nginx · JTorreG · Jun 30, 2025 · Jun 30, 2025
@@ -2,7 +2,7 @@
 title: Deploy a Policy for access control
 weight: 900
 toc: true
-docs: DOCS-000
+nd-docs: DOCS-1858
 ---
 
 This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md" >}}).

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-584
+nd-docs: DOCS-584
 doctypes:
 - ''
 title: Configuration examples

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-585
+nd-docs: DOCS-585
 doctypes:
 - ''
 title: Command-line arguments

@@ -184,12 +184,12 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
 
 Zone Sync enables the [ngx_stream_zone_sync_module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) in NGINX Ingress Controller when NGINX Plus is used.  Multiple replicas are required to effectively utililise this functionality. More information is available in the [How NGINX Plus Performs Zone Synchronization]({{< ref "/nginx/admin-guide/high-availability/zone_sync_details.md" >}}) topic.
 
-Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. 
+Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`.
 
 You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml).
 
-{{< caution >}} 
-If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. 
+{{< caution >}}
+If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`.
 
 If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC.
 {{< /caution >}}

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-587
+nd-docs: DOCS-587
 doctypes:
 - ''
 title: Custom templates

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-588
+nd-docs: DOCS-588
 doctypes:
 - ''
 title: GlobalConfiguration resource

@@ -1,13 +1,13 @@
 ---
-docs: DOCS-586
+nd-docs: DOCS-1859
 doctypes:
 - ''
 title: Management ConfigMap resource
 toc: true
 weight: 300
 ---
 
-When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=<namespace/name>` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. 
+When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=<namespace/name>` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install.
 
 ---
 

@@ -2,7 +2,7 @@
 title: Host and Listener collisions
 toc: true
 weight: 800
-docs: DOCS-590
+nd-docs: DOCS-590
 ---
 
 This document explains how F5 NGINX Ingress Controller handles host and listener collisions between resources.

@@ -1,15 +1,15 @@
 ---
-docs: DOCS-592
+nd-docs: DOCS-592
 doctypes:
 - ''
 title: Advanced configuration with Snippets
 toc: true
 weight: 400
 ---
 
-Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. 
+Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates.
 
-Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. 
+Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply.
 
 
 
@@ -27,7 +27,7 @@ Snippets have the following disadvantages:
 - *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources.
 - *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources.
 
-{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}} 
+{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}}
 
 ## Using snippets
 
@@ -68,7 +68,7 @@ spec:
 
 These snippets generate the following NGINX configuration:
 
-{{< note >}} The example is shortened for conciseness. {{< /note >}} 
+{{< note >}} The example is shortened for conciseness. {{< /note >}}
 
 ```nginx
 server {

@@ -4,7 +4,7 @@ weight: 100
 toc: true
 type: reference
 product: NIC
-docs: DOCS-593
+nd-docs: DOCS-593
 ---
 
 This document shows a basic Ingress resource definition for F5 NGINX Ingress Controller. It load balances requests for two services as part of a single application.
@@ -93,9 +93,9 @@ NGINX Ingress Controller imposes the following restrictions on Ingress resources
 
 ## Advanced configuration
 
-NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. 
+NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options.
 
-These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap.  
+These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap.
 
 The Ingress resource only allows you to use basic NGINX features: host and path-based routing and TLS termination.
 

@@ -201,7 +201,7 @@ The rate limit policy will only apply to requests that contain a JWT with the sp
 {
   "user_details": {
     "level": "premium"
-  }, 
+  },
   "sub": "client1"
 }
 ```

@@ -2,7 +2,7 @@
 title: TransportServer resources
 toc: true
 weight: 600
-docs: DOCS-598
+nd-docs: DOCS-598
 ---
 
 This document is reference material for the TransportServer resource used by F5 NGINX Ingress Controller.

@@ -1,6 +1,6 @@
 ---
 description: null
-docs: DOCS-1446
+nd-docs: DOCS-1446
 title: Glossary
 weight: 10000
 ---

@@ -4,7 +4,7 @@ toc: true
 weight: 400
 type: how-to
 product: NIC
-docs: DOCS-1453
+nd-docs: DOCS-1453
 ---
 
 This document describes how to build an F5 NGINX Ingress Controller image from source code and upload it to a private Docker registry.

