Conversation
github-actions
Bot
added
documentation
✅ Deploy Preview will be available once build job completes!
|
…ent (#1871) * added Google site verification file for Google Search Console enablement * moved to /static --------- Co-authored-by: Lam Nguyen <la.nguyen@f5.com>
…r security monitoring (#1861) * docs(nginx-one): improve security monitoring setup verification - Clarify where to place the secops_dashboard logging directives in the NGINX configuration and expand the verification flow into a concrete end-to-end check using the Security Dashboard Event Logs tab. - Add labeled example test requests for common attack patterns (XSS, path traversal, SQL injection) so operators can generate sample security events while setting up the default blocking policy. Document that customized or transparent policies may alert instead of block. * docs(nginx-one): add local security monitoring troubleshooting guide - Add a new local data plane troubleshooting guide for NGINX One security monitoring to help customers diagnose why F5 WAF for NGINX security events do not appear in the dashboard after setup. - The new guide covers four checks: - invalid secops_dashboard log profile errors in the embedded collector log - port 1514 ownership for local syslog delivery - presence of the generated security log pipeline in the collector config - optional debug exporter configuration for collector-side verification Also update the main security monitoring setup guide to improve verification, add labeled example attack requests for generating test events, and link to the new troubleshooting workflow. Update the section landing page so the new guide is discoverable from the security monitoring docs. * Update content/nginx-one-console/waf-integration/waf-security-dashboard/local-dataplane-troubleshooting.md Update as recommended Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> --------- Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com>
github-actions
Bot
added
product/nic
| @@ -0,0 +1,57 @@ | |||
| --- | |||
| nd-docs: null | |||
There was a problem hiding this comment.
| nd-docs: null |
Why null?
Please either leave this line out or use the placeholder docs-000. Don't come up with new interesting ways to fill up this value that might confuse our automations
| --- | ||
| # We use sentence case and present imperative tone | ||
| title: "Kubernetes" | ||
| # Weights are assigned in increments of 100: determines sorting order | ||
| weight: 100 | ||
| # Creates a table of contents and sidebar, useful for large documents | ||
| toc: true | ||
| # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this | ||
| nd-content-type: how-to | ||
| nd-product: F5DOSN | ||
| --- |
There was a problem hiding this comment.
Please follow the template here. Add the missing values for keywords, summary, and audience.
| --- | ||
| ## F5 DoS for NGINX Arbitrator |
There was a problem hiding this comment.
| --- | |
| ## F5 DoS for NGINX Arbitrator | |
| --- | |
| ## F5 DoS for NGINX Arbitrator |
| --- | ||
| --- |
There was a problem hiding this comment.
here and in all the new files in the includes/dos folder
Includes must indicate in which files the content is being used with the nd-files key
Includes must indicate the product using the nd-product key ( F5DOSN)
There was a problem hiding this comment.
General question on the scripts. None of them will work unless you've set up admin privileges (such as with sudo). I don't see any evidence that you've set up sudo with any of the includes.
| @@ -0,0 +1,24 @@ | |||
| --- | |||
| nd-docs: null | |||
There was a problem hiding this comment.
| nd-docs: null |
| @@ -0,0 +1,26 @@ | |||
| --- | |||
| nd-docs: null | |||
There was a problem hiding this comment.
| nd-docs: null |
| @@ -0,0 +1,91 @@ | |||
| --- | |||
| nd-docs: null | |||
There was a problem hiding this comment.
| nd-docs: null |
|
|
||
| ## Use Helm to install F5 DOS for NGINX | ||
|
|
||
| You will need to edit the `values.yaml` file for a few changes: |
There was a problem hiding this comment.
| You will need to edit the `values.yaml` file for a few changes: | |
| To use Helm to install F5 DOS for NGINX you need to edit the `values.yaml` and apply the following changes: |
|
|
||
| - Update _appprotectdos.image.repository_ and _appprotectdos.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). | ||
|
|
||
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. |
There was a problem hiding this comment.
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. | |
| The `<JWT Token>` argument must be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. |
should is vague. Avoid.
| -t <your-nginx-dos-image-name> . | ||
| ``` | ||
|
|
||
| Once you have built the image, push it to your private image repository, which should be accessible to your Kubernetes cluster. |
There was a problem hiding this comment.
| Once you have built the image, push it to your private image repository, which should be accessible to your Kubernetes cluster. | |
| Once you have built the image, push it to your private image repository, which must be accessible to your Kubernetes cluster. |
|
|
||
| ## Create a Dockerfile | ||
|
|
||
| In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. |
There was a problem hiding this comment.
| In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. | |
| Create a _Dockerfile_ based on your desired operating system image in the same folder as your credential files using an example from the following sections. |
|
|
||
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. | ||
|
|
||
| On helm deployment environment variables need to be set for image repository and tag. |
There was a problem hiding this comment.
| On helm deployment environment variables need to be set for image repository and tag. | |
| On Helm, set the deployment environment variables for image repository and tag. |
| `set enviorment variable DOS_IMAGE_REPOSITORY` with your actual nginx-dos image anmae. | ||
| `set enviorment variable DOS_IMAGE_TAG` with your actual nginx-dos image tag. |
There was a problem hiding this comment.
| `set enviorment variable DOS_IMAGE_REPOSITORY` with your actual nginx-dos image anmae. | |
| `set enviorment variable DOS_IMAGE_TAG` with your actual nginx-dos image tag. | |
| `set environment variable DOS_IMAGE_REPOSITORY` with your actual nginx-dos image anmae. | |
| `set environment variable DOS_IMAGE_TAG` with your actual nginx-dos image tag. |
There was a problem hiding this comment.
this step is unclear to me. I think it needs to be explained with more detail.
