NGINX Management Suite Dimensions Catalog
Information about all of the Dimensions collected by NGINX Agent
{{ range .Site.Data.nms.catalogs.dimensions }} -{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux
+Install NGINX Agent on Amazon Linux
### Install NGINX Agent on Amazon Linux diff --git a/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md index ce901a5a6..726814b19 100644 --- a/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +++ b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md @@ -31,7 +31,7 @@ NGINX Agent from the repository.
-
{{< fa "brands fa-centos" >}} Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
+Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
### Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux @@ -40,7 +40,7 @@ NGINX Agent from the repository.
-
{{< fa "brands fa-ubuntu" >}} Install NGINX Agent on Ubuntu
+Install NGINX Agent on Ubuntu
### Install NGINX Agent on Ubuntu @@ -49,7 +49,7 @@ NGINX Agent from the repository.
-
{{< fa "brands fa-debian" >}} Install NGINX Agent on Debian
+Install NGINX Agent on Debian
### Install NGINX Agent on Debian @@ -58,7 +58,7 @@ NGINX Agent from the repository.
-
{{< fa "brands fa-suse" >}} Install NGINX Agent on SLES
+Install NGINX Agent on SLES
### Install NGINX Agent on SLES @@ -67,7 +67,7 @@ NGINX Agent from the repository.
-
{{< fa "solid fa-mountain-sun" >}} Install NGINX Agent on Alpine Linux
+Install NGINX Agent on Alpine Linux
### Install NGINX Agent on Alpine Linux @@ -75,7 +75,7 @@ NGINX Agent from the repository.
-
{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux
+Install NGINX Agent on Amazon Linux
### Install NGINX Agent on Amazon Linux diff --git a/content/nginx-one/agent/install-upgrade/uninstall.md b/content/nginx-one/agent/install-upgrade/uninstall.md index a553f81d3..0a4137c09 100644 --- a/content/nginx-one/agent/install-upgrade/uninstall.md +++ b/content/nginx-one/agent/install-upgrade/uninstall.md @@ -19,7 +19,7 @@ The user following performing the uninstall steps needs to have `root` privilege Complete the following steps on each host where you've installed NGINX Agent
-
{{< fa "brands fa-centos" >}} Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
+Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux
### Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux @@ -28,7 +28,7 @@ Complete the following steps on each host where you've installed NGINX Agent
-
{{< fa "brands fa-ubuntu" >}} Uninstall NGINX Agent on Ubuntu
+Uninstall NGINX Agent on Ubuntu
### Uninstall NGINX Agent on Ubuntu @@ -37,7 +37,7 @@ Complete the following steps on each host where you've installed NGINX Agent
-
{{< fa "brands fa-debian" >}} Uninstall NGINX Agent on Debian
+Uninstall NGINX Agent on Debian
### Uninstall NGINX Agent on Debian @@ -46,7 +46,7 @@ Complete the following steps on each host where you've installed NGINX Agent
-
{{< fa "brands fa-suse" >}} Uninstall NGINX Agent on SLES
+Uninstall NGINX Agent on SLES
### Uninstall NGINX Agent on SLES @@ -55,7 +55,7 @@ Complete the following steps on each host where you've installed NGINX Agent
-
{{< fa "solid fa-mountain-sun" >}} Uninstall NGINX Agent on Alpine Linux
+Uninstall NGINX Agent on Alpine Linux
### Uninstall NGINX Agent on Alpine Linux @@ -64,7 +64,7 @@ Complete the following steps on each host where you've installed NGINX Agent
-}} {{}}
+ {{}} {{}}
- {{}} {{}}
+ {{}} {{}}
---
diff --git a/content/nginx/_index.md b/content/nginx/_index.md
index ee4d73911..ef928d074 100644
--- a/content/nginx/_index.md
+++ b/content/nginx/_index.md
@@ -26,38 +26,36 @@ NGINX Plus adds a range of premium features to address enterprise needs.
[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
-{{}}
- {{}}
- {{}}
- Install NGINX Plus on different operating systems.
- {{ }}
- {{ }}
-{{ }}
-
-
-{{}}
- {{}}
- {{}}
- Install NGINX Open Source. Compile from source.
- {{ }}
- {{}}
- Keep your servers running.
- {{}}
- {{}}
- Configure NGINX as a web server.
- {{ }}
- {{}}
- Set up Open ID connect with identity providers.
- {{}}
- {{ }}
-{{ }}
+{{}}
+ {{}}
+ Install NGINX Plus on different operating systems.
+ {{ }}
+{{ }}
+
+
+
+{{}}
+ {{}}
+ Install NGINX Open Source. Compile from source.
+ {{ }}
+ {{}}
+ Keep your servers running.
+ {{}}
+ {{}}
+ Configure NGINX as a web server.
+ {{ }}
+ {{}}
+ Set up Open ID connect with identity providers.
+ {{}}
+{{ }}
+
### More information
-{{}}
- {{}}
- {{}}
- Get details on new features, bug fixes, and known issues.
- {{ }}
- {{ }}
-{{ }}
+
+{{}}
+ {{}}
+ Get details on new features, bug fixes, and known issues.
+ {{ }}
+{{ }}
+
diff --git a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
index 7103a7cd4..7bb5a27b7 100644
--- a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
+++ b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md
@@ -521,17 +521,16 @@ To enable the Swagger UI:
|OpenAPI YAML File/API Version | NGINX Plus Version | Changes |
| ---| --- | --- |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Release [35]({{< ref "/nginx/releases.md#r35" >}}) | The `uuid` parameter of the [`/license`](https://nginx.org/en/docs/http/ngx_http_api_module.html#license) data was added|
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [33]({{< ref "/nginx/releases.md#r33" >}}), [34]({{< ref "nginx/releases.md#r34" >}})| The [`/license`](https://nginx.org/en/docs/http/ngx_http_api_module.html#license) data were added|
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [30]({{< ref "nginx/releases.md#r30" >}}), [31]({{< ref "nginx/releases.md#r31" >}}), [32]({{< ref "nginx/releases.md#r32" >}}) | The [`/workers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#workers_) data were added |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v8/nginx_api.yaml) for API version 8 | NGINX Plus Releases [27]({{< ref "nginx/releases.md#r27" >}}), [28]({{< ref "nginx/releases.md#r28" >}}), [29]({{< ref "nginx/releases.md#r29" >}}) | SSL statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object) endpoint|
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v7/nginx_api.yaml) for API version 7 | NGINX Plus Releases [25]({{< ref "nginx/releases.md#r25" >}}), [26]({{< ref "nginx/releases.md#r26" >}}),| The `codes` data in `responses` for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone) were added|
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v6/nginx_api.yaml) for API version 6 | NGINX Plus Releases [20]({{< ref "nginx/releases.md#r20" >}}), [21]({{< ref "nginx/releases.md#r21" >}}), [22]({{< ref "nginx/releases.md#r22" >}}), [23]({{< ref "nginx/releases.md#r23" >}}), [24]({{< ref "nginx/releases.md#r24" >}}) | The [`/stream/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_), [`/http/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_), and [`/http/limit_reqs/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) data were added |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v5/nginx_api.yaml) for API version 5 | NGINX Plus Release [19]({{< ref "nginx/releases.md#r19" >}}) | The `expire` parameter of a [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pair can be [set](https://nginx.org/en/docs/http/ngx_http_api_module.html#postHttpKeyvalZoneData) or [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue), the [`/resolvers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) and [`/http/location_zones/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_location_zones_) data were added |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v4/nginx_api.yaml) for API version 4 | NGINX Plus Release [18]({{< ref "nginx/releases.md#r18" >}}) | The `path` and `method` fields of [nginx error object](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error) were removed. These fields continue to exist in earlier api versions, but show an empty value |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v3/nginx_api.yaml) for API version 3 | NGINX Plus Releases [15]({{< ref "nginx/releases.md#r15" >}}), [16]({{< ref "nginx/releases.md#r16" >}}), [17]({{< ref "nginx/releases.md#r17" >}}) | The [`/stream/zone_sync/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) data were added |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v2/nginx_api.yaml) for API version 2 | NGINX Plus Release [14]({{< ref "nginx/releases.md#r14" >}}) | The [`drain`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server) parameter was added |
-|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v1/nginx_api.yaml) for API version 1 | NGINX Plus Release [13]({{< ref "nginx/releases.md#r13" >}})| The [`/stream/keyvals/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_) data were added |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [33]({{< ref "/nginx/releases.md#r33" >}}), [34]({{< ref "nginx/releases.md#r34" >}})| The [`/license`](https://nginx.org/en/docs/http/ngx_http_api_module.html#license) data were added|
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v9/nginx_api.yaml) for API version 9 | NGINX Plus Releases [30]({{< ref "nginx/releases.md#r30" >}}), [31]({{< ref "nginx/releases.md#r31" >}}), [32]({{< ref "nginx/releases.md#r32" >}}) | The [`/workers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#workers_) data were added|
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v8/nginx_api.yaml) for API version 8 | NGINX Plus Releases [27]({{< ref "nginx/releases.md#r27" >}}), [28]({{< ref "nginx/releases.md#r28" >}}), [29]({{< ref "nginx/releases.md#r29" >}}) | SSL statistics for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream) and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), SSL statistics for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone) and stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), extended statistics for [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object) endpoint|
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v7/nginx_api.yaml) for API version 7 | NGINX Plus Releases [25]({{< ref "nginx/releases.md#r25" >}}), [26]({{< ref "nginx/releases.md#r26" >}}),| The `codes` data in `responses` for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone) were added|
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v6/nginx_api.yaml) for API version 6 | NGINX Plus Releases [20]({{< ref "nginx/releases.md#r20" >}}), [21]({{< ref "nginx/releases.md#r21" >}}), [22]({{< ref "nginx/releases.md#r22" >}}), [23]({{< ref "nginx/releases.md#r23" >}}), [24]({{< ref "nginx/releases.md#r24" >}}) | The [`/stream/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_), [`/http/limit_conns/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_), and [`/http/limit_reqs/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) data were added |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v5/nginx_api.yaml) for API version 5 | NGINX Plus Release [19]({{< ref "nginx/releases.md#r19" >}}) | The `expire` parameter of a [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pair can be [set](https://nginx.org/en/docs/http/ngx_http_api_module.html#postHttpKeyvalZoneData) or [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue), the [`/resolvers/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) and [`/http/location_zones/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_location_zones_) data were added |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v4/nginx_api.yaml) for API version 4 | NGINX Plus Release [18]({{< ref "nginx/releases.md#r18" >}}) | The `path` and `method` fields of [nginx error object](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error) were removed. These fields continue to exist in earlier api versions, but show an empty value |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v3/nginx_api.yaml) for API version 3 | NGINX Plus Releases [15]({{< ref "nginx/releases.md#r15" >}}), [16]({{< ref "nginx/releases.md#r16" >}}), [17]({{< ref "nginx/releases.md#r17" >}}) | The [`/stream/zone_sync/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) data were added |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v2/nginx_api.yaml) for API version 2 | NGINX Plus Release [14]({{< ref "nginx/releases.md#r14" >}}) | The [`drain`](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server) parameter was added |
+|[{{}}OpenAPI v2](/nginx/admin-guide/yaml/v1/nginx_api.yaml) for API version 1 | NGINX Plus Release [13]({{< ref "nginx/releases.md#r13" >}})| The [`/stream/keyvals/`](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_) data were added |
{{}}
diff --git a/content/nginxaas-azure/_index.md b/content/nginxaas-azure/_index.md
index 86fc4dcd5..7d786a0ea 100644
--- a/content/nginxaas-azure/_index.md
+++ b/content/nginxaas-azure/_index.md
@@ -18,49 +18,41 @@ and reliable with full lifecycle management of advanced NGINX traffic services.