@@ -1,12 +1,13 @@
 ---
-title: Create a license Secret 
+title: Create a license Secret
 toc: true
 weight: 300
 nd-content-type: how-to
 nd-product: NIC
+nd-docs: DOCS-1860
 ---
 
-This document explains how to create and use a license secret for F5 NGINX Ingress Controller. 
+This document explains how to create and use a license secret for F5 NGINX Ingress Controller.
 
 # Overview
 
@@ -18,18 +19,18 @@ The JWT is required for validating your subscription and reporting telemetry dat
 
 {{< note >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses.md#for-internet-connected-environments" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{</ note >}}
 
-## Set up your NGINX Plus license 
+## Set up your NGINX Plus license
 
 ### Download the JWT
 
 {{< include "/nic/installation/download-jwt.md" >}}
 
-### Create the Secret 
+### Create the Secret
 
 The JWT needs to be configured before deploying NGINX Ingress Controller. The JWT will be stored in a Kubernetes Secret of type `nginx.com/license`, and can be created with the following command.
 
 ```shell
-kubectl create secret generic license-token --from-file=license.jwt=<path-to-your-jwt> --type=nginx.com/license -n <Your Namespace> 
+kubectl create secret generic license-token --from-file=license.jwt=<path-to-your-jwt> --type=nginx.com/license -n <Your Namespace>
 ```
 You can now delete the downloaded `.jwt` file.
 
@@ -91,7 +92,7 @@ Specify the endpoint in the `usage-report-endpoint` Management ConfigMap key.
 
 To configure SSL certificates or SSL trusted certificates, extra steps are necessary.
 
-To use Client Auth with NGINX Instance Manager, first create a Secret of type `kubernetes.io/tls` in the same namespace as the NGINX Ingress Controller pods. 
+To use Client Auth with NGINX Instance Manager, first create a Secret of type `kubernetes.io/tls` in the same namespace as the NGINX Ingress Controller pods.
 
 ```shell
 kubectl create secret tls ssl-certificate --cert=<path-to-your-client.pem> --key=<path-to-your-client.key> -n <Your Namespace>
@@ -112,7 +113,7 @@ Providing an optional CRL (certificate revocation list) will configure the [`ssl
 
 {{%tab name="Helm"%}}
 
-Specify the SSL certificate Secret name using the `controller.mgmt.sslCertificateSecretName` Helm value. 
+Specify the SSL certificate Secret name using the `controller.mgmt.sslCertificateSecretName` Helm value.
 
 Specify the SSL trusted certificate Secret name using the `controller.mgmt.sslTrustedCertificateSecretName` Helm value.
 

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-1469
+nd-docs: DOCS-1469
 doctypes:
 - tutorial
 tags:

@@ -4,9 +4,10 @@ toc: true
 weight: 500
 nd-content-type: how-to
 nd-product: NIC
+nd-docs: DOCS-1861
 ---
 
-This document describes how to build a local F5 NGINX App Protect WAF v5 Docker image with NGINX Plus Ingress 
+This document describes how to build a local F5 NGINX App Protect WAF v5 Docker image with NGINX Plus Ingress
 Controller, which can be used to compile WAF policies.
 
 This is accomplished with the following steps:
@@ -21,7 +22,7 @@ This is accomplished with the following steps:
 
 ## Prepare Secrets and credentials
 
-1. Download your NGINX Ingress Controller subscription's JSON Web Token, SSL Certificate, and Private Key from MyF5. 
+1. Download your NGINX Ingress Controller subscription's JSON Web Token, SSL Certificate, and Private Key from MyF5.
    You can use the same JSON Web Token, Certificate, and Key as NGINX Plus in your MyF5 portal.
 1. Rename the files to the following:
    - `nginx-repo.crt`
@@ -330,14 +331,14 @@ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP "http://webapp.example.co
 ```
 
 ```text
-<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your 
+<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your
 administrator.<br><br>Your support ID is: 11241918873745059631<br><br>
 <a href='javascript:history.back();'>[Go Back]</a></body></html>
 ```
 
 This is mostly the same as the [examples/custom_resources/app-protect-waf-v5](https://github.com/nginx/kubernetes-ingress/tree/main/examples/custom-resources/app-protect-waf-v5)
 deployment in a single file with the policy bundle already set.
 