Check the how-to template for guidance on how we use placeholders in the docs.
|
|
||
| {{< call-out "note" >}} | ||
|
|
||
| At this stage, you have finished deploying F5 DOS for NGINX and can look at [Post-installation checks](#post-installation-checks). |
There was a problem hiding this comment.
| At this stage, you have finished deploying F5 DOS for NGINX and can look at [Post-installation checks](#post-installation-checks). | |
| The deployment of F5 DOS for NGINX is now complete. You can skip to the [Post-installation checks](#post-installation-checks) now. |
| On manifest deployment environment variables need to be set for image repository and tag. | ||
| `set enviorment variable DOS_IMAGE_REPOSITORY` with your actual nginx-dos image anmae. | ||
| `set enviorment variable DOS_IMAGE_TAG` with your actual nginx-dos image tag. |
There was a problem hiding this comment.
see my comment and fixes in the previous section
| NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | ||
| nap-dos LoadBalancer 10.43.83.225 <pending> 80:30307/TCP 1m | ||
| ``` | ||
| ## Post-Installation Checks |
There was a problem hiding this comment.
| ## Post-Installation Checks | |
| ## Post-installation checks |
Sentence case capitalization
| and can look at . | ||
| {{< include "dos/install-post-checks.md" >}} | ||
|
|
||
| ## F5 DoS for NGINX Arbitrator |
There was a problem hiding this comment.
| ## F5 DoS for NGINX Arbitrator | |
| ## F5 DoS for NGINX arbitrator |
Sentence case
| --- | ||
| nd-content-type: how-to | ||
| nd-docs: DOCS-000 | ||
| nd-product: NONECO | ||
| title: Troubleshoot security monitoring on the local data plane | ||
| description: "Check the local NGINX Agent and OpenTelemetry Collector configuration when F5 WAF for NGINX security events do not appear in NGINX One Console." | ||
| weight: 450 | ||
| toc: true | ||
| nd-keywords: "security monitoring, troubleshooting, local data plane, nginx-agent, opentelemetry collector, secops_dashboard, WAF events" | ||
| nd-summary: > | ||
| Use this guide when F5 WAF for NGINX security events do not appear in the NGINX One Console security dashboard even after you complete the setup flow. | ||
| It walks through the local data plane checks for invalid log profiles, missing OpenTelemetry log pipelines, and debug logging. | ||
| These checks help confirm whether NGINX Agent is receiving, parsing, and forwarding security events correctly. | ||
| nd-audience: operator | ||
| --- | ||
|
|
There was a problem hiding this comment.
We strongly advise not to create specific documents for troubleshooting.
Troubleshooting advice should be either live next to the how-to/tutorial steps that can cause the issues, or in the myF5 KB.
Please review this document and decide if the guidance provide here can live next to the steps it's trying to troubleshoot in other docs.
| @@ -0,0 +1 @@ | |||
| google-site-verification: google1f145127a2762dc1.html No newline at end of file | |||
There was a problem hiding this comment.
what is the purpose of this?
There was a problem hiding this comment.
This file was added in a separate PR (to enable Google Search Console). I think this PR just needs to merge in changes from main -- it seems behind.
See: #1871
JTorreG
left a comment
JTorreG
left a comment
There was a problem hiding this comment.
Please review the suggestions and comments. there are major issues in this PR that must be resolved before merge
|
@rnitzan on top of 2 technical writer approvals for the prose content, we will also need a review and approval from an engineer to confirm that all the dockerfiles have been tested and are correct. Thank you. |
| --- | ||
| --- |
There was a problem hiding this comment.
General question on the scripts. None of them will work unless you've set up admin privileges (such as with sudo). I don't see any evidence that you've set up sudo with any of the includes.
… for 4.9 release" This reverts commit dab3055.
There was a problem hiding this comment.
This include isn't actually used anywhere.
There was a problem hiding this comment.
This include isn't actually used anywhere.
There was a problem hiding this comment.
The file name has two .. for the extension. Should be renamed.
travisamartin
left a comment
travisamartin
left a comment
There was a problem hiding this comment.
Looks like some includes were added that aren't actually used.
One filename has two .. for the extension and should be renamed.
I had the Tech Writer agent add the requested metadata and do a copy edit on the new and touched files. Since there are a lot of suggested edits, I opened a new PR targeting this one. Take a look: #1905
6 participants
Proposed changes
F5 Dos for NGINX v4.9 release over NGINX Plus R37
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