[Idea]: suggestions to improve multi-container NAP deployment via docker

[mrajagopal]

What is your idea for improving documentation?

Reference doc: https://docs.nginx.com/waf/install/docker/#multi-container-configuration

• The docker-compose YAML must use the same mounts across all the containers
  The nginx services refers to empty docker volume mounts:

    - app_protect_bd_config:/opt/app_protect/bd_config
    - app_protect_config:/opt/app_protect/config
    - app_protect_etc_config:/etc/app_protect/conf

While the WAF containers are referring to /opt/app_protect/:

 - /opt/app_protect/bd_config:/opt/app_protect/bd_config
 - /opt/app_protect/config:/opt/app_protect/config
 - /etc/app_protect/conf:/etc/app_protect/conf

The WAF containers have it right, as we provided 101:101 permissions to the said directory.

• The app_protect_enforcer_address 127.0.0.1:50000; should be a placeholder item for the waf-enforcer address instead of 127.0.0.1 - this is not valid for container deployments
• An even better approach is to set the ip-addresses of the containers, that way the app_protect_enforcer_address is fixed in the nginx.conf making the example deployment easy for the customer/user:

services:
  nginx:
  .....
    networks:
      waf_network:
        ipv4_address: 172.30.0.10

  waf-enforcer:
  .....
    networks:
      waf_network:
        ipv4_address: 172.30.0.10

networks:
  waf_network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.30.0.0/16
          gateway: 172.30.0.1

Which product or products does this idea relate to?

F5 WAF for NGINX

Does this idea relate to other issues?

No response

Are there alternative ideas for improving the same topic?

No response

Any additional information

No response