevel(e)})).catch((function(){}))})).then((function(){return Promise.all(n.getSecondLevel().map((function(e){return n.firstLevelIncludes(e)?window.fetch("".concat(_,"/").concat(e,"/")).then((function(t){if(t.status<=299)return t.json().then((function(t){t&&n.fillThirdLevel(e,t)})).catch((function(){}))})):Promise.resolve()}))).then((function(){return new Promise((function(e){var n=!1;t(a,(function(){n||(n=!0,r(a),e())}))}))}))}))}(I)})).then((function(){e.setState({loading:!1}),I.startObserve()})).catch((function(t){e.setState({error:t.type})}))}},{key:"render",value:function(){var e,t=this.state,r=t.error;if(t.loading)return n.ZP.createElement("div",{className:f.Z.splash},n.ZP.createElement("span",{className:f.Z.logo}),n.ZP.createElement(Ce,{className:f.Z.loader}),n.ZP.createElement("span",{className:f.Z.loading},"Loading..."));if(r){var a=null;r in Kn&&(a=n.ZP.createElement("p",null,Kn[r])),e=n.ZP.createElement("div",{className:f.Z["error-block"]},a,n.ZP.createElement("p",null,"For more information please refer to the following ",n.ZP.createElement("a",{href:"https://www.nginx.com/resources/admin-guide/monitoring/"},"documentation.")))}else{var o=Yn[this.state.hash];e=n.ZP.createElement(o,null)}return n.ZP.createElement("div",{className:f.Z.dashboard},null,n.ZP.createElement(Ae,{hash:this.state.hash,navigation:!r,statuses:C.__STATUSES}),n.ZP.createElement("div",{className:f.Z.content},this.state.error?null:n.ZP.createElement(Mn,{play:R,pause:k,update:A}),e),n.ZP.createElement(Te.Z,null))}}]),u}(n.ZP.Component)};var $n=function(){b.init(),(Ge=document.createElement("div")).className=He.styles["tooltip-container"],document.body.appendChild(Ge),window.addEventListener("mouseover",(function(e){var t=e.target.closest("[data-tooltip]");clearInterval(Ye),Ke.closeTooltip(),t&&(Ke.renderTooltip(t),Ye=setInterval((function(){return Ke.renderTooltip(t)}),500))}));var e=document.createDocumentFragment();n.ZP.render(n.ZP.createElement(Xn.Component,null),e),document.body.appendChild(e)}},98770:(e,t,r)=>{"use strict";r.d(t,{ZP:()=>a,wA:()=>n.Component});var n=r(6400);const a=n},48877:(e,t,r)=>{"use strict";r.d(t,{B:()=>d}),r(41539),r(12419);var n=r(15671),a=r(43144),o=r(79340),s=r(6215),i=r(61120),c=r(98770),l=r(10450),u=r(35703),f=r(99190);var h=function(e){(0,o.Z)(d,e);var t,r,h=(t=d,r=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}(),function(){var e,n=(0,i.Z)(t);if(r){var a=(0,i.Z)(this).constructor;e=Reflect.construct(n,arguments,a)}else e=n.apply(this,arguments);return(0,s.Z)(this,e)});function d(){return(0,n.Z)(this,d),h.apply(this,arguments)}return(0,a.Z)(d,[{key:"render",value:function(){return c.ZP.createElement("div",{className:u.Z.dashboard},c.ZP.createElement("div",{className:f.Z.header},c.ZP.createElement("div",{className:f.Z.logo})),c.ZP.createElement("div",{className:u.Z.content},c.ZP.createElement("div",{className:u.Z["error-block"]},c.ZP.createElement("p",null,"Unfortunately your browser is not supported, please use modern one."),c.ZP.createElement("p",null,"For more information please refer to the following ",c.ZP.createElement("a",{href:"https://www.nginx.com/resources/admin-guide/monitoring/"},"documentation.")))),c.ZP.createElement(l.Z,null))}}]),d}(c.ZP.Component),d=function(){var e=document.createDocumentFragment();c.ZP.render(c.ZP.createElement(h,null),e),document.body.appendChild(e)}},19662:(e,t,r)=>{var n=r(60614),a=r(66330),o=TypeError;e.exports=function(e){if(n(e))return e;throw o(a(e)+" is not a function")}},39483:(e,t,r)=>{var n=r(4411),a=r(66330),o=TypeError;e.exports=function(e){if(n(e))return e;throw o(a(e)+" is not a constructor")}},96077:(e,t,r)=>{var n=r(60614),a=String,o=TypeError;e.exports=function(e){if("object"==typeof e||n(e))return e;throw o("Can't set "+a(e)+" as a prototype")}},51223:(e,t,r)=>{var n=r(5112),a=r(70030),o=r(3070).f,s=n("unscopables"),i=Array.prototype;null==i[s]&&o(i,s,{configurable:!0,value:a(null)}),e.exports=function(e){i[s][e]=!0}},31530:(e,t,r)=>{"use strict";var n=r(28710).charAt;e.exports=function(e,t,r){return t+(r?n(e,t).length:1)}},25787:(e,t,r)=>{var n=r(47976),a=TypeError;e.exports=function(e,t){if(n(t,e))return e;throw a("Incorrect invocation")}},19670:(e,t,r)=>{var n=r(70111),a=String,o=TypeError;e.exports=function(e){if(n(e))return e;throw o(a(e)+" is not an object")}},24019:e=>{e.exports="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof DataView},7556:(e,t,r)=>{var n=r(47293);e.exports=n((function(){if("function"==typeof ArrayBuffer){var e=new ArrayBuffer(8);Object.isExtensible(e)&&Object.defineProperty(e,"a",{value:8})}}))},90260:(e,t,r)=>{"use strict";var n,a,o,s=r(24019),i=r(19781),c=r(17854),l=r(60614),u=r(70111),f=r(92597),h=r(70648),d=r(66330),p=r(68880),v=r(98052),m=r(3070).f,y=r(47976),g=r(79518),_=r(27674),E=r(5112),P=r(69711),b=c.Int8Array,Z=b&&b.prototype,w=c.Uint8ClampedArray,S=w&&w.prototype,x=b&&g(b),O=Z&&g(Z),k=Object.prototype,R=c.TypeError,N=E("toStringTag"),A=P("TYPED_ARRAY_TAG"),T=P("TYPED_ARRAY_CONSTRUCTOR"),C=s&&!!_&&"Opera"!==h(c.opera),I=!1,j={Int8Array:1,Uint8Array:1,Uint8ClampedArray:1,Int16Array:2,Uint16Array:2,Int32Array:4,Uint32Array:4,Float32Array:4,Float64Array:8},M={BigInt64Array:8,BigUint64Array:8},B=function(e){if(!u(e))return!1;var t=h(e);return f(j,t)||f(M,t)};for(n in j)(o=(a=c[n])&&a.prototype)?p(o,T,a):C=!1;for(n in M)(o=(a=c[n])&&a.prototype)&&p(o,T,a);if((!C||!l(x)||x===Function.prototype)&&(x=function(){throw R("Incorrect invocation")},C))for(n in j)c[n]&&_(c[n],x);if((!C||!O||O===k)&&(O=x.prototype,C))for(n in j)c[n]&&_(c[n].prototype,O);if(C&&g(S)!==O&&_(S,O),i&&!f(O,N))for(n in I=!0,m(O,N,{get:function(){return u(this)?this[A]:void 0}}),j)c[n]&&p(c[n],A,n);e.exports={NATIVE_ARRAY_BUFFER_VIEWS:C,TYPED_ARRAY_CONSTRUCTOR:T,TYPED_ARRAY_TAG:I&&A,aTypedArray:function(e){if(B(e))return e;throw R("Target is not a typed array")},aTypedArrayConstructor:function(e){if(l(e)&&(!_||y(x,e)))return e;throw R(d(e)+" is not a typed array constructor")},exportTypedArrayMethod:function(e,t,r,n){if(i){if(r)for(var a in j){var o=c[a];if(o&&f(o.prototype,e))try{delete o.prototype[e]}catch(r){try{o.prototype[e]=t}catch(e){}}}O[e]&&!r||v(O,e,r?t:C&&Z[e]||t,n)}},exportTypedArrayStaticMethod:function(e,t,r){var n,a;if(i){if(_){if(r)for(n in j)if((a=c[n])&&f(a,e))try{delete a[e]}catch(e){}if(x[e]&&!r)return;try{return v(x,e,r?t:C&&x[e]||t)}catch(e){}}for(n in j)!(a=c[n])||a[e]&&!r||v(a,e,t)}},isView:function(e){if(!u(e))return!1;var t=h(e);return"DataView"===t||f(j,t)||f(M,t)},isTypedArray:B,TypedArray:x,TypedArrayPrototype:O}},13331:(e,t,r)=>{"use strict";var n=r(17854),a=r(1702),o=r(19781),s=r(24019),i=r(76530),c=r(68880),l=r(89190),u=r(47293),f=r(25787),h=r(19303),d=r(17466),p=r(57067),v=r(11179),m=r(79518),y=r(27674),g=r(8006).f,_=r(3070).f,E=r(21285),P=r(41589),b=r(58003),Z=r(29909),w=i.PROPER,S=i.CONFIGURABLE,x=Z.get,O=Z.set,k="ArrayBuffer",R="DataView",N="prototype",A="Wrong index",T=n[k],C=T,I=C&&C[N],j=n[R],M=j&&j[N],B=Object.prototype,U=n.Array,L=n.RangeError,D=a(E),F=a([].reverse),z=v.pack,q=v.unpack,W=function(e){return[255&e]},H=function(e){return[255&e,e>>8&255]},G=function(e){return[255&e,e>>8&255,e>>16&255,e>>24&255]},V=function(e){return e[3]<<24|e[2]<<16|e[1]<<8|e[0]},Y=function(e){return z(e,23,4)},K=function(e){return z(e,52,8)},X=function(e,t){_(e[N],t,{get:function(){return x(this)[t]}})},$=function(e,t,r,n){var a=p(r),o=x(e);if(a+t>o.byteLength)throw L(A);var s=x(o.buffer).bytes,i=a+o.byteOffset,c=P(s,i,i+t);return n?c:F(c)},Q=function(e,t,r,n,a,o){var s=p(r),i=x(e);if(s+t>i.byteLength)throw L(A);for(var c=x(i.buffer).bytes,l=s+i.byteOffset,u=n(+a),f=0;f<t;f++)c[l+f]=u[o?f:t-f-1]};if(s){var J=w&&T.name!==k;if(u((function(){T(1)}))&&u((function(){new T(-1)}))&&!u((function(){return new T,new T(1.5),new T(NaN),J&&!S})))J&&S&&c(T,"name",k);else{(C=function(e){return f(this,I),new T(p(e))})[N]=I;for(var ee,te=g(T),re=0;te.length>re;)(ee=te[re++])in C||c(C,ee,T[ee]);I.constructor=C}y&&m(M)!==B&&y(M,B);var ne=new j(new C(2)),ae=a(M.setInt8);ne.setInt8(0,2147483648),ne.setInt8(1,2147483649),!ne.getInt8(0)&&ne.getInt8(1)||l(M,{setInt8:function(e,t){ae(this,e,t<<24>>24)},setUint8:function(e,t){ae(this,e,t<<24>>24)}},{unsafe:!0})}else I=(C=function(e){f(this,I);var t=p(e);O(this,{bytes:D(U(t),0),byteLength:t}),o||(this.byteLength=t)})[N],M=(j=function(e,t,r){f(this,M),f(e,I);var n=x(e).byteLength,a=h(t);if(a<0||a>n)throw L("Wrong offset");if(a+(r=void 0===r?n-a:d(r))>n)throw L("Wrong length");O(this,{buffer:e,byteLength:r,byteOffset:a}),o||(this.buffer=e,this.byteLength=r,this.byteOffset=a)})[N],o&&(X(C,"byteLength"),X(j,"buffer"),X(j,"byteLength"),X(j,"byteOffset")),l(M,{getInt8:function(e){return $(this,1,e)[0]<<24>>24},getUint8:function(e){return $(this,1,e)[0]},getInt16:function(e){var t=$(this,2,e,arguments.length>1?arguments[1]:void 0);return(t[1]<<8|t[0])<<16>>16},getUint16:function(e){var t=$(this,2,e,arguments.length>1?arguments[1]:void 0);return t[1]<<8|t[0]},getInt32:function(e){return V($(this,4,e,arguments.length>1?arguments[1]:void 0))},getUint32:function(e){return V($(this,4,e,arguments.length>1?arguments[1]:void 0))>>>0},getFloat32:function(e){return q($(this,4,e,arguments.length>1?arguments[1]:void 0),23)},getFloat64:function(e){return q($(this,8,e,arguments.length>1?arguments[1]:void 0),52)},setInt8:function(e,t){Q(this,1,e,W,t)},setUint8:function(e,t){Q(this,1,e,W,t)},setInt16:function(e,t){Q(this,2,e,H,t,arguments.length>2?arguments[2]:void 0)},setUint16:function(e,t){Q(this,2,e,H,t,arguments.length>2?arguments[2]:void 0)},setInt32:function(e,t){Q(this,4,e,G,t,arguments.length>2?arguments[2]:void 0)},setUint32:function(e,t){Q(this,4,e,G,t,arguments.length>2?arguments[2]:void 0)},setFloat32:function(e,t){Q(this,4,e,Y,t,arguments.length>2?arguments[2]:void 0)},setFloat64:function(e,t){Q(this,8,e,K,t,arguments.length>2?arguments[2]:void 0)}});b(C,k),b(j,R),e.exports={ArrayBuffer:C,DataView:j}},1048:(e,t,r)=>{"use strict";var n=r(47908),a=r(51400),o=r(26244),s=r(85117),i=Math.min;e.exports=[].copyWithin||function(e,t){var r=n(this),c=o(r),l=a(e,c),u=a(t,c),f=arguments.length>2?arguments[2]:void 0,h=i((void 0===f?c:a(f,c))-u,c-l),d=1;for(u<l&&l<u+h&&(d=-1,u+=h-1,l+=h-1);h-- >0;)u in r?r[l]=r[u]:s(r,l),l+=d,u+=d;return r}},21285:(e,t,r)=>{"use strict";var n=r(47908),a=r(51400),o=r(26244);e.exports=function(e){for(var t=n(this),r=o(t),s=arguments.length,i=a(s>1?arguments[1]:void 0,r),c=s>2?arguments[2]:void 0,l=void 0===c?r:a(c,r);l>i;)t[i++]=e;return t}},18533:(e,t,r)=>{"use strict";var n=r(42092).forEach,a=r(9341)("forEach");e.exports=a?[].forEach:function(e){return n(this,e,arguments.length>1?arguments[1]:void 0)}},97745:(e,t,r)=>{var n=r(26244);e.exports=function(e,t){for(var r=0,a=n(t),o=new e(a);a>r;)o[r]=t[r++];return o}},48457:(e,t,r)=>{"use strict";var n=r(49974),a=r(46916),o=r(47908),s=r(53411),i=r(97659),c=r(4411),l=r(26244),u=r(86135),f=r(18554),h=r(71246),d=Array;e.exports=function(e){var t=o(e),r=c(this),p=arguments.length,v=p>1?arguments[1]:void 0,m=void 0!==v;m&&(v=n(v,p>2?arguments[2]:void 0));var y,g,_,E,P,b,Z=h(t),w=0;if(!Z||this===d&&i(Z))for(y=l(t),g=r?new this(y):d(y);y>w;w++)b=m?v(t[w],w):t[w],u(g,w,b);else for(P=(E=f(t,Z)).next,g=r?new this:[];!(_=a(P,E)).done;w++)b=m?s(E,v,[_.value,w],!0):_.value,u(g,w,b);return g.length=w,g}},41318:(e,t,r)=>{var n=r(45656),a=r(51400),o=r(26244),s=function(e){return function(t,r,s){var i,c=n(t),l=o(c),u=a(s,l);if(e&&r!=r){for(;l>u;)if((i=c[u++])!=i)return!0}else for(;l>u;u++)if((e||u in c)&&c[u]===r)return e||u||0;return!e&&-1}};e.exports={includes:s(!0),indexOf:s(!1)}},42092:(e,t,r)=>{var n=r(49974),a=r(1702),o=r(68361),s=r(47908),i=r(26244),c=r(65417),l=a([].push),u=function(e){var t=1==e,r=2==e,a=3==e,u=4==e,f=6==e,h=7==e,d=5==e||f;return function(p,v,m,y){for(var g,_,E=s(p),P=o(E),b=n(v,m),Z=i(P),w=0,S=y||c,x=t?S(p,Z):r||h?S(p,0):void 0;Z>w;w++)if((d||w in P)&&(_=b(g=P[w],w,E),e))if(t)x[w]=_;else if(_)switch(e){case 3:return!0;case 5:return g;case 6:return w;case 2:l(x,g)}else switch(e){case 4:return!1;case 7:l(x,g)}return f?-1:a||u?u:x}};e.exports={forEach:u(0),map:u(1),filter:u(2),some:u(3),every:u(4),find:u(5),findIndex:u(6),filterReject:u(7)}},86583:(e,t,r)=>{"use strict";var n=r(22104),a=r(45656),o=r(19303),s=r(26244),i=r(9341),c=Math.min,l=[].lastIndexOf,u=!!l&&1/[1].lastIndexOf(1,-0)<0,f=i("lastIndexOf"),h=u||!f;e.exports=h?function(e){if(u)return n(l,this,arguments)||0;var t=a(this),r=s(t),i=r-1;for(arguments.length>1&&(i=c(i,o(arguments[1]))),i<0&&(i=r+i);i>=0;i--)if(i in t&&t[i]===e)return i||0;return-1}:l},81194:(e,t,r)=>{var n=r(47293),a=r(5112),o=r(7392),s=a("species");e.exports=function(e){return o>=51||!n((function(){var t=[];return(t.constructor={})[s]=function(){return{foo:1}},1!==t[e](Boolean).foo}))}},9341:(e,t,r)=>{"use strict";var n=r(47293);e.exports=function(e,t){var r=[][e];return!!r&&n((function(){r.call(null,t||function(){return 1},1)}))}},53671:(e,t,r)=>{var n=r(19662),a=r(47908),o=r(68361),s=r(26244),i=TypeError,c=function(e){return function(t,r,c,l){n(r);var u=a(t),f=o(u),h=s(u),d=e?h-1:0,p=e?-1:1;if(c<2)for(;;){if(d in f){l=f[d],d+=p;break}if(d+=p,e?d<0:h<=d)throw i("Reduce of empty array with no initial value")}for(;e?d>=0:h>d;d+=p)d in f&&(l=r(l,f[d],d,u));return l}};e.exports={left:c(!1),right:c(!0)}},41589:(e,t,r)=>{var n=r(51400),a=r(26244),o=r(86135),s=Array,i=Math.max;e.exports=function(e,t,r){for(var c=a(e),l=n(t,c),u=n(void 0===r?c:r,c),f=s(i(u-l,0)),h=0;l<u;l++,h++)o(f,h,e[l]);return f.length=h,f}},50206:(e,t,r)=>{var n=r(1702);e.exports=n([].slice)},94362:(e,t,r)=>{var n=r(41589),a=Math.floor,o=function(e,t){var r=e.length,c=a(r/2);return r<8?s(e,t):i(e,o(n(e,0,c),t),o(n(e,c),t),t)},s=function(e,t){for(var r,n,a=e.length,o=1;o<a;){for(n=o,r=e[o];n&&t(e[n-1],r)>0;)e[n]=e[--n];n!==o++&&(e[n]=r)}return e},i=function(e,t,r,n){for(var a=t.length,o=r.length,s=0,i=0;s<a||i<o;)e[s+i]=s<a&&i<o?n(t[s],r[i])<=0?t[s++]:r[i++]:s<a?t[s++]:r[i++];return e};e.exports=o},77475:(e,t,r)=>{var n=r(43157),a=r(4411),o=r(70111),s=r(5112)("species"),i=Array;e.exports=function(e){var t;return n(e)&&(t=e.constructor,(a(t)&&(t===i||n(t.prototype))||o(t)&&null===(t=t[s]))&&(t=void 0)),void 0===t?i:t}},65417:(e,t,r)=>{var n=r(77475);e.exports=function(e,t){return new(n(e))(0===t?0:t)}},14170:e=>{for(var t="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",r={},n=0;n<66;n++)r[t.charAt(n)]=n;e.exports={itoc:t,ctoi:r}},53411:(e,t,r)=>{var n=r(19670),a=r(99212);e.exports=function(e,t,r,o){try{return o?t(n(r)[0],r[1]):t(r)}catch(t){a(e,"throw",t)}}},17072:(e,t,r)=>{var n=r(5112)("iterator"),a=!1;try{var o=0,s={next:function(){return{done:!!o++}},return:function(){a=!0}};s[n]=function(){return this},Array.from(s,(function(){throw 2}))}catch(e){}e.exports=function(e,t){if(!t&&!a)return!1;var r=!1;try{var o={};o[n]=function(){return{next:function(){return{done:r=!0}}}},e(o)}catch(e){}return r}},84326:(e,t,r)=>{var n=r(1702),a=n({}.toString),o=n("".slice);e.exports=function(e){return o(a(e),8,-1)}},70648:(e,t,r)=>{var n=r(51694),a=r(60614),o=r(84326),s=r(5112)("toStringTag"),i=Object,c="Arguments"==o(function(){return arguments}());e.exports=n?o:function(e){var t,r,n;return void 0===e?"Undefined":null===e?"Null":"string"==typeof(r=function(e,t){try{return e[t]}catch(e){}}(t=i(e),s))?r:c?o(t):"Object"==(n=o(t))&&a(t.callee)?"Arguments":n}},77741:(e,t,r)=>{var n=r(1702),a=Error,o=n("".replace),s=String(a("zxcasd").stack),i=/\n\s*at [^:]*:[^\n]*/,c=i.test(s);e.exports=function(e,t){if(c&&"string"==typeof e&&!a.prepareStackTrace)for(;t--;)e=o(e,i,"");return e}},95631:(e,t,r)=>{"use strict";var n=r(3070).f,a=r(70030),o=r(89190),s=r(49974),i=r(25787),c=r(20408),l=r(70654),u=r(96340),f=r(19781),h=r(62423).fastKey,d=r(29909),p=d.set,v=d.getterFor;e.exports={getConstructor:function(e,t,r,l){var u=e((function(e,n){i(e,d),p(e,{type:t,index:a(null),first:void 0,last:void 0,size:0}),f||(e.size=0),null!=n&&c(n,e[l],{that:e,AS_ENTRIES:r})})),d=u.prototype,m=v(t),y=function(e,t,r){var n,a,o=m(e),s=g(e,t);return s?s.value=r:(o.last=s={index:a=h(t,!0),key:t,value:r,previous:n=o.last,next:void 0,removed:!1},o.first||(o.first=s),n&&(n.next=s),f?o.size++:e.size++,"F"!==a&&(o.index[a]=s)),e},g=function(e,t){var r,n=m(e),a=h(t);if("F"!==a)return n.index[a];for(r=n.first;r;r=r.next)if(r.key==t)return r};return o(d,{clear:function(){for(var e=m(this),t=e.index,r=e.first;r;)r.removed=!0,r.previous&&(r.previous=r.previous.next=void 0),delete t[r.index],r=r.next;e.first=e.last=void 0,f?e.size=0:this.size=0},delete:function(e){var t=this,r=m(t),n=g(t,e);if(n){var a=n.next,o=n.previous;delete r.index[n.index],n.removed=!0,o&&(o.next=a),a&&(a.previous=o),r.first==n&&(r.first=a),r.last==n&&(r.last=o),f?r.size--:t.size--}return!!n},forEach:function(e){for(var t,r=m(this),n=s(e,arguments.length>1?arguments[1]:void 0);t=t?t.next:r.first;)for(n(t.value,t.key,this);t&&t.removed;)t=t.previous},has:function(e){return!!g(this,e)}}),o(d,r?{get:function(e){var t=g(this,e);return t&&t.value},set:function(e,t){return y(this,0===e?0:e,t)}}:{add:function(e){return y(this,e=0===e?0:e,e)}}),f&&n(d,"size",{get:function(){return m(this).size}}),u},setStrong:function(e,t,r){var n=t+" Iterator",a=v(t),o=v(n);l(e,t,(function(e,t){p(this,{type:n,target:e,state:a(e),kind:t,last:void 0})}),(function(){for(var e=o(this),t=e.kind,r=e.last;r&&r.removed;)r=r.previous;return e.target&&(e.last=r=r?r.next:e.state.first)?"keys"==t?{value:r.key,done:!1}:"values"==t?{value:r.value,done:!1}:{value:[r.key,r.value],done:!1}:(e.target=void 0,{value:void 0,done:!0})}),r?"entries":"values",!r,!0),u(t)}}},29320:(e,t,r)=>{"use strict";var n=r(1702),a=r(89190),o=r(62423).getWeakData,s=r(19670),i=r(70111),c=r(25787),l=r(20408),u=r(42092),f=r(92597),h=r(29909),d=h.set,p=h.getterFor,v=u.find,m=u.findIndex,y=n([].splice),g=0,_=function(e){return e.frozen||(e.frozen=new E)},E=function(){this.entries=[]},P=function(e,t){return v(e.entries,(function(e){return e[0]===t}))};E.prototype={get:function(e){var t=P(this,e);if(t)return t[1]},has:function(e){return!!P(this,e)},set:function(e,t){var r=P(this,e);r?r[1]=t:this.entries.push([e,t])},delete:function(e){var t=m(this.entries,(function(t){return t[0]===e}));return~t&&y(this.entries,t,1),!!~t}},e.exports={getConstructor:function(e,t,r,n){var u=e((function(e,a){c(e,h),d(e,{type:t,id:g++,frozen:void 0}),null!=a&&l(a,e[n],{that:e,AS_ENTRIES:r})})),h=u.prototype,v=p(t),m=function(e,t,r){var n=v(e),a=o(s(t),!0);return!0===a?_(n).set(t,r):a[n.id]=r,e};return a(h,{delete:function(e){var t=v(this);if(!i(e))return!1;var r=o(e);return!0===r?_(t).delete(e):r&&f(r,t.id)&&delete r[t.id]},has:function(e){var t=v(this);if(!i(e))return!1;var r=o(e);return!0===r?_(t).has(e):r&&f(r,t.id)}}),a(h,r?{get:function(e){var t=v(this);if(i(e)){var r=o(e);return!0===r?_(t).get(e):r?r[t.id]:void 0}},set:function(e,t){return m(this,e,t)}}:{add:function(e){return m(this,e,!0)}}),u}}},77710:(e,t,r)=>{"use strict";var n=r(82109),a=r(17854),o=r(1702),s=r(54705),i=r(98052),c=r(62423),l=r(20408),u=r(25787),f=r(60614),h=r(70111),d=r(47293),p=r(17072),v=r(58003),m=r(79587);e.exports=function(e,t,r){var y=-1!==e.indexOf("Map"),g=-1!==e.indexOf("Weak"),_=y?"set":"add",E=a[e],P=E&&E.prototype,b=E,Z={},w=function(e){var t=o(P[e]);i(P,e,"add"==e?function(e){return t(this,0===e?0:e),this}:"delete"==e?function(e){return!(g&&!h(e))&&t(this,0===e?0:e)}:"get"==e?function(e){return g&&!h(e)?void 0:t(this,0===e?0:e)}:"has"==e?function(e){return!(g&&!h(e))&&t(this,0===e?0:e)}:function(e,r){return t(this,0===e?0:e,r),this})};if(s(e,!f(E)||!(g||P.forEach&&!d((function(){(new E).entries().next()})))))b=r.getConstructor(t,e,y,_),c.enable();else if(s(e,!0)){var S=new b,x=S[_](g?{}:-0,1)!=S,O=d((function(){S.has(1)})),k=p((function(e){new E(e)})),R=!g&&d((function(){for(var e=new E,t=5;t--;)e[_](t,t);return!e.has(-0)}));k||((b=t((function(e,t){u(e,P);var r=m(new E,e,b);return null!=t&&l(t,r[_],{that:r,AS_ENTRIES:y}),r}))).prototype=P,P.constructor=b),(O||R)&&(w("delete"),w("has"),y&&w("get")),(R||x)&&w(_),g&&P.clear&&delete P.clear}return Z[e]=b,n({global:!0,constructor:!0,forced:b!=E},Z),v(b,e),g||r.setStrong(b,e,y),b}},99920:(e,t,r)=>{var n=r(92597),a=r(53887),o=r(31236),s=r(3070);e.exports=function(e,t,r){for(var i=a(t),c=s.f,l=o.f,u=0;u<i.length;u++){var f=i[u];n(e,f)||r&&n(r,f)||c(e,f,l(t,f))}}},84964:(e,t,r)=>{var n=r(5112)("match");e.exports=function(e){var t=/./;try{"/./"[e](t)}catch(r){try{return t[n]=!1,"/./"[e](t)}catch(e){}}return!1}},49920:(e,t,r)=>{var n=r(47293);e.exports=!n((function(){function e(){}return e.prototype.constructor=null,Object.getPrototypeOf(new e)!==e.prototype}))},14230:(e,t,r)=>{var n=r(1702),a=r(84488),o=r(41340),s=/"/g,i=n("".replace);e.exports=function(e,t,r,n){var c=o(a(e)),l="<"+t;return""!==r&&(l+=" "+r+'="'+i(o(n),s,"&quot;")+'"'),l+">"+c+"</"+t+">"}},24994:(e,t,r)=>{"use strict";var n=r(13383).IteratorPrototype,a=r(70030),o=r(79114),s=r(58003),i=r(97497),c=function(){return this};e.exports=function(e,t,r,l){var u=t+" Iterator";return e.prototype=a(n,{next:o(+!l,r)}),s(e,u,!1,!0),i[u]=c,e}},68880:(e,t,r)=>{var n=r(19781),a=r(3070),o=r(79114);e.exports=n?function(e,t,r){return a.f(e,t,o(1,r))}:function(e,t,r){return e[t]=r,e}},79114:e=>{e.exports=function(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}},86135:(e,t,r)=>{"use strict";var n=r(34948),a=r(3070),o=r(79114);e.exports=function(e,t,r){var s=n(t);s in e?a.f(e,s,o(0,r)):e[s]=r}},85573:(e,t,r)=>{"use strict";var n=r(1702),a=r(47293),o=r(76650).start,s=RangeError,i=Math.abs,c=Date.prototype,l=c.toISOString,u=n(c.getTime),f=n(c.getUTCDate),h=n(c.getUTCFullYear),d=n(c.getUTCHours),p=n(c.getUTCMilliseconds),v=n(c.getUTCMinutes),m=n(c.getUTCMonth),y=n(c.getUTCSeconds);e.exports=a((function(){return"0385-07-25T07:06:39.999Z"!=l.call(new Date(-50000000000001))}))||!a((function(){l.call(new Date(NaN))}))?function(){if(!isFinite(u(this)))throw s("Invalid time value");var e=this,t=h(e),r=p(e),n=t<0?"-":t>9999?"+":"";return n+o(i(t),n?6:4,0)+"-"+o(m(e)+1,2,0)+"-"+o(f(e),2,0)+"T"+o(d(e),2,0)+":"+o(v(e),2,0)+":"+o(y(e),2,0)+"."+o(r,3,0)+"Z"}:l},38709:(e,t,r)=>{"use strict";var n=r(19670),a=r(92140),o=TypeError;e.exports=function(e){if(n(this),"string"===e||"default"===e)e="string";else if("number"!==e)throw o("Incorrect hint");return a(this,e)}},47045:(e,t,r)=>{var n=r(56339),a=r(3070);e.exports=function(e,t,r){return r.get&&n(r.get,t,{getter:!0}),r.set&&n(r.set,t,{setter:!0}),a.f(e,t,r)}},98052:(e,t,r)=>{var n=r(60614),a=r(68880),o=r(56339),s=r(13072);e.exports=function(e,t,r,i){i||(i={});var c=i.enumerable,l=void 0!==i.name?i.name:t;return n(r)&&o(r,l,i),i.global?c?e[t]=r:s(t,r):(i.unsafe?e[t]&&(c=!0):delete e[t],c?e[t]=r:a(e,t,r)),e}},89190:(e,t,r)=>{var n=r(98052);e.exports=function(e,t,r){for(var a in t)n(e,a,t[a],r);return e}},13072:(e,t,r)=>{var n=r(17854),a=Object.defineProperty;e.exports=function(e,t){try{a(n,e,{value:t,configurable:!0,writable:!0})}catch(r){n[e]=t}return t}},70654:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(31913),s=r(76530),i=r(60614),c=r(24994),l=r(79518),u=r(27674),f=r(58003),h=r(68880),d=r(98052),p=r(5112),v=r(97497),m=r(13383),y=s.PROPER,g=s.CONFIGURABLE,_=m.IteratorPrototype,E=m.BUGGY_SAFARI_ITERATORS,P=p("iterator"),b="keys",Z="values",w="entries",S=function(){return this};e.exports=function(e,t,r,s,p,m,x){c(r,t,s);var O,k,R,N=function(e){if(e===p&&j)return j;if(!E&&e in C)return C[e];switch(e){case b:case Z:case w:return function(){return new r(this,e)}}return function(){return new r(this)}},A=t+" Iterator",T=!1,C=e.prototype,I=C[P]||C["@@iterator"]||p&&C[p],j=!E&&I||N(p),M="Array"==t&&C.entries||I;if(M&&(O=l(M.call(new e)))!==Object.prototype&&O.next&&(o||l(O)===_||(u?u(O,_):i(O[P])||d(O,P,S)),f(O,A,!0,!0),o&&(v[A]=S)),y&&p==Z&&I&&I.name!==Z&&(!o&&g?h(C,"name",Z):(T=!0,j=function(){return a(I,this)})),p)if(k={values:N(Z),keys:m?j:N(b),entries:N(w)},x)for(R in k)(E||T||!(R in C))&&d(C,R,k[R]);else n({target:t,proto:!0,forced:E||T},k);return o&&!x||C[P]===j||d(C,P,j,{name:p}),v[t]=j,k}},97235:(e,t,r)=>{var n=r(40857),a=r(92597),o=r(6061),s=r(3070).f;e.exports=function(e){var t=n.Symbol||(n.Symbol={});a(t,e)||s(t,e,{value:o.f(e)})}},85117:(e,t,r)=>{"use strict";var n=r(66330),a=TypeError;e.exports=function(e,t){if(!delete e[t])throw a("Cannot delete property "+n(t)+" of "+n(e))}},19781:(e,t,r)=>{var n=r(47293);e.exports=!n((function(){return 7!