Conversation
github-actions
Bot
added
documentation
✅ Deploy Preview will be available once build job completes!
|
…ent (#1871) * added Google site verification file for Google Search Console enablement * moved to /static --------- Co-authored-by: Lam Nguyen <la.nguyen@f5.com>
…r security monitoring (#1861) * docs(nginx-one): improve security monitoring setup verification - Clarify where to place the secops_dashboard logging directives in the NGINX configuration and expand the verification flow into a concrete end-to-end check using the Security Dashboard Event Logs tab. - Add labeled example test requests for common attack patterns (XSS, path traversal, SQL injection) so operators can generate sample security events while setting up the default blocking policy. Document that customized or transparent policies may alert instead of block. * docs(nginx-one): add local security monitoring troubleshooting guide - Add a new local data plane troubleshooting guide for NGINX One security monitoring to help customers diagnose why F5 WAF for NGINX security events do not appear in the dashboard after setup. - The new guide covers four checks: - invalid secops_dashboard log profile errors in the embedded collector log - port 1514 ownership for local syslog delivery - presence of the generated security log pipeline in the collector config - optional debug exporter configuration for collector-side verification Also update the main security monitoring setup guide to improve verification, add labeled example attack requests for generating test events, and link to the new troubleshooting workflow. Update the section landing page so the new guide is discoverable from the security monitoring docs. * Update content/nginx-one-console/waf-integration/waf-security-dashboard/local-dataplane-troubleshooting.md Update as recommended Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> --------- Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com>
github-actions
Bot
added
product/nic
JTorreG
reviewed
Apr 30, 2026
JTorreG
reviewed
Apr 30, 2026
Comment on lines
+1
to
+11
| --- | ||
| # We use sentence case and present imperative tone | ||
| title: "Kubernetes" | ||
| # Weights are assigned in increments of 100: determines sorting order | ||
| weight: 100 | ||
| # Creates a table of contents and sidebar, useful for large documents | ||
| toc: true | ||
| # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this | ||
| nd-content-type: how-to | ||
| nd-product: F5DOSN | ||
| --- |
Contributor
There was a problem hiding this comment.
Please follow the template here. Add the missing values for keywords, summary, and audience.
JTorreG
reviewed
Apr 30, 2026
JTorreG
reviewed
Apr 30, 2026
Comment on lines
+1
to
+2
| --- | ||
| --- |
Contributor
There was a problem hiding this comment.
here and in all the new files in the includes/dos folder
Includes must indicate in which files the content is being used with the nd-files key
Includes must indicate the product using the nd-product key ( F5DOSN)
Contributor
There was a problem hiding this comment.
General question on the scripts. None of them will work unless you've set up admin privileges (such as with sudo). I don't see any evidence that you've set up sudo with any of the includes.
JTorreG
reviewed
Apr 30, 2026
JTorreG
reviewed
Apr 30, 2026
| @@ -0,0 +1,26 @@ | |||
| --- | |||
| nd-docs: null | |||
Contributor
There was a problem hiding this comment.
Suggested change
| nd-docs: null |
JTorreG
reviewed
Apr 30, 2026
JTorreG
reviewed
Apr 30, 2026
JTorreG
reviewed
Apr 30, 2026
|
|
||
| - Update _appprotectdos.image.repository_ and _appprotectdos.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). | ||
|
|
||
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. |
Contributor
There was a problem hiding this comment.
Suggested change
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. | |
| The `<JWT Token>` argument must be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. |
should is vague. Avoid.
JTorreG
reviewed
Apr 30, 2026
| -t <your-nginx-dos-image-name> . | ||
| ``` | ||
|
|
||
| Once you have built the image, push it to your private image repository, which should be accessible to your Kubernetes cluster. |
Contributor
There was a problem hiding this comment.
Suggested change
| Once you have built the image, push it to your private image repository, which should be accessible to your Kubernetes cluster. | |
| Once you have built the image, push it to your private image repository, which must be accessible to your Kubernetes cluster. |
JTorreG
reviewed
Apr 30, 2026
|
|
||
| ## Create a Dockerfile | ||
|
|
||
| In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. |
Contributor
There was a problem hiding this comment.
Suggested change
| In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. | |
| Create a _Dockerfile_ based on your desired operating system image in the same folder as your credential files using an example from the following sections. |
JTorreG
reviewed
Apr 30, 2026
|
|
||
| The `<JWT Token>` argument should be the _contents_ of the file, not the file itself. Ensure there are no additional characters such as extra whitespace. | ||
|
|
||
| On helm deployment environment variables need to be set for image repository and tag. |
Contributor
There was a problem hiding this comment.
Suggested change
| On helm deployment environment variables need to be set for image repository and tag. | |
| On Helm, set the deployment environment variables for image repository and tag. |
JTorreG
reviewed
Apr 30, 2026
|
|
||
| {{< call-out "note" >}} | ||
|
|
||
| At this stage, you have finished deploying F5 DOS for NGINX and can look at [Post-installation checks](#post-installation-checks). |
Contributor
There was a problem hiding this comment.