## Featured content
-{{}}
- {{}}
- {{}}
- Deploy NGINX as a Service for Azure using the Azure portal, Azure CLI, or Terraform
- {{ }}
- {{}}
- Step-by-step guides for several common use cases, including scaling guidance, security controls, and more
- {{ }}
- {{}}
- Collect, correlate, and analyze metrics for a thorough understanding of your application's health and behavior
- {{ }}
- {{ }}
-{{ }}
+{{}}
+ {{}}
+ Deploy NGINX as a Service for Azure using the Azure portal, Azure CLI, or Terraform
+ {{ }}
+ {{}}
+ Step-by-step guides for several common use cases, including scaling guidance, security controls, and more
+ {{ }}
+ {{}}
+ Collect, correlate, and analyze metrics for a thorough understanding of your application's health and behavior
+ {{ }}
+{{ }}
### Billing
-{{}}
- {{}}
- {{}}
- See the pricing plans and learn about NGINX Capacity Units (NCUs)
- {{ }}
- {{ }}
-{{ }}
+{{}}
+ {{}}
+ See the pricing plans and learn about NGINX Capacity Units (NCUs)
+ {{ }}
+{{ }}
### Certificates
-{{}}
- {{}}
- {{}}
- Learn to manage SSL/TSL certificates using the Azure portal
- {{ }}
- {{ }}
-{{ }}
+{{}}
+ {{}}
+ Learn to manage SSL/TSL certificates using the Azure portal
+ {{ }}
+{{ }}
### More information
-{{}}
- {{}}
- {{}}
- Learn about the differences between NGINX as a Service for Azure and NGINX Plus
- {{ }}
- {{}}
- See the latest updates: New features, improvements, and bug fixes
- {{ }}
- {{ }}
-{{ }}
+{{}}
+ {{}}
+ Learn about the differences between NGINX as a Service for Azure and NGINX Plus
+ {{ }}
+ {{}}
+ See the latest updates: New features, improvements, and bug fixes
+ {{ }}
+{{ }}
diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
index 17da2ae0e..c3d4b769b 100644
--- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
+++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md
@@ -32,14 +32,14 @@ NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers
{{< call-out "note" >}}If you don't see the default configuration, it's likely the deployment was created through a client tool other than the portal (For example, Terraform), or the "Apply default NGINX configuration" was unchecked during the deployment creation process in the portal. You can still proceed with the steps below to provide your own NGINX configuration for the deployment.{{< /call-out >}}
-1. Select {{< fa "fa fa-plus">}}**New File** to add a file path, then **Confirm**.
+1. Select {{< icon "fa fa-plus">}}**New File** to add a file path, then **Confirm**.
{{}}
| Property | Description |
| -------- | ----------- |
| File path | Each NGINX configuration file can be uniquely identified by a file path (for example, nginx.conf or /etc/nginx/nginx.conf) to align with the intended NGINX configuration file structure. |
| Root file | The root file is the main NGINX configuration file. }}
{{< call-out "note" >}}If specifying an absolute file path, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{< /call-out >}}
@@ -146,7 +146,7 @@ http {
1. Select the configuration file you want to delete from the File path list.
-1. Select the delete icon {{< fa "fa fa-trash">}}.
+1. Select the delete icon {{< icon "fa fa-trash">}}.
1. Confirm your action to delete the configuration file.
diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
index 31f2effac..bb6c0fc65 100644
--- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
+++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md
@@ -24,7 +24,7 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
1. Select **NGINX certificates** in the left menu.
-1. Select {{< fa "plus">}}**Add certificate**.
+1. Select {{< icon "plus">}}**Add certificate**.
1. Provide the required information:
@@ -72,7 +72,7 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
1. Select the checkbox next to the certificate you want to edit.
-1. Select {{< fa "pencil">}} **Edit**.
+1. Select {{< icon "pencil">}} **Edit**.
1. Update the Name, Certificate path, Key path fields as needed.
@@ -86,7 +86,7 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key
1. Select the checkbox next to the certificate you want to delete.
-1. Select {{< fa "trash">}}**Delete**.
+1. Select {{< icon "trash">}}**Delete**.
1. Confirm the delete action.
diff --git a/content/nginxaas-azure/quickstart/geoip2.md b/content/nginxaas-azure/quickstart/geoip2.md
index 2447dafb6..184f6530a 100644
--- a/content/nginxaas-azure/quickstart/geoip2.md
+++ b/content/nginxaas-azure/quickstart/geoip2.md
@@ -18,7 +18,7 @@ NGINXaaS uses your MaxMind license to download GeoIP2 databases, puts them in th
To enable GeoIP2 you [update your NGINX configuration]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview.md">}}) to include your MaxMind license and the relevant NGINX directives.
1. Log into MaxMind and [generate a `GeoIP.conf`](https://dev.maxmind.com/geoip/updating-databases/#2-obtain-geoipconf-with-account-information) file.
-2. Add the `GeoIP.conf` file to your NGINX configuration, using the exact path `/etc/nginx/GeoIP.conf`. The `GeoIP.conf` will be validated, and must include `AccountID`, `LicenseKey`, and `EditionIDs`. Other configuration options in `GeoIP.conf` are ignored. We recommend you enable the **Protected** {{}} toggle button to mark `GeoIP.conf` as a protected file, which will prevent the contents from being read via any Azure client tools.
+2. Add the `GeoIP.conf` file to your NGINX configuration, using the exact path `/etc/nginx/GeoIP.conf`. The `GeoIP.conf` will be validated, and must include `AccountID`, `LicenseKey`, and `EditionIDs`. Other configuration options in `GeoIP.conf` are ignored. We recommend you enable the **Protected** {{}} toggle button to mark `GeoIP.conf` as a protected file, which will prevent the contents from being read via any Azure client tools.
3. Add the `load_module` directive - the modules are available at `modules/ngx_http_geoip2_module.so` or `modules/ngx_stream_geoip2_module.so`.
4. Add `geoip2` directives to your NGINX configuration as desired. The `EditionIDs` from your `GeoIP.conf` are available at `/usr/local/share/GeoIP`
diff --git a/content/nginxaas-azure/quickstart/security-controls/certificates.md b/content/nginxaas-azure/quickstart/security-controls/certificates.md
index 5153189d4..089347888 100644
--- a/content/nginxaas-azure/quickstart/security-controls/certificates.md
+++ b/content/nginxaas-azure/quickstart/security-controls/certificates.md
@@ -44,7 +44,7 @@ Next, you can add an SSL/TLS certificate to your key vault by following [Azure's
1. Go to your key vault, `nginxaas-kv`.
1. Select **Certificates** in the left menu.
-1. Select {{< fa "plus">}}**Generate/Import** and provide the following information:
+1. Select {{< icon "plus">}}**Generate/Import** and provide the following information:
{{}}
| Field | Description |
@@ -68,7 +68,7 @@ In order for your NGINXaaS deployment to access your key vault, it must have an
1. Under **System assigned**, ensure the status is set to "On".
{{< call-out "note" >}} When you create a deployment through the Azure portal, a system-assigned managed identity is automatically enabled for your deployment. {{< /call-out >}}
1. Under **System assigned**, select **Azure role assignments**.
-1. Select {{< fa "plus">}}**Add role assignment** and provide the following information:
+1. Select {{< icon "plus">}}**Add role assignment** and provide the following information:
{{}}
| Field | Description |
@@ -87,7 +87,7 @@ Now, you can add your SSL/TLS certificate from your key vault to your NGINXaaS d
1. Go to your NGINXaaS deployment.
1. Select **NGINX certificates** in the left menu.
-1. Select {{< fa "plus">}}**Add certificate** and provide the following information:
+1. Select {{< icon "plus">}}**Add certificate** and provide the following information:
{{}}
| Field | Description |
|---------------------------- | ---------------------------- |
@@ -166,7 +166,7 @@ If you want to disable public access to your key vault, you can configure a [Net
1. Follow [Azure's documentation on prerequisites](https://learn.microsoft.com/en-us/azure/private-link/create-network-security-perimeter-portal#prerequisites) to ensure you are registed to create an NSP.
1. In the Search box, enter **Network Security Perimeters** and select **Network Security Perimeters** from the search results.
-1. Select {{< fa "plus">}}**Create**.
+1. Select {{< icon "plus">}}**Create**.
1. In the **Basics** tab, provide the following information:
{{}}
| Field | Description |
@@ -177,9 +177,9 @@ If you want to disable public access to your key vault, you can configure a [Net
| Region | Select the region you want to deploy to. Refer to any [regional limitations](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts#regional-limitations) NSP has while in public preview. |
| Profile name | Leave the profile name as the default `defaultProfile`. |
{{ }}
-1. In the **Resources** tab, select {{< fa "plus">}}**Add**.
+1. In the **Resources** tab, select {{< icon "plus">}}**Add**.