=Object.defineProperty({},1,{get:function(){return 7}})[1]}))},80317:(e,t,r)=>{var n=r(17854),a=r(70111),o=n.document,s=a(o)&&a(o.createElement);e.exports=function(e){return s?o.createElement(e):{}}},7207:e=>{var t=TypeError;e.exports=function(e){if(e>9007199254740991)throw t("Maximum allowed index exceeded");return e}},93678:e=>{e.exports={IndexSizeError:{s:"INDEX_SIZE_ERR",c:1,m:1},DOMStringSizeError:{s:"DOMSTRING_SIZE_ERR",c:2,m:0},HierarchyRequestError:{s:"HIERARCHY_REQUEST_ERR",c:3,m:1},WrongDocumentError:{s:"WRONG_DOCUMENT_ERR",c:4,m:1},InvalidCharacterError:{s:"INVALID_CHARACTER_ERR",c:5,m:1},NoDataAllowedError:{s:"NO_DATA_ALLOWED_ERR",c:6,m:0},NoModificationAllowedError:{s:"NO_MODIFICATION_ALLOWED_ERR",c:7,m:1},NotFoundError:{s:"NOT_FOUND_ERR",c:8,m:1},NotSupportedError:{s:"NOT_SUPPORTED_ERR",c:9,m:1},InUseAttributeError:{s:"INUSE_ATTRIBUTE_ERR",c:10,m:1},InvalidStateError:{s:"INVALID_STATE_ERR",c:11,m:1},SyntaxError:{s:"SYNTAX_ERR",c:12,m:1},InvalidModificationError:{s:"INVALID_MODIFICATION_ERR",c:13,m:1},NamespaceError:{s:"NAMESPACE_ERR",c:14,m:1},InvalidAccessError:{s:"INVALID_ACCESS_ERR",c:15,m:1},ValidationError:{s:"VALIDATION_ERR",c:16,m:0},TypeMismatchError:{s:"TYPE_MISMATCH_ERR",c:17,m:1},SecurityError:{s:"SECURITY_ERR",c:18,m:1},NetworkError:{s:"NETWORK_ERR",c:19,m:1},AbortError:{s:"ABORT_ERR",c:20,m:1},URLMismatchError:{s:"URL_MISMATCH_ERR",c:21,m:1},QuotaExceededError:{s:"QUOTA_EXCEEDED_ERR",c:22,m:1},TimeoutError:{s:"TIMEOUT_ERR",c:23,m:1},InvalidNodeTypeError:{s:"INVALID_NODE_TYPE_ERR",c:24,m:1},DataCloneError:{s:"DATA_CLONE_ERR",c:25,m:1}}},48324:e=>{e.exports={CSSRuleList:0,CSSStyleDeclaration:0,CSSValueList:0,ClientRectList:0,DOMRectList:0,DOMStringList:0,DOMTokenList:1,DataTransferItemList:0,FileList:0,HTMLAllCollection:0,HTMLCollection:0,HTMLFormElement:0,HTMLSelectElement:0,MediaList:0,MimeTypeArray:0,NamedNodeMap:0,NodeList:1,PaintRequestList:0,Plugin:0,PluginArray:0,SVGLengthList:0,SVGNumberList:0,SVGPathSegList:0,SVGPointList:0,SVGStringList:0,SVGTransformList:0,SourceBufferList:0,StyleSheetList:0,TextTrackCueList:0,TextTrackList:0,TouchList:0}},98509:(e,t,r)=>{var n=r(80317)("span").classList,a=n&&n.constructor&&n.constructor.prototype;e.exports=a===Object.prototype?void 0:a},68886:(e,t,r)=>{var n=r(88113).match(/firefox\/(\d+)/i);e.exports=!!n&&+n[1]},7871:e=>{e.exports="object"==typeof window&&"object"!=typeof Deno},30256:(e,t,r)=>{var n=r(88113);e.exports=/MSIE|Trident/.test(n)},71528:(e,t,r)=>{var n=r(88113),a=r(17854);e.exports=/ipad|iphone|ipod/i.test(n)&&void 0!==a.Pebble},6833:(e,t,r)=>{var n=r(88113);e.exports=/(?:ipad|iphone|ipod).*applewebkit/i.test(n)},35268:(e,t,r)=>{var n=r(84326),a=r(17854);e.exports="process"==n(a.process)},71036:(e,t,r)=>{var n=r(88113);e.exports=/web0s(?!.*chrome)/i.test(n)},88113:(e,t,r)=>{var n=r(35005);e.exports=n("navigator","userAgent")||""},7392:(e,t,r)=>{var n,a,o=r(17854),s=r(88113),i=o.process,c=o.Deno,l=i&&i.versions||c&&c.version,u=l&&l.v8;u&&(a=(n=u.split("."))[0]>0&&n[0]<4?1:+(n[0]+n[1])),!a&&s&&(!(n=s.match(/Edge\/(\d+)/))||n[1]>=74)&&(n=s.match(/Chrome\/(\d+)/))&&(a=+n[1]),e.exports=a},98008:(e,t,r)=>{var n=r(88113).match(/AppleWebKit\/(\d+)\./);e.exports=!!n&&+n[1]},80748:e=>{e.exports=["constructor","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","toLocaleString","toString","valueOf"]},22914:(e,t,r)=>{var n=r(47293),a=r(79114);e.exports=!n((function(){var e=Error("a");return!("stack"in e)||(Object.defineProperty(e,"stack",a(1,7)),7!==e.stack)}))},7762:(e,t,r)=>{"use strict";var n=r(19781),a=r(47293),o=r(19670),s=r(70030),i=r(56277),c=Error.prototype.toString,l=a((function(){if(n){var e=s(Object.defineProperty({},"name",{get:function(){return this===e}}));if("true"!==c.call(e))return!0}return"2: 1"!==c.call({message:1,name:2})||"Error"!==c.call({})}));e.exports=l?function(){var e=o(this),t=i(e.name,"Error"),r=i(e.message);return t?r?t+": "+r:t:r}:c},82109:(e,t,r)=>{var n=r(17854),a=r(31236).f,o=r(68880),s=r(98052),i=r(13072),c=r(99920),l=r(54705);e.exports=function(e,t){var r,u,f,h,d,p=e.target,v=e.global,m=e.stat;if(r=v?n:m?n[p]||i(p,{}):(n[p]||{}).prototype)for(u in t){if(h=t[u],f=e.dontCallGetSet?(d=a(r,u))&&d.value:r[u],!l(v?u:p+(m?".":"#")+u,e.forced)&&void 0!==f){if(typeof h==typeof f)continue;c(h,f)}(e.sham||f&&f.sham)&&o(h,"sham",!0),s(r,u,h,e)}}},47293:e=>{e.exports=function(e){try{return!!e()}catch(e){return!0}}},27007:(e,t,r)=>{"use strict";r(74916);var n=r(1702),a=r(98052),o=r(22261),s=r(47293),i=r(5112),c=r(68880),l=i("species"),u=RegExp.prototype;e.exports=function(e,t,r,f){var h=i(e),d=!s((function(){var t={};return t[h]=function(){return 7},7!=""[e](t)})),p=d&&!s((function(){var t=!1,r=/a/;return"split"===e&&((r={}).constructor={},r.constructor[l]=function(){return r},r.flags="",r[h]=/./[h]),r.exec=function(){return t=!0,null},r[h](""),!t}));if(!d||!p||r){var v=n(/./[h]),m=t(h,""[e],(function(e,t,r,a,s){var i=n(e),c=t.exec;return c===o||c===u.exec?d&&!s?{done:!0,value:v(t,r,a)}:{done:!0,value:i(r,t,a)}:{done:!1}}));a(String.prototype,e,m[0]),a(u,h,m[1])}f&&c(u[h],"sham",!0)}},6790:(e,t,r)=>{"use strict";var n=r(43157),a=r(26244),o=r(7207),s=r(49974),i=function(e,t,r,c,l,u,f,h){for(var d,p,v=l,m=0,y=!!f&&s(f,h);m<c;)m in r&&(d=y?y(r[m],m,t):r[m],u>0&&n(d)?(p=a(d),v=i(e,t,d,p,v,u-1)-1):(o(v+1),e[v]=d),v++),m++;return v};e.exports=i},76677:(e,t,r)=>{var n=r(47293);e.exports=!n((function(){return Object.isExtensible(Object.preventExtensions({}))}))},22104:(e,t,r)=>{var n=r(34374),a=Function.prototype,o=a.apply,s=a.call;e.exports="object"==typeof Reflect&&Reflect.apply||(n?s.bind(o):function(){return s.apply(o,arguments)})},49974:(e,t,r)=>{var n=r(1702),a=r(19662),o=r(34374),s=n(n.bind);e.exports=function(e,t){return a(e),void 0===t?e:o?s(e,t):function(){return e.apply(t,arguments)}}},34374:(e,t,r)=>{var n=r(47293);e.exports=!n((function(){var e=function(){}.bind();return"function"!=typeof e||e.hasOwnProperty("prototype")}))},27065:(e,t,r)=>{"use strict";var n=r(1702),a=r(19662),o=r(70111),s=r(92597),i=r(50206),c=r(34374),l=Function,u=n([].concat),f=n([].join),h={};e.exports=c?l.bind:function(e){var t=a(this),r=t.prototype,n=i(arguments,1),c=function(){var r=u(n,i(arguments));return this instanceof c?function(e,t,r){if(!s(h,t)){for(var n=[],a=0;a<t;a++)n[a]="a["+a+"]";h[t]=l("C,a","return new C("+f(n,",")+")")}return h[t](e,r)}(t,r.length,r):t.apply(e,r)};return o(r)&&(c.prototype=r),c}},46916:(e,t,r)=>{var n=r(34374),a=Function.prototype.call;e.exports=n?a.bind(a):function(){return a.apply(a,arguments)}},76530:(e,t,r)=>{var n=r(19781),a=r(92597),o=Function.prototype,s=n&&Object.getOwnPropertyDescriptor,i=a(o,"name"),c=i&&"something"===function(){}.name,l=i&&(!n||n&&s(o,"name").configurable);e.exports={EXISTS:i,PROPER:c,CONFIGURABLE:l}},1702:(e,t,r)=>{var n=r(34374),a=Function.prototype,o=a.bind,s=a.call,i=n&&o.bind(s,s);e.exports=n?function(e){return e&&i(e)}:function(e){return e&&function(){return s.apply(e,arguments)}}},35005:(e,t,r)=>{var n=r(17854),a=r(60614);e.exports=function(e,t){return arguments.length<2?(r=n[e],a(r)?r:void 0):n[e]&&n[e][t];var r}},71246:(e,t,r)=>{var n=r(70648),a=r(58173),o=r(97497),s=r(5112)("iterator");e.exports=function(e){if(null!=e)return a(e,s)||a(e,"@@iterator")||o[n(e)]}},18554:(e,t,r)=>{var n=r(46916),a=r(19662),o=r(19670),s=r(66330),i=r(71246),c=TypeError;e.exports=function(e,t){var r=arguments.length<2?i(e):t;if(a(r))return o(n(r,e));throw c(s(e)+" is not iterable")}},58173:(e,t,r)=>{var n=r(19662);e.exports=function(e,t){var r=e[t];return null==r?void 0:n(r)}},10647:(e,t,r)=>{var n=r(1702),a=r(47908),o=Math.floor,s=n("".charAt),i=n("".replace),c=n("".slice),l=/\$([$&'`]|\d{1,2}|<[^>]*>)/g,u=/\$([$&'`]|\d{1,2})/g;e.exports=function(e,t,r,n,f,h){var d=r+e.length,p=n.length,v=u;return void 0!==f&&(f=a(f),v=l),i(h,v,(function(a,i){var l;switch(s(i,0)){case"$":return"$";case"&":return e;case"`":return c(t,0,r);case"'":return c(t,d);case"<":l=f[c(i,1,-1)];break;default:var u=+i;if(0===u)return a;if(u>p){var h=o(u/10);return 0===h?a:h<=p?void 0===n[h-1]?s(i,1):n[h-1]+s(i,1):a}l=n[u-1]}return void 0===l?"":l}))}},17854:(e,t,r)=>{var n=function(e){return e&&e.Math==Math&&e};e.exports=n("object"==typeof globalThis&&globalThis)||n("object"==typeof window&&window)||n("object"==typeof self&&self)||n("object"==typeof r.g&&r.g)||function(){return this}()||Function("return this")()},92597:(e,t,r)=>{var n=r(1702),a=r(47908),o=n({}.hasOwnProperty);e.exports=Object.hasOwn||function(e,t){return o(a(e),t)}},3501:e=>{e.exports={}},842:(e,t,r)=>{var n=r(17854);e.exports=function(e,t){var r=n.console;r&&r.error&&(1==arguments.length?r.error(e):r.error(e,t))}},60490:(e,t,r)=>{var n=r(35005);e.exports=n("document","documentElement")},64664:(e,t,r)=>{var n=r(19781),a=r(47293),o=r(80317);e.exports=!n&&!a((function(){return 7!=Object.defineProperty(o("div"),"a",{get:function(){return 7}}).a}))},11179:e=>{var t=Array,r=Math.abs,n=Math.pow,a=Math.floor,o=Math.log,s=Math.LN2;e.exports={pack:function(e,i,c){var l,u,f,h=t(c),d=8*c-i-1,p=(1<<d)-1,v=p>>1,m=23===i?n(2,-24)-n(2,-77):0,y=e<0||0===e&&1/e<0?1:0,g=0;for((e=r(e))!=e||e===1/0?(u=e!=e?1:0,l=p):(l=a(o(e)/s),e*(f=n(2,-l))<1&&(l--,f*=2),(e+=l+v>=1?m/f:m*n(2,1-v))*f>=2&&(l++,f/=2),l+v>=p?(u=0,l=p):l+v>=1?(u=(e*f-1)*n(2,i),l+=v):(u=e*n(2,v-1)*n(2,i),l=0));i>=8;)h[g++]=255&u,u/=256,i-=8;for(l=l<<i|u,d+=i;d>0;)h[g++]=255&l,l/=256,d-=8;return h[--g]|=128*y,h},unpack:function(e,t){var r,a=e.length,o=8*a-t-1,s=(1<<o)-1,i=s>>1,c=o-7,l=a-1,u=e[l--],f=127&u;for(u>>=7;c>0;)f=256*f+e[l--],c-=8;for(r=f&(1<<-c)-1,f>>=-c,c+=t;c>0;)r=256*r+e[l--],c-=8;if(0===f)f=1-i;else{if(f===s)return r?NaN:u?-1/0:1/0;r+=n(2,t),f-=i}return(u?-1:1)*r*n(2,f-t)}}},68361:(e,t,r)=>{var n=r(1702),a=r(47293),o=r(84326),s=Object,i=n("".split);e.exports=a((function(){return!s("z").propertyIsEnumerable(0)}))?function(e){return"String"==o(e)?i(e,""):s(e)}:s},79587:(e,t,r)=>{var n=r(60614),a=r(70111),o=r(27674);e.exports=function(e,t,r){var s,i;return o&&n(s=t.constructor)&&s!==r&&a(i=s.prototype)&&i!==r.prototype&&o(e,i),e}},42788:(e,t,r)=>{var n=r(1702),a=r(60614),o=r(5465),s=n(Function.toString);a(o.inspectSource)||(o.inspectSource=function(e){return s(e)}),e.exports=o.inspectSource},58340:(e,t,r)=>{var n=r(70111),a=r(68880);e.exports=function(e,t){n(t)&&"cause"in t&&a(e,"cause",t.cause)}},62423:(e,t,r)=>{var n=r(82109),a=r(1702),o=r(3501),s=r(70111),i=r(92597),c=r(3070).f,l=r(8006),u=r(1156),f=r(52050),h=r(69711),d=r(76677),p=!1,v=h("meta"),m=0,y=function(e){c(e,v,{value:{objectID:"O"+m++,weakData:{}}})},g=e.exports={enable:function(){g.enable=function(){},p=!0;var e=l.f,t=a([].splice),r={};r[v]=1,e(r).length&&(l.f=function(r){for(var n=e(r),a=0,o=n.length;a<o;a++)if(n[a]===v){t(n,a,1);break}return n},n({target:"Object",stat:!0,forced:!0},{getOwnPropertyNames:u.f}))},fastKey:function(e,t){if(!s(e))return"symbol"==typeof e?e:("string"==typeof e?"S":"P")+e;if(!i(e,v)){if(!f(e))return"F";if(!t)return"E";y(e)}return e[v].objectID},getWeakData:function(e,t){if(!i(e,v)){if(!f(e))return!0;if(!t)return!1;y(e)}return e[v].weakData},onFreeze:function(e){return d&&p&&f(e)&&!i(e,v)&&y(e),e}};o[v]=!0},29909:(e,t,r)=>{var n,a,o,s=r(68536),i=r(17854),c=r(1702),l=r(70111),u=r(68880),f=r(92597),h=r(5465),d=r(6200),p=r(3501),v="Object already initialized",m=i.TypeError,y=i.WeakMap;if(s||h.state){var g=h.state||(h.state=new y),_=c(g.get),E=c(g.has),P=c(g.set);n=function(e,t){if(E(g,e))throw new m(v);return t.facade=e,P(g,e,t),t},a=function(e){return _(g,e)||{}},o=function(e){return E(g,e)}}else{var b=d("state");p[b]=!0,n=function(e,t){if(f(e,b))throw new m(v);return t.facade=e,u(e,b,t),t},a=function(e){return f(e,b)?e[b]:{}},o=function(e){return f(e,b)}}e.exports={set:n,get:a,has:o,enforce:function(e){return o(e)?a(e):n(e,{})},getterFor:function(e){return function(t){var r;if(!l(t)||(r=a(t)).type!==e)throw m("Incompatible receiver, "+e+" required");return r}}}},97659:(e,t,r)=>{var n=r(5112),a=r(97497),o=n("iterator"),s=Array.prototype;e.exports=function(e){return void 0!==e&&(a.Array===e||s[o]===e)}},43157:(e,t,r)=>{var n=r(84326);e.exports=Array.isArray||function(e){return"Array"==n(e)}},60614:e=>{e.exports=function(e){return"function"==typeof e}},4411:(e,t,r)=>{var n=r(1702),a=r(47293),o=r(60614),s=r(70648),i=r(35005),c=r(42788),l=function(){},u=[],f=i("Reflect","construct"),h=/^\s*(?:class|function)\b/,d=n(h.exec),p=!h.exec(l),v=function(e){if(!o(e))return!1;try{return f(l,u,e),!0}catch(e){return!1}},m=function(e){if(!o(e))return!1;switch(s(e)){case"AsyncFunction":case"GeneratorFunction":case"AsyncGeneratorFunction":return!1}try{return p||!!d(h,c(e))}catch(e){return!0}};m.sham=!0,e.exports=!f||a((function(){var e;return v(v.call)||!v(Object)||!v((function(){e=!0}))||e}))?m:v},45032:(e,t,r)=>{var n=r(92597);e.exports=function(e){return void 0!==e&&(n(e,"value")||n(e,"writable"))}},54705:(e,t,r)=>{var n=r(47293),a=r(60614),o=/#|\.prototype\./,s=function(e,t){var r=c[i(e)];return r==u||r!=l&&(a(t)?n(t):!!t)},i=s.normalize=function(e){return String(e).replace(o,".").toLowerCase()},c=s.data={},l=s.NATIVE="N",u=s.POLYFILL="P";e.exports=s},55988:(e,t,r)=>{var n=r(70111),a=Math.floor;e.exports=Number.isInteger||function(e){return!n(e)&&isFinite(e)&&a(e)===e}},70111:(e,t,r)=>{var n=r(60614);e.exports=function(e){return"object"==typeof e?null!==e:n(e)}},31913:e=>{e.exports=!1},47850:(e,t,r)=>{var n=r(70111),a=r(84326),o=r(5112)("match");e.exports=function(e){var t;return n(e)&&(void 0!==(t=e[o])?!!t:"RegExp"==a(e))}},52190:(e,t,r)=>{var n=r(35005),a=r(60614),o=r(47976),s=r(43307),i=Object;e.exports=s?function(e){return"symbol"==typeof e}:function(e){var t=n("Symbol");return a(t)&&o(t.prototype,i(e))}},20408:(e,t,r)=>{var n=r(49974),a=r(46916),o=r(19670),s=r(66330),i=r(97659),c=r(26244),l=r(47976),u=r(18554),f=r(71246),h=r(99212),d=TypeError,p=function(e,t){this.stopped=e,this.result=t},v=p.prototype;e.exports=function(e,t,r){var m,y,g,_,E,P,b,Z=r&&r.that,w=!(!r||!r.AS_ENTRIES),S=!(!r||!r.IS_ITERATOR),x=!(!r||!r.INTERRUPTED),O=n(t,Z),k=function(e){return m&&h(m,"normal",e),new p(!0,e)},R=function(e){return w?(o(e),x?O(e[0],e[1],k):O(e[0],e[1])):x?O(e,k):O(e)};if(S)m=e;else{if(!(y=f(e)))throw d(s(e)+" is not iterable");if(i(y)){for(g=0,_=c(e);_>g;g++)if((E=R(e[g]))&&l(v,E))return E;return new p(!1)}m=u(e,y)}for(P=m.next;!(b=a(P,m)).done;){try{E=R(b.value)}catch(e){h(m,"throw",e)}if("object"==typeof E&&E&&l(v,E))return E}return new p(!1)}},99212:(e,t,r)=>{var n=r(46916),a=r(19670),o=r(58173);e.exports=function(e,t,r){var s,i;a(e);try{if(!(s=o(e,"return"))){if("throw"===t)throw r;return r}s=n(s,e)}catch(e){i=!0,s=e}if("throw"===t)throw r;if(i)throw s;return a(s),r}},13383:(e,t,r)=>{"use strict";var n,a,o,s=r(47293),i=r(60614),c=r(70030),l=r(79518),u=r(98052),f=r(5112),h=r(31913),d=f("iterator"),p=!1;[].keys&&("next"in(o=[].keys())?(a=l(l(o)))!==Object.prototype&&(n=a):p=!0),null==n||s((function(){var e={};return n[d].call(e)!==e}))?n={}:h&&(n=c(n)),i(n[d])||u(n,d,(function(){return this})),e.exports={IteratorPrototype:n,BUGGY_SAFARI_ITERATORS:p}},97497:e=>{e.exports={}},26244:(e,t,r)=>{var n=r(17466);e.exports=function(e){return n(e.length)}},56339:(e,t,r)=>{var n=r(47293),a=r(60614),o=r(92597),s=r(19781),i=r(76530).CONFIGURABLE,c=r(42788),l=r(29909),u=l.enforce,f=l.get,h=Object.defineProperty,d=s&&!n((function(){return 8!==h((function(){}),"length",{value:8}).length})),p=String(String).split("String"),v=e.exports=function(e,t,r){"Symbol("===String(t).slice(0,7)&&(t="["+String(t).replace(/^Symbol\(([^)]*)\)/,"$1")+"]"),r&&r.getter&&(t="get "+t),r&&r.setter&&(t="set "+t),(!o(e,"name")||i&&e.name!==t)&&h(e,"name",{value:t,configurable:!0}),d&&r&&o(r,"arity")&&e.length!==r.arity&&h(e,"length",{value:r.arity});try{r&&o(r,"constructor")&&r.constructor?s&&h(e,"prototype",{writable:!1}):e.prototype&&(e.prototype=void 0)}catch(e){}var n=u(e);return o(n,"source")||(n.source=p.join("string"==typeof t?t:"")),e};Function.prototype.toString=v((function(){return a(this)&&f(this).source||c(this)}),"toString")},66736:e=>{var t=Math.expm1,r=Math.exp;e.exports=!t||t(10)>22025.465794806718||t(10)<22025.465794806718||-2e-17!=t(-2e-17)?function(e){var t=+e;return 0==t?t:t>-1e-6&&t<1e-6?t+t*t/2:r(t)-1}:t},26130:(e,t,r)=>{var n=r(64310),a=Math.abs,o=Math.pow,s=o(2,-52),i=o(2,-23),c=o(2,127)*(2-i),l=o(2,-126);e.exports=Math.fround||function(e){var t,r,o=+e,u=a(o),f=n(o);return u<l?f*function(e){return e+1/s-1/s}(u/l/i)*l*i:(r=(t=(1+i/s)*u)-(t-u))>c||r!=r?f*(1/0):f*r}},20403:e=>{var t=Math.log,r=Math.LOG10E;e.exports=Math.log10||function(e){return t(e)*r}},26513:e=>{var t=Math.log;e.exports=Math.log1p||function(e){var r=+e;return r>-1e-8&&r<1e-8?r-r*r/2:t(1+r)}},64310:e=>{e.exports=Math.sign||function(e){var t=+e;return 0==t||t!=t?t:t<0?-1:1}},74758:e=>{var t=Math.ceil,r=Math.floor;e.exports=Math.trunc||function(e){var n=+e;return(n>0?r:t)(n)}},95948:(e,t,r)=>{var n,a,o,s,i,c,l,u,f=r(17854),h=r(49974),d=r(31236).f,p=r(20261).set,v=r(6833),m=r(71528),y=r(71036),g=r(35268),_=f.MutationObserver||f.WebKitMutationObserver,E=f.document,P=f.process,b=f.Promise,Z=d(f,"queueMicrotask"),w=Z&&Z.value;w||(n=function(){var e,t;for(g&&(e=P.domain)&&e.exit();a;){t=a.fn,a=a.next;try{t()}catch(e){throw a?s():o=void 0,e}}o=void 0,e&&e.enter()},v||g||y||!_||!E?!m&&b&&b.resolve?((l=b.resolve(void 0)).constructor=b,u=h(l.then,l),s=function(){u(n)}):g?s=function(){P.nextTick(n)}:(p=h(p,f),s=function(){p(n)}):(i=!0,c=E.createTextNode(""),new _(n).observe(c,{characterData:!0}),s=function(){c.data=i=!i})),e.exports=w||function(e){var t={fn:e,next:void 0};o&&(o.next=t),a||(a=t,s()),o=t}},30735:(e,t,r)=>{var n=r(30133);e.exports=n&&!!Symbol.for&&!!Symbol.keyFor},30133:(e,t,r)=>{var n=r(7392),a=r(47293);e.exports=!!Object.getOwnPropertySymbols&&!a((function(){var e=Symbol();return!String(e)||!(Object(e)instanceof Symbol)||!Symbol.sham&&n&&n<41}))},590:(e,t,r)=>{var n=r(47293),a=r(5112),o=r(31913),s=a("iterator");e.exports=!n((function(){var e=new URL("b?a=1&b=2&c=3","http://a"),t=e.searchParams,r="";return e.pathname="c%20d",t.forEach((function(e,n){t.delete("b"),r+=n+e})),o&&!e.toJSON||!t.sort||"http://a/c%20d?a=1&c=3"!==e.href||"3"!==t.get("c")||"a=1"!==String(new URLSearchParams("?a=1"))||!t[s]||"a"!==new URL("https://a@b").username||"b"!==new URLSearchParams(new URLSearchParams("a=b")).get("a")||"xn--e1aybc"!==new URL("http://тест").host||"#%D0%B1"!==new URL("http://a#б").hash||"a1c3"!==r||"x"!==new URL("http://x",void 0).host}))},68536:(e,t,r)=>{var n=r(17854),a=r(60614),o=r(42788),s=n.WeakMap;e.exports=a(s)&&/native code/.test(o(s))},78523:(e,t,r)=>{"use strict";var n=r(19662),a=function(e){var t,r;this.promise=new e((function(e,n){if(void 0!==t||void 0!==r)throw TypeError("Bad Promise constructor");t=e,r=n})),this.resolve=n(t),this.reject=n(r)};e.exports.f=function(e){return new a(e)}},56277:(e,t,r)=>{var n=r(41340);e.exports=function(e,t){return void 0===e?arguments.length<2?"":t:n(e)}},3929:(e,t,r)=>{var n=r(47850),a=TypeError;e.exports=function(e){if(n(e))throw a("The method doesn't accept regular expressions");return e}},77023:(e,t,r)=>{var n=r(17854).isFinite;e.exports=Number.isFinite||function(e){return"number"==typeof e&&n(e)}},2814:(e,t,r)=>{var n=r(17854),a=r(47293),o=r(1702),s=r(41340),i=r(53111).trim,c=r(81361),l=o("".charAt),u=n.parseFloat,f=n.Symbol,h=f&&f.iterator,d=1/u(c+"-0")!=-1/0||h&&!a((function(){u(Object(h))}));e.exports=d?function(e){var t=i(s(e)),r=u(t);return 0===r&&"-"==l(t,0)?-0:r}:u},83009:(e,t,r)=>{var n=r(17854),a=r(47293),o=r(1702),s=r(41340),i=r(53111).trim,c=r(81361),l=n.parseInt,u=n.Symbol,f=u&&u.iterator,h=/^[+-]?0x/i,d=o(h.exec),p=8!==l(c+"08")||22!==l(c+"0x16")||f&&!a((function(){l(Object(f))}));e.exports=p?function(e,t){var r=i(s(e));return l(r,t>>>0||(d(h,r)?16:10))}:l},21574:(e,t,r)=>{"use strict";var n=r(19781),a=r(1702),o=r(46916),s=r(47293),i=r(81956),c=r(25181),l=r(55296),u=r(47908),f=r(68361),h=Object.assign,d=Object.defineProperty,p=a([].concat);e.exports=!h||s((function(){if(n&&1!==h({b:1},h(d({},"a",{enumerable:!0,get:function(){d(this,"b",{value:3,enumerable:!1})}}),{b:2})).b)return!0;var e={},t={},r=Symbol(),a="abcdefghijklmnopqrst";return e[r]=7,a.split("").forEach((function(e){t[e]=e})),7!=h({},e)[r]||i(h({},t)).join("")!=a}))?function(e,t){for(var r=u(e),a=arguments.length,s=1,h=c.f,d=l.f;a>s;)for(var v,m=f(arguments[s++]),y=h?p(i(m),h(m)):i(m),g=y.length,_=0;g>_;)v=y[_++],n&&!o(d,m,v)||(r[v]=m[v]);return r}:h},70030:(e,t,r)=>{var n,a=r(19670),o=r(36048),s=r(80748),i=r(3501),c=r(60490),l=r(80317),u=r(6200),f="prototype",h="script",d=u("IE_PROTO"),p=function(){},v=function(e){return"<"+h+">"+e+"</"+h+">"},m=function(e){e.write(v("")),e.close();var t=e.parentWindow.Object;return e=null,t},y=function(){try{n=new ActiveXObject("htmlfile")}catch(e){}var e,t,r;y="undefined"!=typeof document?document.domain&&n?m(n):(t=l("iframe"),r="java"+h+":",t.style.display="none",c.appendChild(t),t.src=String(r),(e=t.contentWindow.document).open(),e.write(v("document.F=Object")),e.close(),e.F):m(n);for(var a=s.length;a--;)delete y[f][s[a]];return y()};i[d]=!0,e.exports=Object.create||function(e,t){var r;return null!==e?(p[f]=a(e),r=new p,p[f]=null,r[d]=e):r=y(),void 0===t?r:o.f(r,t)}},36048:(e,t,r)=>{var n=r(19781),a=r(3353),o=r(3070),s=r(19670),i=r(45656),c=r(81956);t.f=n&&!a?Object.defineProperties:function(e,t){s(e);for(var r,n=i(t),a=c(t),l=a.length,u=0;l>u;)o.f(e,r=a[u++],n[r]);return e}},3070:(e,t,r)=>{var n=r(19781),a=r(64664),o=r(3353),s=r(19670),i=r(34948),c=TypeError,l=Object.defineProperty,u=Object.getOwnPropertyDescriptor,f="enumerable",h="configurable",d="writable";t.f=n?o?function(e,t,r){if(s(e),t=i(t),s(r),"function"==typeof e&&"prototype"===t&&"value"in r&&d in r&&!r[d]){var n=u(e,t);n&&n[d]&&(e[t]=r.value,r={configurable:h in r?r[h]:n[h],enumerable:f in r?r[f]:n[f],writable:!1})}return l(e,t,r)}:l:function(e,t,r){if(s(e),t=i(t),s(r),a)try{return l(e,t,r)}catch(e){}if("get"in r||"set"in r)throw c("Accessors not supported");return"value"in r&&(e[t]=r.value),e}},31236:(e,t,r)=>{var n=r(19781),a=r(46916),o=r(55296),s=r(79114),i=r(45656),c=r(34948),l=r(92597),u=r(64664),f=Object.getOwnPropertyDescriptor;t.f=n?f:function(e,t){if(e=i(e),t=c(t),u)try{return f(e,t)}catch(e){}if(l(e,t))return s(!a(o.f,e,t),e[t])}},1156:(e,t,r)=>{var n=r(84326),a=r(45656),o=r(8006).f,s=r(41589),i="object"==typeof window&&window&&Object.getOwnPropertyNames?Object.getOwnPropertyNames(window):[];e.exports.f=function(e){return i&&"Window"==n(e)?function(e){try{return o(e)}catch(e){return s(i)}}(e):o(a(e))}},8006:(e,t,r)=>{var n=r(16324),a=r(80748).concat("length","prototype");t.f=Object.getOwnPropertyNames||function(e){return n(e,a)}},25181:(e,t)=>{t.f=Object.getOwnPropertySymbols},79518:(e,t,r)=>{var n=r(92597),a=r(60614),o=r(47908),s=r(6200),i=r(49920),c=s("IE_PROTO"),l=Object,u=l.prototype;e.exports=i?l.getPrototypeOf:function(e){var t=o(e);if(n(t,c))return t[c];var r=t.constructor;return a(r)&&t instanceof r?r.prototype:t instanceof l?u:null}},52050:(e,t,r)=>{var n=r(47293),a=r(70111),o=r(84326),s=r(7556),i=Object.isExtensible,c=n((function(){i(1)}));e.exports=c||s?function(e){return!!a(e)&&(!s||"ArrayBuffer"!=o(e))&&(!i||i(e))}:i},47976:(e,t,r)=>{var n=r(1702);e.exports=n({}.isPrototypeOf)},16324:(e,t,r)=>{var n=r(1702),a=r(92597),o=r(45656),s=r(41318).indexOf,i=r(3501),c=n([].push);e.exports=function(e,t){var r,n=o(e),l=0,u=[];for(r in n)!a(i,r)&&a(n,r)&&c(u,r);for(;t.length>l;)a(n,r=t[l++])&&(~s(u,r)||c(u,r));return u}},81956:(e,t,r)=>{var n=r(16324),a=r(80748);e.exports=Object.keys||function(e){return n(e,a)}},55296:(e,t)=>{"use strict";var r={}.propertyIsEnumerable,n=Object.getOwnPropertyDescriptor,a=n&&!r.call({1:2},1);t.f=a?function(e){var t=n(this,e);return!!t&&t.enumerable}:r},69026:(e,t,r)=>{"use strict";var n=r(31913),a=r(17854),o=r(47293),s=r(98008);e.exports=n||!o((function(){if(!(s&&s<535)){var e=Math.random();__defineSetter__.call(null,e,(function(){})),delete a[e]}}))},27674:(e,t,r)=>{var n=r(1702),a=r(19670),o=r(96077);e.exports=Object.setPrototypeOf||("__proto__"in{}?function(){var e,t=!1,r={};try{(e=n(Object.getOwnPropertyDescriptor(Object.prototype,"__proto__").set))(r,[]),t=r instanceof Array}catch(e){}return function(r,n){return a(r),o(n),t?e(r,n):r.__proto__=n,r}}():void 0)},44699:(e,t,r)=>{var n=r(19781),a=r(1702),o=r(81956),s=r(45656),i=a(r(55296).f),c=a([].push),l=function(e){return function(t){for(var r,a=s(t),l=o(a),u=l.length,f=0,h=[];u>f;)r=l[f++],n&&!i(a,r)||c(h,e?[r,a[r]]:a[r]);return h}};e.exports={entries:l(!0),values:l(!1)}},90288:(e,t,r)=>{"use strict";var n=r(51694),a=r(70648);e.exports=n?{}.toString:function(){return"[object "+a(this)+"]"}},92140:(e,t,r)=>{var n=r(46916),a=r(60614),o=r(70111),s=TypeError;e.exports=function(e,t){var r,i;if("string"===t&&a(r=e.toString)&&!o(i=n(r,e)))return i;if(a(r=e.valueOf)&&!o(i=n(r,e)))return i;if("string"!==t&&a(r=e.toString)&&!o(i=n(r,e)))return i;throw s("Can't convert object to primitive value")}},53887:(e,t,r)=>{var n=r(35005),a=r(1702),o=r(8006),s=r(25181),i=r(19670),c=a([].concat);e.exports=n("Reflect","ownKeys")||function(e){var t=o.f(i(e)),r=s.f;return r?c(t,r(e)):t}},40857:(e,t,r)=>{var n=r(17854);e.exports=n},12534:e=>{e.exports=function(e){try{return{error:!1,value:e()}}catch(e){return{error:!0,value:e}}}},63702:(e,t,r)=>{var n=r(17854),a=r(2492),o=r(60614),s=r(54705),i=r(42788),c=r(5112),l=r(7871),u=r(31913),f=r(7392),h=a&&a.prototype,d=c("species"),p=!1,v=o(n.PromiseRejectionEvent),m=s("Promise",(function(){var e=i(a),t=e!==String(a);if(!t&&66===f)return!0;if(u&&(!h.catch||!h.finally))return!0;if(f>=51&&/native code/.test(e))return!1;var r=new a((function(e){e(1)})),n=function(e){e((function(){}),(function(){}))};return(r.constructor={})[d]=n,!(p=r.then((function(){}))instanceof n)||!t&&l&&!v}));e.exports={CONSTRUCTOR:m,REJECTION_EVENT:v,SUBCLASSING:p}},2492:(e,t,r)=>{var n=r(17854);e.exports=n.Promise},69478:(e,t,r)=>{var n=r(19670),a=r(70111),o=r(78523);e.exports=function(e,t){if(n(e),a(t)&&t.constructor===e)return t;var r=o.f(e);return(0,r.resolve)(t),r.promise}},80612:(e,t,r)=>{var n=r(2492),a=r(17072),o=r(63702).CONSTRUCTOR;e.exports=o||!a((function(e){n.all(e).then(void 0,(function(){}))}))},2626:(e,t,r)=>{var n=r(3070).f;e.exports=function(e,t,r){r in e||n(e,r,{configurable:!0,get:function(){return t[r]},set:function(e){t[r]=e}})}},18572:e=>{var t=function(){this.head=null,this.tail=null};t.prototype={add:function(e){var t={item:e,next:null};this.head?this.tail.next=t:this.head=t,this.tail=t},get:function(){var e=this.head;if(e)return this.head=e.next,this.tail===e&&(this.tail=null),e.item}},e.exports=t},97651:(e,t,r)=>{var n=r(46916),a=r(19670),o=r(60614),s=r(84326),i=r(22261),c=TypeError;e.exports=function(e,t){var r=e.exec;if(o(r)){var l=n(r,e,t);return null!