Suggested change
| At this stage, you have finished deploying F5 DOS for NGINX and can look at [Post-installation checks](#post-installation-checks). | |
| The deployment of F5 DOS for NGINX is now complete. You can skip to the [Post-installation checks](#post-installation-checks) now. |
JTorreG
reviewed
Apr 30, 2026
Comment on lines
+223
to
+225
| On manifest deployment environment variables need to be set for image repository and tag. | ||
| `set enviorment variable DOS_IMAGE_REPOSITORY` with your actual nginx-dos image anmae. | ||
| `set enviorment variable DOS_IMAGE_TAG` with your actual nginx-dos image tag. |
Contributor
There was a problem hiding this comment.
see my comment and fixes in the previous section
JTorreG
reviewed
Apr 30, 2026
| NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | ||
| nap-dos LoadBalancer 10.43.83.225 <pending> 80:30307/TCP 1m | ||
| ``` | ||
| ## Post-Installation Checks |
Contributor
There was a problem hiding this comment.
Suggested change
| ## Post-Installation Checks | |
| ## Post-installation checks |
Sentence case capitalization
JTorreG
reviewed
Apr 30, 2026
| and can look at . | ||
| {{< include "dos/install-post-checks.md" >}} | ||
|
|
||
| ## F5 DoS for NGINX Arbitrator |
Contributor
There was a problem hiding this comment.
Suggested change
| ## F5 DoS for NGINX Arbitrator | |
| ## F5 DoS for NGINX arbitrator |
Sentence case
JTorreG
reviewed
Apr 30, 2026
Comment on lines
+1
to
+16
| --- | ||
| nd-content-type: how-to | ||
| nd-docs: DOCS-000 | ||
| nd-product: NONECO | ||
| title: Troubleshoot security monitoring on the local data plane | ||
| description: "Check the local NGINX Agent and OpenTelemetry Collector configuration when F5 WAF for NGINX security events do not appear in NGINX One Console." | ||
| weight: 450 | ||
| toc: true | ||
| nd-keywords: "security monitoring, troubleshooting, local data plane, nginx-agent, opentelemetry collector, secops_dashboard, WAF events" | ||
| nd-summary: > | ||
| Use this guide when F5 WAF for NGINX security events do not appear in the NGINX One Console security dashboard even after you complete the setup flow. | ||
| It walks through the local data plane checks for invalid log profiles, missing OpenTelemetry log pipelines, and debug logging. | ||
| These checks help confirm whether NGINX Agent is receiving, parsing, and forwarding security events correctly. | ||
| nd-audience: operator | ||
| --- | ||
|
|
Contributor
There was a problem hiding this comment.
We strongly advise not to create specific documents for troubleshooting.
Troubleshooting advice should be either live next to the how-to/tutorial steps that can cause the issues, or in the myF5 KB.
Please review this document and decide if the guidance provide here can live next to the steps it's trying to troubleshoot in other docs.
JTorreG
reviewed
Apr 30, 2026
| @@ -0,0 +1 @@ | |||
| google-site-verification: google1f145127a2762dc1.html No newline at end of file | |||
Contributor
There was a problem hiding this comment.
what is the purpose of this?
Contributor
There was a problem hiding this comment.
This file was added in a separate PR (to enable Google Search Console). I think this PR just needs to merge in changes from main -- it seems behind.
See: #1871
JTorreG
requested changes
Apr 30, 2026
Contributor
JTorreG
left a comment
JTorreG
left a comment
There was a problem hiding this comment.
Please review the suggestions and comments. there are major issues in this PR that must be resolved before merge
Contributor
|
@rnitzan on top of 2 technical writer approvals for the prose content, we will also need a review and approval from an engineer to confirm that all the dockerfiles have been tested and are correct. Thank you. |
mjang
requested changes
Apr 30, 2026
Comment on lines
+1
to
+2
| --- | ||
| --- |
Contributor
There was a problem hiding this comment.
General question on the scripts. None of them will work unless you've set up admin privileges (such as with sudo). I don't see any evidence that you've set up sudo with any of the includes.
… for 4.9 release" This reverts commit dab3055.
Contributor
travisamartin
requested changes
Apr 30, 2026
Contributor
travisamartin
left a comment
travisamartin
left a comment
There was a problem hiding this comment.
Looks like some includes were added that aren't actually used.
One filename has two .. for the extension and should be renamed.
