From 034adb0bd47fb6c3483e94ba9693133f2848da7b Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Tue, 25 Nov 2025 13:37:10 +0000
Subject: [PATCH 01/16] docs: add missing prerequisite for installation

---
 content/waf/install/virtual-environment.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index 4b01e1634..7a8867105 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -23,13 +23,11 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- A working [NGINX Open Source]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md" >}}) or [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance.
+- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance.
 - An active F5 WAF for NGINX subscription (Purchased or trial).
 
 Depending on your deployment type, you may have additional requirements:
 
-- [Docker](https://docs.docker.com/get-started/get-docker/) is required for NGINX Open Source or NGINX Plus type deployments.
-
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
 {{< include "waf/install-selinux-warning.md" >}}

From dd5ddd59ca39be229eb3c4ef80c0715a471d6daa Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Tue, 25 Nov 2025 15:15:36 +0000
Subject: [PATCH 02/16] added info about nginx x being installed with app
 protect

---
 content/waf/install/virtual-environment.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index 7a8867105..ff2ff2a22 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance.
+- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
 - An active F5 WAF for NGINX subscription (Purchased or trial).
 
 Depending on your deployment type, you may have additional requirements:

From 41ce587349c59674b2ee24e0b7087dfd559b5c8c Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 08:08:46 +0000
Subject: [PATCH 03/16] updated kubernetes

---
 content/includes/waf/install-update-configuration.md | 5 -----
 content/waf/install/docker.md                        | 5 +++++
 content/waf/install/kubernetes.md                    | 2 ++
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md
index 23b1c63ae..3577367cf 100644
--- a/content/includes/waf/install-update-configuration.md
+++ b/content/includes/waf/install-update-configuration.md
@@ -121,8 +121,3 @@ server {
 {{% /tab %}}
 
 {{< /tabs >}}
-
-Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:
-
-- `nginx -s reload`
-- `sudo systemctl reload nginx`
\ No newline at end of file
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index bbd372b61..055c8129e 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -1293,6 +1293,11 @@ CMD ["sh", "/root/entrypoint.sh"]
 
 {{< include "waf/install-update-configuration.md" >}}
 
+Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:
+
+- `nginx -s reload`
+- `sudo systemctl reload nginx`
+
 F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks).
 
 ## Post-installation checks
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index fa484c842..9a18a6a18 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -226,6 +226,8 @@ From this point, the steps change based on your installation method:
 
 ### Download your JSON web token
 
+To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal:
+
 {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
 
 ### Get the Helm chart

From c82aa21df795a59bee31553461b405f424f72cc5 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 08:50:06 +0000
Subject: [PATCH 04/16] added supported os and Kubernetes ctl/cluster

---
 content/waf/install/docker.md         | 4 ++--
 content/waf/install/kubernetes-plm.md | 3 ++-
 content/waf/install/kubernetes.md     | 5 +++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index 055c8129e..063047e5c 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -143,7 +143,7 @@ http {
 
 ### Create a Dockerfile
 
-In the same folder as your credential and configuration files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections.
+In the same folder as your credential and configuration files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.
 
 Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image:
 
@@ -913,7 +913,7 @@ http {
 
 Copy or move your subscription files into a new folder.
 
-In the same folder as the subscription files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections.
+In the same folder as the subscription files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.
 
 {{< call-out "note" >}}
 
diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
index 7407e9af8..6ff69bba0 100644
--- a/content/waf/install/kubernetes-plm.md
+++ b/content/waf/install/kubernetes-plm.md
@@ -36,7 +36,8 @@ These enhancements are  only available for Helm-based deployments.
 
 To complete this guide, you will need the following prerequisites:
 
-- [A functional Kubernetes cluster]({{< ref "/waf/install/kubernetes.md" >}})
+- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
+- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - [Helm](https://helm.sh/docs/intro/install/)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
 - An active F5 WAF for NGINX subscription (Purchased or trial)
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index 9a18a6a18..6f0594640 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -18,7 +18,8 @@ It explains the common steps necessary for any Kubernetes-based deployment, then
 
 To complete this guide, you will need the following pre-requisites:
 
-- A functional Kubernetes cluster
+- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
+- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - An active F5 WAF for NGINX subscription (Purchased or trial)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
 
@@ -36,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r
 
 ## Create a Dockerfile
 
-In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections.
+In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.
 
 Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image:
 

From c7fb91b87da68eecc034f862bb13635033925d15 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 09:39:39 +0000
Subject: [PATCH 05/16] temp

---
 content/waf/install/virtual-environment.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index ff2ff2a22..8f81de119 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -23,8 +23,9 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
 - An active F5 WAF for NGINX subscription (Purchased or trial).
+- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
+    - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
 
 Depending on your deployment type, you may have additional requirements:
 

From fa08dfa710a1650862da450793be94bbf8780db0 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 09:47:59 +0000
Subject: [PATCH 06/16] test

---
 content/waf/install/virtual-environment.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index 8f81de119..c1a68ed50 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites:
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
 - An active F5 WAF for NGINX subscription (Purchased or trial).
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
-    - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
-
+- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
+- this is a test
 Depending on your deployment type, you may have additional requirements:
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.

From 050e0682bb9c910b2f0d3d479ea4513a92aa8fa9 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 10:00:26 +0000
Subject: [PATCH 07/16] test

---
 content/waf/install/virtual-environment.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index c1a68ed50..2a49ec99d 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites:
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
 - An active F5 WAF for NGINX subscription (Purchased or trial).
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
-- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
 - this is a test
+
 Depending on your deployment type, you may have additional requirements:
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.

From e5d91557c7edbb87d8d3216e686a6a1d8ea8bee2 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 10:07:45 +0000
Subject: [PATCH 08/16] added link to my my5

---
 content/waf/install/virtual-environment.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index 2a49ec99d..9157d3d52 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -23,9 +23,8 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- An active F5 WAF for NGINX subscription (Purchased or trial).
+- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial).
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
-- this is a test
 
 Depending on your deployment type, you may have additional requirements:
 

From 95f91ecd99f0b9dde5957fa23b8fd7a515c9bedb Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 10:35:46 +0000
Subject: [PATCH 09/16] updated myf5 with link

---
 content/waf/install/disconnected-environment.md | 2 +-
 content/waf/install/docker.md                   | 2 +-
 content/waf/install/kubernetes-plm.md           | 2 +-
 content/waf/install/kubernetes.md               | 2 +-
 content/waf/install/virtual-environment.md      | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md
index 88e1a8bc9..60794d2ee 100644
--- a/content/waf/install/disconnected-environment.md
+++ b/content/waf/install/disconnected-environment.md
@@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites:
     - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}})
     - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}})
     - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}})
-- An active F5 WAF for NGINX subscription (Purchased or trial).
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - A connected environment with similar architecture
 - A method to transfer files between two environments
 
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index 063047e5c..fac8758a2 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -16,7 +16,7 @@ This page describes how to install F5 WAF for NGINX using Docker.
 
 To complete this guide, you will need the following prerequisites:
 
-- An active F5 WAF for NGINX subscription (Purchased or trial)
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
index 6ff69bba0..b510eded6 100644
--- a/content/waf/install/kubernetes-plm.md
+++ b/content/waf/install/kubernetes-plm.md
@@ -40,7 +40,7 @@ To complete this guide, you will need the following prerequisites:
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - [Helm](https://helm.sh/docs/intro/install/)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
-- An active F5 WAF for NGINX subscription (Purchased or trial)
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc.
 
 ## Download your subscription credentials 
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index 6f0594640..1a4b05d2e 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -20,7 +20,7 @@ To complete this guide, you will need the following pre-requisites:
 
 - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
-- An active F5 WAF for NGINX subscription (Purchased or trial)
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
 
 You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment.
diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
index 9157d3d52..3488841c6 100644
--- a/content/waf/install/virtual-environment.md
+++ b/content/waf/install/virtual-environment.md
@@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial).
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation)
 
 Depending on your deployment type, you may have additional requirements:

From e5c28315fc8bd37c8baf715e5efdc0160a3cc886 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 11:37:25 +0000
Subject: [PATCH 10/16] added info for docker registry access

---
 content/waf/install/kubernetes-plm.md | 1 +
 content/waf/install/kubernetes.md     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
index b510eded6..18ca14a78 100644
--- a/content/waf/install/kubernetes-plm.md
+++ b/content/waf/install/kubernetes-plm.md
@@ -40,6 +40,7 @@ To complete this guide, you will need the following prerequisites:
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - [Helm](https://helm.sh/docs/intro/install/)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
+- Docker registry credentials — needed to access private-registry.nginx.com
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc.
 