==l&&a(l),l}if("RegExp"===s(e))return n(i,e,t);throw c("RegExp#exec called on incompatible receiver")}},22261:(e,t,r)=>{"use strict";var n,a,o=r(46916),s=r(1702),i=r(41340),c=r(67066),l=r(52999),u=r(72309),f=r(70030),h=r(29909).get,d=r(9441),p=r(38173),v=u("native-string-replace",String.prototype.replace),m=RegExp.prototype.exec,y=m,g=s("".charAt),_=s("".indexOf),E=s("".replace),P=s("".slice),b=(a=/b*/g,o(m,n=/a/,"a"),o(m,a,"a"),0!==n.lastIndex||0!==a.lastIndex),Z=l.BROKEN_CARET,w=void 0!==/()??/.exec("")[1];(b||w||Z||d||p)&&(y=function(e){var t,r,n,a,s,l,u,d=this,p=h(d),S=i(e),x=p.raw;if(x)return x.lastIndex=d.lastIndex,t=o(y,x,S),d.lastIndex=x.lastIndex,t;var O=p.groups,k=Z&&d.sticky,R=o(c,d),N=d.source,A=0,T=S;if(k&&(R=E(R,"y",""),-1===_(R,"g")&&(R+="g"),T=P(S,d.lastIndex),d.lastIndex>0&&(!d.multiline||d.multiline&&"\n"!==g(S,d.lastIndex-1))&&(N="(?: "+N+")",T=" "+T,A++),r=new RegExp("^(?:"+N+")",R)),w&&(r=new RegExp("^"+N+"$(?!\\s)",R)),b&&(n=d.lastIndex),a=o(m,k?r:d,T),k?a?(a.input=P(a.input,A),a[0]=P(a[0],A),a.index=d.lastIndex,d.lastIndex+=a[0].length):d.lastIndex=0:b&&a&&(d.lastIndex=d.global?a.index+a[0].length:n),w&&a&&a.length>1&&o(v,a[0],r,(function(){for(s=1;s<arguments.length-2;s++)void 0===arguments[s]&&(a[s]=void 0)})),a&&O)for(a.groups=l=f(null),s=0;s<O.length;s++)l[(u=O[s])[0]]=a[u[1]];return a}),e.exports=y},67066:(e,t,r)=>{"use strict";var n=r(19670);e.exports=function(){var e=n(this),t="";return e.hasIndices&&(t+="d"),e.global&&(t+="g"),e.ignoreCase&&(t+="i"),e.multiline&&(t+="m"),e.dotAll&&(t+="s"),e.unicode&&(t+="u"),e.sticky&&(t+="y"),t}},34706:(e,t,r)=>{var n=r(46916),a=r(92597),o=r(47976),s=r(67066),i=RegExp.prototype;e.exports=function(e){var t=e.flags;return void 0!==t||"flags"in i||a(e,"flags")||!o(i,e)?t:n(s,e)}},52999:(e,t,r)=>{var n=r(47293),a=r(17854).RegExp,o=n((function(){var e=a("a","y");return e.lastIndex=2,null!=e.exec("abcd")})),s=o||n((function(){return!a("a","y").sticky})),i=o||n((function(){var e=a("^r","gy");return e.lastIndex=2,null!=e.exec("str")}));e.exports={BROKEN_CARET:i,MISSED_STICKY:s,UNSUPPORTED_Y:o}},9441:(e,t,r)=>{var n=r(47293),a=r(17854).RegExp;e.exports=n((function(){var e=a(".","s");return!(e.dotAll&&e.exec("\n")&&"s"===e.flags)}))},38173:(e,t,r)=>{var n=r(47293),a=r(17854).RegExp;e.exports=n((function(){var e=a("(?<a>b)","g");return"b"!==e.exec("b").groups.a||"bc"!=="b".replace(e,"$<a>c")}))},84488:e=>{var t=TypeError;e.exports=function(e){if(null==e)throw t("Can't call method on "+e);return e}},81150:e=>{e.exports=Object.is||function(e,t){return e===t?0!==e||1/e==1/t:e!=e&&t!=t}},17152:(e,t,r)=>{var n=r(17854),a=r(22104),o=r(60614),s=r(88113),i=r(50206),c=r(48053),l=/MSIE .\./.test(s),u=n.Function,f=function(e){return l?function(t,r){var n=c(arguments.length,1)>2,s=o(t)?t:u(t),l=n?i(arguments,2):void 0;return e(n?function(){a(s,this,l)}:s,r)}:e};e.exports={setTimeout:f(n.setTimeout),setInterval:f(n.setInterval)}},96340:(e,t,r)=>{"use strict";var n=r(35005),a=r(3070),o=r(5112),s=r(19781),i=o("species");e.exports=function(e){var t=n(e),r=a.f;s&&t&&!t[i]&&r(t,i,{configurable:!0,get:function(){return this}})}},58003:(e,t,r)=>{var n=r(3070).f,a=r(92597),o=r(5112)("toStringTag");e.exports=function(e,t,r){e&&!r&&(e=e.prototype),e&&!a(e,o)&&n(e,o,{configurable:!0,value:t})}},6200:(e,t,r)=>{var n=r(72309),a=r(69711),o=n("keys");e.exports=function(e){return o[e]||(o[e]=a(e))}},5465:(e,t,r)=>{var n=r(17854),a=r(13072),o="__core-js_shared__",s=n[o]||a(o,{});e.exports=s},72309:(e,t,r)=>{var n=r(31913),a=r(5465);(e.exports=function(e,t){return a[e]||(a[e]=void 0!==t?t:{})})("versions",[]).push({version:"3.22.8",mode:n?"pure":"global",copyright:"© 2014-2022 Denis Pushkarev (zloirock.ru)",license:"https://github.com/zloirock/core-js/blob/v3.22.8/LICENSE",source:"https://github.com/zloirock/core-js"})},36707:(e,t,r)=>{var n=r(19670),a=r(39483),o=r(5112)("species");e.exports=function(e,t){var r,s=n(e).constructor;return void 0===s||null==(r=n(s)[o])?t:a(r)}},43429:(e,t,r)=>{var n=r(47293);e.exports=function(e){return n((function(){var t=""[e]('"');return t!==t.toLowerCase()||t.split('"').length>3}))}},28710:(e,t,r)=>{var n=r(1702),a=r(19303),o=r(41340),s=r(84488),i=n("".charAt),c=n("".charCodeAt),l=n("".slice),u=function(e){return function(t,r){var n,u,f=o(s(t)),h=a(r),d=f.length;return h<0||h>=d?e?"":void 0:(n=c(f,h))<55296||n>56319||h+1===d||(u=c(f,h+1))<56320||u>57343?e?i(f,h):n:e?l(f,h,h+2):u-56320+(n-55296<<10)+65536}};e.exports={codeAt:u(!1),charAt:u(!0)}},54986:(e,t,r)=>{var n=r(88113);e.exports=/Version\/10(?:\.\d+){1,2}(?: [\w./]+)?(?: Mobile\/\w+)? Safari\//.test(n)},76650:(e,t,r)=>{var n=r(1702),a=r(17466),o=r(41340),s=r(38415),i=r(84488),c=n(s),l=n("".slice),u=Math.ceil,f=function(e){return function(t,r,n){var s,f,h=o(i(t)),d=a(r),p=h.length,v=void 0===n?" ":o(n);return d<=p||""==v?h:((f=c(v,u((s=d-p)/v.length))).length>s&&(f=l(f,0,s)),e?h+f:f+h)}};e.exports={start:f(!1),end:f(!0)}},33197:(e,t,r)=>{"use strict";var n=r(1702),a=2147483647,o=/[^\0-\u007E]/,s=/[.\u3002\uFF0E\uFF61]/g,i="Overflow: input needs wider integers to process",c=RangeError,l=n(s.exec),u=Math.floor,f=String.fromCharCode,h=n("".charCodeAt),d=n([].join),p=n([].push),v=n("".replace),m=n("".split),y=n("".toLowerCase),g=function(e){return e+22+75*(e<26)},_=function(e,t,r){var n=0;for(e=r?u(e/700):e>>1,e+=u(e/t);e>455;)e=u(e/35),n+=36;return u(n+36*e/(e+38))},E=function(e){var t=[];e=function(e){for(var t=[],r=0,n=e.length;r<n;){var a=h(e,r++);if(a>=55296&&a<=56319&&r<n){var o=h(e,r++);56320==(64512&o)?p(t,((1023&a)<<10)+(1023&o)+65536):(p(t,a),r--)}else p(t,a)}return t}(e);var r,n,o=e.length,s=128,l=0,v=72;for(r=0;r<e.length;r++)(n=e[r])<128&&p(t,f(n));var m=t.length,y=m;for(m&&p(t,"-");y<o;){var E=a;for(r=0;r<e.length;r++)(n=e[r])>=s&&n<E&&(E=n);var P=y+1;if(E-s>u((a-l)/P))throw c(i);for(l+=(E-s)*P,s=E,r=0;r<e.length;r++){if((n=e[r])<s&&++l>a)throw c(i);if(n==s){for(var b=l,Z=36;;){var w=Z<=v?1:Z>=v+26?26:Z-v;if(b<w)break;var S=b-w,x=36-w;p(t,f(g(w+S%x))),b=u(S/x),Z+=36}p(t,f(g(b))),v=_(l,P,y==m),l=0,y++}}l++,s++}return d(t,"")};e.exports=function(e){var t,r,n=[],a=m(v(y(e),s,"."),".");for(t=0;t<a.length;t++)r=a[t],p(n,l(o,r)?"xn--"+E(r):r);return d(n,".")}},38415:(e,t,r)=>{"use strict";var n=r(19303),a=r(41340),o=r(84488),s=RangeError;e.exports=function(e){var t=a(o(this)),r="",i=n(e);if(i<0||i==1/0)throw s("Wrong number of repetitions");for(;i>0;(i>>>=1)&&(t+=t))1&i&&(r+=t);return r}},10365:(e,t,r)=>{"use strict";var n=r(53111).end,a=r(76091);e.exports=a("trimEnd")?function(){return n(this)}:"".trimEnd},76091:(e,t,r)=>{var n=r(76530).PROPER,a=r(47293),o=r(81361);e.exports=function(e){return a((function(){return!!o[e]()||"​…"!=="​…"[e]()||n&&o[e].name!==e}))}},33217:(e,t,r)=>{"use strict";var n=r(53111).start,a=r(76091);e.exports=a("trimStart")?function(){return n(this)}:"".trimStart},53111:(e,t,r)=>{var n=r(1702),a=r(84488),o=r(41340),s=r(81361),i=n("".replace),c="["+s+"]",l=RegExp("^"+c+c+"*"),u=RegExp(c+c+"*$"),f=function(e){return function(t){var r=o(a(t));return 1&e&&(r=i(r,l,"")),2&e&&(r=i(r,u,"")),r}};e.exports={start:f(1),end:f(2),trim:f(3)}},56532:(e,t,r)=>{var n=r(46916),a=r(35005),o=r(5112),s=r(98052);e.exports=function(){var e=a("Symbol"),t=e&&e.prototype,r=t&&t.valueOf,i=o("toPrimitive");t&&!t[i]&&s(t,i,(function(e){return n(r,this)}),{arity:1})}},20261:(e,t,r)=>{var n,a,o,s,i=r(17854),c=r(22104),l=r(49974),u=r(60614),f=r(92597),h=r(47293),d=r(60490),p=r(50206),v=r(80317),m=r(48053),y=r(6833),g=r(35268),_=i.setImmediate,E=i.clearImmediate,P=i.process,b=i.Dispatch,Z=i.Function,w=i.MessageChannel,S=i.String,x=0,O={},k="onreadystatechange";try{n=i.location}catch(e){}var R=function(e){if(f(O,e)){var t=O[e];delete O[e],t()}},N=function(e){return function(){R(e)}},A=function(e){R(e.data)},T=function(e){i.postMessage(S(e),n.protocol+"//"+n.host)};_&&E||(_=function(e){m(arguments.length,1);var t=u(e)?e:Z(e),r=p(arguments,1);return O[++x]=function(){c(t,void 0,r)},a(x),x},E=function(e){delete O[e]},g?a=function(e){P.nextTick(N(e))}:b&&b.now?a=function(e){b.now(N(e))}:w&&!y?(s=(o=new w).port2,o.port1.onmessage=A,a=l(s.postMessage,s)):i.addEventListener&&u(i.postMessage)&&!i.importScripts&&n&&"file:"!==n.protocol&&!h(T)?(a=T,i.addEventListener("message",A,!1)):a=k in v("script")?function(e){d.appendChild(v("script"))[k]=function(){d.removeChild(this),R(e)}}:function(e){setTimeout(N(e),0)}),e.exports={set:_,clear:E}},50863:(e,t,r)=>{var n=r(1702);e.exports=n(1..valueOf)},51400:(e,t,r)=>{var n=r(19303),a=Math.max,o=Math.min;e.exports=function(e,t){var r=n(e);return r<0?a(r+t,0):o(r,t)}},64599:(e,t,r)=>{var n=r(57593),a=TypeError;e.exports=function(e){var t=n(e,"number");if("number"==typeof t)throw a("Can't convert number to bigint");return BigInt(t)}},57067:(e,t,r)=>{var n=r(19303),a=r(17466),o=RangeError;e.exports=function(e){if(void 0===e)return 0;var t=n(e),r=a(t);if(t!==r)throw o("Wrong length or index");return r}},45656:(e,t,r)=>{var n=r(68361),a=r(84488);e.exports=function(e){return n(a(e))}},19303:(e,t,r)=>{var n=r(74758);e.exports=function(e){var t=+e;return t!=t||0===t?0:n(t)}},17466:(e,t,r)=>{var n=r(19303),a=Math.min;e.exports=function(e){return e>0?a(n(e),9007199254740991):0}},47908:(e,t,r)=>{var n=r(84488),a=Object;e.exports=function(e){return a(n(e))}},84590:(e,t,r)=>{var n=r(73002),a=RangeError;e.exports=function(e,t){var r=n(e);if(r%t)throw a("Wrong offset");return r}},73002:(e,t,r)=>{var n=r(19303),a=RangeError;e.exports=function(e){var t=n(e);if(t<0)throw a("The argument can't be less than 0");return t}},57593:(e,t,r)=>{var n=r(46916),a=r(70111),o=r(52190),s=r(58173),i=r(92140),c=r(5112),l=TypeError,u=c("toPrimitive");e.exports=function(e,t){if(!a(e)||o(e))return e;var r,c=s(e,u);if(c){if(void 0===t&&(t="default"),r=n(c,e,t),!a(r)||o(r))return r;throw l("Can't convert object to primitive value")}return void 0===t&&(t="number"),i(e,t)}},34948:(e,t,r)=>{var n=r(57593),a=r(52190);e.exports=function(e){var t=n(e,"string");return a(t)?t:t+""}},51694:(e,t,r)=>{var n={};n[r(5112)("toStringTag")]="z",e.exports="[object z]"===String(n)},41340:(e,t,r)=>{var n=r(70648),a=String;e.exports=function(e){if("Symbol"===n(e))throw TypeError("Cannot convert a Symbol value to a string");return a(e)}},44038:(e,t,r)=>{var n=r(35268);e.exports=function(e){try{if(n)return Function('return require("'+e+'")')()}catch(e){}}},66330:e=>{var t=String;e.exports=function(e){try{return t(e)}catch(e){return"Object"}}},19843:(e,t,r)=>{"use strict";var n=r(82109),a=r(17854),o=r(46916),s=r(19781),i=r(63832),c=r(90260),l=r(13331),u=r(25787),f=r(79114),h=r(68880),d=r(55988),p=r(17466),v=r(57067),m=r(84590),y=r(34948),g=r(92597),_=r(70648),E=r(70111),P=r(52190),b=r(70030),Z=r(47976),w=r(27674),S=r(8006).f,x=r(97321),O=r(42092).forEach,k=r(96340),R=r(3070),N=r(31236),A=r(29909),T=r(79587),C=A.get,I=A.set,j=R.f,M=N.f,B=Math.round,U=a.RangeError,L=l.ArrayBuffer,D=L.prototype,F=l.DataView,z=c.NATIVE_ARRAY_BUFFER_VIEWS,q=c.TYPED_ARRAY_CONSTRUCTOR,W=c.TYPED_ARRAY_TAG,H=c.TypedArray,G=c.TypedArrayPrototype,V=c.aTypedArrayConstructor,Y=c.isTypedArray,K="BYTES_PER_ELEMENT",X="Wrong length",$=function(e,t){V(e);for(var r=0,n=t.length,a=new e(n);n>r;)a[r]=t[r++];return a},Q=function(e,t){j(e,t,{get:function(){return C(this)[t]}})},J=function(e){var t;return Z(D,e)||"ArrayBuffer"==(t=_(e))||"SharedArrayBuffer"==t},ee=function(e,t){return Y(e)&&!P(t)&&t in e&&d(+t)&&t>=0},te=function(e,t){return t=y(t),ee(e,t)?f(2,e[t]):M(e,t)},re=function(e,t,r){return t=y(t),!(ee(e,t)&&E(r)&&g(r,"value"))||g(r,"get")||g(r,"set")||r.configurable||g(r,"writable")&&!r.writable||g(r,"enumerable")&&!r.enumerable?j(e,t,r):(e[t]=r.value,e)};s?(z||(N.f=te,R.f=re,Q(G,"buffer"),Q(G,"byteOffset"),Q(G,"byteLength"),Q(G,"length")),n({target:"Object",stat:!0,forced:!z},{getOwnPropertyDescriptor:te,defineProperty:re}),e.exports=function(e,t,r){var s=e.match(/\d+$/)[0]/8,c=e+(r?"Clamped":"")+"Array",l="get"+e,f="set"+e,d=a[c],y=d,g=y&&y.prototype,_={},P=function(e,t){j(e,t,{get:function(){return function(e,t){var r=C(e);return r.view[l](t*s+r.byteOffset,!0)}(this,t)},set:function(e){return function(e,t,n){var a=C(e);r&&(n=(n=B(n))<0?0:n>255?255:255&n),a.view[f](t*s+a.byteOffset,n,!0)}(this,t,e)},enumerable:!0})};z?i&&(y=t((function(e,t,r,n){return u(e,g),T(E(t)?J(t)?void 0!==n?new d(t,m(r,s),n):void 0!==r?new d(t,m(r,s)):new d(t):Y(t)?$(y,t):o(x,y,t):new d(v(t)),e,y)})),w&&w(y,H),O(S(d),(function(e){e in y||h(y,e,d[e])})),y.prototype=g):(y=t((function(e,t,r,n){u(e,g);var a,i,c,l=0,f=0;if(E(t)){if(!J(t))return Y(t)?$(y,t):o(x,y,t);a=t,f=m(r,s);var h=t.byteLength;if(void 0===n){if(h%s)throw U(X);if((i=h-f)<0)throw U(X)}else if((i=p(n)*s)+f>h)throw U(X);c=i/s}else c=v(t),a=new L(i=c*s);for(I(e,{buffer:a,byteOffset:f,byteLength:i,length:c,view:new F(a)});l<c;)P(e,l++)})),w&&w(y,H),g=y.prototype=b(G)),g.constructor!==y&&h(g,"constructor",y),h(g,q,y),W&&h(g,W,c);var Z=y!=d;_[c]=y,n({global:!0,constructor:!0,forced:Z,sham:!z},_),K in y||h(y,K,s),K in g||h(g,K,s),k(c)}):e.exports=function(){}},63832:(e,t,r)=>{var n=r(17854),a=r(47293),o=r(17072),s=r(90260).NATIVE_ARRAY_BUFFER_VIEWS,i=n.ArrayBuffer,c=n.Int8Array;e.exports=!s||!a((function(){c(1)}))||!a((function(){new c(-1)}))||!o((function(e){new c,new c(null),new c(1.5),new c(e)}),!0)||a((function(){return 1!==new c(new i(2),1,void 0).length}))},43074:(e,t,r)=>{var n=r(97745),a=r(66304);e.exports=function(e,t){return n(a(e),t)}},97321:(e,t,r)=>{var n=r(49974),a=r(46916),o=r(39483),s=r(47908),i=r(26244),c=r(18554),l=r(71246),u=r(97659),f=r(90260).aTypedArrayConstructor;e.exports=function(e){var t,r,h,d,p,v,m=o(this),y=s(e),g=arguments.length,_=g>1?arguments[1]:void 0,E=void 0!==_,P=l(y);if(P&&!u(P))for(v=(p=c(y,P)).next,y=[];!(d=a(v,p)).done;)y.push(d.value);for(E&&g>2&&(_=n(_,arguments[2])),r=i(y),h=new(f(m))(r),t=0;r>t;t++)h[t]=E?_(y[t],t):y[t];return h}},66304:(e,t,r)=>{var n=r(90260),a=r(36707),o=n.TYPED_ARRAY_CONSTRUCTOR,s=n.aTypedArrayConstructor;e.exports=function(e){return s(a(e,e[o]))}},69711:(e,t,r)=>{var n=r(1702),a=0,o=Math.random(),s=n(1..toString);e.exports=function(e){return"Symbol("+(void 0===e?"":e)+")_"+s(++a+o,36)}},43307:(e,t,r)=>{var n=r(30133);e.exports=n&&!Symbol.sham&&"symbol"==typeof Symbol.iterator},3353:(e,t,r)=>{var n=r(19781),a=r(47293);e.exports=n&&a((function(){return 42!=Object.defineProperty((function(){}),"prototype",{value:42,writable:!1}).prototype}))},48053:e=>{var t=TypeError;e.exports=function(e,r){if(e<r)throw t("Not enough arguments");return e}},6061:(e,t,r)=>{var n=r(5112);t.f=n},5112:(e,t,r)=>{var n=r(17854),a=r(72309),o=r(92597),s=r(69711),i=r(30133),c=r(43307),l=a("wks"),u=n.Symbol,f=u&&u.for,h=c?u:u&&u.withoutSetter||s;e.exports=function(e){if(!o(l,e)||!i&&"string"!=typeof l[e]){var t="Symbol."+e;i&&o(u,e)?l[e]=u[e]:l[e]=c&&f?f(t):h(t)}return l[e]}},81361:e=>{e.exports="\t\n\v\f\r                　\u2028\u2029\ufeff"},89191:(e,t,r)=>{"use strict";var n=r(35005),a=r(92597),o=r(68880),s=r(47976),i=r(27674),c=r(99920),l=r(2626),u=r(79587),f=r(56277),h=r(58340),d=r(77741),p=r(22914),v=r(19781),m=r(31913);e.exports=function(e,t,r,y){var g="stackTraceLimit",_=y?2:1,E=e.split("."),P=E[E.length-1],b=n.apply(null,E);if(b){var Z=b.prototype;if(!m&&a(Z,"cause")&&delete Z.cause,!r)return b;var w=n("Error"),S=t((function(e,t){var r=f(y?t:e,void 0),n=y?new b(e):new b;return void 0!==r&&o(n,"message",r),p&&o(n,"stack",d(n.stack,2)),this&&s(Z,this)&&u(n,this,S),arguments.length>_&&h(n,arguments[_]),n}));if(S.prototype=Z,"Error"!==P?i?i(S,w):c(S,w,{name:!0}):v&&g in b&&(l(S,b,g),l(S,b,"prepareStackTrace")),c(S,b),!m)try{Z.name!==P&&o(Z,"name",P),Z.constructor=S}catch(e){}return S}}},32120:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(22104),s=r(47293),i=r(89191),c="AggregateError",l=a(c),u=!s((function(){return 1!==l([1]).errors[0]}))&&s((function(){return 7!==l([1],c,{cause:7}).cause}));n({global:!0,constructor:!0,arity:2,forced:u},{AggregateError:i(c,(function(e){return function(t,r){return o(e,this,arguments)}}),u,!0)})},56967:(e,t,r)=>{"use strict";var n=r(82109),a=r(47976),o=r(79518),s=r(27674),i=r(99920),c=r(70030),l=r(68880),u=r(79114),f=r(77741),h=r(58340),d=r(20408),p=r(56277),v=r(5112),m=r(22914),y=v("toStringTag"),g=Error,_=[].push,E=function(e,t){var r,n=arguments.length>2?arguments[2]:void 0,i=a(P,this);s?r=s(new g,i?o(this):P):(r=i?this:c(P),l(r,y,"Error")),void 0!==t&&l(r,"message",p(t)),m&&l(r,"stack",f(r.stack,1)),h(r,n);var u=[];return d(e,_,{that:u}),l(r,"errors",u),r};s?s(E,g):i(E,g,{name:!0});var P=E.prototype=c(g.prototype,{constructor:u(1,E),message:u(1,""),name:u(1,"AggregateError")});n({global:!0,constructor:!0,arity:2},{AggregateError:E})},9170:(e,t,r)=>{r(56967)},18264:(e,t,r)=>{"use strict";var n=r(82109),a=r(17854),o=r(13331),s=r(96340),i="ArrayBuffer",c=o[i];n({global:!0,constructor:!0,forced:a[i]!==c},{ArrayBuffer:c}),s(i)},76938:(e,t,r)=>{var n=r(82109),a=r(90260);n({target:"ArrayBuffer",stat:!0,forced:!a.NATIVE_ARRAY_BUFFER_VIEWS},{isView:a.isView})},39575:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(47293),s=r(13331),i=r(19670),c=r(51400),l=r(17466),u=r(36707),f=s.ArrayBuffer,h=s.DataView,d=h.prototype,p=a(f.prototype.slice),v=a(d.getUint8),m=a(d.setUint8);n({target:"ArrayBuffer",proto:!0,unsafe:!0,forced:o((function(){return!new f(2).slice(1,void 0).byteLength}))},{slice:function(e,t){if(p&&void 0===t)return p(i(this),e);for(var r=i(this).byteLength,n=c(e,r),a=c(void 0===t?r:t,r),o=new(u(this,f))(l(a-n)),s=new h(this),d=new h(o),y=0;n<a;)m(d,y++,v(s,n++));return o}})},52262:(e,t,r)=>{"use strict";var n=r(82109),a=r(47908),o=r(26244),s=r(19303),i=r(51223);n({target:"Array",proto:!0},{at:function(e){var t=a(this),r=o(t),n=s(e),i=n>=0?n:r+n;return i<0||i>=r?void 0:t[i]}}),i("at")},92222:(e,t,r)=>{"use strict";var n=r(82109),a=r(47293),o=r(43157),s=r(70111),i=r(47908),c=r(26244),l=r(7207),u=r(86135),f=r(65417),h=r(81194),d=r(5112),p=r(7392),v=d("isConcatSpreadable"),m=p>=51||!a((function(){var e=[];return e[v]=!1,e.concat()[0]!==e})),y=h("concat"),g=function(e){if(!s(e))return!1;var t=e[v];return void 0!==t?!!t:o(e)};n({target:"Array",proto:!0,arity:1,forced:!m||!y},{concat:function(e){var t,r,n,a,o,s=i(this),h=f(s,0),d=0;for(t=-1,n=arguments.length;t<n;t++)if(g(o=-1===t?s:arguments[t]))for(a=c(o),l(d+a),r=0;r<a;r++,d++)r in o&&u(h,d,o[r]);else l(d+1),u(h,d++,o);return h.length=d,h}})},50545:(e,t,r)=>{var n=r(82109),a=r(1048),o=r(51223);n({target:"Array",proto:!0},{copyWithin:a}),o("copyWithin")},26541:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).every;n({target:"Array",proto:!0,forced:!r(9341)("every")},{every:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},43290:(e,t,r)=>{var n=r(82109),a=r(21285),o=r(51223);n({target:"Array",proto:!0},{fill:a}),o("fill")},57327:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).filter;n({target:"Array",proto:!0,forced:!r(81194)("filter")},{filter:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},34553:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).findIndex,o=r(51223),s="findIndex",i=!0;s in[]&&Array(1)[s]((function(){i=!1})),n({target:"Array",proto:!0,forced:i},{findIndex:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}}),o(s)},69826:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).find,o=r(51223),s="find",i=!0;s in[]&&Array(1)[s]((function(){i=!1})),n({target:"Array",proto:!0,forced:i},{find:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}}),o(s)},86535:(e,t,r)=>{"use strict";var n=r(82109),a=r(6790),o=r(19662),s=r(47908),i=r(26244),c=r(65417);n({target:"Array",proto:!0},{flatMap:function(e){var t,r=s(this),n=i(r);return o(e),(t=c(r,0)).length=a(t,r,r,n,0,1,e,arguments.length>1?arguments[1]:void 0),t}})},84944:(e,t,r)=>{"use strict";var n=r(82109),a=r(6790),o=r(47908),s=r(26244),i=r(19303),c=r(65417);n({target:"Array",proto:!0},{flat:function(){var e=arguments.length?arguments[0]:void 0,t=o(this),r=s(t),n=c(t,0);return n.length=a(n,t,t,r,0,void 0===e?1:i(e)),n}})},89554:(e,t,r)=>{"use strict";var n=r(82109),a=r(18533);n({target:"Array",proto:!0,forced:[].forEach!=a},{forEach:a})},91038:(e,t,r)=>{var n=r(82109),a=r(48457);n({target:"Array",stat:!0,forced:!r(17072)((function(e){Array.from(e)}))},{from:a})},26699:(e,t,r)=>{"use strict";var n=r(82109),a=r(41318).includes,o=r(47293),s=r(51223);n({target:"Array",proto:!0,forced:o((function(){return!Array(1).includes()}))},{includes:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}}),s("includes")},82772:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(41318).indexOf,s=r(9341),i=a([].indexOf),c=!!i&&1/i([1],1,-0)<0,l=s("indexOf");n({target:"Array",proto:!0,forced:c||!l},{indexOf:function(e){var t=arguments.length>1?arguments[1]:void 0;return c?i(this,e,t)||0:o(this,e,t)}})},79753:(e,t,r)=>{r(82109)({target:"Array",stat:!0},{isArray:r(43157)})},66992:(e,t,r)=>{"use strict";var n=r(45656),a=r(51223),o=r(97497),s=r(29909),i=r(3070).f,c=r(70654),l=r(31913),u=r(19781),f="Array Iterator",h=s.set,d=s.getterFor(f);e.exports=c(Array,"Array",(function(e,t){h(this,{type:f,target:n(e),index:0,kind:t})}),(function(){var e=d(this),t=e.target,r=e.kind,n=e.index++;return!t||n>=t.length?(e.target=void 0,{value:void 0,done:!0}):"keys"==r?{value:n,done:!1}:"values"==r?{value:t[n],done:!1}:{value:[n,t[n]],done:!1}}),"values");var p=o.Arguments=o.Array;if(a("keys"),a("values"),a("entries"),!l&&u&&"values"!==p.name)try{i(p,"name",{value:"values"})}catch(e){}},69600:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(68361),s=r(45656),i=r(9341),c=a([].join),l=o!=Object,u=i("join",",");n({target:"Array",proto:!0,forced:l||!u},{join:function(e){return c(s(this),void 0===e?",":e)}})},94986:(e,t,r)=>{var n=r(82109),a=r(86583);n({target:"Array",proto:!0,forced:a!==[].lastIndexOf},{lastIndexOf:a})},21249:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).map;n({target:"Array",proto:!0,forced:!r(81194)("map")},{map:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},26572:(e,t,r)=>{"use strict";var n=r(82109),a=r(47293),o=r(4411),s=r(86135),i=Array;n({target:"Array",stat:!0,forced:a((function(){function e(){}return!(i.of.call(e)instanceof e)}))},{of:function(){for(var e=0,t=arguments.length,r=new(o(this)?this:i)(t);t>e;)s(r,e,arguments[e++]);return r.length=t,r}})},96644:(e,t,r)=>{"use strict";var n=r(82109),a=r(53671).right,o=r(9341),s=r(7392),i=r(35268);n({target:"Array",proto:!0,forced:!o("reduceRight")||!i&&s>79&&s<83},{reduceRight:function(e){return a(this,e,arguments.length,arguments.length>1?arguments[1]:void 0)}})},85827:(e,t,r)=>{"use strict";var n=r(82109),a=r(53671).left,o=r(9341),s=r(7392),i=r(35268);n({target:"Array",proto:!0,forced:!o("reduce")||!i&&s>79&&s<83},{reduce:function(e){var t=arguments.length;return a(this,e,t,t>1?arguments[1]:void 0)}})},65069:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(43157),s=a([].reverse),i=[1,2];n({target:"Array",proto:!0,forced:String(i)===String(i.reverse())},{reverse:function(){return o(this)&&(this.length=this.length),s(this)}})},47042:(e,t,r)=>{"use strict";var n=r(82109),a=r(43157),o=r(4411),s=r(70111),i=r(51400),c=r(26244),l=r(45656),u=r(86135),f=r(5112),h=r(81194),d=r(50206),p=h("slice"),v=f("species"),m=Array,y=Math.max;n({target:"Array",proto:!0,forced:!p},{slice:function(e,t){var r,n,f,h=l(this),p=c(h),g=i(e,p),_=i(void 0===t?p:t,p);if(a(h)&&(r=h.constructor,(o(r)&&(r===m||a(r.prototype))||s(r)&&null===(r=r[v]))&&(r=void 0),r===m||void 0===r))return d(h,g,_);for(n=new(void 0===r?m:r)(y(_-g,0)),f=0;g<_;g++,f++)g in h&&u(n,f,h[g]);return n.length=f,n}})},5212:(e,t,r)=>{"use strict";var n=r(82109),a=r(42092).some;n({target:"Array",proto:!0,forced:!r(9341)("some")},{some:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},2707:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(19662),s=r(47908),i=r(26244),c=r(85117),l=r(41340),u=r(47293),f=r(94362),h=r(9341),d=r(68886),p=r(30256),v=r(7392),m=r(98008),y=[],g=a(y.sort),_=a(y.push),E=u((function(){y.sort(void 0)})),P=u((function(){y.sort(null)})),b=h("sort"),Z=!u((function(){if(v)return v<70;if(!(d&&d>3)){if(p)return!0;if(m)return m<603;var e,t,r,n,a="";for(e=65;e<76;e++){switch(t=String.fromCharCode(e),e){case 66:case 69:case 70:case 72:r=3;break;case 68:case 71:r=4;break;default:r=2}for(n=0;n<47;n++)y.push({k:t+n,v:r})}for(y.sort((function(e,t){return t.v-e.v})),n=0;n<y.length;n++)t=y[n].k.charAt(0),a.charAt(a.length-1)!==t&&(a+=t);return"DGBEFHACIJK"!==a}}));n({target:"Array",proto:!0,forced:E||!P||!b||!Z},{sort:function(e){void 0!==e&&o(e);var t=s(this);if(Z)return void 0===e?g(t):g(t,e);var r,n,a=[],u=i(t);for(n=0;n<u;n++)n in t&&_(a,t[n]);for(f(a,function(e){return function(t,r){return void 0===r?-1:void 0===t?1:void 0!==e?