Merge branch 'main' into feat-add-ngf

Author: mjang

.github/pull_request_template.md

@@ -1,35 +1,31 @@
 ### Proposed changes
 
-Write a clear and concise description that helps reviewers understand the purpose and impact of your changes. Use the
-following format:
+[//]: # "Write a clear and concise description of what the pull request changes."
+[//]: # "You can use our Commit messages guidance for this."
+[//]: # "https://github.com/nginx/documentation/blob/main/documentation/git-conventions.md#commit-messages"
 
-Problem: Give a brief overview of the problem or feature being addressed.
+[//]: # "First, explain what was changed, and why. This should be most of the detail."
+[//]: # "Then how the changes were made, such as referring to existing styles and conventions."
+[//]: # "Finish by noting anything beyond the scope of the PR changes that may be affected."
 
-Solution: Explain the approach you took to implement the solution, highlighting any significant design decisions or
-considerations.
+[//]: # "Include information on testing if relevant and non-obvious from the deployment preview."
+[//]: # "For expediency, you can use screenshots to show small before and after examples."
 
-Testing: Describe any testing that you did.
+[//]: # "If the changes were defined by a GitHub issue, reference it using keywords."
+[//]: # "https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests"
 
-Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
-specific feedback, add them here.
-
-If this PR addresses an [issue](https://github.com/nginx/documentation/issues) on GitHub, ensure that you link to it here:
-
-Closes #ISSUE
+[//]: # "Do not like to any internal, non-public resources. This includes internal repository issues or anything in an intranet."
+[//]: # "You can make reference to internal discussions without linking to them: see 'Referencing internal information'."
+[//]: # "https://github.com/nginx/documentation/blob/main/documentation/closed-contributions.md#referencing-internal-information"
 
 ### Checklist
 
-Before merging a pull request, run through this checklist and mark each as complete.
+Before sharing this pull request, I completed the following checklist:
 
-- [ ] I have read the [contributing guidelines](https://github.com/nginx/documentation/blob/main/CONTRIBUTING.md)
-- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md)
-- [ ] I have rebased my branch onto main
-- [ ] I have ensured my PR is targeting the main branch and pulling from my branch from my own fork
-- [ ] I have ensured that the commit messages adhere to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/#summary)
-- [ ] I have ensured that documentation content adheres to [the style guide](/documentation/style-guide.md)
-- [ ] If the change involves potentially sensitive changes[^1], I have assessed the possible impact
-- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works
-- [ ] I have ensured that existing tests pass after adding my changes
-- [ ] If applicable, I have updated [`README.md`](/README.md)
+- [ ] I read the [Contributing guidelines](https://github.com/nginx/documentation/blob/main/CONTRIBUTING.md)
+- [ ] My branch adheres to the [Git conventions](https://github.com/nginx/documentation/blob/main/documentation/git-conventions.md)
+- [ ] My content changes adhere to the [F5 NGINX Documentation style guide](https://github.com/nginx/documentation/blob/main/documentation/style-guide.md)
+- [ ] If my changes involve potentially sensitive information[^1], I have assessed the possible impact
+- [ ] I have waited to ensure my changes pass tests, and addressed any discovered issues
 
-[^1]: Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation. Please refer to [our style guide](/documentation/style-guide.md) for guidance about placeholder content.
+[^1]: Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the [style guide](https://github.com/nginx/documentation/blob/main/documentation/style-guide.md) for guidance about placeholder content.

.github/workflows/ossf_scorecard.yml

@@ -56,6 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload SARIF results to code scanning
-        uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.29.4
+        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
         with:
           sarif_file: results.sarif

content/agent/technical-specifications.md

@@ -26,16 +26,16 @@ This document provides technical specifications for NGINX Agent. It includes inf
 NGINX Agent can run in most environments. We support the following distributions:
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
-| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2 | CentOS | Debian |
-|-|-----------|--------------|--------------|----------------|--------|--------|
-|**Version**|8 <br><hr>9 |  3.16<br><hr>3.17<br><hr> 3.18<br><hr> 3.19|  2023|  LTS|  7.4+|  11<br><hr> 12|
+| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2| Debian |
+|-|-----------|--------------|--------------|----------------|--------|
+|**Version**|8 <br><hr>9 <br><hr>10|  3.19<br><hr>3.20<br><hr> 3.21<br><hr> 3.22|  2023|  LTS|  11<br><hr> 12|
 |**Architecture**| x86_84<br><hr>aarch64| x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 | x86_64<br><hr>aarch64 |
 {{< /bootstrap-table >}}
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 | |FreeBSD | Oracle Linux | Red Hat <br>Enterprise Linux <br>(RHEL) | Rocky Linux | SUSE Linux <br>Enterprise Server <br>(SLES) | Ubuntu |
 |-|--------|--------------|---------------------------------|-------------|-------------------------------------|--------|
-|**Version**|13<br><hr>14|7.4+<br><hr>8.1+<br><hr>9|7.4+<br><hr>8.1+<br><hr>9.0+|8<br><hr>9|12 SP5<br><hr>15 SP2|20.04 LTS<br><hr>22.04 LTS|
+|**Version**|13<br><hr>14|8.1+<br><hr>9<br><hr>10|8.1+<br><hr>9.0+<br><hr>10|8<br><hr>9<br><hr>10|15 SP2|22.04 LTS<br><hr>24.04 LTS<br><hr>25.04 LTS|
 |**Architecture**|amd64|x86_64|x86_64<br><hr>aarch64|x86_64<br><hr>aarch64|x86_64|x86_64<br><hr>aarch64|
 {{< /bootstrap-table >}}
 