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index 1a4b05d2e..090f05d6a 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -22,6 +22,7 @@ To complete this guide, you will need the following pre-requisites:
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - [Docker](https://docs.docker.com/get-started/get-docker/)
+- Docker registry credentials — needed to access private-registry.nginx.com
 
 You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment.
 

From 7cc76bed07e7be7af6b1b5130b265c3b0b5f0441 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 11:43:43 +0000
Subject: [PATCH 11/16] test for jwt

---
 content/waf/install/docker.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index fac8758a2..27e1cbefa 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -45,6 +45,8 @@ The steps you should follow on this page are dependent on your configuration typ
 
 {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
 
+[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
+
 ## Configure Docker for the F5 Container Registry
 
 {{< include "waf/install-services-registry.md" >}}

From 2b270a96419ecb1c66d452f24ccde08b8f29cae8 Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 14:36:24 +0000
Subject: [PATCH 12/16] added jwt for docker

---
 content/includes/waf/install-build-image.md |  1 +
 content/waf/install/docker.md               | 20 +++++++++++---------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md
index 45ccc3068..1a76c8373 100644
--- a/content/includes/waf/install-build-image.md
+++ b/content/includes/waf/install-build-image.md
@@ -7,6 +7,7 @@ Your folder should contain the following files:
 
 - _nginx-repo.crt_
 - _nginx-repo.key_
+- _license.jwt_ (Only necessary when using NGINX Plus)
 - _nginx.conf_
 - _entrypoint.sh_
 - _Dockerfile_
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index 27e1cbefa..903477f0d 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -42,10 +42,12 @@ The single container configuration only supports NGINX Plus and requires a build
 The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section.
 
 ## Download your subscription credentials 
+### Shared Requirements
 
 {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
 
-[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used
+### Additional Requirement for NGINX Plus Users
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
 
 ## Configure Docker for the F5 Container Registry
 
@@ -956,7 +958,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -998,7 +1000,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1053,7 +1055,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1099,7 +1101,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1142,7 +1144,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1184,7 +1186,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1226,7 +1228,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1281,7 +1283,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]

From ece451e3b08fd53e491541601c10a8a254cce68a Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Wed, 26 Nov 2025 15:39:22 +0000
Subject: [PATCH 13/16] last work before remove

---
 content/includes/waf/install-services-registry.md |  2 ++
 content/waf/install/docker.md                     | 14 +++++++++++---
 content/waf/install/kubernetes-plm.md             |  4 ++--
 content/waf/install/kubernetes.md                 |  4 ++--
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md
index c9f686e8d..2389912d7 100644
--- a/content/includes/waf/install-services-registry.md
+++ b/content/includes/waf/install-services-registry.md
@@ -5,6 +5,8 @@ nd-files:
 - content/waf/install/kubernetes.md
 ---
 
+Docker registry credentials are needed to access private-registry.nginx.com
+
 Create a directory and copy your certificate and key to this directory:
 
 ```shell
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index 903477f0d..b1971b598 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -17,7 +17,8 @@ This page describes how to install F5 WAF for NGINX using Docker.
 To complete this guide, you will need the following prerequisites:
 
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
-- [Docker](https://docs.docker.com/get-started/get-docker/)
+- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
+- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration)
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
@@ -442,7 +443,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th
 {{< include "waf/install-services-docker.md" >}}
 
 #### Download Docker images
-
+[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images
 {{< include "waf/install-services-images.md" >}}
 
 #### Create and run a Docker Compose file
@@ -818,7 +819,7 @@ sudo dnf install app-protect-module-plus
 {{< include "waf/install-services-docker.md" >}}
 
 #### Download Docker images
-
+[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images
 {{< include "waf/install-services-images.md" >}}
 
 #### Create and run a Docker Compose file
@@ -1311,3 +1312,10 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa
 ## Next steps
 
 {{< include "waf/install-next-steps.md" >}}
+
+## Remove NGINX docker image
+Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use.
+
+[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool
+
+TODO
diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
index 18ca14a78..d3d61bc5f 100644
--- a/content/waf/install/kubernetes-plm.md
+++ b/content/waf/install/kubernetes-plm.md
@@ -39,8 +39,8 @@ To complete this guide, you will need the following prerequisites:
 - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - [Helm](https://helm.sh/docs/intro/install/)
-- [Docker](https://docs.docker.com/get-started/get-docker/)
-- Docker registry credentials — needed to access private-registry.nginx.com
+- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
+- Docker registry credentials are needed to access private-registry.nginx.com
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc.
 
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index 090f05d6a..eed7cec0e 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -21,8 +21,8 @@ To complete this guide, you will need the following pre-requisites:
 - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
-- [Docker](https://docs.docker.com/get-started/get-docker/)
-- Docker registry credentials — needed to access private-registry.nginx.com
+- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
+- Docker registry credentials are needed to access private-registry.nginx.com
 
 You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment.
 

From dc87dc49611b609d00626f8968deef039c2dae8f Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Thu, 27 Nov 2025 06:44:13 +0000
Subject: [PATCH 14/16] remove line since we have the line above it

---
 content/waf/install/kubernetes-plm.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
index d3d61bc5f..f8a059a1c 100644
--- a/content/waf/install/kubernetes-plm.md
+++ b/content/waf/install/kubernetes-plm.md
@@ -42,7 +42,6 @@ To complete this guide, you will need the following prerequisites:
 - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
 - Docker registry credentials are needed to access private-registry.nginx.com
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
-- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc.
 
 ## Download your subscription credentials 
 

From 7b40c83174dcfb3bef363f65e4b36972389fedba Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Thu, 27 Nov 2025 13:48:31 +0000
Subject: [PATCH 15/16] updated docker for jwt

---
 content/includes/waf/install-build-image.md |  4 +-
 content/waf/install/docker.md               | 48 +++++++++++++++++----
 2 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md
index 1a76c8373..dec2acb30 100644
--- a/content/includes/waf/install-build-image.md
+++ b/content/includes/waf/install-build-image.md
@@ -16,13 +16,13 @@ Your folder should contain the following files:
 To build an image, use the following command, replacing `<your-image-name>` as appropriate:
 
