Fix mountPath directory for NAP5 policy documentation (#7191)

* Fix mountPath directory for NAP5 policy documentation This commit updates the path for the volumeMounts shown in the NAP5 compile documentation to use the newest convention, and also adds a missing parameter from the `kubectl cp` example at the end of the page. Issue reported by Fabrizio Fiorucci, as it can cause confusion and possible error for a reader following along and reading the NAP documentation concurrently. * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <[email protected]>
nginx · Jan 23, 2025 · ae73e34 · ae73e34
1 parent bedac28
commit ae73e34
Showing 1 changed file with 27 additions and 8 deletions.
diff --git a/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md b/site/content/installation/integrations/app-protect-waf-v5/compile-waf-policies.md
@@ -1,8 +1,10 @@
 ---
-docs: DOCS-000
 title: Compile NGINX App Protect WAF policies using NGINX Instance Manager
-toc: true
 weight: 300
+toc: true
+type: how-to
+product: NIC
+docs: DOCS-000
 ---
 
 ## Overview
@@ -15,12 +17,17 @@ By using NGINX Instance Manager to compile WAF policies, the policy bundle can a
 
 The following steps describe how to use the NGINX Instance Manager API to create a new security policy, compile a bundle, then add it to NGINX Ingress Controller.
 
+---
+
 ## Before you start
+
 ### Requirements
 - A working [NGINX Instance Manager](https://docs.nginx.com/nginx-instance-manager/deploy/) instance.
 - An [NGINX Instance Manager user](https://docs.nginx.com/nginx-instance-manager/admin-guide/rbac/overview-rbac/) for API requests.
 - A NGINX Ingress Controller [deployment with NGINX App Protect WAF]({{< relref "/installation/integrations/app-protect-waf/installation.md" >}}).
 
+---
+
 ## Create a new security policy
 
 {{< tip >}} You can skip this step if you intend to use an existing security policy. {{< /tip >}}
@@ -80,6 +87,8 @@ It is one of two unique IDs we will use to download the bundle: it will be refer
 
 {{< /important >}}
 
+---
+
 ## Create a new security bundle
 
 Once you have created (Or selected) a security policy, [create a security bundle](https://docs.nginx.com/nginx-instance-manager/nginx-app-protect/manage-waf-security-policies/#create-security-policy-bundles) using the API. The version in the bundle you create **must** match the WAF compiler version you intend to use.
@@ -180,6 +189,8 @@ It is one of two unique IDs we will use to download the bundle: it will be refer
 
 {{< /important >}}
 
+---
+
 ## Download the security bundle
 
 Use a GET request to download the security bundle using the policy and bundle IDs:
@@ -196,7 +207,9 @@ curl -X GET -k 'https://127.0.0.1/api/platform/v1/security/policies/6af9f261-658
      | jq -r '.content' | base64 -d > security-policy-bundle.tgz
 ```
 
-## Add volumes and volumeMounts to NGINX Ingress Controller
+---
+
+## Add volumes and volumeMounts
 
 To use WAF security bundles, your NGINX Ingress Controller instance must have *volumes* and *volumeMounts*. Precise paths are used to detect when bundles are uploaded to the cluster.
 
@@ -210,7 +223,7 @@ persistentVolumeClaim:
 
 volumeMounts:
 - name: <volume_mount_name>
-    mountPath: /etc/nginx/waf/bundles
+    mountPath: /etc/app_protect/bundles
 ```
 
 A full example of a deployment file with `volumes` and `volumeMounts` could look like the following:
@@ -281,7 +294,7 @@ spec:
             - NET_BIND_SERVICE
         volumeMounts:
         -  name: bundle-mount
-           mountPath: /etc/nginx/waf/bundles
+           mountPath: /etc/app_protect/bundles
         env:
         - name: POD_NAMESPACE
           valueFrom:
@@ -297,9 +310,11 @@ spec:
           - -external-service=nginx-ingress
 ```
 
+---
+
 ## Create WAF policy
 
-To process a bundle, you must create a new WAF policy. This policy is added to `/etc/nginx/waf/bundles`, allowing NGINX Ingress Controller to load it into WAF.
+To process a bundle, you must create a new WAF policy. This policy is added to `/etc/app_protect/bundles`, allowing NGINX Ingress Controller to load it into WAF.
 
 The example below shows the required WAF policy, and the *apBundle* and *apLogConf* fields you must use for the security bundle binary file (A tar ball).
 
@@ -318,6 +333,8 @@ spec:
         logDest: "<security-log-destination-URL>"
 ```
 
+---
+
 ## Create VirtualServer resource and apply policy
 
 Once the WAF policy has been created, link it to your *virtualServer resource*.
@@ -341,12 +358,14 @@ spec:
       pass: webapp
 ```
 
+---
+
 ## Upload the security bundle
 
-To finish adding a security bundle, the binary file to the NGINX Ingress Controller pods.
+To finish adding a security bundle, upload the binary file to the NGINX Ingress Controller pods.
 
 ```shell
-kubectl cp /your/local/path/<bundle_name>.tgz  <namespace>/<pod-name>:etc/nginx/waf/bundles<bundle_name>.tgz
+kubectl cp /your/local/path/<bundle_name>.tgz  <namespace>/<pod-name>:etc/app_protect/bundles<bundle_name>.tgz -c nginx-plus-ingress
 ```
 
 Once the bundle has been uploaded to the cluster, NGINX Ingress Controller will detect and automatically load the new WAF policy.