content/includes/agent/tech-specs.md

@@ -6,12 +6,27 @@ files:
 ---
 
 NGINX Agent is designed to operate efficiently on any system that meets the standard
-hardware requirements for running NGINX Plus itself. This ensures compatibility, stability,
+hardware requirements for running NGINX itself. This ensures compatibility, stability,
 and performance aligned with the NGINX core platform:
 
 ### Supported distributions
 
-{{< include "nginx-plus/supported-distributions.md" >}}
+{{<bootstrap-table "table table-striped table-bordered">}}
+| Distribution                        | Supported on Agent                                                                                         |
+|-------------------------------------|------------------------------------------------------------------------------------------------------------|
+| AlmaLinux                           | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64) <br> 10 (x86_64, aarch64) **(new)**                           |
+| Alpine Linux                        | 3.19 (x86_64, aarch64) <br> 3.20 (x86_64, aarch64) <br> 3.21 (x86_64, aarch64) <br> 3.22 (x86_64, aarch64) |
+| Amazon Linux                        | 2023 (x86_64, aarch64)                                                                                     |                       
+| Amazon Linux 2                      | LTS (x86_64, aarch64)                                                                                      |                       
+| CentOS                              | **Not supported**                                                                                          |                     
+| Debian                              | 11 (x86_64, aarch64) <br> 12 (x86_64, aarch64)                                                             |
+| FreeBSD                             | **Not supported**                                                                                          |
+| Oracle Linux                        | 8.1+ (x86_64, aarch64) <br> 9 (x86_64) <br> 10 (x86_64) **(new)**                                          |
+| Red Hat Enterprise Linux (RHEL)     | 8.1+ (x86_64, aarch64) <br> 9.0+ (x86_64, aarch64) <br> 10.0+ (x86_64, aarch64) **(new)**                  |
+| Rocky Linux                         | 8 (x86_64, aarch64) <br> 9 (x86_64, aarch64)    <br> 10 (x86_64, aarch64) **(new)**                        |
+| SUSE Linux Enterprise Server (SLES) | 15 SP2+ (x86_64)                                                                                           |
+| Ubuntu                              | 22.04 LTS (x86_64, aarch64) <br> 24.04 LTS (x86_64, aarch64) <br> 25.04 LTS (x86_64, aarch64) **(new)**    |
+{{</bootstrap-table>}}
 
 To see the detailed technical specifications for NGINX Plus, refer to the official
 [NGINX Plus documentation]({{< ref "/nginx/technical-specs.md" >}}).

content/includes/licensing-and-reporting/download-certificates-from-myf5.md

@@ -0,0 +1,9 @@
+---
+files:
+- content/includes/use-cases/credential-download-instructions.md
+---
+
+1. Log in to [MyF5](https://my.f5.com/manage/s/).
+1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
+1. Find your NGINX subscription, and select the **Subscription ID** for details.
+1. Download the **SSL Certificate** and **Private Key** files from the subscription page.

content/includes/licensing-and-reporting/download-jwt-from-myf5.md

@@ -1,8 +1,19 @@
 ---
 docs:
+files:
+- content/includes/nim/docker/docker-registry-login.md
+- content/includes/use-cases/credential-download-instructions.md
+- content/nap-waf/v5/admin-guide/install.md
+- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
+- content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md
+- content/nim/admin-guide/add-license.md
+- content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md
+- content/nim/disconnected/add-license-disconnected-deployment.md
+- content/solutions/about-subscription-licenses.md
+- content/solutions/r33-pre-release-guidance-for-automatic-upgrades.md
 ---
 
 1. Log in to [MyF5](https://my.f5.com/manage/s/).
-2. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
-3. Find your NGINX products or services subscription, and select the **Subscription ID** for details.
-4. Download the **JSON Web Token** from the subscription page.
+1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
+1. Find your NGINX subscription, and select the **Subscription ID** for details.
+1. Download the **JSON Web Token** file from the subscription page.