I had the Tech Writer agent add the requested metadata and do a copy edit on the new and touched files. Since there are a lot of suggested edits, I opened a new PR targeting this one. Take a look: #1905
- Add missing front matter: description, keywords, nd-summary - Fix sentence case: 'Post-installation checks', 'F5 DoS for NGINX arbitrator' - Fix 'should' → 'must' for JWT token and image repository requirements Addresses review comments from JTorreG on PR #1863. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
Hi @JTorreG |
* docs(nap-dos): fix product names, metadata, and prose quality for 4.9 release
* docs(nap-dos): prose edit pass on 4.9 release files
- Fix product names throughout: 'App Protect DoS' and 'F5 DOS for NGINX'
replaced with correct 'F5 DoS for NGINX'
- Fix 'pre-requisites' → 'prerequisites', '(Purchased or trial)' → lowercase
- Remove first-person voice ('We will configure')
- Replace 'i.e.' with 'for example' throughout
- Fix grammar: 'Bugs fixing' → 'Bug fixes', 'prob.' → 'probe', 'its' → 'it is'
- Replace inline HTML (<br>, <span style=...>) with Markdown equivalents
- Replace hard-coded external links with internal ref shortcodes
- Fix 'Click' → 'Select' per style guide
- Fix heading levels: # Overview → ## Overview in license-secret.md
- Remove weak lead sentence ('This document explains...')
- Fix 'cannot' (was 'can not'), add missing Oxford comma
- Clean up trailing <br> tags from end-of-sentence positions
- Fix double space before 'In offline environments'
* chore: remove .style-guide submodule from PR
* docs(nap-dos): restore eBPF acronym expansion in best-practices
* docs(nap-dos): expand acronyms on first mention, fix remaining prose issues
- types-of-logs.md: rewrite Request Log section (missed in previous pass) —
fix 'App Protect DoS' x3, 'In order to', heading capitalisation, <br> tags
- installing...aws.md: remove last <span> HTML tag in step 4
- learn-about-deployment.md: fix remaining 'App Protect DoS' product name
- troubleshoot.md: expand XFF (X-Forwarded-For); expand ELK on first mention
- kubernetes-with-L4...md: expand eBPF (Extended Berkeley Packet Filter) on
first mention in prose
- dos-arbitrator.md: expand FQDN (fully qualified domain name); expand mTLS
(mutual TLS) on first mention
- learn-about-directives-and-policy.md: expand FQDN on first prose mention
* chore: remove .style-guide submodule from PR (again)
* Revisions to expanded acronyms
* fix(nic): update broken ref to subscription licenses topic
The /solutions/about-subscription-licenses.md file was reorganized into
a subdirectory. Update the ref to the correct path and anchor:
/solutions/about-subscription-licenses/getting-started.md#internet-connected
* chore(includes/dos): clean up front matter in dos includes
- Add nd-product: F5DOSN to dos-arbitrator.md and install-post-checks.md
- Add missing learn-about-deployment.md to dos-arbitrator.md nd-files list
- Remove invalid nd-docs: null from both files
* chore(includes/dos): add nd-product and nd-files front matter to all dos includes
- Add nd-product: F5DOSN to all includes missing it
- Add nd-files lists based on actual include usage in content files
- Remove invalid nd-docs: null from dos-entrypoint.md and dos-waf-entrypoint.md
- Fix dos-waf-entrypoint.md nd-files: only used in learn-about-deployment.md
- k8s_arbitrator files: nd-product only (not yet referenced in content)
- Replace hardcoded syslog IP 10.197.30.219:5261 with <syslog-server-ip>:<port>
placeholder in k8s_manifest and k8s_with_ebpf_manifest nginx-conf-configmap files
* fix(nap-dos): replace internal IP addresses with placeholders
Replace non-RFC-5737 example IP 10.197.30.219 (and typo 10.97.30.219)
with <SYSLOG_SERVER_IP> placeholder per sensitive-information.md guidance.
Affected files:
- content/includes/dos/k8s_manifest/dos-nginx-conf-configmap.md
- content/includes/dos/k8s_with_ebpf_manifest/dos-nginx-conf-configmap.md
- content/nap-dos/deployment-guide/best-practices.md (2 occurrences)
* fix(nap-dos): fix mixed named/positional call-out shortcode params
* chore(nap-dos): add nd-summary and expand short descriptions
* chore: remove unused k8s_arbitrator include files
The appprotect-dos-arb.md and svc-appprotect-dos-arb.md include files
in content/includes/dos/k8s_arbitrator/ are not referenced by any
page via the include shortcode, so they serve no purpose.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore(nap-dos): remove Helm install path and fix double-dot filename
- Remove the 'Use Helm to install' sections from kubernetes.md and
kubernetes-with-L4-accelerated-mitigation.md; only the manifest-based
install path remains
- Update front matter (description, keywords, nd-summary) to drop all
Helm references in both files
- Rename kubernetes-with-L4-accelerated-mitigation..md (double dot) to
kubernetes-with-L4-accelerated-mitigation.md (single dot)
- Update nd-files references in 18 include files under
content/includes/dos/ to point to the corrected filename
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: r.nitzan@f5.com <r.nitzan@f5.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Raanan <59834489+rnitzan@users.noreply.github.com>
Updated release date for version 4.9 and added NGINX Plus R37 support.
Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com>
Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com>
Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
F5 Dos for NGINX v4.9 release over NGINX Plus R37
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