added aviv suggestions

dkleinF5 · dkleinF5 · commit c33c7f4ce875 · 2025-12-11T14:40:37.000Z
diff --git a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md
@@ -0,0 +1,12 @@
+---
+nd-files:
+- content/includes/use-cases/credential-download-instructions.md
+- content/waf/configure/compiler.md
+- content/waf/install/docker.md
+- content/waf/install/kubernetes.md
+---
+
+1. Log in to [MyF5](https://my.f5.com/manage/s/).
+1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
+1. Find your NGINX subscription, and select the **Subscription ID** for details.
+1. Download the **SSL Certificate**, **Private Key** and **JSON Web Token** files from the subscription page.
diff --git a/content/waf/configure/secure-mtls.md b/content/waf/configure/secure-mtls.md
@@ -155,7 +155,7 @@ With a [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment
 
 {{< /call-out >}}
 
-## Modify Docker compose file
+## Modify Docker Compose file
 
 {{< call-out "warning" >}}
 
@@ -224,5 +224,4 @@ services:
 	  app_protect_bd_config:
 	  app_protect_config:
 	  app_protect_etc_config:
-```
-
+```
diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md
@@ -113,4 +113,4 @@ docker load -i waf-config-mgr.tar
 docker load -i waf-ip-intelligence.tar
 ```
 
-Ensure your Docker compose files use the tagged images you've transferred.
+Ensure your Docker Compose files use the tagged images you've transferred.
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
@@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker.
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it.
-- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial).
-  - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment.
-  - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment.
-- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration)
+- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running.
+- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. JWT license is not needed when using NGINX Open Source.
+- Access to private-registry.nginx.com using [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for pulling images need for deployment when using Multi-container and Hybrid configuration. 
+- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations.
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
@@ -33,14 +32,11 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after
 
 ## Download your subscription credentials 
 
-### General subscription credentials needed for deployments
-
-{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
-
-### Additional subscription credentials needed for deployments
+{{< call-out "note" >}}
+If you are using NGINX Open Source for your Multi-container or Hybrid configuration, you do not need the JWT license file. 
+{{< /call-out >}}
 
-To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
-{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}}
 
 {{< call-out "important" >}}
 The provided Dockerfile for NGINX Plus automatically handles placing the JWT license file in `/etc/nginx/` during image build. If you use a custom Dockerfile, you must ensure the JWT license is copied to this location.
diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
@@ -37,28 +37,22 @@ These enhancements are  only available for Helm-based deployments.
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
-- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
-- [Helm](https://helm.sh/docs/intro/install/)
-- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
-- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial).
-  - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment.
-  - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
-- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com
+- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running).
+- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster.
+- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images.
+- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal.
+- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images
+- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment.
 
 ## Default security policy and logging profile
 
 F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly.
 
 ## Download your subscription credentials 
 
-### General subscription credentials needed for deployments 
-
-{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
-
-### Additional subscription credentials needed for deployments 
-
-To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
+{{< call-out "note" >}}
+To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. 
+{{< /call-out >}}
 
 {{< call-out "note" >}}
 If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`.
@@ -69,7 +63,7 @@ If you are deploying with Helm, you will also need the JWT license for the `dock
 {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}}
 
 {{< call-out "note" >}}
-Setting `appprotect.config.nginxJWT` with the `--set` flag in your Helm command automatically copies the JWT license to `/etc/nginx/license.jwt` inside the NGINX container. No manual JWT file copying or mounting is needed.
+When using the provided values.yaml for Helm, setting the `appprotect.config.nginxJWT` value ensures that your JWT license is automatically copied to `/etc/nginx/license.jwt` inside the NGINX container. No additional manual copying of the file is needed when deploying with the provided YAML configuration.
 {{< /call-out >}}
 
 ## Prepare environment variables
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
@@ -19,15 +19,12 @@ It explains the common steps necessary for any Kubernetes-based deployment, then
 To complete this guide, you will need the following pre-requisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) TODO add reason for it.
-- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster TODO add reason for it..
-- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it.
-- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial).
-  - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your f5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you plan of using NGINX Open Source in your deployment.
-  - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
-- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com 
-
-You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment.
+- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running).
+- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster.
+- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images
+- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal.
+- [Access credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com for pulling deployment images.
+- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment.
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
@@ -39,13 +36,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after
 
 ## Download your subscription credentials 
 
-### General subscription credentials needed for deployments 
-
-{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
-
-### Additional subscription credentials needed for deployments
-
-To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
+{{< call-out "note" >}}
+To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. 
+{{< /call-out >}}
 
 {{< call-out "note" >}}
 If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`.
@@ -272,7 +265,7 @@ cd nginx-app-protect
 
 You will need to edit the `values.yaml` file for a few changes:
 
-- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_  with the image name chosen during when [building the Docker image](#build-the-docker-image).
+- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image).
 - Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus)
 - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials
 
diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
@@ -23,8 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial).
-  - Download the [SSL certificate, private key, and the JWT license](#download-your-subscription-credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal.
+- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal.
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation.
 
 Depending on your deployment type, you may have additional requirements:
@@ -39,15 +38,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after
 
 ## Download your subscription credentials 
 
-### General subscription credentials needed for deployments 
-
-{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
-
-### Additional subscription credentials needed for deployments
-
 To use NGINX Plus, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
 
-{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}}
 
 {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}}
 
diff --git a/content/waf/policies/ip-intelligence.md b/content/waf/policies/ip-intelligence.md
@@ -76,15 +76,15 @@ tail -f iprepd.log
 
 Once complete, you can now [Configure policies for IP intelligence](#configure-policies-for-ip-intelligence).
 
-### Modify Docker compose file
+### Modify Docker Compose file
 
 {{< call-out "warning" >}}
 
 This section **only** applies to installations using Docker.
 
 {{< /call-out >}}
 
-IP intelligence has its own Docker container, which can be added to an existing Docker compose file for deployment.
+IP intelligence has its own Docker container, which can be added to an existing Docker Compose file for deployment.
 
 First, create the required directory:
 