1. Search for your key vault, `nginxaas-kv`, select it, and click **Select**.
-1. In the **Inbound access rules** tab, select {{< fa "plus">}}**Add** and provide the following information:
+1. In the **Inbound access rules** tab, select {{< icon "plus">}}**Add** and provide the following information:
{{}}
| Field | Description |
|---------------------------- | ---------------------------- |
diff --git a/content/nic/_index.md b/content/nic/_index.md
index 16e3d838e..d6187bf7a 100644
--- a/content/nic/_index.md
+++ b/content/nic/_index.md
@@ -26,16 +26,14 @@ It supports standard [Ingress]({{< ref "/nic/glossary.md#ingress">}}) features s
## Featured content
-{{}}
- {{}}
- {{}}
- Use Helm to deploy and configure a NGINX Ingress Controller cluster
- {{ }}
- {{}}
- Replace an Ingress-NGINX cluster with NGINX Ingress Controller
- {{ }}
- {{}}
- Review the changes from the latest NGINX Ingress Controller releases
- {{ }}
- {{ }}
-{{ }}
\ No newline at end of file
+{{}}
+ {{}}
+ Use Helm to deploy and configure a NGINX Ingress Controller cluster
+ {{ }}
+ {{}}
+ Replace an Ingress-NGINX cluster with NGINX Ingress Controller
+ {{ }}
+ {{}}
+ Review the changes from the latest NGINX Ingress Controller releases
+ {{ }}
+{{ }}
\ No newline at end of file
diff --git a/content/nic/configuration/global-configuration/configmap-resource.md b/content/nic/configuration/global-configuration/configmap-resource.md
index c83ac0e1e..d854bebc6 100644
--- a/content/nic/configuration/global-configuration/configmap-resource.md
+++ b/content/nic/configuration/global-configuration/configmap-resource.md
@@ -60,17 +60,12 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
### Ingress Controller (Unrelated to NGINX Configuration)
-{{}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*external-status-address* | Sets the address to be reported in the status of Ingress resources. Requires the *-report-status* command-line argument. Overrides the *-external-service* argument. | N/A | [Reporting resource status]({{< ref "/nic/configuration/global-configuration/reporting-resources-status" >}}) |
-{{ }}
-
----
### General customization
-{{}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* | |
@@ -103,13 +98,10 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
|*keepalive-requests* | Sets the value of the [keepalive_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) directive. | *1000* | |
|*variables-hash-bucket-size* | Sets the value of the [variables_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_bucket_size) directive. | *256* | |
|*variables-hash-max-size* | Sets the value of the [variables-hash-max-size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_max_size) directive. | *1024* | |
-{{ }}
----
### Logging
-{{}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*error-log-level* | Sets the global [error log level](https://nginx.org/en/docs/ngx_core_module.html#error_log) for NGINX. | *notice* | |
@@ -121,64 +113,46 @@ For more information, view the [VirtualServer and VirtualServerRoute resources](
|*log-format-escaping* | Sets the characters escaping for the variables of the log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | |
|*stream-log-format* | Sets the custom [log format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | See the [template file](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx.tmpl). | |
|*stream-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | |
-{{ }}
-
----
### Request URI/Header manipulation
-{{}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*proxy-hide-headers* | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: *"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A | |
-|*proxy-pass-headers* | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: *"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A | |
-{{ }}
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*proxy-hide-headers* | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: *"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A |
+|*proxy-pass-headers* | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: *"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A |
----
### Auth and SSL/TLS
-{{}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*redirect-to-https* | Sets the 301 redirect rule based on the value of the *http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* | |
-|*ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* | |
-|*hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/) : the HSTS header is added to the responses from backends. The *preload* directive is included in the header. | *False* | |
-|*hsts-max-age* | Sets the value of the *max-age* directive of the HSTS header. | *2592000* (1 month) | |
-|*hsts-include-subdomains* | Adds the *includeSubDomains* directive to the HSTS header. | *False* | |
-|*hsts-behind-proxy* | Enables HSTS based on the value of the *http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the *nginx.org/redirect-to-https* annotation. | *False* | |
-|*ssl-protocols* | Sets the value of the [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) directive. | *TLSv1 TLSv1.1 TLSv1.2* | |
-|*ssl-prefer-server-ciphers* | Enables or disables the [ssl_prefer_server_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers) directive. | *False* | |
-|*ssl-ciphers* | Sets the value of the [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) directive. | *HIGH:!aNULL:!MD5* | |
-|*ssl-dhparam-file* | Sets the content of the dhparam file. The controller will create the file and set the value of the [ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) directive with the path of the file. | N/A | |
-{{ }}
-
----
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*redirect-to-https* | Sets the 301 redirect rule based on the value of the *http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* |
+|*ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* |
+|*hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/) : the HSTS header is added to the responses from backends. The *preload* directive is included in the header. | *False* |
+|*hsts-max-age* | Sets the value of the *max-age* directive of the HSTS header. | *2592000* (1 month) |
+|*hsts-include-subdomains* | Adds the *includeSubDomains* directive to the HSTS header. | *False* |
+|*hsts-behind-proxy* | Enables HSTS based on the value of the *http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the *nginx.org/redirect-to-https* annotation. | *False* |
+|*ssl-protocols* | Sets the value of the [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) directive. | *TLSv1 TLSv1.1 TLSv1.2* |
+|*ssl-prefer-server-ciphers* | Enables or disables the [ssl_prefer_server_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers) directive. | *False* |
+|*ssl-ciphers* | Sets the value of the [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) directive. | *HIGH:!aNULL:!MD5* |
+|*ssl-dhparam-file* | Sets the content of the dhparam file. The controller will create the file and set the value of the [ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) directive with the path of the file. | N/A |
### Listeners
-{{}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*http2* | Enables HTTP/2 in servers with SSL enabled. | *False* | |
|*proxy-protocol* | Enables PROXY Protocol for incoming connections. | *False* | [Proxy Protocol](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/shared-examples/proxy-protocol). |
-{{ }}
-
----
### Backend services (Upstreams)
-{{}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify *"round_robin"*. | *"random two least_conn"* | |
-|*max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the *server* directive. | *1* | |
-|*upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256k* for NGINX, *512k* for NGINX Plus | |
-|*fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the *server* directive. | *10s* | |
-|*keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that *proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* | |
-{{ }}
-
----
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify *"round_robin"*. | *"random two least_conn"* |
+|*max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the *server* directive. | *1* |
+|*upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256k* for NGINX, *512k* for NGINX Plus |
+|*fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the *server* directive. | *10s* |
+|*keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that *proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* |
### Zone Sync
@@ -195,21 +169,17 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
{{< /call-out >}}
-{{}}
-|ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| --- |
-|*zone-sync* | Enables zone synchronization between NGINX Ingress Controller Pods. This autogenerates a [zone_sync_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) and a headless service using the `ReplicaSet` or `DaemonSet` name. Please note that this headless service will be automatically cleaned up when uninstalling via Helm or by removing the value from the ConfigMap. The headless service will need to be manually removed if the `controller.customConfigMap` value is set via Helm or the deployment is uninstalled via Manifests. Each Ingress Controller manages its own headless service. NGINX Plus Required. | *False* | |
-|*zone-sync-port* | Specifies the optional port on which NGINX Ingress Controller listens for zone sync traffic. NGINX Plus & `zone-sync` Required. | *12345* | |
-|*zone-sync-resolver-addresses* | Configures optional addresses used in the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync. This field takes a comma separated list of addresses. NGINX Plus & `zone-sync` Required | `kube-dns.kube-system.svc.cluster.local` | |
-|*zone-sync-resolver-ipv6* | Configures whether the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will look up IPv6 addresses. NGINX Plus & `zone-sync` Required | `true` | |
-|*zone-sync-resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will override the TTL value of responses from nameservers with. NGINX Plus & `zone-sync` Required | `5s` | |
-{{ }}
+|ConfigMap Key | Description | Default |
+| ---| ---| ---|
+|*zone-sync* | Enables zone synchronization between NGINX Ingress Controller Pods. This autogenerates a [zone_sync_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) and a headless service using the `ReplicaSet` or `DaemonSet` name. Please note that this headless service will be automatically cleaned up when uninstalling via Helm or by removing the value from the ConfigMap. The headless service will need to be manually removed if the `controller.customConfigMap` value is set via Helm or the deployment is uninstalled via Manifests. Each Ingress Controller manages its own headless service. NGINX Plus Required. | *False* |
+|*zone-sync-port* | Specifies the optional port on which NGINX Ingress Controller listens for zone sync traffic. NGINX Plus & `zone-sync` Required. | *12345* |
+|*zone-sync-resolver-addresses* | Configures optional addresses used in the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync. This field takes a comma separated list of addresses. NGINX Plus & `zone-sync` Required | `kube-dns.kube-system.svc.cluster.local` |
+|*zone-sync-resolver-ipv6* | Configures whether the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will look up IPv6 addresses. NGINX Plus & `zone-sync` Required | `true` |
+|*zone-sync-resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will override the TTL value of responses from nameservers with. NGINX Plus & `zone-sync` Required | `5s` |
----
### Snippets and custom templates
-{{}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*main-snippets* | Sets a custom snippet in main context. | N/A | |
@@ -221,13 +191,10 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
|*ingress-template* | Sets the NGINX configuration template for an Ingress resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}). |
|*virtualserver-template* | Sets the NGINX configuration template for an VirtualServer resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}). |
|*transportserver-template* | Sets the NGINX configuration template for a TransportServer resource. | By default the template is read from the file on the container. | [Custom Templates]({{< ref "/nic/configuration/global-configuration/custom-templates.md" >}}) |
-{{ }}
-
----
### Modules
-{{}}
+{{< table >}}
|ConfigMap Key | Description | Default | Example |
| ---| ---| ---| --- |
|*otel-exporter-endpoint* | OTLP/gRPC endpoint that will accept [OpenTelemetry](https://opentelemetry.io) data. Set `otel-trace-in-http` to *"true"* to enable OpenTelemetry at the global level. | N/A | *"https://otel-collector:4317"* |
@@ -247,4 +214,4 @@ If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplic
|*app-protect-dos-log-format* | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for Dos Access log traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | `, vs_name_al=$app_protect_dos_vs_name, ip=$remote_addr, tls_fp=$app_protect_dos_tls_fp, outcome=$app_protect_dos_outcome, reason=$app_protect_dos_outcome_reason, policy_name=$app_protect_dos_policy_name, dos_version=$app_protect_dos_version, ip_tls=$remote_addr:$app_protect_dos_tls_fp,` | |
|*app-protect-dos-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | |
|*app-protect-dos-arb-fqdn* | Sets the *app-protect-dos-arb-fqdn* [directive](/nginx-app-protect-dos/directives-and-policy/learn-about-directives-and-policy/#arbitrator-fqdn-directive-app_protect_dos_arb_fqdn). | *svc-appprotect-dos-arb* | |
-{{ }}
+{{< /table >}}
diff --git a/content/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/nic/configuration/global-configuration/globalconfiguration-resource.md
index 16fd90edc..e7ba17b59 100644
--- a/content/nic/configuration/global-configuration/globalconfiguration-resource.md
+++ b/content/nic/configuration/global-configuration/globalconfiguration-resource.md
@@ -13,14 +13,10 @@ The resource supports configuring listeners for TCP and UDP load balancing, and
Listeners are required by [TransportServer resources]({{< ref "/nic/configuration/transportserver-resource.md" >}}) and can be used to [configure custom listeners for VirtualServers]({{< ref "/nic/tutorials/virtual-server-with-custom-listener-ports.md" >}}).
----
-
## Prerequisites
When [installing NGINX Ingress Controller using Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}), you need to reference a GlobalConfiguration resource in the [`-global-configuration`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-global-configuration" >}}) command-line argument. NGINX Ingress Controller only needs one GlobalConfiguration resource.
