Merge branch 'main' into patch-13

Author: mjang

content/ngf/overview/resource-validation.md

@@ -62,8 +62,8 @@ More information on CEL in Kubernetes can be found [here](https://kubernetes.io/
 This step catches the following cases of invalid values:
 
 - Valid values from the Gateway API perspective but not supported by NGINX Gateway Fabric yet. For example, a feature in an HTTPRoute routing rule. For the list of supported features see [Gateway API Compatibility]({{< relref "./gateway-api-compatibility.md" >}}) doc.
-- Valid values from the Gateway API perspective, but invalid for NGINX, because NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously.
-- Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. Similar to the previous case, these values will cause NGINX to fail to reload or operate erroneously.
+- Valid values from the Gateway API perspective, but invalid for NGINX. NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously.
+- Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. These values will cause NGINX to fail to reload or operate incorrectly.
 - Malicious values that inject unrestricted NGINX config into the NGINX configuration (similar to an SQL injection attack).
 
 Below is an example of how NGINX Gateway Fabric rejects an invalid resource. The validation error is reported via the status:

content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md

@@ -24,7 +24,7 @@ type:
 
 
 <span id="nginx_plus_official_images"></span>
-## Using official NGINX Plus Docker images
+## Use official NGINX Plus Docker images
 
 Since NGINX Plus NGINX Plus [Release 31]({{< ref "nginx/releases.md#r31" >}}) you can get an NGINX Plus image from the official NGINX Plus Docker registry and upload it to your private registry.
 
@@ -66,7 +66,7 @@ The NGINX Plus registry contains images for the two most recent versions of NGIN
 
 The image may contain a particular version of NGINX Plus or contain a bundle of NGINX Plus and NGINX Agent, and can be targeted for a specific architecture.
 
-### Listing all tags
+### List all tags
 
 For a complete tag list for NGINX Plus bundled with NGINX Agent images, use the command:
 
@@ -90,7 +90,7 @@ where:
 
 
 
-### Downloading the JSON Web Token or NGINX Plus certificate and key {#myf5-download}
+### Download the JSON Web Token or NGINX Plus certificate and key {#myf5-download}
 
 Before you get a container image, you should provide the JSON Web Token file or SSL certificate and private key files provided with your NGINX Plus subscription. These files grant access to the package repository from which the script will download the NGINX Plus package:
 
@@ -109,7 +109,7 @@ Before you get a container image, you should provide the JSON Web Token file or
 
 {{% /tabs %}}
 
-### Set up Docker for NGINX Plus Container Registry
+### Set up Docker for NGINX Plus container registry
 
 Set up Docker to communicate with the NGINX Container Registry located at `private-registry.nginx.com`.
 
@@ -144,7 +144,7 @@ docker login private-registry.nginx.com
 
 {{% /tabs %}}
 
-### Pulling the image
+### Pull the image
 
 Next, pull the image you need from `private-registry.nginx.com`.
 
@@ -183,7 +183,7 @@ docker pull private-registry.nginx.com/nginx-plus/modules:<version-tag>
 
 {{< include "security/jwt-password-note.md" >}}
 
-### Pushing the image to your private registry
+### Push the image to your private registry
 
 After pulling the image, tag it and upload it to your private registry.
 