 ```shell
-sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
 ```
 
 A RHEL-based system would use the following command instead:
 
 ```shell
-podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
 ```
 
 {{< call-out "note" >}}
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
index b1971b598..b420dbbda 100644
--- a/content/waf/install/docker.md
+++ b/content/waf/install/docker.md
@@ -954,12 +954,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
     --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
     apk update && apk add app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -996,12 +1000,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     dnf -y install app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1051,12 +1059,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     apt-get install -y app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1097,12 +1109,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     dnf install -y app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1140,12 +1156,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     dnf install -y app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1186,8 +1206,12 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1224,12 +1248,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     dnf install -y app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]
@@ -1279,12 +1307,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
     apt-get install -y app-protect-ip-intelligence
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Forward request logs to Docker log collector:
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
 # Copy configuration files:
-COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/
+COPY nginx.conf custom_log_format.json /etc/nginx/
 COPY entrypoint.sh /root/
 
 CMD ["sh", "/root/entrypoint.sh"]

From 8908115ca71fbe6358f45e9701888c6932a3631c Mon Sep 17 00:00:00 2001
From: Daniel Klein <d.klein@f5.com>
Date: Thu, 27 Nov 2025 15:50:55 +0000
Subject: [PATCH 16/16] update dockerfile for nap

---
 .../includes/waf/dockerfiles/alpine-plus.md   |  4 +++
 .../includes/waf/dockerfiles/amazon-plus.md   |  4 +++
 .../includes/waf/dockerfiles/debian-plus.md   |  4 +++
 .../includes/waf/dockerfiles/oracle-plus.md   |  4 +++
 .../includes/waf/dockerfiles/rhel8-plus.md    |  4 +++
 .../includes/waf/dockerfiles/rhel9-plus.md    |  4 +++
 .../includes/waf/dockerfiles/rocky9-plus.md   |  4 +++
 .../includes/waf/dockerfiles/ubuntu-plus.md   |  4 +++
 content/includes/waf/install-build-image.md   | 13 +++++++++-
 content/waf/install/kubernetes.md             | 25 +++++++++++++------
 10 files changed, 62 insertions(+), 8 deletions(-)

diff --git a/content/includes/waf/dockerfiles/alpine-plus.md b/content/includes/waf/dockerfiles/alpine-plus.md
index 07551a6cd..2c9276820 100644
--- a/content/includes/waf/dockerfiles/alpine-plus.md
+++ b/content/includes/waf/dockerfiles/alpine-plus.md
@@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
     && rm -rf /var/cache/apk/*
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/amazon-plus.md b/content/includes/waf/dockerfiles/amazon-plus.md
index d4ec7bba2..d943b33f1 100644
--- a/content/includes/waf/dockerfiles/amazon-plus.md
+++ b/content/includes/waf/dockerfiles/amazon-plus.md
@@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/debian-plus.md b/content/includes/waf/dockerfiles/debian-plus.md
index 204dfa633..7c8581d11 100644
--- a/content/includes/waf/dockerfiles/debian-plus.md
+++ b/content/includes/waf/dockerfiles/debian-plus.md
@@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/oracle-plus.md b/content/includes/waf/dockerfiles/oracle-plus.md
index 98bd1e15b..c62d33bb1 100644
--- a/content/includes/waf/dockerfiles/oracle-plus.md
+++ b/content/includes/waf/dockerfiles/oracle-plus.md
@@ -29,6 +29,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/rhel8-plus.md b/content/includes/waf/dockerfiles/rhel8-plus.md
index 9f05ce79f..ac00cc4e3 100644
--- a/content/includes/waf/dockerfiles/rhel8-plus.md
+++ b/content/includes/waf/dockerfiles/rhel8-plus.md
@@ -45,6 +45,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/rhel9-plus.md b/content/includes/waf/dockerfiles/rhel9-plus.md
index 464ba150e..6f6c96a53 100644
--- a/content/includes/waf/dockerfiles/rhel9-plus.md
+++ b/content/includes/waf/dockerfiles/rhel9-plus.md
@@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/rocky9-plus.md b/content/includes/waf/dockerfiles/rocky9-plus.md
index 464ba150e..6f6c96a53 100644
--- a/content/includes/waf/dockerfiles/rocky9-plus.md
+++ b/content/includes/waf/dockerfiles/rocky9-plus.md
@@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/dockerfiles/ubuntu-plus.md b/content/includes/waf/dockerfiles/ubuntu-plus.md
index 89a2e7d8b..7333f22d5 100644
--- a/content/includes/waf/dockerfiles/ubuntu-plus.md
+++ b/content/includes/waf/dockerfiles/ubuntu-plus.md
@@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Securely copy the JWT license:
+RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
+    cp license.jwt /etc/nginx/license.jwt
+
 # Expose port
 EXPOSE 80
 
diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md
index dec2acb30..86a729c98 100644
--- a/content/includes/waf/install-build-image.md
+++ b/content/includes/waf/install-build-image.md
@@ -13,7 +13,7 @@ Your folder should contain the following files:
 - _Dockerfile_
 - _custom_log_format.json_ (Optional)
 
-To build an image, use the following command, replacing `<your-image-name>` as appropriate:
+To build an image for NGINX Plus, use the following command, replacing `<your-image-name>` as appropriate:
 