----
-
## GlobalConfiguration specification
The GlobalConfiguration resource defines the global configuration parameters of the Ingress Controller. Below is an example:
@@ -48,11 +44,9 @@ spec:
ssl: true
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
| *listeners* | A list of listeners. | [listener](#listener) | No |
-{{ }}
### Listener
@@ -67,7 +61,6 @@ The `listeners:` key defines a listener (a combination of a protocol and a port)
protocol: HTTP
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
| *name* | The name of the listener. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``listener-123`` are valid. The name must be unique among all listeners. The name ``tls-passthrough`` is reserved for the built-in TLS Passthrough listener and cannot be used. | *string* | Yes |
@@ -77,10 +70,6 @@ The `listeners:` key defines a listener (a combination of a protocol and a port)
| *ipv4* | Specifies the IPv4 address to listen on. | *string* | No |
| *ipv6* | Specifies the IPv6 address to listen on. | *string* | No |
-{{ }}
-
----
-
## Using GlobalConfiguration
You can use the usual `kubectl` commands to work with a GlobalConfiguration resource.
diff --git a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
index f7eb66aea..7691152b7 100644
--- a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
+++ b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md
@@ -30,10 +30,9 @@ that make sense for your setup:
```
The [NGINX Management](https://nginx.org/en/docs/ngx_mgmt_module.html) block configuration will be updated.
----
+
## Management ConfigMap keys
-{{}}
|ConfigMap Key | Description | Default |
| ---| ---| ---|
|*license-token-secret-name* | Configures the secret used in the [license_token](https://nginx.org/en/docs/ngx_mgmt_module.html#license_token) directive. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.com/license` with the base64 encoded JWT in the `license.jwt` key. | N/A |
@@ -47,4 +46,3 @@ that make sense for your setup:
|*resolver-addresses* | Configures addresses used in the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive. This field takes a comma separated list of addresses. | N/A |
|*resolver-ipv6* | Configures whether the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will look up IPv6 addresses. | `true` |
|*resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will override the TTL value of responses from nameservers with. | N/A |
-{{ }}
diff --git a/content/nic/configuration/global-configuration/reporting-resources-status.md b/content/nic/configuration/global-configuration/reporting-resources-status.md
index 861ce432a..4da8b5123 100644
--- a/content/nic/configuration/global-configuration/reporting-resources-status.md
+++ b/content/nic/configuration/global-configuration/reporting-resources-status.md
@@ -80,32 +80,26 @@ Status:
The following fields are reported in both VirtualServer and VirtualServerRoute status:
-{{}}
|Field | Description | Type |
| ---| ---| --- |
|*State* | Current state of the resource. Can be ``Valid``, ``Warning`` an ``Invalid``. For more information, refer to the ``message`` field. | *string* |
|*Reason* | The reason of the last update. | *string* |
|*Message* | Additional information about the state. | *string* |
|*ExternalEndpoints* | A list of external endpoints for which the hosts of the resource are publicly accessible. | *[externalEndpoint](#externalendpoint)* |
-{{ }}
The *ReferencedBy* field is reported for the VirtualServerRoute status only:
-{{}}
|Field | Description | Type |
| ---| ---| --- |
| *ReferencedBy* | The VirtualServer that references this VirtualServerRoute. Format as ``namespace/name`` | *string* |
-{{ }}
### externalEndpoint
-{{}}
|Field | Description | Type |
| ---| ---| --- |
|``IP`` | The external IP address. | ``string`` |
|``Hostname`` | The external LoadBalancer Hostname address. | ``string`` |
|``Ports`` | A list of external ports. | ``string`` |
-{{ }}
NGINX Ingress Controller must be configured to report a VirtualServer or VirtualServerRoute status:
@@ -148,13 +142,11 @@ Status:
The following fields are reported in Policy status:
-{{}}
|Field | Description | Type |
| ---| ---| --- |
|``State`` | Current state of the resource. Can be ``Valid`` or ``Invalid``. For more information, refer to the ``message`` field. | ``string`` |
|``Reason`` | The reason of the last update. | ``string`` |
|``Message`` | Additional information about the state. | ``string`` |
-{{ }}
## TransportServer resources
@@ -186,10 +178,8 @@ Status:
The following fields are reported in TransportServer status:
-{{}}
|Field | Description | Type |
| ---| ---| --- |
| *State* | Current state of the resource. Can be ``Valid``, ``Warning`` or ``Invalid``. For more information, refer to the ``message`` field. | *string* |
| *Reason* | The reason of the last update. | *string* |
-| *Message* | Additional information about the state. | *string* |
-{{ }}
+| *Message* | Additional information about the state. | *string* |
\ No newline at end of file
diff --git a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
index d115a88d6..7bbdb4685 100644
--- a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
+++ b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -98,7 +98,7 @@ The table below summarizes the available annotations.
### General customization
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *nginx.org/proxy-connect-timeout* | *proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* | |
@@ -111,22 +111,23 @@ The table below summarizes the available annotations.
| *nginx.org/proxy-max-temp-file-size* | *proxy-max-temp-file-size* | Sets the value of the [proxy_max_temp_file_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) directive. | *1024m* | |
| *nginx.org/server-tokens* | *server-tokens* | Enables or disables the [server_tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. | *True* | |
| *nginx.org/path-regex* | N/A | Enables regular expression modifiers for Ingress path parameter. This translates to the NGINX [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive. You can specify one of these values: "case_sensitive", "case_insensitive", or "exact". The annotation is applied to the entire Ingress resource and its paths. While using Master and Minion Ingresses i.e. Mergeable Ingresses, this annotation can be specified on Minion types. The `path-regex` annotation specified on Master is ignored, and has no effect on paths defined on Minions. | N/A | [path-regex](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/path-regex) |
-{{ }}
+{{< /table >}}
+
### Request URI/Header Manipulation
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *nginx.org/proxy-hide-headers* | *proxy-hide-headers* | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A | |
| *nginx.org/proxy-pass-headers* | *proxy-pass-headers* | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A | |
| *nginx.org/rewrites* | N/A | Configures URI rewriting using [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive. | N/A | [rewrites](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/rewrites) |
|*nginx.org/proxy-set-headers* | N/A | Enables customization of proxy headers and values using the [proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive. Example: ``"nginx.org/proxy-set-headers": "header-a: valueA,header-b: valueB,header-c: valueC"`` | N/A | [Proxy Set Headers](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/proxy-set-headers). |
-{{ }}
+{{< /table >}}
### Auth and SSL/TLS
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *nginx.org/redirect-to-https* | *redirect-to-https* | Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of NGINX Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* | |
@@ -141,20 +142,18 @@ The table below summarizes the available annotations.
| *nginx.com/jwt-realm* | N/A | Specifies a realm. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
| *nginx.com/jwt-token* | N/A | Specifies a variable that contains a JSON Web Token. | By default, a JWT is expected in the ``Authorization* header as a Bearer Token. | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
| *nginx.com/jwt-login-url* | N/A | Specifies a URL to which a client is redirected in case of an invalid or missing JWT. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). |
-{{ }}
+{{< /table >}}
### Listeners
-{{}}
-|Annotation | ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| ---| --- |
-| *nginx.org/listen-ports* | N/A | Configures HTTP ports that NGINX will listen on. | *[80]* | |
-| *nginx.org/listen-ports-ssl* | N/A | Configures HTTPS ports that NGINX will listen on. | *[443]* | |
-{{ }}
+|Annotation | ConfigMap Key | Description | Default |
+| ---| ---| ---| ---|
+| *nginx.org/listen-ports* | N/A | Configures HTTP ports that NGINX will listen on. | *[80]* |
+| *nginx.org/listen-ports-ssl* | N/A | Configures HTTPS ports that NGINX will listen on. | *[443]* |
### Backend services (Upstreams)
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *nginx.org/lb-method* | *lb-method* | Sets the [load balancing method]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#choosing-a-load-balancing-method" >}}). To use the round-robin method, specify ``"round_robin"``. | *"random two least_conn"* | |
@@ -172,11 +171,11 @@ The table below summarizes the available annotations.
| *nginx.com/health-checks-mandatory-queue* | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | *0* | [health-checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks) |
| *nginx.com/slow-start* | N/A | Sets the upstream server [slow-start period]({{< ref "/nginx/admin-guide/load-balancer/http-load-balancer.md#server-slow-start" >}}). By default, slow-start is activated after a server becomes [available]({{< ref "/nginx/admin-guide/load-balancer/http-health-check.md#passive-health-checks" >}}) or [healthy]({{< ref "/nginx/admin-guide/load-balancer/http-health-check.md#active-health-checks" >}}). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks). | *"0s"* | |
| *nginx.org/use-cluster-ip* | N/A | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method* and ``next-upstream``) will have no effect, as NGINX Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP. | *False* | |
-{{ }}
+{{< /table >}}
### Rate limiting
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *nginx.org/limit-req-rate* | N/A | Enables request-rate-limiting for this ingress by creating a [limit_req_zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) and matching [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) for each location. All servers/locations of one ingress share the same zone. Must have unit r/s or r/m. | N/A | 200r/s |
@@ -189,22 +188,20 @@ The table below summarizes the available annotations.
| *nginx.org/limit-req-log-level* | N/A | Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Allowed values are info, notice, warn or error. | error | info |
| *nginx.org/limit-req-reject-code* | N/A | Sets the status code to return in response to rejected requests. Must fall into the range 400..599. | 429 | 503 |
| *nginx.org/limit-req-scale* | N/A | Enables a constant rate-limit by dividing the configured rate by the number of nginx-ingress pods currently serving traffic. This adjustment ensures that the rate-limit remains consistent, even as the number of nginx-pods fluctuates due to autoscaling. Note: This will not work properly if requests from a client are not evenly distributed accross all ingress pods (sticky sessions, long lived TCP-Connections with many requests etc.). In such cases using [zone-sync]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) instead would give better results. Enabling `zone-sync` will suppress this setting. | false | true |
-{{ }}
+{{< /table >}}
### Snippets and custom templates
-{{}}
-|Annotation | ConfigMap Key | Description | Default | Example |
-| ---| ---| ---| ---| --- |
-| *nginx.org/location-snippets* | *location-snippets* | Sets a custom snippet in location context. | N/A | |
-| *nginx.org/server-snippets* | *server-snippets* | Sets a custom snippet in server context. | N/A | |
-{{ }}
+|Annotation | ConfigMap Key | Description | Default |
+| ---| ---| ---| ---|
+| *nginx.org/location-snippets* | *location-snippets* | Sets a custom snippet in location context. | N/A |
+| *nginx.org/server-snippets* | *server-snippets* | Sets a custom snippet in server context. | N/A |
### App Protect WAF {#app-protect}
{{< call-out "note" >}} The App Protect annotations only work if the App Protect WAF module is [installed]({{< ref "/nic/installation/integrations/app-protect-waf/installation.md" >}}). {{< /call-out >}}
-{{}}
+{{< table >}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *appprotect.f5.com/app-protect-policy* | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable* is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
@@ -212,14 +209,12 @@ The table below summarizes the available annotations.
