Upgrade F5 WAF for NGINX
This document describes how to upgrade F5 WAF for NGINX.
Security updates can be managed independently from F5 WAF for NGINX versions: based on your installation method, you should read the Update F5 WAF for NGINX signatures or Build and use the compiler tool topics.
Depending on your method, you may have installed virtual environment packages as part of a virtual machine/bare metal installation or a hybrid Docker configuration deployment.
You can update the F5 WAF for NGINX packages using the environment’s package manager, used during the Platform-specific instructions of installation.
An operating system using dnf might update the package with this command:
sudo dnf -y update app-protectWhile an apt based system would use the following instead:
sudo apt-get update && apt-get install -y app-protectYou can upgrade packages within Docker containers the same way as in the Virtual environment packages section.
Otherwise, you can update the version of F5 WAF components you are using by changing the tag prefixed to the image: key in your docker-compose files.
In a Kubernetes deployment, your approach for upgrading F5 WAF for NGINX depends on your installation method.
For Helm, first pull the chart:
helm pull oci://private-registry.nginx.com/nap/nginx-app-protect --version <release-name> --untarThen use the upgrade argument with the release name.
helm upgrade <release-name> .For Manifests you can update the tagged image: in your created Manifest files.
Then you can use apply to upgrade:
kubectl apply -f manifests/