@@ -205,7 +205,7 @@ docker tag private-registry.nginx.com/nginx-plus/base:<version-tag> <my-docker-r
 docker push <my-docker-registry>/nginx-plus/base:<version-tag>
 ```
 
-### Running the NGINX Plus container
+### Run the NGINX Plus container
 
 {{< note >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), the JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /note >}}
 
@@ -390,7 +390,7 @@ Any change made to the files in the local directories `/var/www and /var/nginx/c
 
 
 <span id="manage_copy"></span>
-### Copying Content and Configuration Files from the Docker Host
+### Copy content and configuration files from the Docker host
 
 Docker can copy the content and configuration files from a local directory on the Docker host during container creation. Once a container is created, the files are maintained by creating a new container when files change or by modifying the files in the container.
 
@@ -421,7 +421,7 @@ To make changes to the files in the container, use a helper container as describ
 
 
 <span id="manage_container"></span>
-### Maintaining Content and Configuration Files in the Container
+### Maintain content and configuration files in the container
 
 As SSH cannot be used to access the NGINX container, to edit the content or configuration files directly you need to create a helper container that has shell access. For the helper container to have access to the files, create a new image that has the proper Docker data volumes defined for the image:
 
@@ -476,12 +476,12 @@ To exit the shell and terminate the container, run the `exit` command.
 
 
 <span id="log"></span>
-## Managing Logging
+## Manage logging
 
 You can use default logging or customize logging.
 
 <span id="log_default"></span>
-### Using Default Logging
+### Use default logging
 
 By default, the NGINX image is configured to send NGINX [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) and [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log) to the Docker log collector. This is done by linking them to `stdout` and `stderr`: all messages from both logs are then written to the file `/var/lib/docker/containers/container-ID/container-ID-json.log` on the Docker host. The container‑ID is the long‑form ID returned when you [create a container](#docker_oss_image). To display the long form ID, run the command:
 
@@ -507,7 +507,7 @@ To include only access log messages in the output, include only `stdout=1`. To l
 
 
 <span id="log_custom"></span>
-### Using Customized Logging
+### Use customized logging
 
 If you want to configure logging differently for certain configuration blocks (such as `server {}` and `location {}`), define a Docker volume for the directory in which to store the log files in the container, create a helper container to access the log files, and use any logging tools. To implement this, create a new image that contains the volume or volumes for the logging files.
 
@@ -524,7 +524,7 @@ Then you can [create an image](#docker_plus_image) and use it to create an NGINX
 
 
 <span id="control"></span>
-## Controlling NGINX
+## Control NGINX
 
 Since there is no direct access to the command line of the NGINX container, NGINX commands cannot be sent to a container directly. Instead, [signals](https://nginx.org/en/docs/control.html) can be sent to a container via Docker `kill` command.
 

content/nginx/admin-guide/installing-nginx/installing-nginx-plus-google-cloud-platform.md

@@ -12,7 +12,7 @@ type:
 [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus), the high‑performance application delivery platform, load balancer, and web server, is available on the Google Cloud Platform as a virtual machine (VM) image. The VM image contains the latest version of NGINX Plus, optimized for use with the Google Cloud Platform Compute Engine.
 
 
-## Installing the NGINX Plus VM
+## Install the NGINX Plus VM
 
 To quickly set up an NGINX Plus environment on the Google Cloud Platform, perform the following steps.
 
@@ -52,7 +52,7 @@ If you encounter any problems with NGINX Plus configuration, documentation is a
 Customers who purchase an NGINX Plus VM image on the Google Cloud Platform are eligible for the Google Cloud Platform VM support provided by the NGINX, Inc. engineering team. To activate support, submit the [Google Cloud Platform Support Activation](https://www.nginx.com/gcp-support-activation/) form.
 
 
-### Accessing the Open Source Licenses for NGINX Plus
+### Access the Open Source Licenses for NGINX Plus
 
 NGINX Plus includes open source software written by NGINX, Inc. and other contributors. The text of the open source licenses is provided in Appendix B of the _NGINX Plus Reference Guide_. To access the guide included with the NGINX Plus VM instance, run this command:
 