| *appprotect.f5.com/app-protect-security-log-enable* | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | *False* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
| *appprotect.f5.com/app-protect-security-log* | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma separated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
| *appprotect.f5.com/app-protect-security-log-destination* | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a comma-separated list. Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | *syslog:server=localhost:514* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) |
-{{ }}
+{{< /table >}}
### App Protect DoS
{{< call-out "note" >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< ref "/nic/installation/integrations/app-protect-dos/installation.md" >}}). {{< /call-out >}}
-{{}}
|Annotation | ConfigMap Key | Description | Default | Example |
| ---| ---| ---| ---| --- |
| *appprotectdos.f5.com/app-protect-dos-resource* | N/A | Enable App Protect DoS for the Ingress Resource by specifying a [DosProtectedResource]({{< ref "/nic/installation/integrations/app-protect-dos/dos-protected.md" >}}). | N/A | [app-protect-dos](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-dos) |
-{{ }}
diff --git a/content/nic/configuration/transportserver-resource.md b/content/nic/configuration/transportserver-resource.md
index 23f287c02..31516a66e 100644
--- a/content/nic/configuration/transportserver-resource.md
+++ b/content/nic/configuration/transportserver-resource.md
@@ -84,8 +84,8 @@ The TransportServer resource defines load balancing configuration for TCP, UDP,
pass: secure-app
```
-{{}}
-|Field | Description | Type | Required |
+{{< table >}}
+| Field | Description | Type | Required |
| ---| ---| ---| --- |
|``listener`` | The listener on NGINX that will accept incoming connections/datagrams. | [listener](#listener) | Yes |
|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. Wildcard domains like ``*.example.com`` are not allowed. When specified, NGINX will use this host for SNI-based routing. For TLS Passthrough, this field is required. For TCP with TLS termination, specifying the host enables SNI routing and requires specifying a TLS secret.| ``string`` | No |
@@ -96,7 +96,8 @@ The TransportServer resource defines load balancing configuration for TCP, UDP,
|``ingressClassName`` | Specifies which Ingress Controller must handle the TransportServer resource. | ``string`` | No |
|``streamSnippets`` | Sets a custom snippet in the ``stream`` context. | ``string`` | No |
|``serverSnippets`` | Sets a custom snippet in the ``server`` context. | ``string`` | No |
-{{ }}
+{{< /table >}}
+
\* -- Required for TLS Passthrough load balancing.
@@ -114,12 +115,10 @@ listener:
protocol: UDP
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the listener. | ``string`` | Yes |
|``protocol`` | The protocol of the listener. | ``string`` | Yes |
-{{ }}
### TLS
@@ -129,11 +128,9 @@ The tls field defines TLS configuration for a TransportServer. When using TLS te
secret: cafe-secret
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the TransportServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). | ``string`` | No |
-{{ }}
### Upstream
@@ -149,7 +146,7 @@ failTimeout: 30s
loadBalancingMethod: least_conn
```
-{{}}
+{{< table >}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes |
@@ -162,7 +159,7 @@ loadBalancingMethod: least_conn
|``loadBalancingMethod`` | The method used to load balance the upstream servers. By default, connections are distributed between the servers using a weighted round-robin balancing method. See the [upstream](http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream) section for available methods and their details. | ``string`` | No |
|``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No |
|``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No |
-{{ }}
+{{< /table >}}
### Upstream.Healthcheck
@@ -184,7 +181,6 @@ healthCheck:
{{< call-out "note" >}} This feature is only supported with NGINX Plus. {{< /call-out >}}
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -195,7 +191,6 @@ healthCheck:
|``passes`` | The number of consecutive passed health checks of a particular upstream server after which the server will be considered healthy. The default is ``1``. | ``integer`` | No |
|``port`` | The port used for health check requests. By default, the [server port is used](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check_port). Note: in contrast with the port of the upstream, this port is not a service port, but a port of a pod. | ``integer`` | No |
|``match`` | Controls the data to send and the response to expect for the healthcheck. | [match](#upstreamhealthcheckmatch) | No |
-{{ }}
### Upstream.Healthcheck.Match
@@ -211,12 +206,10 @@ Both `send` and `expect` fields can contain hexadecimal literals with the prefix
See the [match](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match) directive for details.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``send`` | A string to send to an upstream server. | ``string`` | No |
|``expect`` | A literal string or a regular expression that the data obtained from the server should match. The regular expression is specified with the preceding ``~*`` modifier (for case-insensitive matching), or the ``~`` modifier (for case-sensitive matching). NGINX Ingress Controller validates a regular expression using the RE2 syntax. | ``string`` | No |
-{{ }}
### UpstreamParameters
@@ -232,7 +225,6 @@ upstreamParameters:
nextUpstreamTries: 1
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``udpRequests`` | The number of datagrams, after receiving which, the next datagram from the same client starts a new session. See the [proxy_requests](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_requests) directive. The default is ``0``. | ``int`` | No |
@@ -241,7 +233,6 @@ upstreamParameters:
|``nextUpstream`` | If a connection to the proxied server cannot be established, determines whether a client connection will be passed to the next server. See the [proxy_next_upstream](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream) directive. The default is ``true``. | bool | No |
|``nextUpstreamTries`` | The number of tries for passing a connection to the next server. See the [proxy_next_upstream_tries](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries) directive. The default is ``0``. | ``int`` | No |
|``nextUpstreamTimeout`` | The time allowed to pass a connection to the next server. See the [proxy_next_upstream_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) directive. The default us ``0``. | ``string`` | No |
-{{ }}
### SessionParameters
@@ -252,11 +243,9 @@ sessionParameters:
timeout: 50s
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``timeout`` | The timeout between two successive read or write operations on client or proxied server connections. See [proxy_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) directive. The default is ``10m``. | ``string`` | No |
-{{ }}
### Action
@@ -269,11 +258,9 @@ action:
pass: dns-app
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``pass`` | Passes connections/datagrams to an upstream. The upstream with that name must be defined in the resource. | ``string`` | Yes |
-{{ }}
## Using TransportServer
diff --git a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
index 46802938e..3a0a782e4 100644
--- a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
+++ b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md
@@ -82,13 +82,11 @@ redirect:
enable: true
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). If the secret doesn't exist or is invalid, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer. If the secret is not specified but [wildcard TLS secret]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-wildcard-tls-secret" >}}) is configured, NGINX will use the wildcard secret for TLS termination. | ``string`` | No |
|``redirect`` | The redirect configuration of the TLS for a VirtualServer. | [tls.redirect](#virtualservertlsredirect) | No | ### VirtualServer.TLS.Redirect |
|``cert-manager`` | The cert-manager configuration of the TLS for a VirtualServer. | [tls.cert-manager](#virtualservertlscertmanager) | No | ### VirtualServer.TLS.CertManager |
-{{ }}
### VirtualServer.TLS.Redirect
@@ -100,13 +98,11 @@ code: 301
basedOn: scheme
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables a TLS redirect for a VirtualServer. The default is ``False``. | ``boolean`` | No |
|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No |
|``basedOn`` | The attribute of a request that NGINX will evaluate to send a redirect. The allowed values are ``scheme`` (the scheme of the request) or ``x-forwarded-proto`` (the ``X-Forwarded-Proto`` header of the request). The default is ``scheme``. | ``string`` | No | ### VirtualServer.Policy |
-{{ }}
### VirtualServer.TLS.CertManager
@@ -117,7 +113,6 @@ cert-manager:
cluster-issuer: "my-issuer-name"
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``issuer`` | the name of an Issuer. An Issuer is a cert-manager resource which describes the certificate authority capable of signing certificates. The Issuer must be in the same namespace as the VirtualServer resource. Please note that one of `issuer` and `cluster-issuer` are required, but they are mutually exclusive - one and only one must be defined. | ``string`` | No |
@@ -129,23 +124,21 @@ cert-manager:
|``renew-before`` | this annotation allows you to configure spec.renewBefore field for the Certificate to be generated. Must be specified using a [Go time.Duration](https://pkg.go.dev/time#ParseDuration) string format, which does not allow the d (days) suffix. You must specify these values using s, m, and h suffixes instead. | ``string`` | No |
|``usages`` | This field allows you to configure spec.usages field for the Certificate to be generated. Pass a string with comma-separated values i.e. ``key agreement,digital signature, server auth``. An exhaustive list of supported key usages can be found in the [the cert-manager api documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage). | ``string`` | No |
|``issue-temp-cert`` | When ``true``, ask cert-manager for a [temporary self-signed certificate](https://cert-manager.io/docs/usage/certificate/#temporary-certificates-while-issuing) pending the issuance of the Certificate. This allows HTTPS-only servers to use ACME HTTP01 challenges when the TLS secret does not exist yet. | ``boolean`` | No |
-{{ }}
### VirtualServer.Listener
The listener field defines a custom HTTP and/or HTTPS listener.
The respective listeners used must reference the name of a listener defined using a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource.
For example:
+
```yaml
http: http-8083
https: https-8443
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``http`` | The name of am HTTP listener defined in a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource. | ``string`` | No |
|``https`` | The name of an HTTPS listener defined in a [GlobalConfiguration]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}) resource. | ``string`` | No |
-{{ }}
### VirtualServer.ExternalDNS
@@ -155,7 +148,6 @@ The externalDNS field configures controlling DNS records dynamically for Virtual
enable: true
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables ExternalDNS integration for a VirtualServer resource. The default is ``false``. | ``string`` | No |
@@ -163,7 +155,6 @@ enable: true
|``providerSpecific`` | Configure provider specific properties which holds the name and value of a configuration which is specific to individual DNS providers. | [[]ProviderSpecific](#virtualserverexternaldnsproviderspecific) | No |
|``recordTTL`` | TTL for the DNS record. This defaults to 0 if not defined. See [the ExternalDNS TTL documentation for provider-specific defaults](https://kubernetes-sigs.github.io/external-dns/v0.14.2/ttl/#providers) | ``int64`` | No |
|``recordType`` | The record Type that should be created, e.g. "A", "AAAA", "CNAME". This is automatically computed based on the external endpoints if not defined. | ``string`` | No |
-{{ }}
### VirtualServer.ExternalDNS.ProviderSpecific
@@ -176,12 +167,10 @@ The providerSpecific field of the externalDNS block allows the specification of
value: my-value2
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the key value pair. | ``string`` | Yes |
|``value`` | The value of the key value pair. | ``string`` | Yes |
-{{ }}
### VirtualServer.Policy
@@ -191,12 +180,10 @@ The policy field references a [Policy resource]({{< ref "/nic/configuration/poli
name: access-control
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of a policy. If the policy doesn't exist or invalid, NGINX will respond with an error response with the `500` status code. | ``string`` | Yes |
|``namespace`` | The namespace of a policy. If not specified, the namespace of the VirtualServer resource is used. | ``string`` | No |
-{{ }}
### VirtualServer.Route
@@ -208,7 +195,7 @@ The route defines rules for matching client requests to actions like passing a r
pass: tea
```
-{{}}
+{{< table >}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``path`` | The path of the route. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix (must start with ``/`` ) or an exact match (must start with ``=`` ), the path must not include any whitespace characters, ``{`` , ``}`` or ``;``. In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all routes of the VirtualServer. Check the [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive for more information. | ``string`` | Yes |
@@ -220,7 +207,7 @@ The route defines rules for matching client requests to actions like passing a r
|``route`` | The name of a VirtualServerRoute resource that defines this route. If the VirtualServerRoute belongs to a different namespace than the VirtualServer, you need to include the namespace. For example, ``tea-namespace/tea``. | ``string`` | No |
|``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No |
|``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` ConfigMap key. | ``string`` | No |
-{{ }}
+{{< /table >}}
\* -- a route must include exactly one of the following: `action`, `splits`, or `route`.
