Merge branch 'main' into main

Author: mjang

content/ngf/overview/custom-policies.md

@@ -17,10 +17,11 @@ The following table summarizes NGINX Gateway Fabric custom policies:
 
 {{< bootstrap-table "table table-striped table-bordered" >}}
 
-| Policy                                                                                | Description                                             | Attachment Type | Supported Target Object(s)    | Supports Multiple Target Refs | Mergeable | API Version |
-|---------------------------------------------------------------------------------------|---------------------------------------------------------|-----------------|-------------------------------|-------------------------------|-----------|-------------|
-| [ClientSettingsPolicy]({{< ref "/ngf/how-to/traffic-management/client-settings.md" >}}) | Configure connection behavior between client and NGINX  | Inherited       | Gateway, HTTPRoute, GRPCRoute | No                            | Yes       | v1alpha1    |
-| [ObservabilityPolicy]({{< ref "/ngf/how-to/monitoring/tracing.md" >}})                  | Define settings related to tracing, metrics, or logging | Direct          | HTTPRoute, GRPCRoute          | Yes                           | No        | v1alpha1    |
+| Policy                                                                                      | Description                                             | Attachment Type | Supported Target Object(s)    | Supports Multiple Target Refs | Mergeable | API Version |
+|---------------------------------------------------------------------------------------------|---------------------------------------------------------|-----------------|-------------------------------|-------------------------------|-----------|-------------|
+| [ClientSettingsPolicy]({{< ref "/ngf/how-to/traffic-management/client-settings.md" >}})     | Configure connection behavior between client and NGINX  | Inherited       | Gateway, HTTPRoute, GRPCRoute | No                            | Yes       | v1alpha1    |
+| [ObservabilityPolicy]({{< ref "/ngf/how-to/monitoring/tracing.md" >}})                      | Define settings related to tracing, metrics, or logging | Direct          | HTTPRoute, GRPCRoute          | Yes                           | No        | v1alpha2    |
+| [UpstreamSettingsPolicy]({{< ref "/ngf/how-to/traffic-management/upstream-settings.md" >}}) | Configure connection behavior between NGINX and backend | Direct          | Service                       | Yes                           | Yes       | v1alpha1    |
 
 {{< /bootstrap-table >}}
 

content/ngf/overview/product-telemetry.md

@@ -32,7 +32,8 @@ Telemetry data is collected once every 24 hours and sent to a service managed by
 - **Image Build Source:** whether the image was built by GitHub or locally (values are `gha`, `local`, or `unknown`). The source repository of the images is **not** collected.
 - **Deployment Flags:** a list of NGINX Gateway Fabric Deployment flags that are specified by a user. The actual values of non-boolean flags are **not** collected; we only record that they are either `true` or `false` for boolean flags and `default` or `user-defined` for the rest.
 - **Count of Resources:** the total count of resources related to NGINX Gateway Fabric. This includes `GatewayClasses`, `Gateways`, `HTTPRoutes`,`GRPCRoutes`, `TLSRoutes`, `Secrets`, `Services`, `BackendTLSPolicies`, `ClientSettingsPolicies`, `NginxProxies`, `ObservabilityPolicies`, `UpstreamSettingsPolicies`, `SnippetsFilters`, and `Endpoints`. The data within these resources is **not** collected.
-- **SnippetsFilters Info**a list of directive-context strings from applied SnippetFilters and a total count per strings. The actual value of any NGINX directive is **not** collected.
+- **SnippetsFilters Info:** a list of directive-context strings from applied SnippetFilters and a total count per strings. The actual value of any NGINX directive is **not** collected.
+
 This data is used to identify the following information:
 
 - The flavors of Kubernetes environments that are most popular among our users.

content/nginxaas-azure/app-protect/_index.md

@@ -1,5 +1,5 @@
 ---
-title: NGINX App Protect WAF (Preview)
+title: NGINX App Protect WAF
 weight: 200
 url: /nginxaas/azure/app-protect/
 ---

content/nginxaas-azure/app-protect/configure-waf.md

@@ -101,7 +101,30 @@ The following table shows the path to the precompiled policy file that needs to
 
 To view the contents of the available security policies, navigate to the azure portal and select the **Security Policies** tab in the App Protect section.
 