-You now have a fully operational NGINX Ingress Controller instance with NGINX App Protect deployed in your Kubernetes environment. 
+You now have a fully operational NGINX Ingress Controller instance with NGINX App Protect deployed in your Kubernetes environment.
 
 For further details, troubleshooting, or support, refer to the [official NGINX documentation]({{< ref "/" >}}) or reach out directly to your F5/NGINX account team.
@@ -4,7 +4,7 @@ toc: true
 weight: 200
 type: how-to
 product: NIC
-docs: DOCS-603
+nd-docs: DOCS-603
 ---
 
 This guide explains how to use Manifests to install F5 NGINX Ingress Controller, then create both common and custom resources and set up role-based access control.

@@ -4,7 +4,7 @@ toc: true
 weight: 300
 type: how-to
 product: NIC
-docs: DOCS-604
+nd-docs: DOCS-604
 ---
 
 This document explains how to install F5 NGINX Ingress Controller using NGINX Ingress Operator.

@@ -4,7 +4,7 @@ toc: true
 weight: 400
 type: how-to
 product: NIC
-docs: DOCS-000
+nd-docs: DOCS-1862
 ---
 
 This document explains how to upgrade F5 NGINX Ingress Controller to 4.0.0.

@@ -4,7 +4,7 @@ weight: 100
 toc: true
 type: how-to
 product: NIC
-docs: DOCS-583
+nd-docs: DOCS-583
 ---
 
 This document explains how to build an image for F5 NGINX Ingress Controller with NGINX App Protect DoS from source code.

@@ -4,7 +4,7 @@ weight: 300
 toc: true
 nd-content-type: how-to
 nd-product: NIC
-nd-docs: DOCS-000
+nd-docs: DOCS-1863
 ---
 
 ## Overview

@@ -4,7 +4,7 @@ weight: 200
 toc: true
 nd-content-type: how-to
 nd-product: NIC
-nd-docs: DOCS-000
+nd-docs: DOCS-1866
 ---
 
 ## Overview

@@ -4,7 +4,7 @@ weight: 100
 toc: true
 type: how-to
 product: NIC
-docs: DOCS-000
+nd-docs: DOCS-1865
 ---
 
 This document explains how to build a F5 NGINX Ingress Controller image with NGINX App Protect WAF v5 from source code.

@@ -4,7 +4,7 @@ weight: 400
 toc: true
 nd-content-type: how-to
 nd-product: NIC
-nd-docs: DOCS-000
+nd-docs: DOCS-1864
 ---
 
 This document describes how to troubleshoot problems when using NGINX Ingress Controller and the NGINX App Protect WAF module version 5.

@@ -4,7 +4,7 @@ weight: 200
 toc: true
 type: how-to
 product: NIC
-docs: DOCS-578
+nd-docs: DOCS-578
 ---
 
 This document explains how to use F5 NGINX Ingress Controller to configure NGINX App Protect WAF.

@@ -4,7 +4,7 @@ weight: 100
 toc: true
 type: how-to
 product: NIC
-docs: DOCS-579
+nd-docs: DOCS-579
 ---
 
 This document explains how to build a F5 NGINX Ingress Controller image with F5 NGINX App Protect WAF from source code.

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-600
+nd-docs: DOCS-600
 doctypes:
 - concept
 title: F5 BIG-IP

@@ -1,5 +1,5 @@
 ---
-docs: DOCS-618
+nd-docs: DOCS-618
 doctypes:
 - ''
 title: OpenTracing (Deprecated in v5.0.0)

@@ -7,7 +7,7 @@ nd-product: NIC
 nd-docs: DOCS-605
 ---
 
-Learn how to pull an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry and upload it to your private registry. 
+Learn how to pull an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry and upload it to your private registry.
 
 The F5 Registry images include versions with NGINX App Protect WAF and NGINX App Protect DoS.
-Original file line number
+Diff line change
@@ Expand Up @@
     {
       "user_details": {
         "level": "premium"
-      },
+      },
       "sub": "client1"
     }
     ```
@@ Expand Down @@