@@ -280,14 +267,12 @@ spec:
Note that each subroute must have a `path` that starts with the same prefix (here `/coffee`), which is defined in the route of the VirtualServer. Additionally, the `host` in the VirtualServerRoute must be the same as the `host` of the VirtualServer.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes. Must be the same as the ``host`` of the VirtualServer that references this resource. | ``string`` | Yes |
|``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | No |
|``subroutes`` | A list of subroutes. | [[]subroute](#virtualserverroutesubroute) | No |
|``ingressClassName`` | Specifies which Ingress Controller must handle the VirtualServerRoute resource. Must be the same as the ``ingressClassName`` of the VirtualServer that references this resource. | ``string``_ | No |
-{{ }}
### VirtualServerRoute.Subroute
@@ -299,7 +284,7 @@ action:
pass: coffee
```
-{{}}
+{{< table >}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``path`` | The path of the subroute. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix, the path must start with the same path as the path of the route of the VirtualServer that references this resource. In the case of an exact or regex match, the path must be the same as the path of the route of the VirtualServer that references this resource. A matching path of the route of the VirtualServer but in different type is not accepted, e.g. a regex path (`~/match`) cannot be used with a prefix path in VirtualServer (`/match`) In the case of a prefix or an exact match, the path must not include any whitespace characters, ``{`` , ``}`` or ``;``. In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all subroutes of the VirtualServerRoute. | ``string`` | Yes |
@@ -310,7 +295,7 @@ action:
|``matches`` | The matching rules for advanced content-based routing. Requires the default ``action`` or ``splits``. Unmatched requests will be handled by the default ``action`` or ``splits``. | [matches](#match) | No |
|``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No |
|``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` of the VirtualServer (if set) or the ``location-snippets`` ConfigMap key. | ``string`` | No |
-{{ }}
+{{< /table >}}
\* -- a subroute must include exactly one of the following: `action` or `splits`.
@@ -344,7 +329,7 @@ tls:
**Note**: The WebSocket protocol is supported without any additional configuration.
-{{}}
+{{< table >}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes |
@@ -375,7 +360,7 @@ tls:
|``type`` |The type of the upstream. Supported values are ``http`` and ``grpc``. The default is ``http``. For gRPC, it is necessary to enable HTTP/2 in the [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#listeners" >}}) and configure TLS termination in the VirtualServer. | ``string`` | No |
|``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No |
|``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No |
-{{ }}
+{{< /table >}}
### Upstream.Buffers
@@ -388,20 +373,16 @@ size: 8K
See the [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directive for additional information.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``number`` | Configures the number of buffers. The default is set in the ``proxy-buffers`` ConfigMap key. | ``int`` | Yes |
|``size`` | Configures the size of a buffer. The default is set in the ``proxy-buffers`` ConfigMap key. | ``string`` | Yes |
-{{ }}
### Upstream.TLS
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables HTTPS for requests to upstream servers. The default is ``False`` , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an [EgressMTLS Policy]({{< ref "/nic/configuration/policy-resource/#egressmtls" >}}). | ``boolean`` | No |
-{{ }}
### Upstream.Queue
@@ -416,12 +397,10 @@ See [`queue`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue
Note: This feature is supported only in NGINX Plus.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``size`` | The size of the queue. | ``int`` | Yes |
|``timeout`` | The timeout of the queue. A request cannot be queued for a period longer than the timeout. The default is ``60s``. | ``string`` | No |
-{{ }}
### Upstream.Healthcheck
@@ -454,9 +433,8 @@ healthCheck:
keepalive-time: 60s
```
-Note: This feature is supported only in NGINX Plus.
+{{< call-out "note" >}} This feature is supported only in NGINX Plus. {{< /call-out >}}
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -477,7 +455,6 @@ Note: This feature is supported only in NGINX Plus.
|``mandatory`` | Require every newly added server to pass all configured health checks before NGINX Plus sends traffic to it. If this is not specified, or is set to false, the server will be initially considered healthy. When combined with [slow-start](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start), it gives a new server more time to connect to databases and “warm up” before being asked to handle their full share of traffic. | ``bool`` | No |
|``persistent`` | Set the initial “up” state for a server after reload if the server was considered healthy before reload. Enabling persistent requires that the mandatory parameter is also set to `true`. | ``bool`` | No |
|``keepalive-time`` | Enables [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections for health checks and specifies the time during which requests can be processed through one keepalive connection. The default is ``60s``. | ``string`` | No |
-{{ }}
### Upstream.SessionCookie
@@ -502,9 +479,8 @@ sessionCookie:
See the [`sticky`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html?#sticky) directive for additional information. The session cookie corresponds to the `sticky cookie` method.
-Note: This feature is supported only in NGINX Plus.
+{{< call-out "note" >}} This feature is supported only in NGINX Plus. {{< /call-out >}}
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``enable`` | Enables session persistence with a session cookie for an upstream server. The default is ``false``. | ``boolean`` | No |
@@ -515,7 +491,6 @@ Note: This feature is supported only in NGINX Plus.
|``httpOnly`` | Adds the ``HttpOnly`` attribute to the cookie. | ``boolean`` | No |
|``secure`` | Adds the ``Secure`` attribute to the cookie. | ``boolean`` | No |
|``samesite`` | Adds the ``SameSite`` attribute to the cookie. The allowed values are: ``strict``, ``lax``, ``none`` | ``string`` | No |
-{{ }}
### Header
@@ -526,12 +501,10 @@ name: Host
value: example.com
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the header. | ``string`` | Yes |
|``value`` | The value of the header. | ``string`` | No |
-{{ }}
### Action
@@ -545,14 +518,12 @@ In the example below, client requests are passed to an upstream `coffee`:
pass: coffee
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``pass`` | Passes requests to an upstream. The upstream with that name must be defined in the resource. | ``string`` | No |
|``redirect`` | Redirects requests to a provided URL. | [action.redirect](#actionredirect) | No |
|``return`` | Returns a preconfigured response. | [action.return](#actionreturn) | No |
|``proxy`` | Passes requests to an upstream with the ability to modify the request/response (for example, rewrite the URI or modify the headers). | [action.proxy](#actionproxy) | No |
-{{ }}
\* -- an action must include exactly one of the following: `pass`, `redirect`, `return` or `proxy`.
@@ -568,12 +539,10 @@ redirect:
code: 301
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` , ``$http_x_forwarded_proto`` , ``$request_uri`` , ``$host``. Variables must be enclosed in curly braces. For example: ``${host}${request_uri}``. | ``string`` | Yes |
|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No |
-{{ }}
### Action.Return
@@ -591,14 +560,12 @@ return:
value: espresso
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``code`` | The status code of the response. The allowed values are: ``2XX``, ``4XX`` or ``5XX``. The default is ``200``. | ``int`` | No |
|``type`` | The MIME type of the response. The default is ``text/plain``. | ``string`` | No |
|``body`` | The body of the response. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``Request is ${request_uri}\n``. | ``string`` | Yes |
|``headers`` | The custom headers of the response. | [[]Action.Return.Header](#actionreturnheader) | No |
-{{ }}
\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing` and `$connections_waiting`.
@@ -611,12 +578,10 @@ name: x-coffee
value: espresso
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the header. | ``string`` | Yes |
|``value`` | The value of the header. | ``string`` | Yes |
-{{ }}
### Action.Proxy
@@ -651,25 +616,21 @@ proxy:
rewritePath: /
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``upstream`` | The name of the upstream which the requests will be proxied to. The upstream with that name must be defined in the resource. | ``string`` | Yes |
|``requestHeaders`` | The request headers modifications. | [action.Proxy.RequestHeaders](#actionproxyrequestheaders) | No |
|``responseHeaders`` | The response headers modifications. | [action.Proxy.ResponseHeaders](#actionproxyresponseheaders) | No |
|``rewritePath`` | The rewritten URI. If the route path is a regular expression -- starts with `~` -- the `rewritePath` can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the [rewrite](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rewrites) example. | ``string`` | No |
-{{ }}
### Action.Proxy.RequestHeaders
The RequestHeaders field modifies the headers of the request to the proxied upstream server.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``pass`` | Passes the original request headers to the proxied upstream server. See the [proxy_pass_request_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_headers) directive for more information. Default is true. | ``bool`` | No |
|``set`` | Allows redefining or appending fields to present request headers passed to the proxied upstream servers. See the [proxy_set_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive for more information. | [[]header](#actionproxyrequestheaderssetheader) | No |
-{{ }}
### Action.Proxy.RequestHeaders.Set.Header
@@ -687,12 +648,10 @@ name: Host
value: example.com
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the header. | ``string`` | Yes |
|``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No |
-{{ }}
\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only).
@@ -700,14 +659,12 @@ value: example.com
The ResponseHeaders field modifies the headers of the response to the client.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``hide`` | The headers that will not be passed* in the response to the client from a proxied upstream server. See the [proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directive for more information. | ``[]string`` | No |
|``pass`` | Allows passing the hidden header fields* to the client from a proxied upstream server. See the [proxy_pass_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directive for more information. | ``[]string`` | No |
|``ignore`` | Disables processing of certain headers** to the client from a proxied upstream server. See the [proxy_ignore_headers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive for more information. | ``[]string`` | No |
|``add`` | Adds headers to the response to the client. | [[]addHeader](#addheader) | No |
-{{ }}
\* -- Default hidden headers are: `Date`, `Server`, `X-Pad` and `X-Accel-...`.
@@ -723,13 +680,11 @@ value: My-Value
always: true
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the header. | ``string`` | Yes |
|``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No |
|``always`` | If set to true, add the header regardless of the response status code**. Default is false. See the [add_header](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) directive for more information. | ``bool`` | No |
-{{ }}
\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only).
@@ -751,12 +706,10 @@ splits:
pass: coffee-v2
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``weight`` | The weight of an action. Must fall into the range ``0..100``. The sum of the weights of all splits must be equal to ``100``. | ``int`` | Yes |
|``action`` | The action to perform for a request. | [action](#action) | Yes |
-{{ }}
### Match
@@ -802,13 +755,11 @@ action:
pass: coffee
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``conditions`` | A list of conditions. Must include at least 1 condition. | [[]condition](#condition) | Yes |
|``action`` | The action to perform for a request. | [action](#action) | No |
|``splits`` | The splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No |
-{{ }}
{{< call-out "note" >}} A match must include exactly one of the following: `action` or `splits`. {{< /call-out >}}
@@ -816,7 +767,6 @@ action:
The condition defines a condition in a match.