-{{<note>}}Custom policies are not supported at this time.{{</note>}}
+## Custom policies
+
+NGINXaas for Azure also supports custom security policies. You can create and modify custom security policies to deploy to NGINX App Protect Instances using the API or Azure Portal.
+
+### Manage custom policies
+
+To create a custom security policy in the Azure Portal:
+
+1. Select your deployment
+2. Select **NGINX app protect WAF** from the menu on the left
+3. Select **Custom Policies**
+4. Select **Add Custom Security Policy** to open the policy editor
+
+In the policy editor, enter the **Name**, **File path**, your policy content, and then select **Save**. The **File path** is optional and will default to the path "/etc/app_protect/conf/" plus the policy **Name** with a ".json" extension. After your policy has been saved, you can then reference it in your NGINX configuration. For more information on policy configuration and syntax, refer to the NGINX App Protect [configuration guide](https://docs.nginx.com/nginx-app-protect-waf/v5/configuration-guide/configuration/).
+
+{{<note>}}The **name** field within the security policy must be unique among the policies referenced in your NGINX configuration.{{</note>}}
+
+{{<warning>}}Referencing both custom and precompiled policies in your NGINX configuration is not supported at this time. 
+As a workaround, make a copy of the default policy you want to use, then add it as a custom policy with a different name.
+{{</warning>}}
+
+The **Custom Policies** tab shows the status of your custom policies (Compilation and Application Status). Custom policies are automatically compiled when created or modified. Policies that are applied to the NGINX configuration cannot be deleted until they are first removed from the configuration. 
+
+It is highly recommended to use logging to monitor the performance of NGINX App Protect WAF and to help diagnose problems. See [Enable App Protect WAF Logs]({{< ref "/nginxaas-azure/app-protect/enable-logging.md" >}}) for directions to configure security and operational logs.
 
 ## What's next
 

content/nginxaas-azure/app-protect/enable-waf.md

@@ -14,7 +14,8 @@ This guide explains how to enable F5 NGINX App Protect WAF on a F5 NGINX as a Se
 ## Before you start
 - NGINX App Protect WAF can only be enabled on NGINXaaS for Azure deployments with the **Standard v2** [plan]({{< ref "/nginxaas-azure/billing/overview.md" >}})
 
-## Enable NGINX App Protect (Preview)
+## Enable NGINX App Protect
+
 NGINX App Protect is disabled by default and needs to be explicitly enabled on an NGINXaaS deployment. Follow these steps:
 
 ### Using the Microsoft Azure Portal

content/nginxaas-azure/changelog.md

@@ -13,6 +13,14 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi
 
 To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/changelog-archive" >}}) section.
 
+## April 22, 2025
+
+### What's New
+
+- {{% icon-feature %}} **NGINX App Protect WAF is now generally available**
+
+NGINX App Protect WAF is now generally available and is no longer a preview feature and will therefore be billed as specified in the [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/f5-networks.f5-nginx-for-azure?tab=PlansAndPrice)
+
 ## April 16, 2025
 
 - {{% icon-feature %}} **Notification on update to deployments using the Stable Upgrade Channel**
@@ -24,7 +32,6 @@ To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/
 
    If you have any questions or concerns, please [contact us]({{< ref "/nginxaas-azure/troubleshooting/troubleshooting.md" >}}).
 
-
 ## March 31, 2025
 
 ### What's New

content/nginxaas-azure/known-issues.md

@@ -9,6 +9,12 @@ url: /nginxaas/azure/known-issues/
 
 List of known issues in the latest release of F5 NGINX as a Service for Azure (NGINXaaS).
 
+### {{% icon-bug %}} Custom and precompiled security policies cannot both be referenced in an NGINX configuration 
+
+When using NGINX App Protect WAF, you can only reference default or custom security policies in your NGINX configuration, not both.
+
+**Workaround**: Make a copy of the default policy you want to use, then add it as a custom policy with a different name.  
+
 ### {{% icon-bug %}} Terraform fails to apply due to validation errors, but creates "Failed" resources in Azure (ID-4424)
 
 Some validation errors are caught later in the creation process, and can leave behind "Failed" resources in Azure. An example initial failure might look like:

content/nginxaas-azure/troubleshooting/troubleshooting.md

@@ -38,6 +38,11 @@ To contact support about F5 NGINX as a Service for Azure (NGINXaaS):
 - Date and time of the issue
 - Resource ID
 
+If your deployment is configured to use NGINX App Protect WAF, please collect the following information also:
+
+- Package versions from the NGINX App Protect WAF page
+- Security policies in-use and the content of all custom security policies
+
 {{< img src="nginxaas-azure/properties.png" alt="Screenshot of the Azure portal showing the Properties section" >}}
 
 8. Complete the **Additional information** and **Contact details** sections of your case and select **Submit**.

content/nim/nginx-app-protect/setup-waf-config-management.md

@@ -301,7 +301,7 @@ Follow these steps to get and upload the certificate and key:
 4. Create a JSON file that includes the contents of both files. Replace newlines (`\n`) in each file with literal `\n` characters so the certificate and key can be formatted correctly inside the JSON.
 
