Docs: add missing prerequisite for installation

content/includes/waf/dockerfiles/alpine-plus.md

@@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
     && rm -rf /var/cache/apk/*
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 

content/includes/waf/dockerfiles/amazon-plus.md

@@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 

content/includes/waf/dockerfiles/debian-plus.md

@@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md

@@ -0,0 +1,38 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Supported OS_VER's are 3.22
+ARG OS_VER="3.22"
+
+# Base image
+FROM alpine:${OS_VER}
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
+    wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
+    && printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \
+       tee -a /etc/apk/repositories \
+    && printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \
+       tee -a /etc/apk/repositories \
+    && apk update \
+    && apk add app-protect-module-plus \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    && rm -rf /var/cache/apk/*
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md

@@ -0,0 +1,39 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Base image
+FROM amazonlinux:2023
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    yum -y install wget ca-certificates shadow-utils \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo \
+    && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/\$basearch/" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && echo "enabled=1" >> /etc/yum.repos.d/app-protect-plus.repo \
+    && yum -y install app-protect-module-plus \
+    && yum clean all \
+    && rm -rf /var/cache/yum \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md

@@ -0,0 +1,52 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Supported OS_CODENAME's are: bullseye/bookworm
+ARG OS_CODENAME=bookworm
+
+# Base image
+FROM debian:${OS_CODENAME}
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    apt-get update \
+    && apt-get install -y \
+       apt-transport-https \
+       lsb-release \
+       ca-certificates \
+       wget \
+       gnupg2 \
+       debian-archive-keyring \
+    && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | \
+       gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \
+    && gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+       https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \
+       tee /etc/apt/sources.list.d/nginx-plus.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+       https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \
+       tee /etc/apt/sources.list.d/nginx-app-protect.list \
+    && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \
+    && apt-get update \
+    && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-module-plus \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md

@@ -0,0 +1,40 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Base image
+FROM oraclelinux:8
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    dnf -y install wget ca-certificates yum-utils \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \
+    && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/\$basearch/" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && echo "enabled=1" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \
+    && dnf clean all \
+    && dnf -y install app-protect-module-plus \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md

@@ -0,0 +1,56 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Supported UBI_VERSION's are 7/8/9
+ARG UBI_VERSION=8
+
+# Base Image
+FROM registry.access.redhat.com/ubi${UBI_VERSION}/ubi
+
+# Define the ARG again after FROM to use it in this stage
+ARG UBI_VERSION
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    PKG_MANAGER=dnf; \
+    if [ "${UBI_VERSION}" = "7" ]; then \
+        PKG_MANAGER=yum; \
+        NGINX_PLUS_REPO="nginx-plus-7.4.repo"; \
+    elif [ "${UBI_VERSION}" = "9" ]; then \
+        NGINX_PLUS_REPO="plus-${UBI_VERSION}.repo"; \
+    else \
+        NGINX_PLUS_REPO="nginx-plus-${UBI_VERSION}.repo"; \
+    fi \
+    && $PKG_MANAGER -y install wget ca-certificates \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \
+    && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && $PKG_MANAGER clean all \
+    && $PKG_MANAGER install -y app-protect-module-plus \
+    && $PKG_MANAGER clean all \
+    && rm -rf /var/cache/$PKG_MANAGER \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md

@@ -0,0 +1,41 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Base Image
+FROM rockylinux:9
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    dnf -y install wget ca-certificates \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \
+    && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && dnf clean all \
+    && dnf install -y app-protect-module-plus \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```

content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md

@@ -0,0 +1,41 @@
+---
+nd-files:
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Base Image
+FROM rockylinux:9
+
+# Install NGINX Plus and F5 WAF for NGINX v5 module
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    dnf -y install wget ca-certificates \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \
+    && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \
+    && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \
+    && dnf clean all \
+    && dnf install -y app-protect-module-plus \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Expose port
+EXPOSE 80
+
+# Define stop signal
+STOPSIGNAL SIGQUIT
+
+# Set default command
+CMD ["nginx", "-g", "daemon off;"]
+```