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``header`` | The name of a header. Must consist of alphanumeric characters or ``-``. | ``string`` | No |
@@ -824,7 +774,6 @@ The condition defines a condition in a match.
|``argument`` | The name of an argument. Must consist of alphanumeric characters or ``_``. | ``string`` | No |
|``variable`` | The name of an NGINX variable. Must start with ``$``. See the list of the supported variables below the table. | ``string`` | No |
|``value`` | The value to match the condition against. How to define a value is shown below the table. | ``string`` | Yes |
-{{ }}
{{< call-out "note" >}} a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /call-out >}}
@@ -859,13 +808,11 @@ errorPages:
body: "Original resource not found, but success!"
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``codes`` | A list of error status codes. | ``[]int`` | Yes |
|``redirect`` | The redirect action for the given status codes. | [errorPage.Redirect](#errorpageredirect) | No |
|``return`` | The canned response action for the given status codes. | [errorPage.Return](#errorpagereturn) | No |
-{{ }}
{{< call-out "note" >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /call-out >}}
@@ -882,12 +829,10 @@ redirect:
url: ${scheme}://cafe.example.com/error.html
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No |
|``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` and ``$http_x_forwarded_proto``. Variables must be enclosed in curly braces. For example: ``${scheme}``. | ``string`` | Yes |
-{{ }}
### ErrorPage.Return
@@ -907,14 +852,12 @@ return:
value: ${upstream_status}
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``code`` | The status code of the response. The default is the status code of the original response. | ``int`` | No |
|``type`` | The MIME type of the response. The default is ``text/html``. | ``string`` | No |
|``body`` | The body of the response. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | Yes |
|``headers`` | The custom headers of the response. | [[]errorPage.Return.Header](#errorpagereturnheader) | No |
-{{ }}
### ErrorPage.Return.Header
@@ -925,12 +868,10 @@ name: x-debug-original-statuses
value: ${upstream_status}
```
-{{}}
|Field | Description | Type | Required |
| ---| ---| ---| --- |
|``name`` | The name of the header. | ``string`` | Yes |
|``value`` | The value of the header. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | No |
-{{ }}
## Using VirtualServer and VirtualServerRoute
diff --git a/content/nic/installation/build-nginx-ingress-controller.md b/content/nic/installation/build-nginx-ingress-controller.md
index b9c2b78ef..b278f03c5 100644
--- a/content/nic/installation/build-nginx-ingress-controller.md
+++ b/content/nic/installation/build-nginx-ingress-controller.md
@@ -139,8 +139,7 @@ This section provides comprehensive information on the targets and variables ava
Key targets include:
-{{}}
-|
{{< fa "brands fa-aws" >}} Uninstall NGINX Agent on Amazon Linux
+Uninstall NGINX Agent on Amazon Linux
### Uninstall NGINX Agent on Amazon Linux diff --git a/content/nginx-one/api/api-reference-guide.md b/content/nginx-one/api/api-reference-guide.md index d3034aa1e..77c9e4acc 100644 --- a/content/nginx-one/api/api-reference-guide.md +++ b/content/nginx-one/api/api-reference-guide.md @@ -9,6 +9,5 @@ tags: title: API reference guide toc: false weight: null +nd-api-reference: "./nginx-one/api/one.json" --- - -{{< openapi spec="./nginx-one/api/one.json" >}} diff --git a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md index dc58f5e57..794b727ce 100644 --- a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md +++ b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md @@ -58,10 +58,11 @@ Enter the name of the desired configuration file, such as `abc.conf` and select ### Existing SSL Certificate or CA Bundle {{< include "nginx-one/add-file/existing-ssl-bundle.md" >}} + With this option, you can incorporate [Managed certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}). ## See also - [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) - [Add an NGINX instance]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) -- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}) \ No newline at end of file +- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}) diff --git a/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md b/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md index 7d6d04cb5..bd4284fab 100644 --- a/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md +++ b/content/nginx-one/workshops/lab2/run-workshop-components-with-docker.md @@ -55,9 +55,9 @@ Make sure you have: This folder contains `compose.yaml` and `generate_certs.sh`. - {{- The first file created will be the root file by default. You can designate a different root file if you have more than a single configuration file in your deployment.
- The root file is designated with a {{< golden-star >}} icon on the portal.
- To protect a file, enable the **Protected** {{
}} toggle button. - You cannot access the file contents of a protected file saved to the NGINX configuration, but you can view its metadata, such as the SHA-256 hash of the file contents.
- You can provide new contents for an existing protected file using the **Overwrite** link or resubmit it without having to provide the file contents again.
- To modify the file path of a protected file or convert it to a regular file, delete the original file and create a new one.
- A protected file is designated with a {{
}} icon on the portal.
- To protect a file, enable the **Protected** {{
}} toggle button. - You cannot access the file contents of a protected file saved to the NGINX configuration, but you can view its metadata, such as the SHA-256 hash of the file contents.
- You can provide new contents for an existing protected file using the **Overwrite** link or resubmit it without having to provide the file contents again.
- To modify the file path of a protected file or convert it to a regular file, delete the original file and create a new one.
- A protected file is designated with a {{
}} icon on the portal.
Target | Description |
+| Target | Description |
|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| _build_ | Creates the NGINX Ingress Controller binary with your local Go environment. |
| _alpine-image_ | Builds an Alpine-based image with NGINX. |
@@ -158,38 +157,38 @@ Key targets include:
| _ubi-image-nap-plus_ | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF](/nginx-app-protect/) module for [OpenShift](https://www.openshift.com/) clusters. |
| _ubi-image-nap-v5-plus_ | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect WAF v5](/nginx-app-protect/) module for [OpenShift](https://www.openshift.com/) clusters. |
| _ubi-image-dos-plus_ | Builds a UBI-based image with NGINX Plus and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters. |
-| _ubi-image-nap-dos-plus_ |
Builds a UBI-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect/) and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters.
**Important**: Save your RHEL organization and activation keys in a file named _rhel_license_ at the project root.
For instance:
RHEL_ORGANIZATION=1111111| -{{}} +| _ubi-image-nap-dos-plus_ |
RHEL_ACTIVATION_KEY=your-key
Builds a UBI-based image with NGINX Plus, [NGINX App Protect WAF](/nginx-app-protect/) and the [NGINX App Protect DoS](/nginx-app-protect-dos/) module for [OpenShift](https://www.openshift.com/) clusters.|
----
+{{< call-out "important" >}}
+
+For RHEL, save your organization and activation keys in a file named _rhel_license_ at the project root. Ensure they are on separate lines, such as:
+
+- RHEL_ORGANIZATION=1111111
+- RHEL_ACTIVATION_KEY=your-key
+
+{{< /call-out >}}
### Additional useful targets {#other-makefile-targets}
A few other useful targets:
-{{ Determines the build environment. NGINX Ingress Controller compiles locally in a Golang environment by default. Ensure the NGINX Ingress Controller repo resides in your `$GOPATH` if you select this option. Alternatively, you can set `TARGET=container` to build using a Docker [Golang](https://hub.docker.com/_/golang/) container. To skip compiling the binary if you're on a specific tag or the latest `main` branch commit, set `TARGET=download`. {{ .Content }}Target | Description |
+| Target | Description |
|---------------------------------------|---------------|
| _push_ | Pushes the built image to the Docker registry. Configures with `PREFIX` and `TAG`. |
| _all_ | Runs `test`, `lint`, `verify-codegen`, `update-crds`, and `debian-image`. Stops and reports an error if any of these targets fail. |
| _test_ | Runs unit tests. |
-{{Variable | Description |
+| Variable | Description |
|-----------------------------------------|---------------|
| _ARCH_ | Defines the architecture for the image and binary. The default is `amd64`, but you can also use `arm64`. |
| _PREFIX_ | Gives the image its name. The default is `nginx/nginx-ingress`. |
| _TAG_ | Adds a tag to the image. This is often the version of NGINX Ingress Controller. |
| _DOCKER\_BUILD\_OPTIONS_ | Allows for additional [options](https://docs.docker.com/engine/reference/commandline/build/#options) during the `docker build` process, like `--pull`. |
| _TARGET_ |
{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{< /call-out>}}
----
-
## Push the image to your private registry
Once you've successfully built the NGINX Ingress Controller image with NGINX App Protect DoS, the next step is to upload it to your private Docker registry. This makes the image available for deployment to your Kubernetes cluster.
diff --git a/content/nic/installation/integrations/app-protect-waf-v5/installation.md b/content/nic/installation/integrations/app-protect-waf-v5/installation.md
index 207b8bc54..421dded1c 100644
--- a/content/nic/installation/integrations/app-protect-waf-v5/installation.md
+++ b/content/nic/installation/integrations/app-protect-waf-v5/installation.md
@@ -86,16 +86,13 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect WA
Create Docker image for NGINX Ingress Controller (Alpine with NGINX Plus, NGINX App Protect WAF v5 and FIPS)
-{{
{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) guide. {{< /call-out>}}
diff --git a/content/nic/installation/integrations/app-protect-waf/installation.md b/content/nic/installation/integrations/app-protect-waf/installation.md
index d149c3b1b..0da5bc500 100644
--- a/content/nic/installation/integrations/app-protect-waf/installation.md
+++ b/content/nic/installation/integrations/app-protect-waf/installation.md
@@ -68,16 +68,12 @@ Follow these steps to build the NGINX Controller Image with NGINX App Protect WA
### Makefile targets {#makefile-targets}
-{{
{{< call-out "note" >}} For the complete list of _Makefile_ targets and customizable variables, see the [Build NGINX Ingress Controller]({{< ref "/nic/installation/build-nginx-ingress-controller.md#makefile-details" >}}) topic. {{< /call-out>}}
diff --git a/content/nic/overview/design.md b/content/nic/overview/design.md
index 14378f629..f481e6f21 100644
--- a/content/nic/overview/design.md
+++ b/content/nic/overview/design.md
@@ -52,7 +52,7 @@ The following is an architectural diagram depicting how those processes interact
This table describes each connection, starting with its type:
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
+{{< table >}}
| # | Protocols | Description |
| --- | --- | --- |
|1|HTTP| _Prometheus_ fetches NGINX Ingress Controller and NGINX metrics with an NGINX Ingress Controller HTTP endpoint (Default `:9113/metrics`). **Note**: *Prometheus* is not required and the endpoint can be turned off. |
@@ -76,7 +76,7 @@ This table describes each connection, starting with its type:
|19|HTTP,HTTPS,TCP,UDP| A _client_ sends traffic to and receives traffic from any of the _NGINX workers_ on ports 80 and 443 and any additional ports exposed by the [GlobalConfiguration resource]({{< ref "/nic//configuration/global-configuration/globalconfiguration-resource.md" >}}).
|20|HTTP,HTTPS,TCP,UDP| An _NGINX worker_ sends traffic to and receives traffic from the _backends_.
|21|HTTP| _Admin_ can connect to the [NGINX stub_status](http://nginx.org/en/docs/http/ngx_http_stub_status_module.html#stub_status) using port 8080 via an _NGINX worker_. By default, NGINX only allows connections from `localhost`.