+e(t,r)||0:l(t)>l(r)?1:-1}}(e)),r=a.length,n=0;n<r;)t[n]=a[n++];for(;n<u;)c(t,n++);return t}})},38706:(e,t,r)=>{r(96340)("Array")},40561:(e,t,r)=>{"use strict";var n=r(82109),a=r(47908),o=r(51400),s=r(19303),i=r(26244),c=r(7207),l=r(65417),u=r(86135),f=r(85117),h=r(81194)("splice"),d=Math.max,p=Math.min;n({target:"Array",proto:!0,forced:!h},{splice:function(e,t){var r,n,h,v,m,y,g=a(this),_=i(g),E=o(e,_),P=arguments.length;for(0===P?r=n=0:1===P?(r=0,n=_-E):(r=P-2,n=p(d(s(t),0),_-E)),c(_+r-n),h=l(g,n),v=0;v<n;v++)(m=E+v)in g&&u(h,v,g[m]);if(h.length=n,r<n){for(v=E;v<_-n;v++)y=v+r,(m=v+n)in g?g[y]=g[m]:f(g,y);for(v=_;v>_-n+r;v--)f(g,v-1)}else if(r>n)for(v=_-n;v>E;v--)y=v+r-1,(m=v+n-1)in g?g[y]=g[m]:f(g,y);for(v=0;v<r;v++)g[v+E]=arguments[v+2];return g.length=_-n+r,h}})},99244:(e,t,r)=>{r(51223)("flatMap")},33792:(e,t,r)=>{r(51223)("flat")},3690:(e,t,r)=>{var n=r(82109),a=r(13331);n({global:!0,constructor:!0,forced:!r(24019)},{DataView:a.DataView})},16716:(e,t,r)=>{r(3690)},43016:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(47293)((function(){return 120!==new Date(16e11).getYear()})),s=a(Date.prototype.getFullYear);n({target:"Date",proto:!0,forced:o},{getYear:function(){return s(this)-1900}})},3843:(e,t,r)=>{var n=r(82109),a=r(1702),o=Date,s=a(o.prototype.getTime);n({target:"Date",stat:!0},{now:function(){return s(new o)}})},81801:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(19303),s=Date.prototype,i=a(s.getTime),c=a(s.setFullYear);n({target:"Date",proto:!0},{setYear:function(e){i(this);var t=o(e);return c(this,0<=t&&t<=99?t+1900:t)}})},9550:(e,t,r)=>{r(82109)({target:"Date",proto:!0},{toGMTString:Date.prototype.toUTCString})},28733:(e,t,r)=>{var n=r(82109),a=r(85573);n({target:"Date",proto:!0,forced:Date.prototype.toISOString!==a},{toISOString:a})},5735:(e,t,r)=>{"use strict";var n=r(82109),a=r(47293),o=r(47908),s=r(57593);n({target:"Date",proto:!0,arity:1,forced:a((function(){return null!==new Date(NaN).toJSON()||1!==Date.prototype.toJSON.call({toISOString:function(){return 1}})}))},{toJSON:function(e){var t=o(this),r=s(t,"number");return"number"!=typeof r||isFinite(r)?t.toISOString():null}})},96078:(e,t,r)=>{var n=r(92597),a=r(98052),o=r(38709),s=r(5112)("toPrimitive"),i=Date.prototype;n(i,s)||a(i,s,o)},83710:(e,t,r)=>{var n=r(1702),a=r(98052),o=Date.prototype,s="Invalid Date",i="toString",c=n(o[i]),l=n(o.getTime);String(new Date(NaN))!=s&&a(o,i,(function(){var e=l(this);return e==e?c(this):s}))},21703:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(22104),s=r(89191),i="WebAssembly",c=a[i],l=7!==Error("e",{cause:7}).cause,u=function(e,t){var r={};r[e]=s(e,t,l),n({global:!0,constructor:!0,arity:1,forced:l},r)},f=function(e,t){if(c&&c[e]){var r={};r[e]=s(i+"."+e,t,l),n({target:i,stat:!0,constructor:!0,arity:1,forced:l},r)}};u("Error",(function(e){return function(t){return o(e,this,arguments)}})),u("EvalError",(function(e){return function(t){return o(e,this,arguments)}})),u("RangeError",(function(e){return function(t){return o(e,this,arguments)}})),u("ReferenceError",(function(e){return function(t){return o(e,this,arguments)}})),u("SyntaxError",(function(e){return function(t){return o(e,this,arguments)}})),u("TypeError",(function(e){return function(t){return o(e,this,arguments)}})),u("URIError",(function(e){return function(t){return o(e,this,arguments)}})),f("CompileError",(function(e){return function(t){return o(e,this,arguments)}})),f("LinkError",(function(e){return function(t){return o(e,this,arguments)}})),f("RuntimeError",(function(e){return function(t){return o(e,this,arguments)}}))},96647:(e,t,r)=>{var n=r(98052),a=r(7762),o=Error.prototype;o.toString!==a&&n(o,"toString",a)},62130:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(41340),s=a("".charAt),i=a("".charCodeAt),c=a(/./.exec),l=a(1..toString),u=a("".toUpperCase),f=/[\w*+\-./@]/,h=function(e,t){for(var r=l(e,16);r.length<t;)r="0"+r;return r};n({global:!0},{escape:function(e){for(var t,r,n=o(e),a="",l=n.length,d=0;d<l;)t=s(n,d++),c(f,t)?a+=t:a+=(r=i(t,0))<256?"%"+h(r,2):"%u"+u(h(r,4));return a}})},24812:(e,t,r)=>{var n=r(82109),a=r(27065);n({target:"Function",proto:!0,forced:Function.bind!==a},{bind:a})},4855:(e,t,r)=>{"use strict";var n=r(60614),a=r(70111),o=r(3070),s=r(79518),i=r(5112),c=r(56339),l=i("hasInstance"),u=Function.prototype;l in u||o.f(u,l,{value:c((function(e){if(!n(this)||!a(e))return!1;var t=this.prototype;if(!a(t))return e instanceof this;for(;e=s(e);)if(t===e)return!0;return!1}),l)})},68309:(e,t,r)=>{var n=r(19781),a=r(76530).EXISTS,o=r(1702),s=r(3070).f,i=Function.prototype,c=o(i.toString),l=/function\b(?:\s|\/\*[\S\s]*?\*\/|\/\/[^\n\r]*[\n\r]+)*([^\s(/]*)/,u=o(l.exec);n&&!a&&s(i,"name",{configurable:!0,get:function(){try{return u(l,c(this))[1]}catch(e){return""}}})},35837:(e,t,r)=>{r(82109)({global:!0},{globalThis:r(17854)})},38862:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(22104),s=r(46916),i=r(1702),c=r(47293),l=r(43157),u=r(60614),f=r(70111),h=r(52190),d=r(50206),p=r(30133),v=a("JSON","stringify"),m=i(/./.exec),y=i("".charAt),g=i("".charCodeAt),_=i("".replace),E=i(1..toString),P=/[\uD800-\uDFFF]/g,b=/^[\uD800-\uDBFF]$/,Z=/^[\uDC00-\uDFFF]$/,w=!p||c((function(){var e=a("Symbol")();return"[null]"!=v([e])||"{}"!=v({a:e})||"{}"!=v(Object(e))})),S=c((function(){return'"\\udf06\\ud834"'!==v("\udf06\ud834")||'"\\udead"'!==v("\udead")})),x=function(e,t){var r=d(arguments),n=t;if((f(t)||void 0!==e)&&!h(e))return l(t)||(t=function(e,t){if(u(n)&&(t=s(n,this,e,t)),!h(t))return t}),r[1]=t,o(v,null,r)},O=function(e,t,r){var n=y(r,t-1),a=y(r,t+1);return m(b,e)&&!m(Z,a)||m(Z,e)&&!m(b,n)?"\\u"+E(g(e,0),16):e};v&&n({target:"JSON",stat:!0,arity:3,forced:w||S},{stringify:function(e,t,r){var n=d(arguments),a=o(w?x:v,null,n);return S&&"string"==typeof a?_(a,P,O):a}})},73706:(e,t,r)=>{var n=r(17854);r(58003)(n.JSON,"JSON",!0)},69098:(e,t,r)=>{"use strict";r(77710)("Map",(function(e){return function(){return e(this,arguments.length?arguments[0]:void 0)}}),r(95631))},51532:(e,t,r)=>{r(69098)},99752:(e,t,r)=>{var n=r(82109),a=r(26513),o=Math.acosh,s=Math.log,i=Math.sqrt,c=Math.LN2;n({target:"Math",stat:!0,forced:!o||710!=Math.floor(o(Number.MAX_VALUE))||o(1/0)!=1/0},{acosh:function(e){var t=+e;return t<1?NaN:t>94906265.62425156?s(t)+c:a(t-1+i(t-1)*i(t+1))}})},82376:(e,t,r)=>{var n=r(82109),a=Math.asinh,o=Math.log,s=Math.sqrt;n({target:"Math",stat:!0,forced:!(a&&1/a(0)>0)},{asinh:function e(t){var r=+t;return isFinite(r)&&0!=r?r<0?-e(-r):o(r+s(r*r+1)):r}})},73181:(e,t,r)=>{var n=r(82109),a=Math.atanh,o=Math.log;n({target:"Math",stat:!0,forced:!(a&&1/a(-0)<0)},{atanh:function(e){var t=+e;return 0==t?t:o((1+t)/(1-t))/2}})},23484:(e,t,r)=>{var n=r(82109),a=r(64310),o=Math.abs,s=Math.pow;n({target:"Math",stat:!0},{cbrt:function(e){var t=+e;return a(t)*s(o(t),1/3)}})},2388:(e,t,r)=>{var n=r(82109),a=Math.floor,o=Math.log,s=Math.LOG2E;n({target:"Math",stat:!0},{clz32:function(e){var t=e>>>0;return t?31-a(o(t+.5)*s):32}})},88621:(e,t,r)=>{var n=r(82109),a=r(66736),o=Math.cosh,s=Math.abs,i=Math.E;n({target:"Math",stat:!0,forced:!o||o(710)===1/0},{cosh:function(e){var t=a(s(e)-1)+1;return(t+1/(t*i*i))*(i/2)}})},60403:(e,t,r)=>{var n=r(82109),a=r(66736);n({target:"Math",stat:!0,forced:a!=Math.expm1},{expm1:a})},84755:(e,t,r)=>{r(82109)({target:"Math",stat:!0},{fround:r(26130)})},25438:(e,t,r)=>{var n=r(82109),a=Math.hypot,o=Math.abs,s=Math.sqrt;n({target:"Math",stat:!0,arity:2,forced:!!a&&a(1/0,NaN)!==1/0},{hypot:function(e,t){for(var r,n,a=0,i=0,c=arguments.length,l=0;i<c;)l<(r=o(arguments[i++]))?(a=a*(n=l/r)*n+1,l=r):a+=r>0?(n=r/l)*n:r;return l===1/0?1/0:l*s(a)}})},90332:(e,t,r)=>{var n=r(82109),a=r(47293),o=Math.imul;n({target:"Math",stat:!0,forced:a((function(){return-5!=o(4294967295,5)||2!=o.length}))},{imul:function(e,t){var r=65535,n=+e,a=+t,o=r&n,s=r&a;return 0|o*s+((r&n>>>16)*s+o*(r&a>>>16)<<16>>>0)}})},40658:(e,t,r)=>{r(82109)({target:"Math",stat:!0},{log10:r(20403)})},40197:(e,t,r)=>{r(82109)({target:"Math",stat:!0},{log1p:r(26513)})},44914:(e,t,r)=>{var n=r(82109),a=Math.log,o=Math.LN2;n({target:"Math",stat:!0},{log2:function(e){return a(e)/o}})},52420:(e,t,r)=>{r(82109)({target:"Math",stat:!0},{sign:r(64310)})},60160:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(66736),s=Math.abs,i=Math.exp,c=Math.E;n({target:"Math",stat:!0,forced:a((function(){return-2e-17!=Math.sinh(-2e-17)}))},{sinh:function(e){var t=+e;return s(t)<1?(o(t)-o(-t))/2:(i(t-1)-i(-t-1))*(c/2)}})},60970:(e,t,r)=>{var n=r(82109),a=r(66736),o=Math.exp;n({target:"Math",stat:!0},{tanh:function(e){var t=+e,r=a(t),n=a(-t);return r==1/0?1:n==1/0?-1:(r-n)/(o(t)+o(-t))}})},10408:(e,t,r)=>{r(58003)(Math,"Math",!0)},73689:(e,t,r)=>{r(82109)({target:"Math",stat:!0},{trunc:r(74758)})},9653:(e,t,r)=>{"use strict";var n=r(19781),a=r(17854),o=r(1702),s=r(54705),i=r(98052),c=r(92597),l=r(79587),u=r(47976),f=r(52190),h=r(57593),d=r(47293),p=r(8006).f,v=r(31236).f,m=r(3070).f,y=r(50863),g=r(53111).trim,_="Number",E=a[_],P=E.prototype,b=a.TypeError,Z=o("".slice),w=o("".charCodeAt);if(s(_,!E(" 0o1")||!E("0b1")||E("+0x1"))){for(var S,x=function(e){var t=arguments.length<1?0:E(function(e){var t=h(e,"number");return"bigint"==typeof t?t:function(e){var t,r,n,a,o,s,i,c,l=h(e,"number");if(f(l))throw b("Cannot convert a Symbol value to a number");if("string"==typeof l&&l.length>2)if(l=g(l),43===(t=w(l,0))||45===t){if(88===(r=w(l,2))||120===r)return NaN}else if(48===t){switch(w(l,1)){case 66:case 98:n=2,a=49;break;case 79:case 111:n=8,a=55;break;default:return+l}for(s=(o=Z(l,2)).length,i=0;i<s;i++)if((c=w(o,i))<48||c>a)return NaN;return parseInt(o,n)}return+l}(t)}(e)),r=this;return u(P,r)&&d((function(){y(r)}))?l(Object(t),r,x):t},O=n?p(E):"MAX_VALUE,MIN_VALUE,NaN,NEGATIVE_INFINITY,POSITIVE_INFINITY,EPSILON,MAX_SAFE_INTEGER,MIN_SAFE_INTEGER,isFinite,isInteger,isNaN,isSafeInteger,parseFloat,parseInt,fromString,range".split(","),k=0;O.length>k;k++)c(E,S=O[k])&&!c(x,S)&&m(x,S,v(E,S));x.prototype=P,P.constructor=x,i(a,_,x,{constructor:!0})}},93299:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{EPSILON:Math.pow(2,-52)})},35192:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{isFinite:r(77023)})},33161:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{isInteger:r(55988)})},44048:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{isNaN:function(e){return e!=e}})},78285:(e,t,r)=>{var n=r(82109),a=r(55988),o=Math.abs;n({target:"Number",stat:!0},{isSafeInteger:function(e){return a(e)&&o(e)<=9007199254740991}})},44363:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{MAX_SAFE_INTEGER:9007199254740991})},55994:(e,t,r)=>{r(82109)({target:"Number",stat:!0},{MIN_SAFE_INTEGER:-9007199254740991})},61874:(e,t,r)=>{var n=r(82109),a=r(2814);n({target:"Number",stat:!0,forced:Number.parseFloat!=a},{parseFloat:a})},9494:(e,t,r)=>{var n=r(82109),a=r(83009);n({target:"Number",stat:!0,forced:Number.parseInt!=a},{parseInt:a})},31354:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(19303),s=r(50863),i=r(38415),c=r(20403),l=r(47293),u=RangeError,f=String,h=isFinite,d=Math.abs,p=Math.floor,v=Math.pow,m=Math.round,y=a(1..toExponential),g=a(i),_=a("".slice),E="-6.9000e-11"===y(-69e-12,4)&&"1.25e+0"===y(1.255,2)&&"1.235e+4"===y(12345,3)&&"3e+1"===y(25,0),P=l((function(){y(1,1/0)}))&&l((function(){y(1,-1/0)})),b=!l((function(){y(1/0,1/0)}))&&!l((function(){y(NaN,1/0)}));n({target:"Number",proto:!0,forced:!E||!P||!b},{toExponential:function(e){var t=s(this);if(void 0===e)return y(t);var r=o(e);if(!h(t))return String(t);if(r<0||r>20)throw u("Incorrect fraction digits");if(E)return y(t,r);var n="",a="",i=0,l="",P="";if(t<0&&(n="-",t=-t),0===t)i=0,a=g("0",r+1);else{var b=c(t);i=p(b);var Z=0,w=v(10,i-r);2*t>=(2*(Z=m(t/w))+1)*w&&(Z+=1),Z>=v(10,r+1)&&(Z/=10,i+=1),a=f(Z)}return 0!==r&&(a=_(a,0,1)+"."+_(a,1)),0===i?(l="+",P="0"):(l=i>0?"+":"-",P=f(d(i))),n+(a+"e")+l+P}})},56977:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(19303),s=r(50863),i=r(38415),c=r(47293),l=RangeError,u=String,f=Math.floor,h=a(i),d=a("".slice),p=a(1..toFixed),v=function(e,t,r){return 0===t?r:t%2==1?v(e,t-1,r*e):v(e*e,t/2,r)},m=function(e,t,r){for(var n=-1,a=r;++n<6;)a+=t*e[n],e[n]=a%1e7,a=f(a/1e7)},y=function(e,t){for(var r=6,n=0;--r>=0;)n+=e[r],e[r]=f(n/t),n=n%t*1e7},g=function(e){for(var t=6,r="";--t>=0;)if(""!==r||0===t||0!==e[t]){var n=u(e[t]);r=""===r?n:r+h("0",7-n.length)+n}return r};n({target:"Number",proto:!0,forced:c((function(){return"0.000"!==p(8e-5,3)||"1"!==p(.9,0)||"1.25"!==p(1.255,2)||"1000000000000000128"!==p(0xde0b6b3a7640080,0)}))||!c((function(){p({})}))},{toFixed:function(e){var t,r,n,a,i=s(this),c=o(e),f=[0,0,0,0,0,0],p="",_="0";if(c<0||c>20)throw l("Incorrect fraction digits");if(i!=i)return"NaN";if(i<=-1e21||i>=1e21)return u(i);if(i<0&&(p="-",i=-i),i>1e-21)if(r=(t=function(e){for(var t=0,r=e;r>=4096;)t+=12,r/=4096;for(;r>=2;)t+=1,r/=2;return t}(i*v(2,69,1))-69)<0?i*v(2,-t,1):i/v(2,t,1),r*=4503599627370496,(t=52-t)>0){for(m(f,0,r),n=c;n>=7;)m(f,1e7,0),n-=7;for(m(f,v(10,n,1),0),n=t-1;n>=23;)y(f,1<<23),n-=23;y(f,1<<n),m(f,1,1),y(f,2),_=g(f)}else m(f,0,r),m(f,1<<-t,0),_=g(f)+h("0",c);return c>0?p+((a=_.length)<=c?"0."+h("0",c-a)+_:d(_,0,a-c)+"."+d(_,a-c)):p+_}})},55147:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(47293),s=r(50863),i=a(1..toPrecision);n({target:"Number",proto:!0,forced:o((function(){return"1"!==i(1,void 0)}))||!o((function(){i({})}))},{toPrecision:function(e){return void 0===e?i(s(this)):i(s(this),e)}})},19601:(e,t,r)=>{var n=r(82109),a=r(21574);n({target:"Object",stat:!0,arity:2,forced:Object.assign!==a},{assign:a})},78011:(e,t,r)=>{r(82109)({target:"Object",stat:!0,sham:!r(19781)},{create:r(70030)})},59595:(e,t,r)=>{"use strict";var n=r(82109),a=r(19781),o=r(69026),s=r(19662),i=r(47908),c=r(3070);a&&n({target:"Object",proto:!0,forced:o},{__defineGetter__:function(e,t){c.f(i(this),e,{get:s(t),enumerable:!0,configurable:!0})}})},33321:(e,t,r)=>{var n=r(82109),a=r(19781),o=r(36048).f;n({target:"Object",stat:!0,forced:Object.defineProperties!==o,sham:!a},{defineProperties:o})},69070:(e,t,r)=>{var n=r(82109),a=r(19781),o=r(3070).f;n({target:"Object",stat:!0,forced:Object.defineProperty!==o,sham:!a},{defineProperty:o})},35500:(e,t,r)=>{"use strict";var n=r(82109),a=r(19781),o=r(69026),s=r(19662),i=r(47908),c=r(3070);a&&n({target:"Object",proto:!0,forced:o},{__defineSetter__:function(e,t){c.f(i(this),e,{set:s(t),enumerable:!0,configurable:!0})}})},69720:(e,t,r)=>{var n=r(82109),a=r(44699).entries;n({target:"Object",stat:!0},{entries:function(e){return a(e)}})},43371:(e,t,r)=>{var n=r(82109),a=r(76677),o=r(47293),s=r(70111),i=r(62423).onFreeze,c=Object.freeze;n({target:"Object",stat:!0,forced:o((function(){c(1)})),sham:!a},{freeze:function(e){return c&&s(e)?c(i(e)):e}})},38559:(e,t,r)=>{var n=r(82109),a=r(20408),o=r(86135);n({target:"Object",stat:!0},{fromEntries:function(e){var t={};return a(e,(function(e,r){o(t,e,r)}),{AS_ENTRIES:!0}),t}})},38880:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(45656),s=r(31236).f,i=r(19781),c=a((function(){s(1)}));n({target:"Object",stat:!0,forced:!i||c,sham:!i},{getOwnPropertyDescriptor:function(e,t){return s(o(e),t)}})},49337:(e,t,r)=>{var n=r(82109),a=r(19781),o=r(53887),s=r(45656),i=r(31236),c=r(86135);n({target:"Object",stat:!0,sham:!a},{getOwnPropertyDescriptors:function(e){for(var t,r,n=s(e),a=i.f,l=o(n),u={},f=0;l.length>f;)void 0!==(r=a(n,t=l[f++]))&&c(u,t,r);return u}})},36210:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(1156).f;n({target:"Object",stat:!0,forced:a((function(){return!Object.getOwnPropertyNames(1)}))},{getOwnPropertyNames:o})},29660:(e,t,r)=>{var n=r(82109),a=r(30133),o=r(47293),s=r(25181),i=r(47908);n({target:"Object",stat:!0,forced:!a||o((function(){s.f(1)}))},{getOwnPropertySymbols:function(e){var t=s.f;return t?t(i(e)):[]}})},30489:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(47908),s=r(79518),i=r(49920);n({target:"Object",stat:!0,forced:a((function(){s(1)})),sham:!i},{getPrototypeOf:function(e){return s(o(e))}})},46314:(e,t,r)=>{r(82109)({target:"Object",stat:!0},{hasOwn:r(92597)})},41825:(e,t,r)=>{var n=r(82109),a=r(52050);n({target:"Object",stat:!0,forced:Object.isExtensible!==a},{isExtensible:a})},98410:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(70111),s=r(84326),i=r(7556),c=Object.isFrozen;n({target:"Object",stat:!0,forced:a((function(){c(1)}))||i},{isFrozen:function(e){return!o(e)||!(!i||"ArrayBuffer"!=s(e))||!!c&&c(e)}})},72200:(e,t,r)=>{var n=r(82109),a=r(47293),o=r(70111),s=r(84326),i=r(7556),c=Object.isSealed;n({target:"Object",stat:!0,forced:a((function(){c(1)}))||i},{isSealed:function(e){return!o(e)||!(!i||"ArrayBuffer"!=s(e))||!!c&&c(e)}})},43304:(e,t,r)=>{r(82109)({target:"Object",stat:!0},{is:r(81150)})},47941:(e,t,r)=>{var n=r(82109),a=r(47908),o=r(81956);n({target:"Object",stat:!0,forced:r(47293)((function(){o(1)}))},{keys:function(e){return o(a(e))}})},94869:(e,t,r)=>{"use strict";var n=r(82109),a=r(19781),o=r(69026),s=r(47908),i=r(34948),c=r(79518),l=r(31236).f;a&&n({target:"Object",proto:!0,forced:o},{__lookupGetter__:function(e){var t,r=s(this),n=i(e);do{if(t=l(r,n))return t.get}while(r=c(r))}})},33952:(e,t,r)=>{"use strict";var n=r(82109),a=r(19781),o=r(69026),s=r(47908),i=r(34948),c=r(79518),l=r(31236).f;a&&n({target:"Object",proto:!0,forced:o},{__lookupSetter__:function(e){var t,r=s(this),n=i(e);do{if(t=l(r,n))return t.set}while(r=c(r))}})},57227:(e,t,r)=>{var n=r(82109),a=r(70111),o=r(62423).onFreeze,s=r(76677),i=r(47293),c=Object.preventExtensions;n({target:"Object",stat:!0,forced:i((function(){c(1)})),sham:!s},{preventExtensions:function(e){return c&&a(e)?c(o(e)):e}})},60514:(e,t,r)=>{var n=r(82109),a=r(70111),o=r(62423).onFreeze,s=r(76677),i=r(47293),c=Object.seal;n({target:"Object",stat:!0,forced:i((function(){c(1)})),sham:!s},{seal:function(e){return c&&a(e)?c(o(e)):e}})},68304:(e,t,r)=>{r(82109)({target:"Object",stat:!0},{setPrototypeOf:r(27674)})},41539:(e,t,r)=>{var n=r(51694),a=r(98052),o=r(90288);n||a(Object.prototype,"toString",o,{unsafe:!0})},26833:(e,t,r)=>{var n=r(82109),a=r(44699).values;n({target:"Object",stat:!0},{values:function(e){return a(e)}})},54678:(e,t,r)=>{var n=r(82109),a=r(2814);n({global:!0,forced:parseFloat!=a},{parseFloat:a})},91058:(e,t,r)=>{var n=r(82109),a=r(83009);n({global:!0,forced:parseInt!=a},{parseInt:a})},17922:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(19662),s=r(78523),i=r(12534),c=r(20408);n({target:"Promise",stat:!0},{allSettled:function(e){var t=this,r=s.f(t),n=r.resolve,l=r.reject,u=i((function(){var r=o(t.resolve),s=[],i=0,l=1;c(e,(function(e){var o=i++,c=!1;l++,a(r,t,e).then((function(e){c||(c=!0,s[o]={status:"fulfilled",value:e},--l||n(s))}),(function(e){c||(c=!0,s[o]={status:"rejected",reason:e},--l||n(s))}))})),--l||n(s)}));return u.error&&l(u.value),r.promise}})},70821:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(19662),s=r(78523),i=r(12534),c=r(20408);n({target:"Promise",stat:!0,forced:r(80612)},{all:function(e){var t=this,r=s.f(t),n=r.resolve,l=r.reject,u=i((function(){var r=o(t.resolve),s=[],i=0,u=1;c(e,(function(e){var o=i++,c=!1;u++,a(r,t,e).then((function(e){c||(c=!0,s[o]=e,--u||n(s))}),l)})),--u||n(s)}));return u.error&&l(u.value),r.promise}})},34668:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(19662),s=r(35005),i=r(78523),c=r(12534),l=r(20408),u="No one promise resolved";n({target:"Promise",stat:!0},{any:function(e){var t=this,r=s("AggregateError"),n=i.f(t),f=n.resolve,h=n.reject,d=c((function(){var n=o(t.resolve),s=[],i=0,c=1,d=!1;l(e,(function(e){var o=i++,l=!1;c++,a(n,t,e).then((function(e){l||d||(d=!0,f(e))}),(function(e){l||d||(l=!0,s[o]=e,--c||h(new r(s,u)))}))})),--c||h(new r(s,u))}));return d.error&&h(d.value),n.promise}})},94164:(e,t,r)=>{"use strict";var n=r(82109),a=r(31913),o=r(63702).CONSTRUCTOR,s=r(2492),i=r(35005),c=r(60614),l=r(98052),u=s&&s.prototype;if(n({target:"Promise",proto:!0,forced:o,real:!0},{catch:function(e){return this.then(void 0,e)}}),!a&&c(s)){var f=i("Promise").prototype.catch;u.catch!==f&&l(u,"catch",f,{unsafe:!0})}},43401:(e,t,r)=>{"use strict";var n,a,o,s=r(82109),i=r(31913),c=r(35268),l=r(17854),u=r(46916),f=r(98052),h=r(27674),d=r(58003),p=r(96340),v=r(19662),m=r(60614),y=r(70111),g=r(25787),_=r(36707),E=r(20261).set,P=r(95948),b=r(842),Z=r(12534),w=r(18572),S=r(29909),x=r(2492),O=r(63702),k=r(78523),R="Promise",N=O.CONSTRUCTOR,A=O.REJECTION_EVENT,T=O.SUBCLASSING,C=S.getterFor(R),I=S.set,j=x&&x.prototype,M=x,B=j,U=l.TypeError,L=l.document,D=l.process,F=k.f,z=F,q=!!(L&&L.createEvent&&l.dispatchEvent),W="unhandledrejection",H=function(e){var t;return!(!y(e)||!m(t=e.then))&&t},G=function(e,t){var r,n,a,o=t.value,s=1==t.state,i=s?e.ok:e.fail,c=e.resolve,l=e.reject,f=e.domain;try{i?(s||(2===t.rejection&&$(t),t.rejection=1),!0===i?r=o:(f&&f.enter(),r=i(o),f&&(f.exit(),a=!0)),r===e.promise?l(U("Promise-chain cycle")):(n=H(r))?u(n,r,c,l):c(r)):l(o)}catch(e){f&&!a&&f.exit(),l(e)}},V=function(e,t){e.notified||(e.notified=!0,P((function(){for(var r,n=e.reactions;r=n.get();)G(r,e);e.notified=!1,t&&!e.rejection&&K(e)})))},Y=function(e,t,r){var n,a;q?((n=L.createEvent("Event")).promise=t,n.reason=r,n.initEvent(e,!1,!0),l.dispatchEvent(n)):n={promise:t,reason:r},!A&&(a=l["on"+e])?a(n):e===W&&b("Unhandled promise rejection",r)},K=function(e){u(E,l,(function(){var t,r=e.facade,n=e.value;if(X(e)&&(t=Z((function(){c?D.emit("unhandledRejection",n,r):Y(W,r,n)})),e.rejection=c||X(e)?2:1,t.error))throw t.value}))},X=function(e){return 1!==e.rejection&&!e.parent},$=function(e){u(E,l,(function(){var t=e.facade;c?D.emit("rejectionHandled",t):Y("rejectionhandled",t,e.value)}))},Q=function(e,t,r){return function(n){e(t,n,r)}},J=function(e,t,r){e.done||(e.done=!0,r&&(e=r),e.value=t,e.state=2,V(e,!0))},ee=function(e,t,r){if(!e.done){e.done=!0,r&&(e=r);try{if(e.facade===t)throw U("Promise can't be resolved itself");var n=H(t);n?P((function(){var r={done:!1};try{u(n,t,Q(ee,r,e),Q(J,r,e))}catch(t){J(r,t,e)}})):(e.value=t,e.state=1,V(e,!1))}catch(t){J({done:!1},t,e)}}};if(N&&(B=(M=function(e){g(this,B),v(e),u(n,this);var t=C(this);try{e(Q(ee,t),Q(J,t))}catch(e){J(t,e)}}).prototype,(n=function(e){I(this,{type:R,done:!1,notified:!1,parent:!1,reactions:new w,rejection:!1,state:0,value:void 0})}).prototype=f(B,"then",(function(e,t){var r=C(this),n=F(_(this,M));return r.parent=!0,n.ok=!m(e)||e,n.fail=m(t)&&t,n.domain=c?D.domain:void 0,0==r.state?r.reactions.add(n):P((function(){G(n,r)})),n.promise})),a=function(){var e=new n,t=C(e);this.promise=e,this.resolve=Q(ee,t),this.reject=Q(J,t)},k.f=F=function(e){return e===M||void 0===e?new a(e):z(e)},!i&&m(x)&&j!==Object.prototype)){o=j.then,T||f(j,"then",(function(e,t){var r=this;return new M((function(e,t){u(o,r,e,t)})).then(e,t)}),{unsafe:!0});try{delete j.constructor}catch(e){}h&&h(j,B)}s({global:!0,constructor:!0,wrap:!0,forced:N},{Promise:M}),d(M,R,!1,!0),p(R)},17727:(e,t,r)=>{"use strict";var n=r(82109),a=r(31913),o=r(2492),s=r(47293),i=r(35005),c=r(60614),l=r(36707),u=r(69478),f=r(98052),h=o&&o.prototype;if(n({target:"Promise",proto:!0,real:!0,forced:!!o&&s((function(){h.finally.call({then:function(){}},(function(){}))}))},{finally:function(e){var t=l(this,i("Promise")),r=c(e);return this.then(r?function(r){return u(t,e()).then((function(){return r}))}:e,r?function(r){return u(t,e()).then((function(){throw r}))}:e)}}),!a&&c(o)){var d=i("Promise").prototype.finally;h.finally!==d&&f(h,"finally",d,{unsafe:!0})}},88674:(e,t,r)=>{r(43401),r(70821),r(94164),r(6027),r(60683),r(96294)},6027:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(19662),s=r(78523),i=r(12534),c=r(20408);n({target:"Promise",stat:!0,forced:r(80612)},{race:function(e){var t=this,r=s.f(t),n=r.reject,l=i((function(){var s=o(t.resolve);c(e,(function(e){a(s,t,e).then(r.resolve,n)}))}));return l.error&&n(l.value),r.promise}})},60683:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(78523);n({target:"Promise",stat:!0,forced:r(63702).CONSTRUCTOR},{reject:function(e){var t=o.f(this);return a(t.reject,void 0,e),t.promise}})},96294:(e,t,r)=>{"use strict";var n=r(82109),a=r(35005),o=r(31913),s=r(2492),i=r(63702).CONSTRUCTOR,c=r(69478),l=a("Promise"),u=o&&!i;n({target:"Promise",stat:!0,forced:o||i},{resolve:function(e){return c(u&&this===l?s:this,e)}})},36535:(e,t,r)=>{var n=r(82109),a=r(22104),o=r(19662),s=r(19670);n({target:"Reflect",stat:!0,forced:!r(47293)((function(){Reflect.apply((function(){}))}))},{apply:function(e,t,r){return a(o(e),t,s(r))}})},12419:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(22104),s=r(27065),i=r(39483),c=r(19670),l=r(70111),u=r(70030),f=r(47293),h=a("Reflect","construct"),d=Object.prototype,p=[].push,v=f((function(){function e(){}return!(h((function(){}),[],e)instanceof e)})),m=!f((function(){h((function(){}))})),y=v||m;n({target:"Reflect",stat:!0,forced:y,sham:y},{construct:function(e,t){i(e),c(t);var r=arguments.length<3?e:i(arguments[2]);if(m&&!v)return h(e,t,r);if(e==r){switch(t.length){case 0:return new e;case 1:return new e(t[0]);case 2:return new e(t[0],t[1]);case 3:return new e(t[0],t[1],t[2]);case 4:return new e(t[0],t[1],t[2],t[3])}var n=[null];return o(p,n,t),new(o(s,e,n))}var a=r.prototype,f=u(l(a)?a:d),y=o(e,f,t);return l(y)?y:f}})},69596:(e,t,r)=>{var n=r(82109),a=r(19781),o=r(19670),s=r(34948),i=r(3070);n({target:"Reflect",stat:!0,forced:r(47293)((function(){Reflect.defineProperty(i.f({},1,{value:1}),1,{value:2})})),sham:!a},{defineProperty:function(e,t,r){o(e);var n=s(t);o(r);try{return i.f(e,n,r),!0}catch(e){return!1}}})},52586:(e,t,r)=>{var n=r(82109),a=r(19670),o=r(31236).f;n({target:"Reflect",stat:!0},{deleteProperty:function(e,t){var r=o(a(e),t);return!