    <details open>
-   <summary>Example resquest</summary>
+   <summary>Example request</summary>
 
    ```json
     {

go.mod

@@ -2,4 +2,4 @@ module github.com/nginxinc/docs
 
 go 1.19
 
-require github.com/nginxinc/nginx-hugo-theme v0.42.1 // indirect
+require github.com/nginxinc/nginx-hugo-theme v0.42.28 // indirect

go.sum

@@ -1,2 +1,6 @@
 github.com/nginxinc/nginx-hugo-theme v0.42.1 h1:SYj7R7fKPYwtbQobTcJWy/ZWQxa5tlHCSJfU2dxYXxY=
 github.com/nginxinc/nginx-hugo-theme v0.42.1/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
+github.com/nginxinc/nginx-hugo-theme v0.42.27 h1:D80Sf/o9lR4P0NDFfP/hCQllohz6C5qlJ4nGNfdfnqM=
+github.com/nginxinc/nginx-hugo-theme v0.42.27/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
+github.com/nginxinc/nginx-hugo-theme v0.42.28 h1:1SGzBADcXnSqP4rOKEhlfEUloopH6UvMg+XTyVVQyjU=
+github.com/nginxinc/nginx-hugo-theme v0.42.28/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=

layouts/index.html

@@ -1,4 +1,5 @@
 {{ define "main" }}
+<div data-mf="false">
 <div class="page col-md-12 col-xl-12 pl-md-5" id="site-home">
 
     <div class="justify-content-left" style="margin-left: 1.5em;">
@@ -191,5 +192,235 @@ <h3 class="saas-title">NGINX Unit</h3>
        </div>
     </section>
  </div>
+</div>
+
+{{/*  mf homepage  */}}
+
+<div class="homepage" data-mf="true">
+    <div class="homepage-section">
+        <div class="homepage-heading">
+            NGINX Product Documentation
+        </div>
+        <div class="homepage-banner-text">
+            Learn how to deliver, manage, and protect your applications using F5 NGINX products.
+        </div>
+        <h1 class="homepage-heading">
+            NGINX One
+        </h1>
+        <a href="{{ .Site.BaseURL }}nginx-one" alt="NGINX One Console">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-One-product-icon.png">
+                </div>
+                <h1 class="homepage-item-text">
+                  NGINX One Console
+                </h1>
+              </div>
+              <div class="homepage-item-content">
+                Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console.
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx" alt="NGINX Plus">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Plus-product-icon-RGB.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Plus
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway.
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx-instance-manager" alt="NGINX Instance Manager">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Instance-Manager-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Instance Manager
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Track and control NGINX Open Source and NGINX Plus instances.
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx-ingress-controller" alt="NGINX Ingress Controller">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Ingress-Controller-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Ingress Controller
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Kubernetes traffic management with API gateway, identity, and observability features
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx-gateway-fabric" alt="NGINX Gateway Fabric">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-Gateway-Fabric-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Gateway Fabric
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Next generation Kubernetes connectivity using the Gateway API.
+              </div>
+            </div>
+          </a>
+
+          <a href="https://nginx.org/en/docs/" alt="NGINX Open Source">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Open Source
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                The open source all-in-one load balancer, content cache, and web server
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx-agent" alt="NGINX Agent">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX Agent
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}solutions" alt="NGINX Solutions">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  Subscription Licensing & Solutions
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs.
+              </div>
+            </div>
+          </a>
+
+    </div>
+
+    <div class="homepage-section">
+        <div class="homepage-heading">
+            NGINX App Protect
+        </div>
+
+        <a href="{{ .Site.BaseURL }}nginx-app-protect-waf" class="products-card" alt="NGINX App Protect WAF">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-WAF-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX App Protect WAF
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs
+              </div>
+            </div>
+          </a>
+
+          <a href="{{ .Site.BaseURL }}nginx-app-protect-dos" class="products-card" alt="NGINX App Protect DoS">
+            <div class="homepage-item">
+              <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                  <img src="{{ .Site.BaseURL }}/images/icons/NGINX-App-Protect-DoS-product-icon.png">
+                </div>
+                <div class="homepage-item-text">
+                  NGINX App Protect DoS
+                </div>
+              </div>
+              <div class="homepage-item-content">
+                Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs
+              </div>
+            </div>
+          </a>
+    </div>
+
+    <div class="homepage-section">
+        <div class="homepage-heading">
+            NGINX as a Service
+        </div>
+
+        <a  href="{{ .Site.BaseURL }}nginxaas/azure" alt="NGINX as a Service for Azure">
+        <div class="homepage-item">
+            <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                    <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-for-Azure-product-icon.png"> 
+                </div>
+                <div class="homepage-item-text">
+                    NGINX as a Service for Azure
+                </div>
+            </div>
+
+            <div class="homepage-item-content">
+                Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack
+            </div>
+        </div>
+         </a>
+    </div>
+
+
+    <div class="homepage-section">
+        <div class="homepage-heading">
+            More NGINX Products
+        </div>
+
+        <a href="https://unit.nginx.org/" alt="NGINX Unit">
+        <div class="homepage-item">
+            <div class="homepage-item-heading">
+                <div class="homepage-item-logo">
+                    <img class="card-img-top" src="{{ .Site.BaseURL }}/images/icons/NGINX-One-product-icon.png"> 
+                </div>
+                <div class="homepage-item-text">
+                    NGINX Unit
+                </div>
+            </div>
+            <div class="homepage-item-content">
+                Dynamic app server that can run beside NGINX, NGINX Plus, or on its own
+            </div>
+        </div>
+         </a>
+    </div>
+
+</div>
 
 {{ end }}