-{{% /bootstrap-table %}}
+{{< /table >}}
### Differences with NGINX Plus
diff --git a/content/nic/technical-specifications.md b/content/nic/technical-specifications.md
index b493ac7e3..869a87b3c 100644
--- a/content/nic/technical-specifications.md
+++ b/content/nic/technical-specifications.md
@@ -9,14 +9,12 @@ nd-docs: DOCS-617
This page describes technical specifications for F5 NGINX Ingress Controller, such as its version compatibility with Kubernetes and other NGINX software.
----
-
## Supported NGINX Ingress Controller versions
We recommend using the latest release of NGINX Ingress Controller. We provide software updates for the most recent release. We provide technical support for F5 customers who are using the most recent version of NGINX Ingress Controller, and any version released within two years of the current release.
We test NGINX Ingress Controller on a range of Kubernetes platforms for each release, and list them in the [release notes]({{< ref "/nic/releases.md" >}}). We provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider, and that passes the [Kubernetes conformance tests](https://www.cncf.io/certification/software-conformance/).
-{{< bootstrap-table "table table-bordered table-striped table-responsive" >}}
+{{< table >}}
| NIC version | Kubernetes versions tested | NIC Helm Chart version | NIC Operator version | NGINX / NGINX Plus version | End of Technical Support |
| --- | --- | --- | --- | --- | --- |
| {{< nic-version >}} | 1.25 - 1.33 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.29.1 / R35 | - |
@@ -28,9 +26,7 @@ We test NGINX Ingress Controller on a range of Kubernetes platforms for each rel
| 3.4.3 | 1.23 - 1.29 | 1.1.3 | 2.1.2 | 1.25.4 / R31 P1 | Feb 19, 2026 |
| 3.3.2 | 1.22 - 1.28 | 1.0.2 | 2.0.2 | 1.25.3 / R30 | Nov 1, 2025 |
| 3.2.1 | 1.22 - 1.27 | 0.18.1 | 1.5.1 | 1.25.2 / R30 | Aug 18, 2025 |
-{{% /bootstrap-table %}}
-
----
+{{< /table >}}
## Supported Docker images
@@ -44,13 +40,11 @@ From release `v5.1.0` onwards, NGINX Ingress Controller will no longer provide b
_All images include NGINX 1.29.1._
-{{< bootstrap-table "table table-bordered table-responsive" >}}
|Name | Base image | DockerHub image | Architectures |
| ---| --- | --- | --- |
|Alpine-based image | ``nginx:1.29.1-alpine``,
based on on ``alpine:3.22`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64
amd64 |
|Debian-based image | ``nginx:1.29.1``,
based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64
amd64 |
|Ubi-based image | ``redhat/ubi9-minimal`` | ``nginx/nginx-ingress:{{< nic-version >}}-ubi`` | arm64
amd64 |
-{{% /bootstrap-table %}}
---
@@ -64,7 +58,7 @@ _NGINX Plus images include NGINX Plus R35_
NGINX Plus images are available through the F5 Container registry `private-registry.nginx.com`, explained in the [Download NGINX Ingress Controller from the F5 Registry]({{< ref "/nic/installation/nic-images/registry-download.md" >}}) and [Add an NGINX Ingress Controller image to your cluster]({{< ref "/nic/installation/nic-images/add-image-to-cluster.md" >}}) topics.
-{{< bootstrap-table "table table-striped table-bordered table-responsive" >}}
+{{< table >}}
|Name | Base image | Additional modules | F5 Container Registry Image | Architectures |
| ---| ---| --- | --- | --- |
|Alpine-based image | ``alpine:3.22`` | NJS (NGINX JavaScript)
OpenTelemetry | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine` | arm64
amd64 |
@@ -81,9 +75,7 @@ NGINX Plus images are available through the F5 Container registry `private-regis
|Ubi-based image with NGINX App Protect WAF v5 | ``redhat/ubi9`` | NGINX App Protect WAF v5
NJS (NGINX JavaScript)
OpenTelemetry | `nginx-ic-nap-v5/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
|Ubi-based image with NGINX App Protect DoS | ``redhat/ubi8`` | NGINX App Protect DoS
NJS (NGINX JavaScript)
OpenTelemetry | `nginx-ic-dos/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
|Ubi-based image with NGINX App Protect WAF and DoS | ``redhat/ubi8`` | NGINX App Protect WAF and DoS
NJS (NGINX JavaScript)
OpenTelemetry | `nginx-ic-nap-dos/nginx-plus-ingress:{{< nic-version >}}-ubi` | amd64 |
-{{% /bootstrap-table %}}
-
----
+{{< /table >}}
### Custom images
@@ -92,8 +84,6 @@ You can customize an existing Dockerfile or use it as a reference to create a ne
- Choosing a different base image.
- Installing additional NGINX modules.
----
-
## Supported Helm versions
NGINX Ingress Controller can be [installed]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) using Helm 3.0 or later.
diff --git a/content/nim/_index.md b/content/nim/_index.md
index c46d14a2e..9bf0baf8e 100644
--- a/content/nim/_index.md
+++ b/content/nim/_index.md
@@ -21,9 +21,8 @@ NGINX Instance Manager is part of NGINX One, which includes [NGINX One component
[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid."
[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature."
-{{
-1. {{
-1. {{
Security Monitoring | Analytics
Security Monitoring | `READ`
`READ` | Gives read-only access to Security Monitoring dashboards. Users cannot access NGINX Instance Manager or Settings. |
- | Instance Manager
Security Monitoring
Settings | Analytics
Security Monitoring
User Management | `READ`
`READ`
`CREATE`, `READ`, `UPDATE` | Lets users view dashboards and manage accounts and roles.
{{< fa "lightbulb" >}} Best for "super-users" who manage dashboard access. Does not allow deleting accounts. |
+ | Instance Manager
Security Monitoring
Settings | Analytics
Security Monitoring
User Management | `READ`
`READ`
`CREATE`, `READ`, `UPDATE` | Lets users view dashboards and manage accounts and roles.
{{< icon "lightbulb" >}} Best for "super-users" who manage dashboard access. Does not allow deleting accounts. |
{{}}
@@ -62,4 +62,4 @@ Assign the Security Monitoring role to users or groups.
### Assign the role to user groups
-{{< include "nim/rbac/assign-roles-to-user-groups.md" >}}
\ No newline at end of file
+{{< include "nim/rbac/assign-roles-to-user-groups.md" >}}
diff --git a/content/nim/system-configuration/configure-forward-proxy.md b/content/nim/system-configuration/configure-forward-proxy.md
index f45e47e06..54145a071 100644
--- a/content/nim/system-configuration/configure-forward-proxy.md
+++ b/content/nim/system-configuration/configure-forward-proxy.md
@@ -127,7 +127,7 @@ kubectl edit cm nms-conf -n
ca.cnf
- {{
Example Dockerfile
- {{< fa "download" >}} {{< link "/acm/containers/devportal/Dockerfile" "Download example Dockerfile" >}}
+ {{< icon "download" >}} {{< link "/acm/containers/devportal/Dockerfile" "Download example Dockerfile" >}}
```Dockerfile
FROM ubuntu:focal
@@ -193,7 +193,7 @@ Create a Dockerfile similar to the following example:
Example entrypoint.sh
- {{< fa "download" >}} {{< link "/acm/containers/devportal/entrypoint.sh" "Download example entrypoint.sh file" >}}
+ {{< icon "download" >}} {{< link "/acm/containers/devportal/entrypoint.sh" "Download example entrypoint.sh file" >}}
```bash
#!/bin/bash
@@ -451,4 +451,3 @@ This configuration is recommended for proof of concept installations and not for
### Deploy Developer Portal using TLS for the backend API service
{{< include "installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md" >}}
-
diff --git a/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md b/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
index 1573dfb7f..da52cc892 100644
--- a/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
+++ b/content/nms/acm/how-to/devportals/installation/install-devportal-offline.md
@@ -34,7 +34,7 @@ To install NGINX Plus and njs, take the following steps on the Developer Portal
3. Select the following link to download the `fetch-external-acm-dataplane-dependencies.sh` script. This script downloads the necessary NGINX Plus and njs packages to a `tar.gz` archive.
- {{
-
-
+
{{ .Content }}
@@ -14,4 +11,3 @@
{{end }}
{{ end }}
-
diff --git a/layouts/index.html b/layouts/index.html
index 82f77f04d..303e1dfad 100644
--- a/layouts/index.html
+++ b/layouts/index.html
@@ -1,420 +1,3 @@
{{ define "main" }}
-
-
-
-{{/* mf homepage */}}
-
-
-
-
-
-
- {{ if eq .Title "NGINX Product Documentation" }}
-
-
-NGINX Product Documentation
- {{ end}} {{ if .Description }}
- {{ .Description | markdownify }}
- {{ end}} {{ if .Content }}
-
-
-
-
-
-NGINX One
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-NGINX App Protect
-
-
-
-
-
-
-
-
-NGINX as a Service
-
-
-
-
-
-
-
-
-
- More NGINX Products
-
-
-
-{{ end }}
+{{ partial "homepage.html" . }}
+{{end}}
diff --git a/layouts/shortcodes/catalogs-dimensions.html b/layouts/shortcodes/catalogs-dimensions.html
index 1b38e46f4..2b88e9701 100644
--- a/layouts/shortcodes/catalogs-dimensions.html
+++ b/layouts/shortcodes/catalogs-dimensions.html
@@ -1,13 +1,12 @@
{{/* This shortcode **requires** that the document uses the _default/catalogs.html layout */}}
-
-
-
-
- NGINX Product Documentation
-
-
-
- NGINX One
-
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX One Console
-
-
- Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console.
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Plus
-
-
- The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Instance Manager
-
-
- Track and control NGINX Open Source and NGINX Plus instances.
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Ingress Controller
-
-
- Kubernetes traffic management with API gateway, identity, and observability features
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Gateway Fabric
-
-
- Next generation Kubernetes connectivity using the Gateway API.
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Open Source
-
-
- The open source all-in-one load balancer, content cache, and web server
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Agent
-
-
- A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances
-
-
-
-
-
-
-
-
-
- 
-
- Subscription Licensing & Solutions
-
-
- Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs.
-
-
-
-
-
- NGINX App Protect
-
-
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX App Protect WAF
-
-
- Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs
-
-
-
-
-
-
-
-
- 
-
- NGINX App Protect DoS
-
-
- Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs
-
-
-
-
-
-
- NGINX as a Service
-
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX as a Service for Azure
-
-
- Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack
-
-
-
-
-
- More NGINX Products
-
-
-
-
-
-
-
-
-
-
- 
-
- NGINX Unit
-
-
- Dynamic app server that can run beside NGINX, NGINX Plus, or on its own
-
-