Skip to content

document deploy rootless using docker compose#1956

Merged
travisamartin merged 6 commits into
mainfrom
bgv/rootless-nim-changes
May 20, 2026
Merged

document deploy rootless using docker compose#1956
travisamartin merged 6 commits into
mainfrom
bgv/rootless-nim-changes

Conversation

@devbgv
Copy link
Copy Markdown
Contributor

@devbgv devbgv commented May 14, 2026

Proposed changes
Adds a new how-to guide for deploying F5 NGINX Instance Manager (NIM) in a rootless Docker Compose environment, where all container processes run as the nms non-root user.

What changed and why:
The existing Docker deployment section covers the standard image-based Docker Compose flow. This PR adds a companion guide for teams with security hardening requirements—such as CIS benchmarks or internal least-privilege policies—that prevent running containers as root. The guide also documents the runtime configuration injection pattern used by this deployment, which allows NIM settings to be changed via environment variables and a stack restart, without rebuilding the Docker image. This is distinct from the standard deployment and warrants its own topic.

How the changes were made:

  • The new file deploy-nim-rootless-docker-compose.md follows the established conventions of the existing Docker deployment topics: f5-content-type: how-to, f5-product: NIMNGR, toc: true, H2/H3 heading hierarchy, --- section separators, fenced code blocks with language identifiers, and {{< call-out >}} shortcodes for notes.
  • weight: 150 places the page between the existing standard deployment guide (100) and the data plane guide (200) in the left-hand navigation.
  • A {{< ref >}} cross-link to the standard Docker Compose guide is included in the "See also" section.
  • _index.md description and f5-summary are updated to surface the new rootless option on the section landing page.
    Out of scope / follow-up considerations:
  • This guide references startNIM.sh helper functions (set_nms_conf, set_nms_sm). If a reference topic for those functions is added in future, a cross-link should be added here.
  • The f5-docs field is set to a placeholder (DOCS-NIM-ROOTLESS) and should be updated with the canonical JIRA ticket before merge.

Checklist
Before sharing this pull request, I completed the following checklist:

@devbgv devbgv requested a review from a team as a code owner May 14, 2026 12:32
@github-actions github-actions Bot added documentation Improvements or additions to documentation product/nim Issues related to NGINX Instance Manager labels May 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026
edited
Loading

🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the F5 CLA and reply on a new comment with the following text to agree:

I have hereby read the F5 CLA and agree to its terms

2 out of 3 committers have signed the CLA.
✅ (devbgv)[https://github.com/devbgv]
✅ (travisamartin)[https://github.com/travisamartin]
@vamshi Krishna BGV
Vamshi Krishna BGV seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@devbgv
Copy link
Copy Markdown
Contributor Author

devbgv commented May 14, 2026

I have hereby read the F5 CLA and agree to its terms

@devbgv devbgv force-pushed the bgv/rootless-nim-changes branch from 5d74f1f to d8a39ec Compare May 14, 2026 12:33
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Deploy Preview will be available once build job completes!

Name Link
😎 Deploy Preview https://frontdoor-test-docs.nginx.com/previews/docs/1956/

@devbgv devbgv force-pushed the bgv/rootless-nim-changes branch from d8a39ec to b768380 Compare May 15, 2026 12:28
mjang
mjang previously requested changes May 18, 2026
View reviewed changes
Comment thread content/nim/deploy/docker/deploy-nim-rootless-docker-compose.md Outdated
@devbgv devbgv requested a review from mjang May 18, 2026 14:53
@JTorreG
Copy link
Copy Markdown
Contributor

JTorreG commented May 18, 2026

recheck

travisamartin
travisamartin previously requested changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@travisamartin travisamartin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened a PR with my edits. Take a look: #1969

mjang
mjang reviewed May 20, 2026
View reviewed changes
Comment thread content/nim/deploy/docker/deploy-nim-rootless-docker-compose.md Outdated
Comment thread content/nim/deploy/docker/deploy-nim-rootless-docker-compose.md Outdated
devbgv and others added 3 commits May 20, 2026 20:55
@devbgv @mjang
Apply suggestion from @mjang
ae9aa50 
Co-authored-by: Mike Jang <mi.jang@f5.com>
@devbgv @mjang
Apply suggestion
9679326 
Co-authored-by: Mike Jang <mi.jang@f5.com>
@travisamartin
docs(nim): edit pass on rootless Docker Compose guide (#1969)
f9a849b 
Apply style guide corrections to deploy-nim-rootless-docker-compose.md:

- Replace NIM abbreviation with NGINX Instance Manager throughout prose
  (f5-product-names: never abbreviate NGINX product names)
- Fix passive voice constructions to active voice (active-voice)
- Replace 'Launch' with 'Start', 'Once' with 'When', 'Modify' with
  'Change', 'via' with 'using', 'as' (causal) with 'because' (word-list)
- Split 32-word sentence into two shorter sentences (sentence-length)
- Rewrite 'No image rebuild required/needed' constructions as 'You
  don't need to rebuild the image' (active-voice)
- Remove parenthetical (NIM) abbreviation introduction (f5-product-names)
@travisamartin travisamartin dismissed stale reviews from mjang and themself May 20, 2026 15:59

Issues addressed in separate PR

@travisamartin travisamartin merged commit 077f555 into main May 20, 2026
8 of 9 checks passed
@travisamartin travisamartin deleted the bgv/rootless-nim-changes branch May 20, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjang mjang mjang left review comments

@travisamartin travisamartin travisamartin approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation product/nim Issues related to NGINX Instance Manager

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@devbgv @JTorreG @mjang @travisamartin