content/nginx/admin-guide/installing-nginx/installing-nginx-plus-microsoft-azure.md

@@ -13,7 +13,7 @@ type:
 
 The VM image contains the latest version of NGINX Plus, optimized for use with Azure.
 
-## Installing the NGINX Plus VM
+## Install the NGINX Plus VM
 
 To quickly set up an NGINX Plus environment on Microsoft Azure:
 

content/nginx/admin-guide/load-balancer/using-proxy-protocol.md

@@ -40,7 +40,7 @@ Using this data, NGINX can get the originating IP address of the client in sever
 
 
 <span id="listen"></span>
-## Configuring NGINX to Accept the PROXY Protocol
+## Configure NGINX to Accept the PROXY Protocol
 
 To configure NGINX to accept PROXY protocol headers, add the `proxy_protocol` parameter to the `listen` directive in a `server` block in the [`http {}`](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) or [`stream {}`](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) block.
 
@@ -66,7 +66,7 @@ stream {
 Now you can use the [`$proxy_protocol_addr`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_proxy_protocol_addr) and [`$proxy_protocol_port`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_proxy_protocol_port) variables for the client IP address and port and additionally configure the [HTTP](https://nginx.org/en/docs/http/ngx_http_realip_module.html) and [`stream`](https://nginx.org/en/docs/stream/ngx_stream_realip_module.html) RealIP modules to replace the IP address of the load balancer in the [`$remote_addr`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr) and [`$remote_port`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_port) variables with the IP address and port of the client.
 
 <span id="realip"></span>
-## Changing the Load Balancer's IP Address To the Client IP Address
+## Change the Load Balancer's IP Address To the Client IP Address
 
 You can replace the address of the load balancer or TCP proxy with the client IP address received from the PROXY protocol. This can be done with the [HTTP](https://nginx.org/en/docs/http/ngx_http_realip_module.html) and [`stream`](https://nginx.org/en/docs/stream/ngx_stream_realip_module.html) RealIP modules. With these modules, the [`$remote_addr`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr) and [`$remote_port`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_port) variables retain the real IP address and port of the client, while the [`$realip_remote_addr`](https://nginx.org/en/docs/http/ngx_http_realip_module.html#var_realip_remote_addr) and [`$realip_remote_port`](https://nginx.org/en/docs/http/ngx_http_realip_module.html#var_realip_remote_port) variables retain the IP address and port of the load balancer.
 
@@ -105,7 +105,7 @@ To change the IP address from the load balancer's IP address to the client's IP
    ```
 
 <span id="log"></span>
-## Logging the Original IP Address
+## Log the Original IP Address
 
 When you know the original IP address of the client, you can configure the correct logging:
 

content/nginx/admin-guide/web-server/serving-static-content.md

@@ -2,7 +2,7 @@
 description: Configure NGINX and F5 NGINX Plus to serve static content, with type-specific
   root directories, checks for file existence, and performance optimizations.
 docs: DOCS-442
-title: Serving Static Content
+title: Serve Static Content
 toc: true
 weight: 200
 type:
@@ -108,11 +108,11 @@ location @backend {
 For more information, watch the [Content Caching](https://www.nginx.com/resources/webinars/content-caching-nginx-plus/) webinar on‑demand to learn how to dramatically improve the performance of a website, and get a deep‑dive into NGINX’s caching capabilities.
 
 <span id="optimize"></span>
-## Optimizing Performance for Serving Content
+## Optimize Performance for Serving Content
 
 Loading speed is a crucial factor of serving any content. Making minor optimizations to your NGINX configuration may boost the productivity and help reach optimal performance.
 
-### Enabling `sendfile`
+### Enable `sendfile`
 
 By default, NGINX handles file transmission itself and copies the file into the buffer before sending it. Enabling the [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) directive eliminates the step of copying the data into the buffer and enables direct copying data from one file descriptor to another. Alternatively, to prevent one fast connection from entirely occupying the worker process, you can use the [sendfile_max_chunk](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile_max_chunk) directive to limit the amount of data transferred in a single `sendfile()` call (in this example, to `1` MB):
 
@@ -124,7 +124,7 @@ location /mp3 {
 }
 ```
 