(r&&!r.configurable)&&delete e[t]}})},95683:(e,t,r)=>{var n=r(82109),a=r(19781),o=r(19670),s=r(31236);n({target:"Reflect",stat:!0,sham:!a},{getOwnPropertyDescriptor:function(e,t){return s.f(o(e),t)}})},39361:(e,t,r)=>{var n=r(82109),a=r(19670),o=r(79518);n({target:"Reflect",stat:!0,sham:!r(49920)},{getPrototypeOf:function(e){return o(a(e))}})},74819:(e,t,r)=>{var n=r(82109),a=r(46916),o=r(70111),s=r(19670),i=r(45032),c=r(31236),l=r(79518);n({target:"Reflect",stat:!0},{get:function e(t,r){var n,u,f=arguments.length<3?t:arguments[2];return s(t)===f?t[r]:(n=c.f(t,r))?i(n)?n.value:void 0===n.get?void 0:a(n.get,f):o(u=l(t))?e(u,r,f):void 0}})},51037:(e,t,r)=>{r(82109)({target:"Reflect",stat:!0},{has:function(e,t){return t in e}})},5898:(e,t,r)=>{var n=r(82109),a=r(19670),o=r(52050);n({target:"Reflect",stat:!0},{isExtensible:function(e){return a(e),o(e)}})},67556:(e,t,r)=>{r(82109)({target:"Reflect",stat:!0},{ownKeys:r(53887)})},14361:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(19670);n({target:"Reflect",stat:!0,sham:!r(76677)},{preventExtensions:function(e){o(e);try{var t=a("Object","preventExtensions");return t&&t(e),!0}catch(e){return!1}}})},39532:(e,t,r)=>{var n=r(82109),a=r(19670),o=r(96077),s=r(27674);s&&n({target:"Reflect",stat:!0},{setPrototypeOf:function(e,t){a(e),o(t);try{return s(e,t),!0}catch(e){return!1}}})},83593:(e,t,r)=>{var n=r(82109),a=r(46916),o=r(19670),s=r(70111),i=r(45032),c=r(47293),l=r(3070),u=r(31236),f=r(79518),h=r(79114);n({target:"Reflect",stat:!0,forced:c((function(){var e=function(){},t=l.f(new e,"a",{configurable:!0});return!1!==Reflect.set(e.prototype,"a",1,t)}))},{set:function e(t,r,n){var c,d,p,v=arguments.length<4?t:arguments[3],m=u.f(o(t),r);if(!m){if(s(d=f(t)))return e(d,r,n,v);m=h(0)}if(i(m)){if(!1===m.writable||!s(v))return!1;if(c=u.f(v,r)){if(c.get||c.set||!1===c.writable)return!1;c.value=n,l.f(v,r,c)}else l.f(v,r,h(0,n))}else{if(void 0===(p=m.set))return!1;a(p,v,n)}return!0}})},81299:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(58003);n({global:!0},{Reflect:{}}),o(a.Reflect,"Reflect",!0)},24603:(e,t,r)=>{var n=r(19781),a=r(17854),o=r(1702),s=r(54705),i=r(79587),c=r(68880),l=r(8006).f,u=r(47976),f=r(47850),h=r(41340),d=r(34706),p=r(52999),v=r(2626),m=r(98052),y=r(47293),g=r(92597),_=r(29909).enforce,E=r(96340),P=r(5112),b=r(9441),Z=r(38173),w=P("match"),S=a.RegExp,x=S.prototype,O=a.SyntaxError,k=o(x.exec),R=o("".charAt),N=o("".replace),A=o("".indexOf),T=o("".slice),C=/^\?<[^\s\d!#%&*+<=>@^][^\s!#%&*+<=>@^]*>/,I=/a/g,j=/a/g,M=new S(I)!==I,B=p.MISSED_STICKY,U=p.UNSUPPORTED_Y;if(s("RegExp",n&&(!M||B||b||Z||y((function(){return j[w]=!1,S(I)!=I||S(j)==j||"/a/i"!=S(I,"i")}))))){for(var L=function(e,t){var r,n,a,o,s,l,p=u(x,this),v=f(e),m=void 0===t,y=[],E=e;if(!p&&v&&m&&e.constructor===L)return e;if((v||u(x,e))&&(e=e.source,m&&(t=d(E))),e=void 0===e?"":h(e),t=void 0===t?"":h(t),E=e,b&&"dotAll"in I&&(n=!!t&&A(t,"s")>-1)&&(t=N(t,/s/g,"")),r=t,B&&"sticky"in I&&(a=!!t&&A(t,"y")>-1)&&U&&(t=N(t,/y/g,"")),Z&&(o=function(e){for(var t,r=e.length,n=0,a="",o=[],s={},i=!1,c=!1,l=0,u="";n<=r;n++){if("\\"===(t=R(e,n)))t+=R(e,++n);else if("]"===t)i=!1;else if(!i)switch(!0){case"["===t:i=!0;break;case"("===t:k(C,T(e,n+1))&&(n+=2,c=!0),a+=t,l++;continue;case">"===t&&c:if(""===u||g(s,u))throw new O("Invalid capture group name");s[u]=!0,o[o.length]=[u,l],c=!1,u="";continue}c?u+=t:a+=t}return[a,o]}(e),e=o[0],y=o[1]),s=i(S(e,t),p?this:x,L),(n||a||y.length)&&(l=_(s),n&&(l.dotAll=!0,l.raw=L(function(e){for(var t,r=e.length,n=0,a="",o=!1;n<=r;n++)"\\"!==(t=R(e,n))?o||"."!==t?("["===t?o=!0:"]"===t&&(o=!1),a+=t):a+="[\\s\\S]":a+=t+R(e,++n);return a}(e),r)),a&&(l.sticky=!0),y.length&&(l.groups=y)),e!==E)try{c(s,"source",""===E?"(?:)":E)}catch(e){}return s},D=l(S),F=0;D.length>F;)v(L,S,D[F++]);x.constructor=L,L.prototype=x,m(a,"RegExp",L,{constructor:!0})}E("RegExp")},28450:(e,t,r)=>{var n=r(19781),a=r(9441),o=r(84326),s=r(47045),i=r(29909).get,c=RegExp.prototype,l=TypeError;n&&a&&s(c,"dotAll",{configurable:!0,get:function(){if(this!==c){if("RegExp"===o(this))return!!i(this).dotAll;throw l("Incompatible receiver, RegExp required")}}})},74916:(e,t,r)=>{"use strict";var n=r(82109),a=r(22261);n({target:"RegExp",proto:!0,forced:/./.exec!==a},{exec:a})},92087:(e,t,r)=>{var n=r(19781),a=r(47045),o=r(67066),s=r(47293),i=RegExp.prototype;n&&s((function(){return"sy"!==Object.getOwnPropertyDescriptor(i,"flags").get.call({dotAll:!0,sticky:!0})}))&&a(i,"flags",{configurable:!0,get:o})},88386:(e,t,r)=>{var n=r(19781),a=r(52999).MISSED_STICKY,o=r(84326),s=r(47045),i=r(29909).get,c=RegExp.prototype,l=TypeError;n&&a&&s(c,"sticky",{configurable:!0,get:function(){if(this!==c){if("RegExp"===o(this))return!!i(this).sticky;throw l("Incompatible receiver, RegExp required")}}})},77601:(e,t,r)=>{"use strict";r(74916);var n,a,o=r(82109),s=r(46916),i=r(1702),c=r(60614),l=r(70111),u=(n=!1,(a=/[ac]/).exec=function(){return n=!0,/./.exec.apply(this,arguments)},!0===a.test("abc")&&n),f=TypeError,h=i(/./.test);o({target:"RegExp",proto:!0,forced:!u},{test:function(e){var t=this.exec;if(!c(t))return h(this,e);var r=s(t,this,e);if(null!==r&&!l(r))throw new f("RegExp exec method returned something other than an Object or null");return!!r}})},39714:(e,t,r)=>{"use strict";var n=r(76530).PROPER,a=r(98052),o=r(19670),s=r(41340),i=r(47293),c=r(34706),l="toString",u=RegExp.prototype[l],f=i((function(){return"/a/b"!=u.call({source:"a",flags:"b"})})),h=n&&u.name!=l;(f||h)&&a(RegExp.prototype,l,(function(){var e=o(this);return"/"+s(e.source)+"/"+s(c(e))}),{unsafe:!0})},37227:(e,t,r)=>{"use strict";r(77710)("Set",(function(e){return function(){return e(this,arguments.length?arguments[0]:void 0)}}),r(95631))},70189:(e,t,r)=>{r(37227)},15218:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("anchor")},{anchor:function(e){return a(this,"a","name",e)}})},24506:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(84488),s=r(19303),i=r(41340),c=r(47293),l=a("".charAt);n({target:"String",proto:!0,forced:c((function(){return"\ud842"!=="𠮷".at(-2)}))},{at:function(e){var t=i(o(this)),r=t.length,n=s(e),a=n>=0?n:r+n;return a<0||a>=r?void 0:l(t,a)}})},74475:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("big")},{big:function(){return a(this,"big","","")}})},57929:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("blink")},{blink:function(){return a(this,"blink","","")}})},50915:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("bold")},{bold:function(){return a(this,"b","","")}})},79841:(e,t,r)=>{"use strict";var n=r(82109),a=r(28710).codeAt;n({target:"String",proto:!0},{codePointAt:function(e){return a(this,e)}})},27852:(e,t,r)=>{"use strict";var n,a=r(82109),o=r(1702),s=r(31236).f,i=r(17466),c=r(41340),l=r(3929),u=r(84488),f=r(84964),h=r(31913),d=o("".endsWith),p=o("".slice),v=Math.min,m=f("endsWith");a({target:"String",proto:!0,forced:!(!h&&!m&&(n=s(String.prototype,"endsWith"),n&&!n.writable)||m)},{endsWith:function(e){var t=c(u(this));l(e);var r=arguments.length>1?arguments[1]:void 0,n=t.length,a=void 0===r?n:v(i(r),n),o=c(e);return d?d(t,o,a):p(t,a-o.length,a)===o}})},29253:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("fixed")},{fixed:function(){return a(this,"tt","","")}})},42125:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("fontcolor")},{fontcolor:function(e){return a(this,"font","color",e)}})},78830:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("fontsize")},{fontsize:function(e){return a(this,"font","size",e)}})},94953:(e,t,r)=>{var n=r(82109),a=r(1702),o=r(51400),s=RangeError,i=String.fromCharCode,c=String.fromCodePoint,l=a([].join);n({target:"String",stat:!0,arity:1,forced:!!c&&1!=c.length},{fromCodePoint:function(e){for(var t,r=[],n=arguments.length,a=0;n>a;){if(t=+arguments[a++],o(t,1114111)!==t)throw s(t+" is not a valid code point");r[a]=t<65536?i(t):i(55296+((t-=65536)>>10),t%1024+56320)}return l(r,"")}})},32023:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(3929),s=r(84488),i=r(41340),c=r(84964),l=a("".indexOf);n({target:"String",proto:!0,forced:!c("includes")},{includes:function(e){return!!~l(i(s(this)),i(o(e)),arguments.length>1?arguments[1]:void 0)}})},58734:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("italics")},{italics:function(){return a(this,"i","","")}})},78783:(e,t,r)=>{"use strict";var n=r(28710).charAt,a=r(41340),o=r(29909),s=r(70654),i="String Iterator",c=o.set,l=o.getterFor(i);s(String,"String",(function(e){c(this,{type:i,string:a(e),index:0})}),(function(){var e,t=l(this),r=t.string,a=t.index;return a>=r.length?{value:void 0,done:!0}:(e=n(r,a),t.index+=e.length,{value:e,done:!1})}))},29254:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("link")},{link:function(e){return a(this,"a","href",e)}})},76373:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(1702),s=r(24994),i=r(84488),c=r(17466),l=r(41340),u=r(19670),f=r(84326),h=r(47850),d=r(34706),p=r(58173),v=r(98052),m=r(47293),y=r(5112),g=r(36707),_=r(31530),E=r(97651),P=r(29909),b=r(31913),Z=y("matchAll"),w="RegExp String",S=w+" Iterator",x=P.set,O=P.getterFor(S),k=RegExp.prototype,R=TypeError,N=o("".indexOf),A=o("".matchAll),T=!!A&&!m((function(){A("a",/./)})),C=s((function(e,t,r,n){x(this,{type:S,regexp:e,string:t,global:r,unicode:n,done:!1})}),w,(function(){var e=O(this);if(e.done)return{value:void 0,done:!0};var t=e.regexp,r=e.string,n=E(t,r);return null===n?{value:void 0,done:e.done=!0}:e.global?(""===l(n[0])&&(t.lastIndex=_(r,c(t.lastIndex),e.unicode)),{value:n,done:!1}):(e.done=!0,{value:n,done:!1})})),I=function(e){var t,r,n,a=u(this),o=l(e),s=g(a,RegExp),i=l(d(a));return t=new s(s===RegExp?a.source:a,i),r=!!~N(i,"g"),n=!!~N(i,"u"),t.lastIndex=c(a.lastIndex),new C(t,o,r,n)};n({target:"String",proto:!0,forced:T},{matchAll:function(e){var t,r,n,o,s=i(this);if(null!=e){if(h(e)&&(t=l(i(d(e))),!~N(t,"g")))throw R("`.matchAll` does not allow non-global regexes");if(T)return A(s,e);if(void 0===(n=p(e,Z))&&b&&"RegExp"==f(e)&&(n=I),n)return a(n,e,s)}else if(T)return A(s,e);return r=l(s),o=new RegExp(e,"g"),b?a(I,o,r):o[Z](r)}}),b||Z in k||v(k,Z,I)},4723:(e,t,r)=>{"use strict";var n=r(46916),a=r(27007),o=r(19670),s=r(17466),i=r(41340),c=r(84488),l=r(58173),u=r(31530),f=r(97651);a("match",(function(e,t,r){return[function(t){var r=c(this),a=null==t?void 0:l(t,e);return a?n(a,t,r):new RegExp(t)[e](i(r))},function(e){var n=o(this),a=i(e),c=r(t,n,a);if(c.done)return c.value;if(!n.global)return f(n,a);var l=n.unicode;n.lastIndex=0;for(var h,d=[],p=0;null!==(h=f(n,a));){var v=i(h[0]);d[p]=v,""===v&&(n.lastIndex=u(a,s(n.lastIndex),l)),p++}return 0===p?null:d}]}))},66528:(e,t,r)=>{"use strict";var n=r(82109),a=r(76650).end;n({target:"String",proto:!0,forced:r(54986)},{padEnd:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},83112:(e,t,r)=>{"use strict";var n=r(82109),a=r(76650).start;n({target:"String",proto:!0,forced:r(54986)},{padStart:function(e){return a(this,e,arguments.length>1?arguments[1]:void 0)}})},38992:(e,t,r)=>{var n=r(82109),a=r(1702),o=r(45656),s=r(47908),i=r(41340),c=r(26244),l=a([].push),u=a([].join);n({target:"String",stat:!0},{raw:function(e){for(var t=o(s(e).raw),r=c(t),n=arguments.length,a=[],f=0;r>f;){if(l(a,i(t[f++])),f===r)return u(a,"");f<n&&l(a,i(arguments[f]))}}})},82481:(e,t,r)=>{r(82109)({target:"String",proto:!0},{repeat:r(38415)})},68757:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916),o=r(1702),s=r(84488),i=r(60614),c=r(47850),l=r(41340),u=r(58173),f=r(34706),h=r(10647),d=r(5112),p=r(31913),v=d("replace"),m=TypeError,y=o("".indexOf),g=o("".replace),_=o("".slice),E=Math.max,P=function(e,t,r){return r>e.length?-1:""===t?r:y(e,t,r)};n({target:"String",proto:!0},{replaceAll:function(e,t){var r,n,o,d,b,Z,w,S,x,O=s(this),k=0,R=0,N="";if(null!=e){if((r=c(e))&&(n=l(s(f(e))),!~y(n,"g")))throw m("`.replaceAll` does not allow non-global regexes");if(o=u(e,v))return a(o,e,O,t);if(p&&r)return g(l(O),e,t)}for(d=l(O),b=l(e),(Z=i(t))||(t=l(t)),w=b.length,S=E(1,w),k=P(d,b,0);-1!==k;)x=Z?l(t(b,k,d)):h(b,d,k,[],void 0,t),N+=_(d,R,k)+x,R=k+w,k=P(d,b,k+S);return R<d.length&&(N+=_(d,R)),N}})},15306:(e,t,r)=>{"use strict";var n=r(22104),a=r(46916),o=r(1702),s=r(27007),i=r(47293),c=r(19670),l=r(60614),u=r(19303),f=r(17466),h=r(41340),d=r(84488),p=r(31530),v=r(58173),m=r(10647),y=r(97651),g=r(5112)("replace"),_=Math.max,E=Math.min,P=o([].concat),b=o([].push),Z=o("".indexOf),w=o("".slice),S="$0"==="a".replace(/./,"$0"),x=!!/./[g]&&""===/./[g]("a","$0");s("replace",(function(e,t,r){var o=x?"$":"$0";return[function(e,r){var n=d(this),o=null==e?void 0:v(e,g);return o?a(o,e,n,r):a(t,h(n),e,r)},function(e,a){var s=c(this),i=h(e);if("string"==typeof a&&-1===Z(a,o)&&-1===Z(a,"$<")){var d=r(t,s,i,a);if(d.done)return d.value}var v=l(a);v||(a=h(a));var g=s.global;if(g){var S=s.unicode;s.lastIndex=0}for(var x=[];;){var O=y(s,i);if(null===O)break;if(b(x,O),!g)break;""===h(O[0])&&(s.lastIndex=p(i,f(s.lastIndex),S))}for(var k,R="",N=0,A=0;A<x.length;A++){for(var T=h((O=x[A])[0]),C=_(E(u(O.index),i.length),0),I=[],j=1;j<O.length;j++)b(I,void 0===(k=O[j])?k:String(k));var M=O.groups;if(v){var B=P([T],I,C,i);void 0!==M&&b(B,M);var U=h(n(a,void 0,B))}else U=m(T,i,C,I,M,a);C>=N&&(R+=w(i,N,C)+U,N=C+T.length)}return R+w(i,N)}]}),!!i((function(){var e=/./;return e.exec=function(){var e=[];return e.groups={a:"7"},e},"7"!=="".replace(e,"$<a>")}))||!S||x)},64765:(e,t,r)=>{"use strict";var n=r(46916),a=r(27007),o=r(19670),s=r(84488),i=r(81150),c=r(41340),l=r(58173),u=r(97651);a("search",(function(e,t,r){return[function(t){var r=s(this),a=null==t?void 0:l(t,e);return a?n(a,t,r):new RegExp(t)[e](c(r))},function(e){var n=o(this),a=c(e),s=r(t,n,a);if(s.done)return s.value;var l=n.lastIndex;i(l,0)||(n.lastIndex=0);var f=u(n,a);return i(n.lastIndex,l)||(n.lastIndex=l),null===f?-1:f.index}]}))},37268:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("small")},{small:function(){return a(this,"small","","")}})},23123:(e,t,r)=>{"use strict";var n=r(22104),a=r(46916),o=r(1702),s=r(27007),i=r(47850),c=r(19670),l=r(84488),u=r(36707),f=r(31530),h=r(17466),d=r(41340),p=r(58173),v=r(41589),m=r(97651),y=r(22261),g=r(52999),_=r(47293),E=g.UNSUPPORTED_Y,P=4294967295,b=Math.min,Z=[].push,w=o(/./.exec),S=o(Z),x=o("".slice);s("split",(function(e,t,r){var o;return o="c"=="abbc".split(/(b)*/)[1]||4!="test".split(/(?:)/,-1).length||2!="ab".split(/(?:ab)*/).length||4!=".".split(/(.?)(.?)/).length||".".split(/()()/).length>1||"".split(/.?/).length?function(e,r){var o=d(l(this)),s=void 0===r?P:r>>>0;if(0===s)return[];if(void 0===e)return[o];if(!i(e))return a(t,o,e,s);for(var c,u,f,h=[],p=(e.ignoreCase?"i":"")+(e.multiline?"m":"")+(e.unicode?"u":"")+(e.sticky?"y":""),m=0,g=new RegExp(e.source,p+"g");(c=a(y,g,o))&&!((u=g.lastIndex)>m&&(S(h,x(o,m,c.index)),c.length>1&&c.index<o.length&&n(Z,h,v(c,1)),f=c[0].length,m=u,h.length>=s));)g.lastIndex===c.index&&g.lastIndex++;return m===o.length?!f&&w(g,"")||S(h,""):S(h,x(o,m)),h.length>s?v(h,0,s):h}:"0".split(void 0,0).length?function(e,r){return void 0===e&&0===r?[]:a(t,this,e,r)}:t,[function(t,r){var n=l(this),s=null==t?void 0:p(t,e);return s?a(s,t,n,r):a(o,d(n),t,r)},function(e,n){var a=c(this),s=d(e),i=r(o,a,s,n,o!==t);if(i.done)return i.value;var l=u(a,RegExp),p=a.unicode,v=(a.ignoreCase?"i":"")+(a.multiline?"m":"")+(a.unicode?"u":"")+(E?"g":"y"),y=new l(E?"^(?:"+a.source+")":a,v),g=void 0===n?P:n>>>0;if(0===g)return[];if(0===s.length)return null===m(y,s)?[s]:[];for(var _=0,Z=0,w=[];Z<s.length;){y.lastIndex=E?0:Z;var O,k=m(y,E?x(s,Z):s);if(null===k||(O=b(h(y.lastIndex+(E?Z:0)),s.length))===_)Z=f(s,Z,p);else{if(S(w,x(s,_,Z)),w.length===g)return w;for(var R=1;R<=k.length-1;R++)if(S(w,k[R]),w.length===g)return w;Z=_=O}}return S(w,x(s,_)),w}]}),!!_((function(){var e=/(?:)/,t=e.exec;e.exec=function(){return t.apply(this,arguments)};var r="ab".split(e);return 2!==r.length||"a"!==r[0]||"b"!==r[1]})),E)},23157:(e,t,r)=>{"use strict";var n,a=r(82109),o=r(1702),s=r(31236).f,i=r(17466),c=r(41340),l=r(3929),u=r(84488),f=r(84964),h=r(31913),d=o("".startsWith),p=o("".slice),v=Math.min,m=f("startsWith");a({target:"String",proto:!0,forced:!(!h&&!m&&(n=s(String.prototype,"startsWith"),n&&!n.writable)||m)},{startsWith:function(e){var t=c(u(this));l(e);var r=i(v(arguments.length>1?arguments[1]:void 0,t.length)),n=c(e);return d?d(t,n,r):p(t,r,r+n.length)===n}})},7397:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("strike")},{strike:function(){return a(this,"strike","","")}})},60086:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("sub")},{sub:function(){return a(this,"sub","","")}})},83650:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(84488),s=r(19303),i=r(41340),c=a("".slice),l=Math.max,u=Math.min;n({target:"String",proto:!0,forced:!"".substr||"b"!=="ab".substr(-1)},{substr:function(e,t){var r,n,a=i(o(this)),f=a.length,h=s(e);return h===1/0&&(h=0),h<0&&(h=l(f+h,0)),(r=void 0===t?f:s(t))<=0||r===1/0||h>=(n=u(h+r,f))?"":c(a,h,n)}})},80623:(e,t,r)=>{"use strict";var n=r(82109),a=r(14230);n({target:"String",proto:!0,forced:r(43429)("sup")},{sup:function(){return a(this,"sup","","")}})},48702:(e,t,r)=>{r(83462);var n=r(82109),a=r(10365);n({target:"String",proto:!0,name:"trimEnd",forced:"".trimEnd!==a},{trimEnd:a})},99967:(e,t,r)=>{var n=r(82109),a=r(33217);n({target:"String",proto:!0,name:"trimStart",forced:"".trimLeft!==a},{trimLeft:a})},83462:(e,t,r)=>{var n=r(82109),a=r(10365);n({target:"String",proto:!0,name:"trimEnd",forced:"".trimRight!==a},{trimRight:a})},55674:(e,t,r)=>{r(99967);var n=r(82109),a=r(33217);n({target:"String",proto:!0,name:"trimStart",forced:"".trimStart!==a},{trimStart:a})},73210:(e,t,r)=>{"use strict";var n=r(82109),a=r(53111).trim;n({target:"String",proto:!0,forced:r(76091)("trim")},{trim:function(){return a(this)}})},72443:(e,t,r)=>{r(97235)("asyncIterator")},4032:(e,t,r)=>{"use strict";var n=r(82109),a=r(17854),o=r(46916),s=r(1702),i=r(31913),c=r(19781),l=r(30133),u=r(47293),f=r(92597),h=r(47976),d=r(19670),p=r(45656),v=r(34948),m=r(41340),y=r(79114),g=r(70030),_=r(81956),E=r(8006),P=r(1156),b=r(25181),Z=r(31236),w=r(3070),S=r(36048),x=r(55296),O=r(98052),k=r(72309),R=r(6200),N=r(3501),A=r(69711),T=r(5112),C=r(6061),I=r(97235),j=r(56532),M=r(58003),B=r(29909),U=r(42092).forEach,L=R("hidden"),D="Symbol",F="prototype",z=B.set,q=B.getterFor(D),W=Object[F],H=a.Symbol,G=H&&H[F],V=a.TypeError,Y=a.QObject,K=Z.f,X=w.f,$=P.f,Q=x.f,J=s([].push),ee=k("symbols"),te=k("op-symbols"),re=k("wks"),ne=!Y||!Y[F]||!Y[F].findChild,ae=c&&u((function(){return 7!=g(X({},"a",{get:function(){return X(this,"a",{value:7}).a}})).a}))?function(e,t,r){var n=K(W,t);n&&delete W[t],X(e,t,r),n&&e!==W&&X(W,t,n)}:X,oe=function(e,t){var r=ee[e]=g(G);return z(r,{type:D,tag:e,description:t}),c||(r.description=t),r},se=function(e,t,r){e===W&&se(te,t,r),d(e);var n=v(t);return d(r),f(ee,n)?(r.enumerable?(f(e,L)&&e[L][n]&&(e[L][n]=!1),r=g(r,{enumerable:y(0,!1)})):(f(e,L)||X(e,L,y(1,{})),e[L][n]=!0),ae(e,n,r)):X(e,n,r)},ie=function(e,t){d(e);var r=p(t),n=_(r).concat(fe(r));return U(n,(function(t){c&&!o(ce,r,t)||se(e,t,r[t])})),e},ce=function(e){var t=v(e),r=o(Q,this,t);return!(this===W&&f(ee,t)&&!f(te,t))&&(!(r||!f(this,t)||!f(ee,t)||f(this,L)&&this[L][t])||r)},le=function(e,t){var r=p(e),n=v(t);if(r!==W||!f(ee,n)||f(te,n)){var a=K(r,n);return!a||!f(ee,n)||f(r,L)&&r[L][n]||(a.enumerable=!0),a}},ue=function(e){var t=$(p(e)),r=[];return U(t,(function(e){f(ee,e)||f(N,e)||J(r,e)})),r},fe=function(e){var t=e===W,r=$(t?te:p(e)),n=[];return U(r,(function(e){!f(ee,e)||t&&!f(W,e)||J(n,ee[e])})),n};l||(O(G=(H=function(){if(h(G,this))throw V("Symbol is not a constructor");var e=arguments.length&&void 0!==arguments[0]?m(arguments[0]):void 0,t=A(e),r=function(e){this===W&&o(r,te,e),f(this,L)&&f(this[L],t)&&(this[L][t]=!1),ae(this,t,y(1,e))};return c&&ne&&ae(W,t,{configurable:!0,set:r}),oe(t,e)})[F],"toString",(function(){return q(this).tag})),O(H,"withoutSetter",(function(e){return oe(A(e),e)})),x.f=ce,w.f=se,S.f=ie,Z.f=le,E.f=P.f=ue,b.f=fe,C.f=function(e){return oe(T(e),e)},c&&(X(G,"description",{configurable:!0,get:function(){return q(this).description}}),i||O(W,"propertyIsEnumerable",ce,{unsafe:!0}))),n({global:!0,constructor:!0,wrap:!0,forced:!l,sham:!l},{Symbol:H}),U(_(re),(function(e){I(e)})),n({target:D,stat:!0,forced:!l},{useSetter:function(){ne=!0},useSimple:function(){ne=!1}}),n({target:"Object",stat:!0,forced:!l,sham:!c},{create:function(e,t){return void 0===t?g(e):ie(g(e),t)},defineProperty:se,defineProperties:ie,getOwnPropertyDescriptor:le}),n({target:"Object",stat:!0,forced:!l},{getOwnPropertyNames:ue}),j(),M(H,D),N[L]=!0},41817:(e,t,r)=>{"use strict";var n=r(82109),a=r(19781),o=r(17854),s=r(1702),i=r(92597),c=r(60614),l=r(47976),u=r(41340),f=r(3070).f,h=r(99920),d=o.Symbol,p=d&&d.prototype;if(a&&c(d)&&(!("description"in p)||void 0!==d().description)){var v={},m=function(){var e=arguments.length<1||void 0===arguments[0]?void 0:u(arguments[0]),t=l(p,this)?new d(e):void 0===e?d():d(e);return""===e&&(v[t]=!0),t};h(m,d),m.prototype=p,p.constructor=m;var y="Symbol(test)"==String(d("test")),g=s(p.toString),_=s(p.valueOf),E=/^Symbol\((.*)\)[^)]+$/,P=s("".replace),b=s("".slice);f(p,"description",{configurable:!0,get:function(){var e=_(this),t=g(e);if(i(v,e))return"";var r=y?b(t,7,-1):P(t,E,"$1");return""===r?void 0:r}}),n({global:!0,constructor:!0,forced:!0},{Symbol:m})}},40763:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(92597),s=r(41340),i=r(72309),c=r(30735),l=i("string-to-symbol-registry"),u=i("symbol-to-string-registry");n({target:"Symbol",stat:!0,forced:!c},{for:function(e){var t=s(e);if(o(l,t))return l[t];var r=a("Symbol")(t);return l[t]=r,u[r]=t,r}})},92401:(e,t,r)=>{r(97235)("hasInstance")},8722:(e,t,r)=>{r(97235)("isConcatSpreadable")},32165:(e,t,r)=>{r(97235)("iterator")},82526:(e,t,r)=>{r(4032),r(40763),r(26620),r(38862),r(29660)},26620:(e,t,r)=>{var n=r(82109),a=r(92597),o=r(52190),s=r(66330),i=r(72309),c=r(30735),l=i("symbol-to-string-registry");n({target:"Symbol",stat:!0,forced:!c},{keyFor:function(e){if(!o(e))throw TypeError(s(e)+" is not a symbol");if(a(l,e))return l[e]}})},16066:(e,t,r)=>{r(97235)("matchAll")},69007:(e,t,r)=>{r(97235)("match")},83510:(e,t,r)=>{r(97235)("replace")},41840:(e,t,r)=>{r(97235)("search")},6982:(e,t,r)=>{r(97235)("species")},32159:(e,t,r)=>{r(97235)("split")},96649:(e,t,r)=>{var n=r(97235),a=r(56532);n("toPrimitive"),a()},39341:(e,t,r)=>{var n=r(35005),a=r(97235),o=r(58003);a("toStringTag"),o(n("Symbol"),"Symbol")},60543:(e,t,r)=>{r(97235)("unscopables")},48675:(e,t,r)=>{"use strict";var n=r(90260),a=r(26244),o=r(19303),s=n.aTypedArray;(0,n.exportTypedArrayMethod)("at",(function(e){var t=s(this),r=a(t),n=o(e),i=n>=0?n:r+n;return i<0||i>=r?void 0:t[i]}))},92990:(e,t,r)=>{"use strict";var n=r(1702),a=r(90260),o=n(r(1048)),s=a.aTypedArray;(0,a.exportTypedArrayMethod)("copyWithin",(function(e,t){return o(s(this),e,t,arguments.length>2?arguments[2]:void 0)}))},18927:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).every,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("every",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},33105:(e,t,r)=>{"use strict";var n=r(90260),a=r(21285),o=r(64599),s=r(70648),i=r(46916),c=r(1702),l=r(47293),u=n.aTypedArray,f=n.exportTypedArrayMethod,h=c("".slice);f("fill",(function(e){var t=arguments.length;u(this);var r="Big"===h(s(this),0,3)?o(e):+e;return i(a,this,r,t>1?arguments[1]:void 0,t>2?arguments[2]:void 0)}),l((function(){var e=0;return new Int8Array(2).fill({valueOf:function(){return e++}}),1!==e})))},35035:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).filter,o=r(43074),s=n.aTypedArray;(0,n.exportTypedArrayMethod)("filter",(function(e){var t=a(s(this),e,arguments.length>1?arguments[1]:void 0);return o(this,t)}))},7174:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).findIndex,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("findIndex",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},74345:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).find,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("find",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},44197:(e,t,r)=>{r(19843)("Float32",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},76495:(e,t,r)=>{r(19843)("Float64",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},32846:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).forEach,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("forEach",(function(e){a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},98145:(e,t,r)=>{"use strict";var n=r(63832);(0,r(90260).exportTypedArrayStaticMethod)("from",r(97321),n)},44731:(e,t,r)=>{"use strict";var n=r(90260),a=r(41318).includes,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("includes",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},77209:(e,t,r)=>{"use strict";var n=r(90260),a=r(41318).indexOf,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("indexOf",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},35109:(e,t,r)=>{r(19843)("Int16",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},65125:(e,t,r)=>{r(19843)("Int32",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},87145:(e,t,r)=>{r(19843)("Int8",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},96319:(e,t,r)=>{"use strict";var n=r(17854),a=r(47293),o=r(1702),s=r(90260),i=r(66992),c=r(5112)("iterator"),l=n.Uint8Array,u=o(i.values),f=o(i.keys),h=o(i.entries),d=s.aTypedArray,p=s.exportTypedArrayMethod,v=l&&l.prototype,m=!a((function(){v[c].call([1])})),y=!!v&&v.values&&v[c]===v.values&&"values"===v.values.name,g=function(){return u(d(this))};p("entries",(function(){return h(d(this))}),m),p("keys",(function(){return f(d(this))}),m),p("values",g,m||!y,{name:"values"}),p(c,g,m||!y,{name:"values"})},58867:(e,t,r)=>{"use strict";var n=r(90260),a=r(1702),o=n.aTypedArray,s=n.exportTypedArrayMethod,i=a([].join);s("join",(function(e){return i(o(this),e)}))},37789:(e,t,r)=>{"use strict";var n=r(90260),a=r(22104),o=r(86583),s=n.aTypedArray;(0,n.exportTypedArrayMethod)("lastIndexOf",(function(e){var t=arguments.length;return a(o,s(this),t>1?