content/includes/use-cases/credential-download-instructions.md

@@ -0,0 +1,25 @@
+---
+files:
+- content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
+- content/nic/installation/nic-images/registry-download.md
+---
+
+In order to obtain a container image, you will need the JSON Web Token file or SSL certificate and private key files provided with your NGINX Plus subscription. 
+
+These files grant access to the package repository from which the script will download the NGINX Plus package:
+
+{{< tabs name="product_keys" >}}
+
+{{% tab name="JSON Web Token" %}}
+
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+
+{{% /tab %}}
+
+{{% tab name="SSL" %}}
+
+{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
+
+{{% /tab %}}
+
+{{< /tabs >}}

content/includes/use-cases/docker-registry-instructions.md

@@ -0,0 +1,49 @@
+---
+files:
+- content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md
+- content/nic/installation/nic-images/registry-download.md
+---
+
+This step describes how to use Docker to communicate with the F5 Container Registry located at `private-registry.nginx.com`.
+
+{{< call-out "note" >}}
+
+The steps provided are for Linux. For Mac or Windows, see the [Docker for Mac](https://docs.docker.com/docker-for-mac/#add-client-certificates) or [Docker for Windows](https://docs.docker.com/docker-for-windows/#how-do-i-add-client-certificates) documentation. 
+
+For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/).
+
+{{< /call-out >}}
+
+{{< tabs name="docker_login" >}}
+
+{{% tab name="JSON Web Token"%}}
+
+Open the JSON Web Token file previously downloaded from [MyF5](https://my.f5.com) customer portal (for example, `nginx-repo-12345abc.jwt`) and copy its contents.
+
+Log in to the Docker registry using the contents of the JSON Web Token file:
+
+```shell
+docker login private-registry.nginx.com --username=<output_of_jwt_token> --password=none
+```
+
+{{% /tab %}}
+
+{{% tab name="SSL" %}}
+
+Create a directory and copy your certificate and key to this directory:
+
+```shell
+mkdir -p /etc/docker/certs.d/private-registry.nginx.com
+cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
+cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
+```
+
+Log in to the Docker registry:
+
+```shell
+docker login private-registry.nginx.com
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}

content/includes/use-cases/monitoring/n1c-dashboard-overview.md

@@ -23,7 +23,7 @@ Navigating the dashboard:
 | <i class="fas fa-desktop"></i> **Operating systems** | Find out which operating systems your instances are running on. | |
 | <i class="fas fa-certificate"></i> **Certificates** | Monitor the status of your SSL certificates to know which are expiring soon and which are still valid. | |
 | <i class="fas fa-cogs"></i> **Config recommendations** | Get configuration recommendations to optimize your instances' settings. | |
-| <i class="fas fa-shield-alt"></i> **CVEs (Common Vulnerabilities and Exposures)** | Evaluate the severity and number of potential security threats in your instances. | - **Major**: Indicates a high-severity threat that needs immediate attention. <br> - **Medium**: Implies a moderate threat level. <br> - **Minor** and **Low**: Represent less critical issues that still require monitoring. <br> - **Other**: Encompasses any threats that don't fit the standard categories. |
+| <i class="fas fa-shield-alt"></i> **CVEs (Common Vulnerabilities and Exposures)** | Evaluate the severity and number of potential security threats in your instances. | - **High**: Indicates a high-severity threat that needs immediate attention. NGINX CVSS score = 7.0-10.0 <br> - **Medium**: Implies a moderate threat level. NGINX CVSS score = 4.0-6.9  <br> - **Low**: Represent less critical issues that still require monitoring. NGINX CVSS score = 0.1-3.9. <br> - **None**: NGINX CVSS score = 0.0|
 | <i class="fas fa-microchip"></i> **CPU utilization** | Track CPU usage trends and pinpoint instances with high CPU demand. | |
 | <i class="fas fa-memory"></i> **Memory utilization** | Watch memory usage patterns to identify instances using significant memory. | |
 | <i class="fas fa-hdd"></i> **Disk space utilization** | Monitor how much disk space your instances are using and identify those nearing capacity. | |

content/nginx-one/agent/configure-instance-reporting/configuration-overview.md

@@ -49,8 +49,8 @@ sudo docker run \
   --env=NGINX_AGENT_LOG_LEVEL=debug \
   -d agent
 ```
-<details>
-<summary>NGINX Agent configuration options</summary>
+
+### NGINX Agent configuration options
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 | **Environment Variable**                         | **Command-Line Option**                             | **Description**                                                                                              | **Default Value**                                      |
@@ -83,5 +83,4 @@ sudo docker run \
 | NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_CERT     | --collector-extensions-health-tls-cert          | TLS Certificate file path for communication with OTel health server.                                         | N/A                                                    |
 | NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_KEY      | --collector-extensions-health-tls-key           | File path for TLS key used when connecting with OTel health server.                                           | N/A                                                    |
 | NGINX_AGENT_COLLECTOR_PROCESSORS_BATCH_SEND_BATCH_TIMEOUT    | --collector-processors-batch-send-batch-timeout                                               | Maximum time duration for sending batch data metrics regardless of size.                                      | 200ms
-{{< /bootstrap-table >}}                             |%
-</details>
+{{< /bootstrap-table >}}