-### Enabling `tcp_nopush`
+### Enable `tcp_nopush`
 
 Use the [tcp_nopush](https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush) directive together with the [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) `on;`directive. This enables NGINX to send HTTP response headers in one packet right after the chunk of data has been obtained by `sendfile()`.
 
@@ -136,7 +136,7 @@ location /mp3 {
 }
 ```
 
-### Enabling `tcp_nodelay`
+### Enable `tcp_nodelay`
 
 The [tcp_nodelay](https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nodelay) directive allows override of [Nagle’s algorithm](https://en.wikipedia.org/wiki/Nagle's_algorithm), originally designed to solve problems with small packets in slow networks. The algorithm consolidates a number of small packets into a larger one and sends the packet with a `200` ms delay. Nowadays, when serving large static files, the data can be sent immediately regardless of the packet size. The delay also affects online applications (ssh, online games, online trading, and so on). By default, the [tcp_nodelay](https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nodelay) directive is set to `on` which means that the Nagle’s algorithm is disabled. Use this directive only for keepalive connections:
 
@@ -150,11 +150,11 @@ location /mp3  {
 ```
 
 
-### Optimizing the Backlog Queue
+### Optimize the Backlog Queue
 
 One of the important factors is how fast NGINX can handle incoming connections. The general rule is when a connection is established, it is put into the “listen” queue of a listen socket. Under normal load, either the queue is small or there is no queue at all. But under high load, the queue can grow dramatically, resulting in uneven performance, dropped connections, and increased latency.
 
-#### Displaying the Listen Queue
+#### Display the Listen Queue
 
 To display the current listen queue, run this command:
 
@@ -182,7 +182,7 @@ Listen         Local Address
 0/0/128        *.8080
 ```
 
-#### Tuning the Operating System
+#### Tune the Operating System
 
 Increase the value of the `net.core.somaxconn` kernel parameter from its default value (`128`) to a value high enough for a large burst of traffic. In this example, it's increased to `4096`.
 
@@ -205,7 +205,7 @@ Increase the value of the `net.core.somaxconn` kernel parameter from its default
        net.core.somaxconn = 4096
        ```
 
-#### Tuning NGINX
+#### Tune NGINX
 
 If you set the `somaxconn` kernel parameter to a value greater than `512`, change the `backlog` parameter to the NGINX [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive to match:
 

content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md

@@ -33,7 +33,7 @@ The `PREFIX` argument specifies the repo name in your private container registry
 
 
 <span id="amazon-eks"></span>
-## Creating an Amazon EKS Cluster
+## Create an Amazon EKS Cluster
 You can create an Amazon EKS cluster with:
 - the AWS Management Console
 - the AWS CLI
@@ -46,7 +46,7 @@ This guide covers the `eksctl` command as it is the simplest option.
 2. Create an Amazon EKS cluster by following the instructions in the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html). Select the <span style="white-space: nowrap; font-weight:bold;">Managed nodes – Linux</span> option for each step. Note that the <span style="white-space: nowrap;">`eksctl create cluster`</span> command in the first step can take ten minutes or more.
 
 <span id="amazon-ecr"></span>
-## Pushing the NGINX Plus Ingress Controller Image to AWS ECR
+## Push the NGINX Plus Ingress Controller Image to AWS ECR
 
 This step is only required if you do not plan to use the prebuilt NGINX Open Source image.
 
@@ -81,7 +81,7 @@ This step is only required if you do not plan to use the prebuilt NGINX Open Sou
    ```
 
 <span id="ingress-controller"></span>
-## Installing the NGINX Plus Ingress Controller
+## Install the NGINX Plus Ingress Controller
 
 Use [our documentation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) to install the NGINX Plus Ingress Controller in your Amazon EKS cluster.
 
@@ -97,15 +97,15 @@ You need a Kubernetes `LoadBalancer` service to route traffic to the NGINX Ingre
 
 We also recommend enabling the PROXY Protocol for both the NGINX Plus Ingress Controller and your NLB target groups. This is used to forward client connection information. If you choose not to enable the PROXY protocol, see the [Appendix](#appendix).
 
-### Configuring a `LoadBalancer` Service to Use NLB
+### Configure a `LoadBalancer` Service to Use NLB
 
 Apply the manifest `deployments/service/loadbalancer-aws-elb.yaml` to create a `LoadBalancer` of type NLB:
 
    ```shell
    kubectl apply -f deployments/service/loadbalancer-aws-elb.yaml
    ```
 
-### Enabling the PROXY Protocol
+### Enable the PROXY Protocol
 
 1. Add the following keys to the `deployments/common/nginx-config.yaml` config map file:
 
@@ -158,7 +158,7 @@ Apply the manifest `deployments/service/loadbalancer-aws-elb.yaml` to create a `
 
 
 <span id="appendix"></span>
-## Appendix: Disabling the PROXY Protocol
+## Appendix: Disable the PROXY Protocol
 
 If you want to disable the PROXY Protocol, perform these steps.