[e,arguments[1]]:[e])}))},33739:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).map,o=r(66304),s=n.aTypedArray;(0,n.exportTypedArrayMethod)("map",(function(e){return a(s(this),e,arguments.length>1?arguments[1]:void 0,(function(e,t){return new(o(e))(t)}))}))},95206:(e,t,r)=>{"use strict";var n=r(90260),a=r(63832),o=n.aTypedArrayConstructor;(0,n.exportTypedArrayStaticMethod)("of",(function(){for(var e=0,t=arguments.length,r=new(o(this))(t);t>e;)r[e]=arguments[e++];return r}),a)},14483:(e,t,r)=>{"use strict";var n=r(90260),a=r(53671).right,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("reduceRight",(function(e){var t=arguments.length;return a(o(this),e,t,t>1?arguments[1]:void 0)}))},29368:(e,t,r)=>{"use strict";var n=r(90260),a=r(53671).left,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("reduce",(function(e){var t=arguments.length;return a(o(this),e,t,t>1?arguments[1]:void 0)}))},12056:(e,t,r)=>{"use strict";var n=r(90260),a=n.aTypedArray,o=n.exportTypedArrayMethod,s=Math.floor;o("reverse",(function(){for(var e,t=this,r=a(t).length,n=s(r/2),o=0;o<n;)e=t[o],t[o++]=t[--r],t[r]=e;return t}))},3462:(e,t,r)=>{"use strict";var n=r(17854),a=r(46916),o=r(90260),s=r(26244),i=r(84590),c=r(47908),l=r(47293),u=n.RangeError,f=n.Int8Array,h=f&&f.prototype,d=h&&h.set,p=o.aTypedArray,v=o.exportTypedArrayMethod,m=!l((function(){var e=new Uint8ClampedArray(2);return a(d,e,{length:1,0:3},1),3!==e[1]})),y=m&&o.NATIVE_ARRAY_BUFFER_VIEWS&&l((function(){var e=new f(2);return e.set(1),e.set("2",1),0!==e[0]||2!==e[1]}));v("set",(function(e){p(this);var t=i(arguments.length>1?arguments[1]:void 0,1),r=c(e);if(m)return a(d,this,r,t);var n=this.length,o=s(r),l=0;if(o+t>n)throw u("Wrong length");for(;l<o;)this[t+l]=r[l++]}),!m||y)},30678:(e,t,r)=>{"use strict";var n=r(90260),a=r(66304),o=r(47293),s=r(50206),i=n.aTypedArray;(0,n.exportTypedArrayMethod)("slice",(function(e,t){for(var r=s(i(this),e,t),n=a(this),o=0,c=r.length,l=new n(c);c>o;)l[o]=r[o++];return l}),o((function(){new Int8Array(1).slice()})))},27462:(e,t,r)=>{"use strict";var n=r(90260),a=r(42092).some,o=n.aTypedArray;(0,n.exportTypedArrayMethod)("some",(function(e){return a(o(this),e,arguments.length>1?arguments[1]:void 0)}))},33824:(e,t,r)=>{"use strict";var n=r(17854),a=r(1702),o=r(47293),s=r(19662),i=r(94362),c=r(90260),l=r(68886),u=r(30256),f=r(7392),h=r(98008),d=c.aTypedArray,p=c.exportTypedArrayMethod,v=n.Uint16Array,m=v&&a(v.prototype.sort),y=!(!m||o((function(){m(new v(2),null)}))&&o((function(){m(new v(2),{})}))),g=!!m&&!o((function(){if(f)return f<74;if(l)return l<67;if(u)return!0;if(h)return h<602;var e,t,r=new v(516),n=Array(516);for(e=0;e<516;e++)t=e%4,r[e]=515-e,n[e]=e-2*t+3;for(m(r,(function(e,t){return(e/4|0)-(t/4|0)})),e=0;e<516;e++)if(r[e]!==n[e])return!0}));p("sort",(function(e){return void 0!==e&&s(e),g?m(this,e):i(d(this),function(e){return function(t,r){return void 0!==e?+e(t,r)||0:r!=r?-1:t!=t?1:0===t&&0===r?1/t>0&&1/r<0?1:-1:t>r}}(e))}),!g||y)},55021:(e,t,r)=>{"use strict";var n=r(90260),a=r(17466),o=r(51400),s=r(66304),i=n.aTypedArray;(0,n.exportTypedArrayMethod)("subarray",(function(e,t){var r=i(this),n=r.length,c=o(e,n);return new(s(r))(r.buffer,r.byteOffset+c*r.BYTES_PER_ELEMENT,a((void 0===t?n:o(t,n))-c))}))},12974:(e,t,r)=>{"use strict";var n=r(17854),a=r(22104),o=r(90260),s=r(47293),i=r(50206),c=n.Int8Array,l=o.aTypedArray,u=o.exportTypedArrayMethod,f=[].toLocaleString,h=!!c&&s((function(){f.call(new c(1))}));u("toLocaleString",(function(){return a(f,h?i(l(this)):l(this),i(arguments))}),s((function(){return[1,2].toLocaleString()!=new c([1,2]).toLocaleString()}))||!s((function(){c.prototype.toLocaleString.call([1,2])})))},15016:(e,t,r)=>{"use strict";var n=r(90260).exportTypedArrayMethod,a=r(47293),o=r(17854),s=r(1702),i=o.Uint8Array,c=i&&i.prototype||{},l=[].toString,u=s([].join);a((function(){l.call({})}))&&(l=function(){return u(this)});var f=c.toString!=l;n("toString",l,f)},8255:(e,t,r)=>{r(19843)("Uint16",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},29135:(e,t,r)=>{r(19843)("Uint32",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},82472:(e,t,r)=>{r(19843)("Uint8",(function(e){return function(t,r,n){return e(this,t,r,n)}}))},49743:(e,t,r)=>{r(19843)("Uint8",(function(e){return function(t,r,n){return e(this,t,r,n)}}),!0)},78221:(e,t,r)=>{"use strict";var n=r(82109),a=r(1702),o=r(41340),s=String.fromCharCode,i=a("".charAt),c=a(/./.exec),l=a("".slice),u=/^[\da-f]{2}$/i,f=/^[\da-f]{4}$/i;n({global:!0},{unescape:function(e){for(var t,r,n=o(e),a="",h=n.length,d=0;d<h;){if("%"===(t=i(n,d++)))if("u"===i(n,d)){if(r=l(n,d+1,d+5),c(f,r)){a+=s(parseInt(r,16)),d+=5;continue}}else if(r=l(n,d,d+2),c(u,r)){a+=s(parseInt(r,16)),d+=2;continue}a+=t}return a}})},41202:(e,t,r)=>{"use strict";var n,a=r(17854),o=r(1702),s=r(89190),i=r(62423),c=r(77710),l=r(29320),u=r(70111),f=r(52050),h=r(29909).enforce,d=r(68536),p=!a.ActiveXObject&&"ActiveXObject"in a,v=function(e){return function(){return e(this,arguments.length?arguments[0]:void 0)}},m=c("WeakMap",v,l);if(d&&p){n=l.getConstructor(v,"WeakMap",!0),i.enable();var y=m.prototype,g=o(y.delete),_=o(y.has),E=o(y.get),P=o(y.set);s(y,{delete:function(e){if(u(e)&&!f(e)){var t=h(this);return t.frozen||(t.frozen=new n),g(this,e)||t.frozen.delete(e)}return g(this,e)},has:function(e){if(u(e)&&!f(e)){var t=h(this);return t.frozen||(t.frozen=new n),_(this,e)||t.frozen.has(e)}return _(this,e)},get:function(e){if(u(e)&&!f(e)){var t=h(this);return t.frozen||(t.frozen=new n),_(this,e)?E(this,e):t.frozen.get(e)}return E(this,e)},set:function(e,t){if(u(e)&&!f(e)){var r=h(this);r.frozen||(r.frozen=new n),_(this,e)?P(this,e,t):r.frozen.set(e,t)}else P(this,e,t);return this}})}},4129:(e,t,r)=>{r(41202)},72098:(e,t,r)=>{"use strict";r(77710)("WeakSet",(function(e){return function(){return e(this,arguments.length?arguments[0]:void 0)}}),r(29320))},38478:(e,t,r)=>{r(72098)},75505:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(1702),s=r(47293),i=r(41340),c=r(92597),l=r(48053),u=r(14170).ctoi,f=/[^\d+/a-z]/i,h=/[\t\n\f\r ]+/g,d=/[=]+$/,p=a("atob"),v=String.fromCharCode,m=o("".charAt),y=o("".replace),g=o(f.exec),_=s((function(){return""!==p(" ")})),E=!s((function(){p("a")})),P=!_&&!E&&!s((function(){p()})),b=!_&&!E&&1!==p.length;n({global:!0,enumerable:!0,forced:_||E||P||b},{atob:function(e){if(l(arguments.length,1),P||b)return p(e);var t,r,n=y(i(e),h,""),o="",s=0,_=0;if(n.length%4==0&&(n=y(n,d,"")),n.length%4==1||g(f,n))throw new(a("DOMException"))("The string is not correctly encoded","InvalidCharacterError");for(;t=m(n,s++);)c(u,t)&&(r=_%4?64*r+u[t]:u[t],_++%4&&(o+=v(255&r>>(-2*_&6))));return o}})},27479:(e,t,r)=>{var n=r(82109),a=r(35005),o=r(1702),s=r(47293),i=r(41340),c=r(48053),l=r(14170).itoc,u=a("btoa"),f=o("".charAt),h=o("".charCodeAt),d=!!u&&!s((function(){u()})),p=!!u&&s((function(){return"bnVsbA=="!==u(null)})),v=!!u&&1!==u.length;n({global:!0,enumerable:!0,forced:d||p||v},{btoa:function(e){if(c(arguments.length,1),d||p||v)return u(i(e));for(var t,r,n=i(e),o="",s=0,m=l;f(n,s)||(m="=",s%1);){if((r=h(n,s+=3/4))>255)throw new(a("DOMException"))("The string contains characters outside of the Latin1 range","InvalidCharacterError");o+=f(m,63&(t=t<<8|r)>>8-s%1*8)}return o}})},11091:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(20261).clear;n({global:!0,bind:!0,enumerable:!0,forced:a.clearImmediate!==o},{clearImmediate:o})},54747:(e,t,r)=>{var n=r(17854),a=r(48324),o=r(98509),s=r(18533),i=r(68880),c=function(e){if(e&&e.forEach!==s)try{i(e,"forEach",s)}catch(t){e.forEach=s}};for(var l in a)a[l]&&c(n[l]&&n[l].prototype);c(o)},33948:(e,t,r)=>{var n=r(17854),a=r(48324),o=r(98509),s=r(66992),i=r(68880),c=r(5112),l=c("iterator"),u=c("toStringTag"),f=s.values,h=function(e,t){if(e){if(e[l]!==f)try{i(e,l,f)}catch(t){e[l]=f}if(e[u]||i(e,u,t),a[t])for(var r in s)if(e[r]!==s[r])try{i(e,r,s[r])}catch(t){e[r]=s[r]}}};for(var d in a)h(n[d]&&n[d].prototype,d);h(o,"DOMTokenList")},87714:(e,t,r)=>{"use strict";var n=r(82109),a=r(44038),o=r(35005),s=r(47293),i=r(70030),c=r(79114),l=r(3070).f,u=r(98052),f=r(47045),h=r(92597),d=r(25787),p=r(19670),v=r(7762),m=r(56277),y=r(93678),g=r(77741),_=r(29909),E=r(19781),P=r(31913),b="DOMException",Z="DATA_CLONE_ERR",w=o("Error"),S=o(b)||function(){try{(new(o("MessageChannel")||a("worker_threads").MessageChannel)).port1.postMessage(new WeakMap)}catch(e){if(e.name==Z&&25==e.code)return e.constructor}}(),x=S&&S.prototype,O=w.prototype,k=_.set,R=_.getterFor(b),N="stack"in w(b),A=function(e){return h(y,e)&&y[e].m?y[e].c:0},T=function(){d(this,C);var e=arguments.length,t=m(e<1?void 0:arguments[0]),r=m(e<2?void 0:arguments[1],"Error"),n=A(r);if(k(this,{type:b,name:r,message:t,code:n}),E||(this.name=r,this.message=t,this.code=n),N){var a=w(t);a.name=b,l(this,"stack",c(1,g(a.stack,1)))}},C=T.prototype=i(O),I=function(e){return{enumerable:!0,configurable:!0,get:e}},j=function(e){return I((function(){return R(this)[e]}))};E&&(f(C,"code",j("code")),f(C,"message",j("message")),f(C,"name",j("name"))),l(C,"constructor",c(1,T));var M=s((function(){return!(new S instanceof w)})),B=M||s((function(){return O.toString!==v||"2: 1"!==String(new S(1,2))})),U=M||s((function(){return 25!==new S(1,"DataCloneError").code})),L=M||25!==S[Z]||25!==x[Z],D=P?B||U||L:M;n({global:!0,constructor:!0,forced:D},{DOMException:D?T:S});var F=o(b),z=F.prototype;for(var q in B&&(P||S===F)&&u(z,"toString",v),U&&E&&S===F&&f(z,"code",I((function(){return A(p(this).name)}))),y)if(h(y,q)){var W=y[q],H=W.s,G=c(6,W.c);h(F,H)||l(F,H,G),h(z,H)||l(z,H,G)}},82801:(e,t,r)=>{"use strict";var n=r(82109),a=r(35005),o=r(79114),s=r(3070).f,i=r(92597),c=r(25787),l=r(79587),u=r(56277),f=r(93678),h=r(77741),d=r(31913),p="DOMException",v=a("Error"),m=a(p),y=function(){c(this,g);var e=arguments.length,t=u(e<1?void 0:arguments[0]),r=u(e<2?void 0:arguments[1],"Error"),n=new m(t,r),a=v(t);return a.name=p,s(n,"stack",o(1,h(a.stack,1))),l(n,this,y),n},g=y.prototype=m.prototype,_="stack"in v(p),E="stack"in new m(1,2),P=_&&!E;n({global:!0,constructor:!0,forced:d||P},{DOMException:P?y:m});var b=a(p),Z=b.prototype;if(Z.constructor!==b)for(var w in d||s(Z,"constructor",o(1,b)),f)if(i(f,w)){var S=f[w],x=S.s;i(b,x)||s(b,x,o(6,S.c))}},1174:(e,t,r)=>{var n=r(35005),a="DOMException";r(58003)(n(a),a)},84633:(e,t,r)=>{r(11091),r(12986)},85844:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(95948),s=r(19662),i=r(48053),c=r(35268),l=a.process;n({global:!0,enumerable:!0,dontCallGetSet:!0},{queueMicrotask:function(e){i(arguments.length,1),s(e);var t=c&&l.domain;o(t?t.bind(e):e)}})},12986:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(20261).set;n({global:!0,bind:!0,enumerable:!0,forced:a.setImmediate!==o},{setImmediate:o})},96815:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(17152).setInterval;n({global:!0,bind:!0,forced:a.setInterval!==o},{setInterval:o})},88417:(e,t,r)=>{var n=r(82109),a=r(17854),o=r(17152).setTimeout;n({global:!0,bind:!0,forced:a.setTimeout!==o},{setTimeout:o})},61295:(e,t,r)=>{var n,a=r(31913),o=r(82109),s=r(17854),i=r(35005),c=r(1702),l=r(47293),u=r(69711),f=r(60614),h=r(4411),d=r(70111),p=r(52190),v=r(20408),m=r(19670),y=r(70648),g=r(92597),_=r(86135),E=r(68880),P=r(26244),b=r(48053),Z=r(34706),w=r(22914),S=s.Object,x=s.Date,O=s.Error,k=s.EvalError,R=s.RangeError,N=s.ReferenceError,A=s.SyntaxError,T=s.TypeError,C=s.URIError,I=s.PerformanceMark,j=s.WebAssembly,M=j&&j.CompileError||O,B=j&&j.LinkError||O,U=j&&j.RuntimeError||O,L=i("DOMException"),D=i("Set"),F=i("Map"),z=F.prototype,q=c(z.has),W=c(z.get),H=c(z.set),G=c(D.prototype.add),V=i("Object","keys"),Y=c([].push),K=c((!0).valueOf),X=c(1..valueOf),$=c("".valueOf),Q=c(x.prototype.getTime),J=u("structuredClone"),ee="DataCloneError",te="Transferring",re=function(e){return!l((function(){var t=new s.Set([7]),r=e(t),n=e(S(7));return r==t||!r.has(7)||"object"!=typeof n||7!=n}))&&e},ne=s.structuredClone,ae=a||(n=ne,!!l((function(){var e=new O,t=n({a:e,b:e});return!(t&&t.a===t.b&&t.a instanceof O)})))||!function(e){return!l((function(){var t=e(new s.AggregateError([1],J,{cause:3}));return"AggregateError"!=t.name||1!=t.errors[0]||t.message!=J||3!=t.cause}))}(ne),oe=!ne&&re((function(e){return new I(J,{detail:e}).detail})),se=re(ne)||oe,ie=function(e){throw new L("Uncloneable type: "+e,ee)},ce=function(e,t){throw new L((t||"Cloning")+" of "+e+" cannot be properly polyfilled in this engine",ee)},le=function(e,t){if(p(e)&&ie("Symbol"),!d(e))return e;if(t){if(q(t,e))return W(t,e)}else t=new F;var r,n,a,o,c,l,u,v,m,b,I=y(e),j=!1;switch(I){case"Array":a=[],j=!0;break;case"Object":a={},j=!0;break;case"Map":a=new F,j=!0;break;case"Set":a=new D,j=!0;break;case"RegExp":a=new RegExp(e.source,Z(e));break;case"Error":switch(n=e.name){case"AggregateError":a=i("AggregateError")([]);break;case"EvalError":a=k();break;case"RangeError":a=R();break;case"ReferenceError":a=N();break;case"SyntaxError":a=A();break;case"TypeError":a=T();break;case"URIError":a=C();break;case"CompileError":a=M();break;case"LinkError":a=B();break;case"RuntimeError":a=U();break;default:a=O()}j=!0;break;case"DOMException":a=new L(e.message,e.name),j=!0;break;case"DataView":case"Int8Array":case"Uint8Array":case"Uint8ClampedArray":case"Int16Array":case"Uint16Array":case"Int32Array":case"Uint32Array":case"Float32Array":case"Float64Array":case"BigInt64Array":case"BigUint64Array":r=s[I],d(r)||ce(I),a=new r(le(e.buffer,t),e.byteOffset,"DataView"===I?e.byteLength:e.length);break;case"DOMQuad":try{a=new DOMQuad(le(e.p1,t),le(e.p2,t),le(e.p3,t),le(e.p4,t))}catch(t){se?a=se(e):ce(I)}break;case"FileList":if(r=s.DataTransfer,h(r)){for(o=new r,c=0,l=P(e);c<l;c++)o.items.add(le(e[c],t));a=o.files}else se?a=se(e):ce(I);break;case"ImageData":try{a=new ImageData(le(e.data,t),e.width,e.height,{colorSpace:e.colorSpace})}catch(t){se?a=se(e):ce(I)}break;default:if(se)a=se(e);else switch(I){case"BigInt":a=S(e.valueOf());break;case"Boolean":a=S(K(e));break;case"Number":a=S(X(e));break;case"String":a=S($(e));break;case"Date":a=new x(Q(e));break;case"ArrayBuffer":(r=s.DataView)||"function"==typeof e.slice||ce(I);try{if("function"==typeof e.slice)a=e.slice(0);else for(l=e.byteLength,a=new ArrayBuffer(l),m=new r(e),b=new r(a),c=0;c<l;c++)b.setUint8(c,m.getUint8(c))}catch(e){throw new L("ArrayBuffer is detached",ee)}break;case"SharedArrayBuffer":a=e;break;case"Blob":try{a=e.slice(0,e.size,e.type)}catch(e){ce(I)}break;case"DOMPoint":case"DOMPointReadOnly":r=s[I];try{a=r.fromPoint?r.fromPoint(e):new r(e.x,e.y,e.z,e.w)}catch(e){ce(I)}break;case"DOMRect":case"DOMRectReadOnly":r=s[I];try{a=r.fromRect?r.fromRect(e):new r(e.x,e.y,e.width,e.height)}catch(e){ce(I)}break;case"DOMMatrix":case"DOMMatrixReadOnly":r=s[I];try{a=r.fromMatrix?r.fromMatrix(e):new r(e)}catch(e){ce(I)}break;case"AudioData":case"VideoFrame":f(e.clone)||ce(I);try{a=e.clone()}catch(e){ie(I)}break;case"File":try{a=new File([e],e.name,e)}catch(e){ce(I)}break;case"CryptoKey":case"GPUCompilationMessage":case"GPUCompilationInfo":case"ImageBitmap":case"RTCCertificate":case"WebAssembly.Module":ce(I);default:ie(I)}}if(H(t,e,a),j)switch(I){case"Array":case"Object":for(u=V(e),c=0,l=P(u);c<l;c++)v=u[c],_(a,v,le(e[v],t));break;case"Map":e.forEach((function(e,r){H(a,le(r,t),le(e,t))}));break;case"Set":e.forEach((function(e){G(a,le(e,t))}));break;case"Error":E(a,"message",le(e.message,t)),g(e,"cause")&&E(a,"cause",le(e.cause,t)),"AggregateError"==n&&(a.errors=le(e.errors,t));case"DOMException":w&&E(a,"stack",le(e.stack,t))}return a},ue=ne&&!l((function(){var e=new ArrayBuffer(8),t=ne(e,{transfer:[e]});return 0!=e.byteLength||8!=t.byteLength}));o({global:!0,enumerable:!0,sham:!ue,forced:ae},{structuredClone:function(e){var t,r=b(arguments.length,1)>1&&null!=arguments[1]?m(arguments[1]):void 0,n=r?r.transfer:void 0;return void 0!==n&&function(e,t){if(!d(e))throw T("Transfer option cannot be converted to a sequence");var r=[];v(e,(function(e){Y(r,m(e))}));var n,a,o,i,c,l,u=0,p=P(r);if(ue)for(i=ne(r,{transfer:r});u<p;)H(t,r[u],i[u++]);else for(;u<p;){if(n=r[u++],q(t,n))throw new L("Duplicate transferable",ee);switch(a=y(n)){case"ImageBitmap":o=s.OffscreenCanvas,h(o)||ce(a,te);try{(l=new o(n.width,n.height)).getContext("bitmaprenderer").transferFromImageBitmap(n),c=l.transferToImageBitmap()}catch(e){}break;case"AudioData":case"VideoFrame":f(n.clone)&&f(n.close)||ce(a,te);try{c=n.clone(),n.close()}catch(e){}break;case"ArrayBuffer":case"MessagePort":case"OffscreenCanvas":case"ReadableStream":case"TransformStream":case"WritableStream":ce(a,te)}if(void 0===c)throw new L("This object cannot be transferred: "+a,ee);H(t,n,c)}}(n,t=new F),le(e,t)}})},32564:(e,t,r)=>{r(96815),r(88417)},65556:(e,t,r)=>{"use strict";r(66992);var n=r(82109),a=r(17854),o=r(46916),s=r(1702),i=r(19781),c=r(590),l=r(98052),u=r(89190),f=r(58003),h=r(24994),d=r(29909),p=r(25787),v=r(60614),m=r(92597),y=r(49974),g=r(70648),_=r(19670),E=r(70111),P=r(41340),b=r(70030),Z=r(79114),w=r(18554),S=r(71246),x=r(48053),O=r(5112),k=r(94362),R=O("iterator"),N="URLSearchParams",A=N+"Iterator",T=d.set,C=d.getterFor(N),I=d.getterFor(A),j=Object.getOwnPropertyDescriptor,M=function(e){if(!i)return a[e];var t=j(a,e);return t&&t.value},B=M("fetch"),U=M("Request"),L=M("Headers"),D=U&&U.prototype,F=L&&L.prototype,z=a.RegExp,q=a.TypeError,W=a.decodeURIComponent,H=a.encodeURIComponent,G=s("".charAt),V=s([].join),Y=s([].push),K=s("".replace),X=s([].shift),$=s([].splice),Q=s("".split),J=s("".slice),ee=/\+/g,te=Array(4),re=function(e){return te[e-1]||(te[e-1]=z("((?:%[\\da-f]{2}){"+e+"})","gi"))},ne=function(e){try{return W(e)}catch(t){return e}},ae=function(e){var t=K(e,ee," "),r=4;try{return W(t)}catch(e){for(;r;)t=K(t,re(r--),ne);return t}},oe=/[!'()~]|%20/g,se={"!":"%21","'":"%27","(":"%28",")":"%29","~":"%7E","%20":"+"},ie=function(e){return se[e]},ce=function(e){return K(H(e),oe,ie)},le=h((function(e,t){T(this,{type:A,iterator:w(C(e).entries),kind:t})}),"Iterator",(function(){var e=I(this),t=e.kind,r=e.iterator.next(),n=r.value;return r.done||(r.value="keys"===t?n.key:"values"===t?n.value:[n.key,n.value]),r}),!0),ue=function(e){this.entries=[],this.url=null,void 0!==e&&(E(e)?this.parseObject(e):this.parseQuery("string"==typeof e?"?"===G(e,0)?J(e,1):e:P(e)))};ue.prototype={type:N,bindURL:function(e){this.url=e,this.update()},parseObject:function(e){var t,r,n,a,s,i,c,l=S(e);if(l)for(r=(t=w(e,l)).next;!(n=o(r,t)).done;){if(s=(a=w(_(n.value))).next,(i=o(s,a)).done||(c=o(s,a)).done||!o(s,a).done)throw q("Expected sequence with length 2");Y(this.entries,{key:P(i.value),value:P(c.value)})}else for(var u in e)m(e,u)&&Y(this.entries,{key:u,value:P(e[u])})},parseQuery:function(e){if(e)for(var t,r,n=Q(e,"&"),a=0;a<n.length;)(t=n[a++]).length&&(r=Q(t,"="),Y(this.entries,{key:ae(X(r)),value:ae(V(r,"="))}))},serialize:function(){for(var e,t=this.entries,r=[],n=0;n<t.length;)e=t[n++],Y(r,ce(e.key)+"="+ce(e.value));return V(r,"&")},update:function(){this.entries.length=0,this.parseQuery(this.url.query)},updateURL:function(){this.url&&this.url.update()}};var fe=function(){p(this,he),T(this,new ue(arguments.length>0?arguments[0]:void 0))},he=fe.prototype;if(u(he,{append:function(e,t){x(arguments.length,2);var r=C(this);Y(r.entries,{key:P(e),value:P(t)}),r.updateURL()},delete:function(e){x(arguments.length,1);for(var t=C(this),r=t.entries,n=P(e),a=0;a<r.length;)r[a].key===n?$(r,a,1):a++;t.updateURL()},get:function(e){x(arguments.length,1);for(var t=C(this).entries,r=P(e),n=0;n<t.length;n++)if(t[n].key===r)return t[n].value;return null},getAll:function(e){x(arguments.length,1);for(var t=C(this).entries,r=P(e),n=[],a=0;a<t.length;a++)t[a].key===r&&Y(n,t[a].value);return n},has:function(e){x(arguments.length,1);for(var t=C(this).entries,r=P(e),n=0;n<t.length;)if(t[n++].key===r)return!0;return!1},set:function(e,t){x(arguments.length,1);for(var r,n=C(this),a=n.entries,o=!1,s=P(e),i=P(t),c=0;c<a.length;c++)(r=a[c]).key===s&&(o?$(a,c--,1):(o=!0,r.value=i));o||Y(a,{key:s,value:i}),n.updateURL()},sort:function(){var e=C(this);k(e.entries,(function(e,t){return e.key>t.key?1:-1})),e.updateURL()},forEach:function(e){for(var t,r=C(this).entries,n=y(e,arguments.length>1?arguments[1]:void 0),a=0;a<r.length;)n((t=r[a++]).value,t.key,this)},keys:function(){return new le(this,"keys")},values:function(){return new le(this,"values")},entries:function(){return new le(this,"entries")}},{enumerable:!0}),l(he,R,he.entries,{name:"entries"}),l(he,"toString",(function(){return C(this).serialize()}),{enumerable:!0}),f(fe,N),n({global:!0,constructor:!0,forced:!c},{URLSearchParams:fe}),!c&&v(L)){var de=s(F.has),pe=s(F.set),ve=function(e){if(E(e)){var t,r=e.body;if(g(r)===N)return t=e.headers?new L(e.headers):new L,de(t,"content-type")||pe(t,"content-type","application/x-www-form-urlencoded;charset=UTF-8"),b(e,{body:Z(0,P(r)),headers:Z(0,t)})}return e};if(v(B)&&n({global:!0,enumerable:!0,dontCallGetSet:!0,forced:!0},{fetch:function(e){return B(e,arguments.length>1?ve(arguments[1]):{})}}),v(U)){var me=function(e){return p(this,D),new U(e,arguments.length>1?ve(arguments[1]):{})};D.constructor=me,me.prototype=D,n({global:!0,constructor:!0,dontCallGetSet:!0,forced:!0},{Request:me})}}e.exports={URLSearchParams:fe,getState:C}},41637:(e,t,r)=>{r(65556)},68789:(e,t,r)=>{"use strict";r(78783);var n,a=r(82109),o=r(19781),s=r(590),i=r(17854),c=r(49974),l=r(1702),u=r(98052),f=r(47045),h=r(25787),d=r(92597),p=r(21574),v=r(48457),m=r(41589),y=r(28710).codeAt,g=r(33197),_=r(41340),E=r(58003),P=r(48053),b=r(65556),Z=r(29909),w=Z.set,S=Z.getterFor("URL"),x=b.URLSearchParams,O=b.getState,k=i.URL,R=i.TypeError,N=i.parseInt,A=Math.floor,T=Math.pow,C=l("".charAt),I=l(/./.exec),j=l([].join),M=l(1..toString),B=l([].pop),U=l([].push),L=l("".replace),D=l([].shift),F=l("".split),z=l("".slice),q=l("".toLowerCase),W=l([].unshift),H="Invalid scheme",G="Invalid host",V="Invalid port",Y=/[a-z]/i,K=/[\d+-.a-z]/i,X=/\d/,$=/^0x/i,Q=/^[0-7]+$/,J=/^\d+$/,ee=/^[\da-f]+$/i,te=/[\0\t\n\r #%/:<>?@[\\\]^|]/,re=/[\0\t\n\r #/:<>?@[\\\]^|]/,ne=/^[\u0000-\u0020]+|[\u0000-\u0020]+$/g,ae=/[\t\n\r]/g,oe=function(e){var t,r,n,a;if("number"==typeof e){for(t=[],r=0;r<4;r++)W(t,e%256),e=A(e/256);return j(t,".")}if("object"==typeof e){for(t="",n=function(e){for(var t=null,r=1,n=null,a=0,o=0;o<8;o++)0!==e[o]?(a>r&&(t=n,r=a),n=null,a=0):(null===n&&(n=o),++a);return a>r&&(t=n,r=a),t}(e),r=0;r<8;r++)a&&0===e[r]||(a&&(a=!1),n===r?(t+=r?":":"::",a=!0):(t+=M(e[r],16),r<7&&(t+=":")));return"["+t+"]"}return e},se={},ie=p({},se,{" ":1,'"':1,"<":1,">":1,"`":1}),ce=p({},ie,{"#":1,"?":1,"{":1,"}":1}),le=p({},ce,{"/":1,":":1,";":1,"=":1,"@":1,"[":1,"\\":1,"]":1,"^":1,"|":1}),ue=function(e,t){var r=y(e,0);return r>32&&r<127&&!d(t,e)?e:encodeURIComponent(e)},fe={ftp:21,file:null,http:80,https:443,ws:80,wss:443},he=function(e,t){var r;return 2==e.length&&I(Y,C(e,0))&&(":"==(r=C(e,1))||!t&&"|"==r)},de=function(e){var t;return e.length>1&&he(z(e,0,2))&&(2==e.length||"/"===(t=C(e,2))||"\\"===t||"?"===t||"#"===t)},pe=function(e){return"."===e||"%2e"===q(e)},ve={},me={},ye={},ge={},_e={},Ee={},Pe={},be={},Ze={},we={},Se={},xe={},Oe={},ke={},Re={},Ne={},Ae={},Te={},Ce={},Ie={},je={},Me=function(e,t,r){var n,a,o,s=_(e);if(t){if(a=this.parse(s))throw R(a);this.searchParams=null}else{if(void 0!==r&&(n=new Me(r,!0)),a=this.parse(s,null,n))throw R(a);(o=O(new x)).bindURL(this),this.searchParams=o}};Me.prototype={type:"URL",parse:function(e,t,r){var a,o,s,i,c,l=this,u=t||ve,f=0,h="",p=!1,y=!1,g=!1;for(e=_(e),t||(l.scheme="",l.username="",l.password="",l.host=null,l.port=null,l.path=[],l.query=null,l.fragment=null,l.cannotBeABaseURL=!1,e=L(e,ne,"")),e=L(e,ae,""),a=v(e);f<=a.length;){switch(o=a[f],u){case ve:if(!o||!I(Y,o)){if(t)return H;u=ye;continue}h+=q(o),u=me;break;case me:if(o&&(I(K,o)||"+"==o||"-"==o||"."==o))h+=q(o);else{if(":"!=o){if(t)return H;h="",u=ye,f=0;continue}if(t&&(l.isSpecial()!=d(fe,h)||"file"==h&&(l.includesCredentials()||null!==l.port)||"file"==l.scheme&&!l.host))return;if(l.scheme=h,t)return void(l.isSpecial()&&fe[l.scheme]==l.port&&(l.port=null));h="","file"==l.scheme?u=ke:l.isSpecial()&&r&&r.scheme==l.scheme?u=ge:l.isSpecial()?u=be:"/"==a[f+1]?(u=_e,f++):(l.cannotBeABaseURL=!0,U(l.path,""),u=Ce)}break;case ye:if(!r||r.cannotBeABaseURL&&"#"!=o)return H;if(r.cannotBeABaseURL&&"#"==o){l.scheme=r.scheme,l.path=m(r.path),l.query=r.query,l.fragment="",l.cannotBeABaseURL=!0,u=je;break}u="file"==r.scheme?ke:Ee;continue;case ge:if("/"!=o||"/"!