 ```shell
 sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
@@ -24,6 +24,17 @@ A RHEL-based system would use the following command instead:
 ```shell
 podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
 ```
+To build an image for NGINX Open Source, use the following command, replacing `<your-image-name>` as appropriate:
+
+```shell
+sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+```
+
+A RHEL-based system would use the following command instead:
+
+```shell
+podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+```
 
 {{< call-out "note" >}}
 
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
index eed7cec0e..555944053 100644
--- a/content/waf/install/kubernetes.md
+++ b/content/waf/install/kubernetes.md
@@ -36,6 +36,12 @@ To review supported operating systems, read the [Technical specifications]({{< r
 
 {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
 
+### Download your JSON web token
+
+To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal:
+
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
+
 ## Create a Dockerfile
 
 In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.
@@ -206,9 +212,20 @@ Your folder should contain the following files:
 
 - _nginx-repo.crt_
 - _nginx-repo.key_
+- _license.jwt_ (Only necessary when using NGINX Plus)
 - _Dockerfile_
 
-To build an image, use the following command, replacing `<your-image-name>` as appropriate:
+To build an image for NGINX Pluse, use the following command, replacing `<your-image-name>` as appropriate:
+
+```shell
+sudo docker build --no-cache --platform linux/amd64 \
+  --secret id=nginx-crt,src=nginx-repo.crt \
+  --secret id=nginx-key,src=nginx-repo.key \
+  --secret id=license-jwt,src=license.jwt \
+  -t <your-image-name> .
+```
+
+To build an image for NGINX Open Source, use the following command, replacing `<your-image-name>` as appropriate:
 
 ```shell
 sudo docker build --no-cache --platform linux/amd64 \
@@ -226,12 +243,6 @@ From this point, the steps change based on your installation method:
 
 ## Use Helm to install F5 WAF for NGINX
 
-### Download your JSON web token
-
-To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal:
-
-{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
-
 ### Get the Helm chart
 
 To get the Helm chart, first configure Docker for the F5 Container Registry.