Merge remote-tracking branch 'origin' into internal/nim-release-2.20.0

Author: travisamartin

content/includes/ngf/installation/expose-nginx-gateway-fabric.md

@@ -50,4 +50,4 @@ There are two options for accessing NGINX Gateway Fabric depending on the type o
 
 NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used.
 
-This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#static-mode">}}).
+This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#controller">}}).

content/ngf/overview/gateway-api-compatibility.md

@@ -57,7 +57,7 @@ For a description of each field, visit the [Gateway API documentation](https://g
 
 {{< /bootstrap-table >}}
 
-NGINX Gateway Fabric supports a single GatewayClass resource configured with the `--gatewayclass` flag of the [static-mode]({{< ref "/ngf/reference/cli-help.md#static-mode">}}) command.
+NGINX Gateway Fabric supports a single GatewayClass resource configured with the `--gatewayclass` flag of the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command.
 
 **Fields**:
 
@@ -87,7 +87,7 @@ NGINX Gateway Fabric supports a single GatewayClass resource configured with the
 
 NGINX Gateway Fabric supports multiple Gateway resources. The Gateway resources must reference NGINX Gateway Fabric's corresponding GatewayClass.
 
-See the [static-mode]({{< ref "/ngf/reference/cli-help.md#static-mode">}}) command for more information.
+See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command for more information.
 
 **Fields**:
 

content/ngf/traffic-management/basic-routing.md

@@ -148,7 +148,7 @@ In a production environment, you should have a DNS record for the external IP ad
 
 {{< /note >}}
 
-This Gateway is associated with NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a GatewayClass with the name **nginx**. NGINX Gateway Fabric will only configure Gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#static-mode" >}}).
+This Gateway is associated with NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a GatewayClass with the name **nginx**. NGINX Gateway Fabric will only configure Gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#controller" >}}).
 
 We specify a [listener](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on the Gateway to open an entry point on the cluster. In this case, since the coffee application accepts HTTP requests, we create an HTTP listener, named **http**, that listens on port 80.
 

content/nginx/admin-guide/load-balancer/http-load-balancer.md

@@ -427,7 +427,7 @@ http {
         listen              443 ssl;
         ssl_certificate     /etc/nginx/ssl/company.com.crt;
         ssl_certificate_key /etc/nginx/ssl/company.com.key;
-        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols       TLSv1.2 TLSv1.3;
 
         location / {
             proxy_pass         https://exchange;

content/nginx/admin-guide/mail-proxy/mail-proxy.md

@@ -166,7 +166,7 @@ To enable SSL/TLS for the mail proxy:
     ```nginx
     mail {
         #...
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers   HIGH:!aNULL:!MD5;
     }
     ```
@@ -223,7 +223,7 @@ mail {
     ssl                 on;
     ssl_certificate     /etc/ssl/certs/server.crt;
     ssl_certificate_key /etc/ssl/certs/server.key;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
     ssl_session_cache   shared:SSL:10m;
     ssl_session_timeout 10m;

content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md

@@ -77,7 +77,7 @@ Optionally, you can specify which SSL protocols and ciphers are used:
 ```nginx
 location /upstream {
         #...
-        proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers   HIGH:!aNULL:!MD5;
 }
 ```
@@ -133,7 +133,7 @@ http {
             proxy_pass                    https://backend.example.com;
             proxy_ssl_certificate         /etc/nginx/client.pem;
             proxy_ssl_certificate_key     /etc/nginx/client.key;
-            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+            proxy_ssl_protocols           TLSv1.2 TLSv1.3;
             proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
             proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
 

content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md

@@ -58,7 +58,7 @@ Optionally, specify which SSL protocols and ciphers to use:
 ```nginx
 server {
         ...
-        proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers   HIGH:!aNULL:!MD5;
 }
 ```
@@ -98,7 +98,7 @@ stream {
 
         proxy_ssl_certificate         /etc/ssl/certs/backend.crt;
         proxy_ssl_certificate_key     /etc/ssl/certs/backend.key;
-        proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols           TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
         proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;
 

content/nginx/admin-guide/security-controls/terminating-ssl-http.md

@@ -22,7 +22,7 @@ server {
     server_name         www.example.com;
     ssl_certificate     www.example.com.crt;
     ssl_certificate_key www.example.com.key;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
     #...
 }
@@ -39,10 +39,10 @@ In this case it is important to restrict access to the file. Note that although
 
 The [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) and [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers ) directives can be used to require that clients use only the strong versions and ciphers of SSL/TLS when establishing connections.
 
-Since version 1.9.1, NGINX uses these defaults:
+Since version 1.23.4, NGINX uses these defaults:
 
 ```nginx
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers HIGH:!aNULL:!MD5;
 ```
 
@@ -118,7 +118,7 @@ http {
 
         ssl_certificate     www.example.com.crt;
         ssl_certificate_key www.example.com.key;
-        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols       TLSv1.2 TLSv1.3;
         ssl_ciphers         HIGH:!aNULL:!MD5;
         #...
     }

content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md

@@ -62,7 +62,7 @@ Additionally, the [ssl_protocols](https://nginx.org/en/docs/stream/ngx_stream_ss
 ```nginx
 server {
     #...
-    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols  TLSv1.2 TLSv1.3;
     ssl_ciphers    HIGH:!aNULL:!MD5;
 }
 ```
@@ -152,7 +152,7 @@ stream {
 
         ssl_certificate       /etc/ssl/certs/server.crt;
         ssl_certificate_key   /etc/ssl/certs/server.key;
-        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols         TLSv1.2 TLSv1.3;
         ssl_ciphers           HIGH:!aNULL:!MD5;
         ssl_session_cache     shared:SSL:20m;
         ssl_session_timeout   4h;