=a[f+1]){u=Ee;continue}u=Ze,f++;break;case _e:if("/"==o){u=we;break}u=Te;continue;case Ee:if(l.scheme=r.scheme,o==n)l.username=r.username,l.password=r.password,l.host=r.host,l.port=r.port,l.path=m(r.path),l.query=r.query;else if("/"==o||"\\"==o&&l.isSpecial())u=Pe;else if("?"==o)l.username=r.username,l.password=r.password,l.host=r.host,l.port=r.port,l.path=m(r.path),l.query="",u=Ie;else{if("#"!=o){l.username=r.username,l.password=r.password,l.host=r.host,l.port=r.port,l.path=m(r.path),l.path.length--,u=Te;continue}l.username=r.username,l.password=r.password,l.host=r.host,l.port=r.port,l.path=m(r.path),l.query=r.query,l.fragment="",u=je}break;case Pe:if(!l.isSpecial()||"/"!=o&&"\\"!=o){if("/"!=o){l.username=r.username,l.password=r.password,l.host=r.host,l.port=r.port,u=Te;continue}u=we}else u=Ze;break;case be:if(u=Ze,"/"!=o||"/"!=C(h,f+1))continue;f++;break;case Ze:if("/"!=o&&"\\"!=o){u=we;continue}break;case we:if("@"==o){p&&(h="%40"+h),p=!0,s=v(h);for(var E=0;E<s.length;E++){var P=s[E];if(":"!=P||g){var b=ue(P,le);g?l.password+=b:l.username+=b}else g=!0}h=""}else if(o==n||"/"==o||"?"==o||"#"==o||"\\"==o&&l.isSpecial()){if(p&&""==h)return"Invalid authority";f-=v(h).length+1,h="",u=Se}else h+=o;break;case Se:case xe:if(t&&"file"==l.scheme){u=Ne;continue}if(":"!=o||y){if(o==n||"/"==o||"?"==o||"#"==o||"\\"==o&&l.isSpecial()){if(l.isSpecial()&&""==h)return G;if(t&&""==h&&(l.includesCredentials()||null!==l.port))return;if(i=l.parseHost(h))return i;if(h="",u=Ae,t)return;continue}"["==o?y=!0:"]"==o&&(y=!1),h+=o}else{if(""==h)return G;if(i=l.parseHost(h))return i;if(h="",u=Oe,t==xe)return}break;case Oe:if(!I(X,o)){if(o==n||"/"==o||"?"==o||"#"==o||"\\"==o&&l.isSpecial()||t){if(""!=h){var Z=N(h,10);if(Z>65535)return V;l.port=l.isSpecial()&&Z===fe[l.scheme]?null:Z,h=""}if(t)return;u=Ae;continue}return V}h+=o;break;case ke:if(l.scheme="file","/"==o||"\\"==o)u=Re;else{if(!r||"file"!=r.scheme){u=Te;continue}if(o==n)l.host=r.host,l.path=m(r.path),l.query=r.query;else if("?"==o)l.host=r.host,l.path=m(r.path),l.query="",u=Ie;else{if("#"!=o){de(j(m(a,f),""))||(l.host=r.host,l.path=m(r.path),l.shortenPath()),u=Te;continue}l.host=r.host,l.path=m(r.path),l.query=r.query,l.fragment="",u=je}}break;case Re:if("/"==o||"\\"==o){u=Ne;break}r&&"file"==r.scheme&&!de(j(m(a,f),""))&&(he(r.path[0],!0)?U(l.path,r.path[0]):l.host=r.host),u=Te;continue;case Ne:if(o==n||"/"==o||"\\"==o||"?"==o||"#"==o){if(!t&&he(h))u=Te;else if(""==h){if(l.host="",t)return;u=Ae}else{if(i=l.parseHost(h))return i;if("localhost"==l.host&&(l.host=""),t)return;h="",u=Ae}continue}h+=o;break;case Ae:if(l.isSpecial()){if(u=Te,"/"!=o&&"\\"!=o)continue}else if(t||"?"!=o)if(t||"#"!=o){if(o!=n&&(u=Te,"/"!=o))continue}else l.fragment="",u=je;else l.query="",u=Ie;break;case Te:if(o==n||"/"==o||"\\"==o&&l.isSpecial()||!t&&("?"==o||"#"==o)){if(".."===(c=q(c=h))||"%2e."===c||".%2e"===c||"%2e%2e"===c?(l.shortenPath(),"/"==o||"\\"==o&&l.isSpecial()||U(l.path,"")):pe(h)?"/"==o||"\\"==o&&l.isSpecial()||U(l.path,""):("file"==l.scheme&&!l.path.length&&he(h)&&(l.host&&(l.host=""),h=C(h,0)+":"),U(l.path,h)),h="","file"==l.scheme&&(o==n||"?"==o||"#"==o))for(;l.path.length>1&&""===l.path[0];)D(l.path);"?"==o?(l.query="",u=Ie):"#"==o&&(l.fragment="",u=je)}else h+=ue(o,ce);break;case Ce:"?"==o?(l.query="",u=Ie):"#"==o?(l.fragment="",u=je):o!=n&&(l.path[0]+=ue(o,se));break;case Ie:t||"#"!=o?o!=n&&("'"==o&&l.isSpecial()?l.query+="%27":l.query+="#"==o?"%23":ue(o,se)):(l.fragment="",u=je);break;case je:o!=n&&(l.fragment+=ue(o,ie))}f++}},parseHost:function(e){var t,r,n;if("["==C(e,0)){if("]"!=C(e,e.length-1))return G;if(t=function(e){var t,r,n,a,o,s,i,c=[0,0,0,0,0,0,0,0],l=0,u=null,f=0,h=function(){return C(e,f)};if(":"==h()){if(":"!=C(e,1))return;f+=2,u=++l}for(;h();){if(8==l)return;if(":"!=h()){for(t=r=0;r<4&&I(ee,h());)t=16*t+N(h(),16),f++,r++;if("."==h()){if(0==r)return;if(f-=r,l>6)return;for(n=0;h();){if(a=null,n>0){if(!("."==h()&&n<4))return;f++}if(!I(X,h()))return;for(;I(X,h());){if(o=N(h(),10),null===a)a=o;else{if(0==a)return;a=10*a+o}if(a>255)return;f++}c[l]=256*c[l]+a,2!=++n&&4!=n||l++}if(4!=n)return;break}if(":"==h()){if(f++,!h())return}else if(h())return;c[l++]=t}else{if(null!==u)return;f++,u=++l}}if(null!==u)for(s=l-u,l=7;0!=l&&s>0;)i=c[l],c[l--]=c[u+s-1],c[u+--s]=i;else if(8!=l)return;return c}(z(e,1,-1)),!t)return G;this.host=t}else if(this.isSpecial()){if(e=g(e),I(te,e))return G;if(t=function(e){var t,r,n,a,o,s,i,c=F(e,".");if(c.length&&""==c[c.length-1]&&c.length--,(t=c.length)>4)return e;for(r=[],n=0;n<t;n++){if(""==(a=c[n]))return e;if(o=10,a.length>1&&"0"==C(a,0)&&(o=I($,a)?16:8,a=z(a,8==o?1:2)),""===a)s=0;else{if(!I(10==o?J:8==o?Q:ee,a))return e;s=N(a,o)}U(r,s)}for(n=0;n<t;n++)if(s=r[n],n==t-1){if(s>=T(256,5-t))return null}else if(s>255)return null;for(i=B(r),n=0;n<r.length;n++)i+=r[n]*T(256,3-n);return i}(e),null===t)return G;this.host=t}else{if(I(re,e))return G;for(t="",r=v(e),n=0;n<r.length;n++)t+=ue(r[n],se);this.host=t}},cannotHaveUsernamePasswordPort:function(){return!this.host||this.cannotBeABaseURL||"file"==this.scheme},includesCredentials:function(){return""!=this.username||""!=this.password},isSpecial:function(){return d(fe,this.scheme)},shortenPath:function(){var e=this.path,t=e.length;!t||"file"==this.scheme&&1==t&&he(e[0],!0)||e.length--},serialize:function(){var e=this,t=e.scheme,r=e.username,n=e.password,a=e.host,o=e.port,s=e.path,i=e.query,c=e.fragment,l=t+":";return null!==a?(l+="//",e.includesCredentials()&&(l+=r+(n?":"+n:"")+"@"),l+=oe(a),null!==o&&(l+=":"+o)):"file"==t&&(l+="//"),l+=e.cannotBeABaseURL?s[0]:s.length?"/"+j(s,"/"):"",null!==i&&(l+="?"+i),null!==c&&(l+="#"+c),l},setHref:function(e){var t=this.parse(e);if(t)throw R(t);this.searchParams.update()},getOrigin:function(){var e=this.scheme,t=this.port;if("blob"==e)try{return new Be(e.path[0]).origin}catch(e){return"null"}return"file"!=e&&this.isSpecial()?e+"://"+oe(this.host)+(null!==t?":"+t:""):"null"},getProtocol:function(){return this.scheme+":"},setProtocol:function(e){this.parse(_(e)+":",ve)},getUsername:function(){return this.username},setUsername:function(e){var t=v(_(e));if(!this.cannotHaveUsernamePasswordPort()){this.username="";for(var r=0;r<t.length;r++)this.username+=ue(t[r],le)}},getPassword:function(){return this.password},setPassword:function(e){var t=v(_(e));if(!this.cannotHaveUsernamePasswordPort()){this.password="";for(var r=0;r<t.length;r++)this.password+=ue(t[r],le)}},getHost:function(){var e=this.host,t=this.port;return null===e?"":null===t?oe(e):oe(e)+":"+t},setHost:function(e){this.cannotBeABaseURL||this.parse(e,Se)},getHostname:function(){var e=this.host;return null===e?"":oe(e)},setHostname:function(e){this.cannotBeABaseURL||this.parse(e,xe)},getPort:function(){var e=this.port;return null===e?"":_(e)},setPort:function(e){this.cannotHaveUsernamePasswordPort()||(""==(e=_(e))?this.port=null:this.parse(e,Oe))},getPathname:function(){var e=this.path;return this.cannotBeABaseURL?e[0]:e.length?"/"+j(e,"/"):""},setPathname:function(e){this.cannotBeABaseURL||(this.path=[],this.parse(e,Ae))},getSearch:function(){var e=this.query;return e?"?"+e:""},setSearch:function(e){""==(e=_(e))?this.query=null:("?"==C(e,0)&&(e=z(e,1)),this.query="",this.parse(e,Ie)),this.searchParams.update()},getSearchParams:function(){return this.searchParams.facade},getHash:function(){var e=this.fragment;return e?"#"+e:""},setHash:function(e){""!=(e=_(e))?("#"==C(e,0)&&(e=z(e,1)),this.fragment="",this.parse(e,je)):this.fragment=null},update:function(){this.query=this.searchParams.serialize()||null}};var Be=function(e){var t=h(this,Ue),r=P(arguments.length,1)>1?arguments[1]:void 0,n=w(t,new Me(e,!1,r));o||(t.href=n.serialize(),t.origin=n.getOrigin(),t.protocol=n.getProtocol(),t.username=n.getUsername(),t.password=n.getPassword(),t.host=n.getHost(),t.hostname=n.getHostname(),t.port=n.getPort(),t.pathname=n.getPathname(),t.search=n.getSearch(),t.searchParams=n.getSearchParams(),t.hash=n.getHash())},Ue=Be.prototype,Le=function(e,t){return{get:function(){return S(this)[e]()},set:t&&function(e){return S(this)[t](e)},configurable:!0,enumerable:!0}};if(o&&(f(Ue,"href",Le("serialize","setHref")),f(Ue,"origin",Le("getOrigin")),f(Ue,"protocol",Le("getProtocol","setProtocol")),f(Ue,"username",Le("getUsername","setUsername")),f(Ue,"password",Le("getPassword","setPassword")),f(Ue,"host",Le("getHost","setHost")),f(Ue,"hostname",Le("getHostname","setHostname")),f(Ue,"port",Le("getPort","setPort")),f(Ue,"pathname",Le("getPathname","setPathname")),f(Ue,"search",Le("getSearch","setSearch")),f(Ue,"searchParams",Le("getSearchParams")),f(Ue,"hash",Le("getHash","setHash"))),u(Ue,"toJSON",(function(){return S(this).serialize()}),{enumerable:!0}),u(Ue,"toString",(function(){return S(this).serialize()}),{enumerable:!0}),k){var De=k.createObjectURL,Fe=k.revokeObjectURL;De&&u(Be,"createObjectURL",c(De,k)),Fe&&u(Be,"revokeObjectURL",c(Fe,k))}E(Be,"URL"),a({global:!0,constructor:!0,forced:!s,sham:!o},{URL:Be})},60285:(e,t,r)=>{r(68789)},83753:(e,t,r)=>{"use strict";var n=r(82109),a=r(46916);n({target:"URL",proto:!0,enumerable:!0},{toJSON:function(){return a(URL.prototype.toString,this)}})},28594:(e,t,r)=>{r(82526),r(41817),r(72443),r(92401),r(8722),r(32165),r(69007),r(16066),r(83510),r(41840),r(6982),r(32159),r(96649),r(39341),r(60543),r(21703),r(96647),r(9170),r(32120),r(52262),r(92222),r(50545),r(26541),r(43290),r(57327),r(69826),r(34553),r(84944),r(86535),r(89554),r(91038),r(26699),r(82772),r(79753),r(66992),r(69600),r(94986),r(21249),r(26572),r(85827),r(96644),r(65069),r(47042),r(5212),r(2707),r(38706),r(40561),r(33792),r(99244),r(18264),r(76938),r(39575),r(16716),r(43016),r(3843),r(81801),r(9550),r(28733),r(5735),r(96078),r(83710),r(62130),r(24812),r(4855),r(68309),r(35837),r(38862),r(73706),r(51532),r(99752),r(82376),r(73181),r(23484),r(2388),r(88621),r(60403),r(84755),r(25438),r(90332),r(40658),r(40197),r(44914),r(52420),r(60160),r(60970),r(10408),r(73689),r(9653),r(93299),r(35192),r(33161),r(44048),r(78285),r(44363),r(55994),r(61874),r(9494),r(31354),r(56977),r(55147),r(19601),r(78011),r(59595),r(33321),r(69070),r(35500),r(69720),r(43371),r(38559),r(38880),r(49337),r(36210),r(30489),r(46314),r(43304),r(41825),r(98410),r(72200),r(47941),r(94869),r(33952),r(57227),r(60514),r(68304),r(41539),r(26833),r(54678),r(91058),r(88674),r(17922),r(34668),r(17727),r(36535),r(12419),r(69596),r(52586),r(74819),r(95683),r(39361),r(51037),r(5898),r(67556),r(14361),r(83593),r(39532),r(81299),r(24603),r(28450),r(74916),r(92087),r(88386),r(77601),r(39714),r(70189),r(24506),r(79841),r(27852),r(94953),r(32023),r(78783),r(4723),r(76373),r(66528),r(83112),r(38992),r(82481),r(15306),r(68757),r(64765),r(23123),r(23157),r(83650),r(73210),r(48702),r(55674),r(15218),r(74475),r(57929),r(50915),r(29253),r(42125),r(78830),r(58734),r(29254),r(37268),r(7397),r(60086),r(80623),r(44197),r(76495),r(87145),r(35109),r(65125),r(82472),r(49743),r(8255),r(29135),r(48675),r(92990),r(18927),r(33105),r(35035),r(74345),r(7174),r(32846),r(98145),r(44731),r(77209),r(96319),r(58867),r(37789),r(33739),r(95206),r(29368),r(14483),r(12056),r(3462),r(30678),r(27462),r(33824),r(55021),r(12974),r(15016),r(78221),r(4129),r(38478),r(75505),r(27479),r(54747),r(33948),r(87714),r(82801),r(1174),r(84633),r(85844),r(61295),r(32564),r(60285),r(83753),r(41637),r(40857)},70282:(e,t,r)=>{"use strict";function n(e){return e&&"object"==typeof e&&"default"in e?e.default:e}var a=n(r(78273));n(r(95429));r(45298);var o=n(r(26018));function s(){return(s=Object.assign||function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e}).apply(this,arguments)}function i(e){return"/"===e.charAt(0)?e:"/"+e}function c(e,t,r,n){var o;"string"==typeof e?(o=function(e){var t=e||"/",r="",n="",a=t.indexOf("#");-1!==a&&(n=t.substr(a),t=t.substr(0,a));var o=t.indexOf("?");return-1!==o&&(r=t.substr(o),t=t.substr(0,o)),{pathname:t,search:"?"===r?"":r,hash:"#"===n?"":n}}(e)).state=t:(void 0===(o=s({},e)).pathname&&(o.pathname=""),o.search?"?"!==o.search.charAt(0)&&(o.search="?"+o.search):o.search="",o.hash?"#"!==o.hash.charAt(0)&&(o.hash="#"+o.hash):o.hash="",void 0!==t&&void 0===o.state&&(o.state=t));try{o.pathname=decodeURI(o.pathname)}catch(e){throw e instanceof URIError?new URIError('Pathname "'+o.pathname+'" could not be decoded. This is likely caused by an invalid percent-encoding.'):e}return r&&(o.key=r),n?o.pathname?"/"!==o.pathname.charAt(0)&&(o.pathname=a(o.pathname,n.pathname)):o.pathname=n.pathname:o.pathname||(o.pathname="/"),o}var l=!("undefined"==typeof window||!window.document||!window.document.createElement);function u(e,t){t(window.confirm(e))}var f="popstate",h="hashchange";function d(){try{return window.history.state||{}}catch(e){return{}}}t.createBrowserHistory=function(e){void 0===e&&(e={}),l||o(!1);var t=window.history,r=function(){var e=window.navigator.userAgent;return(-1===e.indexOf("Android 2.")&&-1===e.indexOf("Android 4.0")||-1===e.indexOf("Mobile Safari")||-1!==e.indexOf("Chrome")||-1!==e.indexOf("Windows Phone"))&&window.history&&"pushState"in window.history}(),n=!(-1===window.navigator.userAgent.indexOf("Trident")),a=e,p=a.forceRefresh,v=void 0!==p&&p,m=a.getUserConfirmation,y=void 0===m?u:m,g=a.keyLength,_=void 0===g?6:g,E=e.basename?function(e){return"/"===e.charAt(e.length-1)?e.slice(0,-1):e}(i(e.basename)):"";function P(e){var t=e||{},r=t.key,n=t.state,a=window.location,o=a.pathname+a.search+a.hash;return E&&(o=function(e,t){return function(e,t){return 0===e.toLowerCase().indexOf(t.toLowerCase())&&-1!=="/?#".indexOf(e.charAt(t.length))}(e,t)?e.substr(t.length):e}(o,E)),c(o,n,r)}function b(){return Math.random().toString(36).substr(2,_)}var Z=function(){var e=null,t=[];return{setPrompt:function(t){return e=t,function(){e===t&&(e=null)}},confirmTransitionTo:function(t,r,n,a){if(null!=e){var o="function"==typeof e?e(t,r):e;"string"==typeof o?"function"==typeof n?n(o,a):a(!0):a(!1!==o)}else a(!0)},appendListener:function(e){var r=!0;function n(){r&&e.apply(void 0,arguments)}return t.push(n),function(){r=!1,t=t.filter((function(e){return e!==n}))}},notifyListeners:function(){for(var e=arguments.length,r=new Array(e),n=0;n<e;n++)r[n]=arguments[n];t.forEach((function(e){return e.apply(void 0,r)}))}}}();function w(e){s(M,e),M.length=t.length,Z.notifyListeners(M.location,M.action)}function S(e){(function(e){return void 0===e.state&&-1===navigator.userAgent.indexOf("CriOS")})(e)||k(P(e.state))}function x(){k(P(d()))}var O=!1;function k(e){O?(O=!1,w()):Z.confirmTransitionTo(e,"POP",y,(function(t){t?w({action:"POP",location:e}):function(e){var t=M.location,r=N.indexOf(t.key);-1===r&&(r=0);var n=N.indexOf(e.key);-1===n&&(n=0);var a=r-n;a&&(O=!0,T(a))}(e)}))}var R=P(d()),N=[R.key];function A(e){return E+function(e){var t=e.pathname,r=e.search,n=e.hash,a=t||"/";return r&&"?"!==r&&(a+="?"===r.charAt(0)?r:"?"+r),n&&"#"!==n&&(a+="#"===n.charAt(0)?n:"#"+n),a}(e)}function T(e){t.go(e)}var C=0;function I(e){1===(C+=e)&&1===e?(window.addEventListener(f,S),n&&window.addEventListener(h,x)):0===C&&(window.removeEventListener(f,S),n&&window.removeEventListener(h,x))}var j=!1,M={length:t.length,action:"POP",location:R,createHref:A,push:function(e,n){var a=c(e,n,b(),M.location);Z.confirmTransitionTo(a,"PUSH",y,(function(e){if(e){var n=A(a),o=a.key,s=a.state;if(r)if(t.pushState({key:o,state:s},null,n),v)window.location.href=n;else{var i=N.indexOf(M.location.key),c=N.slice(0,i+1);c.push(a.key),N=c,w({action:"PUSH",location:a})}else window.location.href=n}}))},replace:function(e,n){var a="REPLACE",o=c(e,n,b(),M.location);Z.confirmTransitionTo(o,a,y,(function(e){if(e){var n=A(o),s=o.key,i=o.state;if(r)if(t.replaceState({key:s,state:i},null,n),v)window.location.replace(n);else{var c=N.indexOf(M.location.key);-1!==c&&(N[c]=o.key),w({action:a,location:o})}else window.location.replace(n)}}))},go:T,goBack:function(){T(-1)},goForward:function(){T(1)},block:function(e){void 0===e&&(e=!1);var t=Z.setPrompt(e);return j||(I(1),j=!0),function(){return j&&(j=!1,I(-1)),t()}},listen:function(e){var t=Z.appendListener(e);return I(1),function(){I(-1),t()}}};return M}},12827:(e,t,r)=>{"use strict";r(77889)("createBrowserHistory"),e.exports=r(55648).createBrowserHistory},55648:(e,t,r)=>{"use strict";e.exports=r(70282)},77889:e=>{"use strict";e.exports=function(e){}},99190:(e,t,r)=>{"use strict";r.d(t,{Z:()=>n});const n={header:"header___mMg5R",logo:"logo___HNRkp logo___EScpZ",logoactive:"logoactive___eLC8E logo___HNRkp logo___EScpZ",nav:"nav___wOlIg","nav-small":"nav-small___X0qYu","nav-wide":"nav-wide___X3fQ5","nav-flex":"nav-flex___HqPK6",navlink:"navlink___b0uZ6",navlinkactive:"navlinkactive___tYjQt navlink___b0uZ6",anchor:"anchor___DpiCF",status:"status___xPNOZ",settings:"settings___V7caw navlink___b0uZ6"}},35703:(e,t,r)=>{"use strict";r.d(t,{Z:()=>n});const n={dashboard:"dashboard___rjJwV",content:"content____c2kb",logo:"logo___EScpZ",splash:"splash___CNOqZ",loader:"loader___wI_2B",loading:"loading___RORwK","error-block":"error-block___EuQ3n",disclaimer:"disclaimer___VODOe"}},6400:(e,t,r)=>{"use strict";r.r(t),r.d(t,{Component:()=>E,Fragment:()=>_,cloneElement:()=>F,createContext:()=>z,createElement:()=>m,createRef:()=>g,h:()=>m,hydrate:()=>D,isValidElement:()=>s,options:()=>a,render:()=>L,toChildArray:()=>O});var n,a,o,s,i,c,l,u,f={},h=[],d=/acit|ex(?:s|g|n|p|$)|rph|grid|ows|mnc|ntw|ine[ch]|zoo|^ord|itera/i;function p(e,t){for(var r in t)e[r]=t[r];return e}function v(e){var t=e.parentNode;t&&t.removeChild(e)}function m(e,t,r){var a,o,s,i={};for(s in t)"key"==s?a=t[s]:"ref"==s?o=t[s]:i[s]=t[s];if(arguments.length>2&&(i.children=arguments.length>3?n.call(arguments,2):r),"function"==typeof e&&null!=e.defaultProps)for(s in e.defaultProps)void 0===i[s]&&(i[s]=e.defaultProps[s]);return y(e,i,a,o,null)}function y(e,t,r,n,s){var i={type:e,props:t,key:r,ref:n,__k:null,__:null,__b:0,__e:null,__d:void 0,__c:null,__h:null,constructor:void 0,__v:null==s?++o:s};return null==s&&null!=a.vnode&&a.vnode(i),i}function g(){return{current:null}}function _(e){return e.children}function E(e,t){this.props=e,this.context=t}function P(e,t){if(null==t)return e.__?P(e.__,e.__.__k.indexOf(e)+1):null;for(var r;t<e.__k.length;t++)if(null!=(r=e.__k[t])&&null!=r.__e)return r.__e;return"function"==typeof e.type?P(e):null}function b(e){var t,r;if(null!=(e=e.__)&&null!=e.__c){for(e.__e=e.__c.base=null,t=0;t<e.__k.length;t++)if(null!=(r=e.__k[t])&&null!=r.__e){e.__e=e.__c.base=r.__e;break}return b(e)}}function Z(e){(!e.__d&&(e.__d=!0)&&i.push(e)&&!w.__r++||l!==a.debounceRendering)&&((l=a.debounceRendering)||c)(w)}function w(){for(var e;w.__r=i.length;)e=i.sort((function(e,t){return e.__v.__b-t.__v.__b})),i=[],e.some((function(e){var t,r,n,a,o,s;e.__d&&(o=(a=(t=e).__v).__e,(s=t.__P)&&(r=[],(n=p({},a)).__v=a.__v+1,C(s,a,n,t.__n,void 0!==s.ownerSVGElement,null!=a.__h?[o]:null,r,null==o?P(a):o,a.__h),I(r,a),a.__e!=o&&b(a)))}))}function S(e,t,r,n,a,o,s,i,c,l){var u,d,p,v,m,g,E,b=n&&n.__k||h,Z=b.length;for(r.__k=[],u=0;u<t.length;u++)if(null!=(v=r.__k[u]=null==(v=t[u])||"boolean"==typeof v?null:"string"==typeof v||"number"==typeof v||"bigint"==typeof v?y(null,v,null,null,v):Array.isArray(v)?y(_,{children:v},null,null,null):v.__b>0?y(v.type,v.props,v.key,null,v.__v):v)){if(v.__=r,v.__b=r.__b+1,null===(p=b[u])||p&&v.key==p.key&&v.type===p.type)b[u]=void 0;else for(d=0;d<Z;d++){if((p=b[d])&&v.key==p.key&&v.type===p.type){b[d]=void 0;break}p=null}C(e,v,p=p||f,a,o,s,i,c,l),m=v.__e,(d=v.ref)&&p.ref!=d&&(E||(E=[]),p.ref&&E.push(p.ref,null,v),E.push(d,v.__c||m,v)),null!=m?(null==g&&(g=m),"function"==typeof v.type&&v.__k===p.__k?v.__d=c=x(v,c,e):c=k(e,v,p,b,m,c),"function"==typeof r.type&&(r.__d=c)):c&&p.__e==c&&c.parentNode!=e&&(c=P(p))}for(r.__e=g,u=Z;u--;)null!=b[u]&&("function"==typeof r.type&&null!=b[u].__e&&b[u].__e==r.__d&&(r.__d=P(n,u+1)),B(b[u],b[u]));if(E)for(u=0;u<E.length;u++)M(E[u],E[++u],E[++u])}function x(e,t,r){for(var n,a=e.__k,o=0;a&&o<a.length;o++)(n=a[o])&&(n.__=e,t="function"==typeof n.type?x(n,t,r):k(r,n,n,a,n.__e,t));return t}function O(e,t){return t=t||[],null==e||"boolean"==typeof e||(Array.isArray(e)?e.some((function(e){O(e,t)})):t.push(e)),t}function k(e,t,r,n,a,o){var s,i,c;if(void 0!==t.__d)s=t.__d,t.__d=void 0;else if(null==r||a!=o||null==a.parentNode)e:if(null==o||o.parentNode!==e)e.appendChild(a),s=null;else{for(i=o,c=0;(i=i.nextSibling)&&c<n.length;c+=2)if(i==a)break e;e.insertBefore(a,o),s=o}return void 0!==s?s:a.nextSibling}function R(e,t,r){"-"===t[0]?e.setProperty(t,r):e[t]=null==r?"":"number"!=typeof r||d.test(t)?r:r+"px"}function N(e,t,r,n,a){var o;e:if("style"===t)if("string"==typeof r)e.style.cssText=r;else{if("string"==typeof n&&(e.style.cssText=n=""),n)for(t in n)r&&t in r||R(e.style,t,"");if(r)for(t in r)n&&r[t]===n[t]||R(e.style,t,r[t])}else if("o"===t[0]&&"n"===t[1])o=t!==(t=t.replace(/Capture$/,"")),t=t.toLowerCase()in e?t.toLowerCase().slice(2):t.slice(2),e.l||(e.l={}),e.l[t+o]=r,r?n||e.addEventListener(t,o?T:A,o):e.removeEventListener(t,o?T:A,o);else if("dangerouslySetInnerHTML"!==t){if(a)t=t.replace(/xlink(H|:h)/,"h").replace(/sName$/,"s");else if("href"!==t&&"list"!==t&&"form"!==t&&"tabIndex"!==t&&"download"!==t&&t in e)try{e[t]=null==r?"":r;break e}catch(e){}"function"==typeof r||(null!=r&&(!1!==r||"a"===t[0]&&"r"===t[1])?e.setAttribute(t,r):e.removeAttribute(t))}}function A(e){this.l[e.type+!1](a.event?a.event(e):e)}function T(e){this.l[e.type+!0](a.event?a.event(e):e)}function C(e,t,r,n,o,s,i,c,l){var u,f,h,d,v,m,y,g,P,b,Z,w=t.type;if(void 0!==t.constructor)return null;null!=r.__h&&(l=r.__h,c=t.__e=r.__e,t.__h=null,s=[c]),(u=a.__b)&&u(t);try{e:if("function"==typeof w){if(g=t.props,P=(u=w.contextType)&&n[u.__c],b=u?P?P.props.value:u.__:n,r.__c?y=(f=t.__c=r.__c).__=f.__E:("prototype"in w&&w.prototype.render?t.__c=f=new w(g,b):(t.__c=f=new E(g,b),f.constructor=w,f.render=U),P&&P.sub(f),f.props=g,f.state||(f.state={}),f.context=b,f.__n=n,h=f.__d=!0,f.__h=[]),null==f.__s&&(f.__s=f.state),null!=w.getDerivedStateFromProps&&(f.__s==f.state&&(f.__s=p({},f.__s)),p(f.__s,w.getDerivedStateFromProps(g,f.__s))),d=f.props,v=f.state,h)null==w.getDerivedStateFromProps&&null!=f.componentWillMount&&f.componentWillMount(),null!=f.componentDidMount&&f.__h.push(f.componentDidMount);else{if(null==w.getDerivedStateFromProps&&g!==d&&null!=f.componentWillReceiveProps&&f.componentWillReceiveProps(g,b),!f.__e&&null!=f.shouldComponentUpdate&&!1===f.shouldComponentUpdate(g,f.__s,b)||t.__v===r.__v){f.props=g,f.state=f.__s,t.__v!==r.__v&&(f.__d=!1),f.__v=t,t.__e=r.__e,t.__k=r.__k,t.__k.forEach((function(e){e&&(e.__=t)})),f.__h.length&&i.push(f);break e}null!=f.componentWillUpdate&&f.componentWillUpdate(g,f.__s,b),null!=f.componentDidUpdate&&f.__h.push((function(){f.componentDidUpdate(d,v,m)}))}f.context=b,f.props=g,f.state=f.__s,(u=a.__r)&&u(t),f.__d=!1,f.__v=t,f.__P=e,u=f.render(f.props,f.state,f.context),f.state=f.__s,null!=f.getChildContext&&(n=p(p({},n),f.getChildContext())),h||null==f.getSnapshotBeforeUpdate||(m=f.getSnapshotBeforeUpdate(d,v)),Z=null!=u&&u.type===_&&null==u.key?u.props.children:u,S(e,Array.isArray(Z)?Z:[Z],t,r,n,o,s,i,c,l),f.base=t.__e,t.__h=null,f.__h.length&&i.push(f),y&&(f.__E=f.__=null),f.__e=!1}else null==s&&t.__v===r.__v?(t.__k=r.__k,t.__e=r.__e):t.__e=j(r.__e,t,r,n,o,s,i,l);(u=a.diffed)&&u(t)}catch(e){t.__v=null,(l||null!=s)&&(t.__e=c,t.__h=!!l,s[s.indexOf(c)]=null),a.__e(e,t,r)}}function I(e,t){a.__c&&a.__c(t,e),e.some((function(t){try{e=t.__h,t.__h=[],e.some((function(e){e.call(t)}))}catch(e){a.__e(e,t.__v)}}))}function j(e,t,r,a,o,s,i,c){var l,u,h,d=r.props,p=t.props,m=t.type,y=0;if("svg"===m&&(o=!0),null!=s)for(;y<s.length;y++)if((l=s[y])&&"setAttribute"in l==!!m&&(m?l.localName===m:3===l.nodeType)){e=l,s[y]=null;break}if(null==e){if(null===m)return document.createTextNode(p);e=o?document.createElementNS("http://www.w3.org/2000/svg",m):document.createElement(m,p.is&&p),s=null,c=!1}if(null===m)d===p||c&&e.data===p||(e.data=p);else{if(s=s&&n.call(e.childNodes),u=(d=r.props||f).dangerouslySetInnerHTML,h=p.dangerouslySetInnerHTML,!c){if(null!=s)for(d={},y=0;y<e.attributes.length;y++)d[e.attributes[y].name]=e.attributes[y].value;(h||u)&&(h&&(u&&h.__html==u.__html||h.__html===e.innerHTML)||(e.innerHTML=h&&h.__html||""))}if(function(e,t,r,n,a){var o;for(o in r)"children"===o||"key"===o||o in t||N(e,o,null,r[o],n);for(o in t)a&&"function"!=typeof t[o]||"children"===o||"key"===o||"value"===o||"checked"===o||r[o]===t[o]||N(e,o,t[o],r[o],n)}(e,p,d,o,c),h)t.__k=[];else if(y=t.props.children,S(e,Array.isArray(y)?y:[y],t,r,a,o&&"foreignObject"!==m,s,i,s?s[0]:r.__k&&P(r,0),c),null!=s)for(y=s.length;y--;)null!=s[y]&&v(s[y]);c||("value"in p&&void 0!==(y=p.value)&&(y!==e.value||"progress"===m&&!y||"option"===m&&y!==d.value)&&N(e,"value",y,d.value,!1),"checked"in p&&void 0!==(y=p.checked)&&y!==e.checked&&N(e,"checked",y,d.checked,!1))}return e}function M(e,t,r){try{"function"==typeof e?e(t):e.current=t}catch(e){a.__e(e,r)}}function B(e,t,r){var n,o;if(a.unmount&&a.unmount(e),(n=e.ref)&&(n.current&&n.current!==e.__e||M(n,null,t)),null!=(n=e.__c)){if(n.componentWillUnmount)try{n.componentWillUnmount()}catch(e){a.__e(e,t)}n.base=n.__P=null}if(n=e.__k)for(o=0;o<n.length;o++)n[o]&&B(n[o],t,"function"!=typeof e.type);r||null==e.__e||v(e.__e),e.__e=e.__d=void 0}function U(e,t,r){return this.constructor(e,r)}function L(e,t,r){var o,s,i;a.__&&a.__(e,t),s=(o="function"==typeof r)?null:r&&r.__k||t.__k,i=[],C(t,e=(!o&&r||t).__k=m(_,null,[e]),s||f,f,void 0!==t.ownerSVGElement,!o&&r?[r]:s?null:t.firstChild?n.call(t.childNodes):null,i,!o&&r?r:s?s.__e:t.firstChild,o),I(i,e)}function D(e,t){L(e,t,D)}function F(e,t,r){var a,o,s,i=p({},e.props);for(s in t)"key"==s?a=t[s]:"ref"==s?o=t[s]:i[s]=t[s];return arguments.length>2&&(i.children=arguments.length>3?n.call(arguments,2):r),y(e.type,i,a||e.key,o||e.ref,null)}function z(e,t){var r={__c:t="__cC"+u++,__:e,Consumer:function(e,t){return e.children(t)},Provider:function(e){var r,n;return this.getChildContext||(r=[],(n={})[t]=this,this.getChildContext=function(){return n},this.shouldComponentUpdate=function(e){this.props.value!==e.value&&r.some(Z)},this.sub=function(e){r.push(e);var t=e.componentWillUnmount;e.componentWillUnmount=function(){r.splice(r.indexOf(e),1),t&&t.call(e)}}),e.children}};return r.Provider.__=r.Consumer.contextType=r}n=h.slice,a={__e:function(e,t,r,n){for(var a,o,s;t=t.__;)if((a=t.__c)&&!a.__)try{if((o=a.constructor)&&null!=o.getDerivedStateFromError&&(a.setState(o.getDerivedStateFromError(e)),s=a.__d),null!=a.componentDidCatch&&(a.componentDidCatch(e,n||{}),s=a.__d),s)return a.__E=a}catch(t){e=t}throw e}},o=0,s=function(e){return null!=e&&void 0===e.constructor},E.prototype.setState=function(e,t){var r;r=null!=this.__s&&this.__s!==this.state?this.__s:this.__s=p({},this.state),"function"==typeof e&&(e=e(p({},r),this.props)),e&&p(r,e),null!=e&&this.__v&&(t&&this.__h.push(t),Z(this))},E.prototype.forceUpdate=function(e){this.__v&&(this.__e=!0,e&&this.__h.push(e),Z(this))},E.prototype.render=_,i=[],c="function"==typeof Promise?Promise.prototype.then.bind(Promise.resolve()):setTimeout,w.__r=0,u=0},35666:e=>{var t=function(e){"use strict";var t,r=Object.prototype,n=r.hasOwnProperty,a="function"==typeof Symbol?Symbol:{},o=a.iterator||"@@iterator",s=a.asyncIterator||"@@asyncIterator",i=a.toStringTag||"@@toStringTag";function c(e,t,r){return Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}),e[t]}try{c({},"")}catch(e){c=function(e,t,r){return e[t]=r}}function l(e,t,r,n){var a=t&&t.prototype instanceof m?t:m,o=Object.create(a.prototype),s=new k(n||[]);return o._invoke=function(e,t,r){var n=f;return function(a,o){if(n===d)throw new Error("Generator is already running");if(n===p){if("throw"===a)throw o;return N()}for(r.method=a,r.arg=o;;){var s=r.delegate;if(s){var i=S(s,r);if(i){if(i===v)continue;return i}}if("next"===r.method)r.sent=r._sent=r.arg;else if("throw"===r.method){if(n===f)throw n=p,r.arg;r.dispatchException(r.arg)}else"return"===r.method&&r.abrupt("return",r.arg);n=d;var c=u(e,t,r);if("normal"===c.type){if(n=r.done?p:h,c.arg===v)continue;return{value:c.arg,done:r.done}}"throw"===c.type&&(n=p,r.method="throw",r.arg=c.arg)}}}(e,r,s),o}function u(e,t,r){try{return{type:"normal",arg:e.call(t,r)}}catch(e){return{type:"throw",arg:e}}}e.wrap=l;var f="suspendedStart",h="suspendedYield",d="executing",p="completed",v={};function m(){}function y(){}function g(){}var _={};c(_,o,(function(){return this}));var E=Object.getPrototypeOf,P=E&&E(E(R([])));P&&P!==r&&n.call(P,o)&&(_=P);var b=g.prototype=m.prototype=Object.create(_);function Z(e){["next","throw","return"].forEach((function(t){c(e,t,(function(e){return this._invoke(t,e)}))}))}function w(e,t){function r(a,o,s,i){var c=u(e[a],e,o);if("throw"!==c.type){var l=c.arg,f=l.value;return f&&"object"==typeof f&&n.call(f,"__await")?t.resolve(f.__await).then((function(e){r("next",e,s,i)}),(function(e){r("throw",e,s,i)})):t.resolve(f).then((function(e){l.value=e,s(l)}),(function(e){return r("throw",e,s,i)}))}i(c.arg)}var a;this._invoke=function(e,n){function o(){return new t((function(t,a){r(e,n,t,a)}))}return a=a?a.then(o,o):o()}}function S(e,r){var n=e.iterator[r.method];if(n===t){if(r.delegate=null,"throw"===r.method){if(e.iterator.return&&(r.method="return",r.arg=t,S(e,r),"throw"===r.method))return v;r.method="throw",r.arg=new TypeError("The iterator does not provide a 'throw' method")}return v}var a=u(n,e.iterator,r.arg);if("throw"===a.type)return r.method="throw",r.arg=a.arg,r.delegate=null,v;var o=a.arg;return o?o.done?(r[e.resultName]=o.value,r.next=e.nextLoc,"return"!==r.method&&(r.method="next",r.arg=t),r.delegate=null,v):o:(r.method="throw",r.arg=new TypeError("iterator result is not an object"),r.delegate=null,v)}function x(e){var t={tryLoc:e[0]};1 in e&&(t.catchLoc=e[1]),2 in e&&(t.finallyLoc=e[2],t.afterLoc=e[3]),this.tryEntries.push(t)}function O(e){var t=e.completion||{};t.type="normal",delete t.arg,e.completion=t}function k(e){this.tryEntries=[{tryLoc:"root"}],e.forEach(x,this),this.reset(!0)}function R(e){if(e){var r=e[o];if(r)return r.call(e);if("function"==typeof e.next)return e;if(!isNaN(e.length)){var a=-1,s=function r(){for(;++a<e.length;)if(n.call(e,a))return r.value=e[a],r.done=!1,r;return r.value=t,r.done=!0,r};return s.next=s}}return{next:N}}function N(){return{value:t,done:!0}}return y.prototype=g,c(b,"constructor",g),c(g,"constructor",y),y.displayName=c(g,i,"GeneratorFunction"),e.isGeneratorFunction=function(e){var t="function"==typeof e&&e.constructor;return!!t&&(t===y||"GeneratorFunction"===(t.displayName||t.name))},e.mark=function(e){return Object.setPrototypeOf?Object.setPrototypeOf(e,g):(e.__proto__=g,c(e,i,"GeneratorFunction")),e.prototype=Object.create(b),e},e.awrap=function(e){return{__await:e}},Z(w.prototype),c(w.prototype,s,(function(){return this})),e.AsyncIterator=w,e.async=function(t,r,n,a,o){void 0===o&&(o=Promise);var s=new w(l(t,r,n,a),o);return e.isGeneratorFunction(r)?s:s.next().then((function(e){return e.done?e.value:s.next()}))},Z(b),c(b,i,"Generator"),c(b,o,(function(){return this})),c(b,"toString",(function(){return"[object Generator]"})),e.keys=function(e){var t=[];for(var r in e)t.push(r);return t.reverse(),function r(){for(;t.length;){var n=t.pop();if(n in e)return r.value=n,r.done=!1,r}return r.done=!0,r}},e.values=R,k.prototype={constructor:k,reset:function(e){if(this.prev=0,this.next=0,this.sent=this._sent=t,this.done=!1,this.delegate=null,this.method="next",this.arg=t,this.tryEntries.forEach(O),!e)for(var r in this)"t"===r.charAt(0)&&n.call(this,r)&&!isNaN(+r.slice(1))&&(this[r]=t)},stop:function(){this.done=!0;var e=this.tryEntries[0].completion;if("throw"===e.type)throw e.arg;return this.rval},dispatchException:function(e){if(this.done)throw e;var r=this;function a(n,a){return i.type="throw",i.arg=e,r.next=n,a&&(r.method="next",r.arg=t),!!a}for(var o=this.tryEntries.length-1;o>=0;--o){var s=this.tryEntries[o],i=s.completion;if("root"===s.tryLoc)return a("end");if(s.tryLoc<=this.prev){var c=n.call(s,"catchLoc"),l=n.call(s,"finallyLoc");if(c&&l){if(this.prev<s.catchLoc)return a(s.catchLoc,!0);if(this.prev<s.finallyLoc)return a(s.finallyLoc)}else if(c){if(this.prev<s.catchLoc)return a(s.catchLoc,!0)}else{if(!l)throw new Error("try statement without catch or finally");if(this.prev<s.finallyLoc)return a(s.finallyLoc)}}}},abrupt:function(e,t){for(var r=this.tryEntries.length-1;r>=0;--r){var a=this.tryEntries[r];if(a.tryLoc<=this.prev&&n.call(a,"finallyLoc")&&this.prev<a.finallyLoc){var o=a;break}}o&&("break"===e||"continue"===e)&&o.tryLoc<=t&&t<=o.finallyLoc&&(o=null);var s=o?o.completion:{};return s.type=e,s.arg=t,o?(this.method="next",this.next=o.finallyLoc,v):this.complete(s)},complete:function(e,t){if("throw"===e.type)throw e.arg;return"break"===e.type||"continue"===e.type?this.next=e.arg:"return"===e.type?(this.rval=this.arg=e.arg,this.method="return",this.next="end"):"normal"===e.type&&t&&(this.next=t),v},finish:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.finallyLoc===e)return this.complete(r.completion,r.afterLoc),O(r),v}},catch:function(e){for(var t=this.tryEntries.length-1;t>=0;--t){var r=this.tryEntries[t];if(r.tryLoc===e){var n=r.completion;if("throw"===n.type){var a=n.arg;O(r)}return a}}throw new Error("illegal catch attempt")},delegateYield:function(e,r,n){return this.delegate={iterator:R(e),resultName:r,nextLoc:n},"next"===this.method&&(this.arg=t),v}},e}(e.exports);try{regeneratorRuntime=t}catch(e){"object"==typeof globalThis?globalThis.regeneratorRuntime=t:Function("r","regeneratorRuntime = r")(t)}},78273:(e,t,r)=>{"use strict";function n(e){return"/"===e.charAt(0)}function a(e,t){for(var r=t,n=r+1,a=e.length;n<a;r+=1,n+=1)e[r]=e[n];e.pop()}r.r(t),r.d(t,{default:()=>o});const o=function(e,t){void 0===t&&(t="");var r,o=e&&e.split("/")||[],s=t&&t.split("/")||[],i=e&&n(e),c=t&&n(t),l=i||c;if(e&&n(e)?s=o:o.length&&(s.pop(),s=s.concat(o)),!s.length)return"/";if(s.length){var u=s[s.length-1];r="."===u||".."===u||""===u}else r=!1;for(var f=0,h=s.length;h>=0;h--){var d=s[h];"."===d?a(s,h):".."===d?(a(s,h),f++):f&&(a(s,h),f--)}if(!l)for(;f--;f)s.unshift("..");!l||""===s[0]||s[0]&&n(s[0])||s.unshift("");var p=s.join("/");return r&&"/"!==p.substr(-1)&&(p+="/"),p}},26018:e=>{"use strict";e.exports=function(e,t){if(!e)throw new Error("Invariant failed")}},45298:(e,t,r)=>{"use strict";r.r(t),r.d(t,{default:()=>n});const n=function(e,t){}},95429:(e,t,r)=>{"use strict";function n(e){return e.valueOf?e.valueOf():Object.prototype.valueOf.call(e)}r.r(t),r.d(t,{default:()=>a});const a=function e(t,r){if(t===r)return!0;if(null==t||null==r)return!1;if(Array.isArray(t))return Array.isArray(r)&&t.length===r.length&&t.every((function(t,n){return e(t,r[n])}));if("object"==typeof t||"object"==typeof r){var a=n(t),o=n(r);return a!==t||o!==r?e(a,o):Object.keys(Object.assign({},t,r)).every((function(n){return e(t[n],r[n])}))}return!1}},57147:function(){!function(e){"use strict";if(!e.fetch){var t="URLSearchParams"in e,r="Symbol"in e&&"iterator"in Symbol,n="FileReader"in e&&"Blob"in e&&function(){try{return new Blob,!0}catch(e){return!1}}(),a="FormData"in e,o="ArrayBuffer"in e;if(o)var s=["[object Int8Array]","[object Uint8Array]","[object Uint8ClampedArray]","[object Int16Array]","[object Uint16Array]","[object Int32Array]","[object Uint32Array]","[object Float32Array]","[object Float64Array]"],i=function(e){return e&&DataView.prototype.isPrototypeOf(e)},c=ArrayBuffer.isView||function(e){return e&&s.indexOf(Object.prototype.toString.call(e))>-1};p.prototype.append=function(e,t){e=f(e),t=h(t);var r=this.map[e];this.map[e]=r?r+","+t:t},p.prototype.delete=function(e){delete this.map[f(e)]},p.prototype.get=function(e){return e=f(e),this.has(e)?this.map[e]:null},p.prototype.has=function(e){return this.map.hasOwnProperty(f(e))},p.prototype.set=function(e,t){this.map[f(e)]=h(t)},p.prototype.forEach=function(e,t){for(var r in this.map)this.map.hasOwnProperty(r)&&e.call(t,this.map[r],r,this)},p.prototype.keys=function(){var e=[];return this.forEach((function(t,r){e.push(r)})),d(e)},p.prototype.values=function(){var e=[];return this.forEach((function(t){e.push(t)})),d(e)},p.prototype.entries=function(){var e=[];return this.forEach((function(t,r){e.push([r,t])})),d(e)},r&&(p.prototype[Symbol.iterator]=p.prototype.entries);var l=["DELETE","GET","HEAD","OPTIONS","POST","PUT"];E.prototype.clone=function(){return new E(this,{body:this._bodyInit})},_.call(E.prototype),_.call(b.prototype),b.prototype.clone=function(){return new b(this._bodyInit,{status:this.status,statusText:this.statusText,headers:new p(this.headers),url:this.url})},b.error=function(){var e=new b(null,{status:0,statusText:""});return e.type="error",e};var u=[301,302,303,307,308];b.redirect=function(e,t){if(-1===u.indexOf(t))throw new RangeError("Invalid status code");return new b(null,{status:t,headers:{location:e}})},e.Headers=p,e.Request=E,e.Response=b,e.fetch=function(e,t){return new Promise((function(r,a){var o=new E(e,t),s=new XMLHttpRequest;s.onload=function(){var e,t,n={status:s.status,statusText:s.statusText,headers:(e=s.getAllResponseHeaders()||"",t=new p,e.replace(/\r?\n[\t ]+/g," ").split(/\r?\n/).forEach((function(e){var r=e.split(":"),n=r.shift().trim();if(n){var a=r.join(":").trim();t.append(n,a)}})),t)};n.url="responseURL"in s?s.responseURL:n.headers.get("X-Request-URL");var a="response"in s?s.response:s.responseText;r(new b(a,n))},s.onerror=function(){a(new TypeError("Network request failed"))},s.ontimeout=function(){a(new TypeError("Network request failed"))},s.open(o.method,o.url,!0),"include"===o.credentials?s.withCredentials=!0:"omit"===o.credentials&&(s.withCredentials=!1),"responseType"in s&&n&&(s.responseType="blob"),o.headers.forEach((function(e,t){s.setRequestHeader(t,e)})),s.send(void 0===o._bodyInit?null:o._bodyInit)}))},e.fetch.polyfill=!0}function f(e){if("string"!=typeof e&&(e=String(e)),/[^a-z0-9\-#$%&'*+.\^_`|~]/i.test(e))throw new TypeError("Invalid character in header field name");return e.toLowerCase()}function h(e){return"string"!=typeof e&&(e=String(e)),e}function d(e){var t={next:function(){var t=e.shift();return{done:void 0===t,value:t}}};return r&&(t[Symbol.iterator]=function(){return t}),t}function p(e){this.map={},e instanceof p?e.forEach((function(e,t){this.append(t,e)}),this):Array.isArray(e)?e.forEach((function(e){this.append(e[0],e[1])}),this):e&&Object.getOwnPropertyNames(e).forEach((function(t){this.append(t,e[t])}),this)}function v(e){if(e.bodyUsed)return Promise.reject(new TypeError("Already read"));e.bodyUsed=!0}function m(e){return new Promise((function(t,r){e.onload=function(){t(e.result)},e.onerror=function(){r(e.error)}}))}function y(e){var t=new FileReader,r=m(t);return t.readAsArrayBuffer(e),r}function g(e){if(e.slice)return e.slice(0);var t=new Uint8Array(e.byteLength);return t.set(new Uint8Array(e)),t.buffer}function _(){return this.bodyUsed=!1,this._initBody=function(e){if(this._bodyInit=e,e)if("string"==typeof e)this._bodyText=e;else if(n&&Blob.prototype.isPrototypeOf(e))this._bodyBlob=e;else if(a&&FormData.prototype.isPrototypeOf(e))this._bodyFormData=e;else if(t&&URLSearchParams.prototype.isPrototypeOf(e))this._bodyText=e.toString();else if(o&&n&&i(e))this._bodyArrayBuffer=g(e.buffer),this._bodyInit=new Blob([this._bodyArrayBuffer]);else{if(!o||!ArrayBuffer.prototype.isPrototypeOf(e)&&!c(e))throw new Error("unsupported BodyInit type");this._bodyArrayBuffer=g(e)}else this._bodyText="";this.headers.get("content-type")||("string"==typeof e?this.headers.set("content-type","text/plain;charset=UTF-8"):this._bodyBlob&&this._bodyBlob.type?this.headers.set("content-type",this._bodyBlob.type):t&&URLSearchParams.prototype.isPrototypeOf(e)&&this.headers.set("content-type","application/x-www-form-urlencoded;charset=UTF-8"))},n&&(this.blob=function(){var e=v(this);if(e)return e;if(this._bodyBlob)return Promise.resolve(this._bodyBlob);if(this._bodyArrayBuffer)return Promise.resolve(new Blob([this._bodyArrayBuffer]));if(this._bodyFormData)throw new Error("could not read FormData body as blob");return Promise.resolve(new Blob([this._bodyText]))},this.arrayBuffer=function(){return this._bodyArrayBuffer?v(this)||Promise.resolve(this._bodyArrayBuffer):this.blob().then(y)}),this.text=function(){var e,t,r,n=v(this);if(n)return n;if(this._bodyBlob)return e=this._bodyBlob,r=m(t=new FileReader),t.readAsText(e),r;if(this._bodyArrayBuffer)return Promise.resolve(function(e){for(var t=new Uint8Array(e),r=new Array(t.length),n=0;n<t.length;n++)r[n]=String.fromCharCode(t[n]);return r.join("")}(this._bodyArrayBuffer));if(this._bodyFormData)throw new Error("could not read FormData body as text");return Promise.resolve(this._bodyText)},a&&(this.formData=function(){return this.text().then(P)}),this.json=function(){return this.text().then(JSON.parse)},this}function E(e,t){var r,n,a=(t=t||{}).body;if(e instanceof E){if(e.bodyUsed)throw new TypeError("Already read");this.url=e.url,this.credentials=e.credentials,t.headers||(this.headers=new p(e.headers)),this.method=e.method,this.mode=e.mode,a||null==e._bodyInit||(a=e._bodyInit,e.bodyUsed=!0)}else this.url=String(e);if(this.credentials=t.credentials||this.credentials||"omit",!t.headers&&this.headers||(this.headers=new p(t.headers)),this.method=(n=(r=t.method||this.method||"GET").toUpperCase(),l.indexOf(n)>-1?n:r),this.mode=t.mode||this.mode||null,this.referrer=null,("GET"===this.method||"HEAD"===this.method)&&a)throw new TypeError("Body not allowed for GET or HEAD requests");this._initBody(a)}function P(e){var t=new FormData;return e.trim().split("&").forEach((function(e){if(e){var r=e.split("="),n=r.shift().replace(/\+/g," "),a=r.join("=").replace(/\+/g," ");t.append(decodeURIComponent(n),decodeURIComponent(a))}})),t}function b(e,t){t||(t={}),this.type="default",this.status=void 0===t.status?200:t.status,this.ok=this.status>=200&&this.status<300,this.statusText="statusText"in t?t.statusText:"OK",this.headers=new p(t.headers),this.url=t.url||"",this._initBody(e)}}("undefined"!=typeof self?self:this)},97326:(e,t,r)=>{"use strict";function n(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}r.d(t,{Z:()=>n})},15671:(e,t,r)=>{"use strict";function n(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}r.d(t,{Z:()=>n})},43144:(e,t,r)=>{"use strict";function n(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}function a(e,t,r){return t&&n(e.prototype,t),r&&n(e,r),Object.defineProperty(e,"prototype",{writable:!1}),e}r.d(t,{Z:()=>a})},61120:(e,t,r)=>{"use strict";function n(e){return n=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},n(e)}r.d(t,{Z:()=>n})},79340:(e,t,r)=>{"use strict";function n(e,t){return n=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},n(e,t)}function a(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),Object.defineProperty(e,"prototype",{writable:!1}),t&&n(e,t)}r.d(t,{Z:()=>a})},6215:(e,t,r)=>{"use strict";function n(e){return n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},n(e)}r.d(t,{Z:()=>o});var a=r(97326);function o(e,t){if(t&&("object"===n(t)||"function"==typeof t))return t;if(void 0!==t)throw new TypeError("Derived constructors may only return object or undefined");return(0,a.Z)(e)}}},t={};function r(n){var a=t[n];if(void 0!==a)return a.exports;var o=t[n]={exports:{}};return e[n].call(o.exports,o,o.exports,r),o.exports}r.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return r.d(t,{a:t}),t},r.d=(e,t)=>{for(var n in t)r.o(t,n)&&!r.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},(()=>{"use strict";r(41539),r(88674),window.Proxy&&window.Promise?r(65120).B():r(48877).B()})()})();</script></body></html>
+    
\ No newline at end of file
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.html b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.html
new file mode 100644
index 000000000..1b1bdfcd1
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx GTR !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx GTR !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="gtr.jpg" alt="GTR" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.jpg b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.jpg
new file mode 100644
index 000000000..be39ffe4a
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/gtr.jpg differ
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/index.html b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/index.html
new file mode 100644
index 000000000..5d2b3044c
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/index.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+html { color-scheme: light dark; }
+    body { width: 35em; margin: 0 auto;
+    font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.html b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.html
new file mode 100644
index 000000000..fc1de05d1
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx NSX !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx NSX !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="nsx.jpg" alt="NSX" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.jpg b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.jpg
new file mode 100644
index 000000000..f3c27f59e
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/nsx.jpg differ
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.html b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.html
new file mode 100644
index 000000000..468ddae0b
--- /dev/null
+++ b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx RCF !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx RCF !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="rcf.jpg" alt="RCF" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
diff --git a/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.jpg b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.jpg
new file mode 100644
index 000000000..40faef6dc
Binary files /dev/null and b/static/workshops/nginx-one/lab2/nginx-plus/usr/share/nginx/html/rcf.jpg differ
diff --git a/templates/release-notes/example-release-notes.md b/templates/release-notes/example-release-notes.md
index 60d8341b2..a3c4c558d 100644
--- a/templates/release-notes/example-release-notes.md
+++ b/templates/release-notes/example-release-notes.md
@@ -9,7 +9,7 @@ April 18, 2024
 
 If you are already using a previous version of Nbeamex coffee, please make sure to clean your grinder and coffee maker thoroughly before adding the new coffee beans. This will ensure that you get the best flavor from the new beans.
 
-{{< see-also >}}Please consult or [list of authorized retailers](https://nbeamex.com/retailers) to find the best coffee beans for your grinder.{{< /see-also >}}
+{{< call-out "note" >}}Please consult or [list of authorized retailers](https://nbeamex.com/retailers) to find the best coffee beans for your grinder.{{< /call-out>}}
 
 ### What's new
 
@@ -42,9 +42,9 @@ You can find the list of known issues in the [Known issues](https://nbeamex.com/
 
 ### Security Updates
 
-{{< important >}}
+{{< call-out "important" >}}
 For the protection of our customers, NBeamex doesn't disclose security issues until an investigation has occurred and a fix is available.
-{{< /important >}}
+{{< /call-out >}}
 
 This release includes the following security updates:
 
diff --git a/templates/release-notes/template-release-notes.md b/templates/release-notes/template-release-notes.md
index f3a56e6a8..cbf53f38b 100644
--- a/templates/release-notes/template-release-notes.md
+++ b/templates/release-notes/template-release-notes.md
@@ -36,9 +36,9 @@ You can find the list of known issues in the [Known issues](https://example.com/
 
 ### (Optional) Security updates
 
-{{< important >}}
+{{< call-out "important" >}}
 For the protection of our customers, F5 NGINX doesn't disclose security issues until an investigation has occurred and a fix is available.
-{{< /important >}}
+{{< /call-out >}}
 
 This release includes the following security updates:
 
diff --git a/tests/constants.ts b/tests/constants.ts
deleted file mode 100644
index 6484baac2..000000000
--- a/tests/constants.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-/*
-    Place to store constant values.
-*/
-export const TIMEOUT = 4000
\ No newline at end of file
diff --git a/tests/search.spec.ts b/tests/search.spec.ts
deleted file mode 100644
index c0b60f150..000000000
--- a/tests/search.spec.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-import { test, expect} from '@playwright/test';
-import { handleConsentPopup, waitFor } from '../tests/utils/commonUtils.ts'
-  
-test.describe("Testing search page", () => {
-    test('Searchbar is visible', async ({ page }) => {
-        await page.goto('/'); 
-        await waitFor(() => handleConsentPopup(page));
-
-        const searchBox = page.locator('.CoveoSearchbox').first();
-        const searchButton = page.locator('.CoveoSearchButton');
-        const searchValue = "proxy";
-        expect(searchBox).toBeVisible();
-
-        await searchBox.click();
-        await page.keyboard.insertText(searchValue);
-        await searchButton.click();
-        await page.waitForURL(`/search.html#q=${searchValue}&sort=relevancy`);
-        expect(await page.locator('div h1').innerHTML()).toBe('Search Results');
-    });
-
-    test('Search page returns results without error', async ({ page }) => {
-        await page.goto("/search.html#q=proxy&sort=relevancy"); 
-        await waitFor(() => handleConsentPopup(page));
-        
-        await page.waitForSelector('div.coveo-result-list-container');
-        const coveoErrorReport = page.locator('div.CoveoErrorReport');
-        const errorReportDisplay = await coveoErrorReport.evaluate(e => window.getComputedStyle(e).display);
-        expect(errorReportDisplay).toBe('none');
-    });
-})
\ No newline at end of file
diff --git a/tests/utils/commonUtils.ts b/tests/utils/commonUtils.ts
deleted file mode 100644
index 4a20e87b7..000000000
--- a/tests/utils/commonUtils.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import { expect, type Page } from '@playwright/test';
-import { TIMEOUT } from '../../tests/constants.ts';
-
-// THE GDPR Consent button appears when test is run from EU locations. This handles that popup.
-export async function handleConsentPopup(page: Page) {
-    const consentContent = page.locator('#truste-consent-content');
-    const isConsentContentVisibile = await consentContent.isVisible();
-    if(isConsentContentVisibile) {
-        const consentButton = page.locator('#truste-consent-required');
-        expect(consentButton).toBeVisible();
-        await consentButton.click();
-    }
-}
-
-let sleep = ms => new Promise(r => setTimeout(r, ms));
-export let waitFor = async function waitFor(f, ftimeout=TIMEOUT){
-    while(!f()) await sleep(ftimeout);
-    return f();
-};
\ No newline at end of file