diff --git a/.github/config/config-plus-gcr-release b/.github/config/config-plus-gcr-release
index 175f34cc3d..e1c6d12e01 100644
--- a/.github/config/config-plus-gcr-release
+++ b/.github/config/config-plus-gcr-release
@@ -1,7 +1,7 @@
export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-mktpl")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-mktpl")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips" "-mktpl")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips" "-ubi8")
declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
diff --git a/.github/config/config-plus-nginx b/.github/config/config-plus-nginx
index 0490242f7d..546c636721 100644
--- a/.github/config/config-plus-nginx
+++ b/.github/config/config-plus-nginx
@@ -1,8 +1,8 @@
export TARGET_REGISTRY=docker-mgmt.nginx.com
export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="nginx-ic-nap-dos/nginx-plus-ingress"
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips")
declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi")
declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi")
export PUBLISH_OSS=false
diff --git a/.github/data/matrix-smoke-nap.json b/.github/data/matrix-smoke-nap.json
index 39c47a4e03..1d780e7a7d 100644
--- a/.github/data/matrix-smoke-nap.json
+++ b/.github/data/matrix-smoke-nap.json
@@ -18,7 +18,7 @@
},
{
"label": "AP_WAF 3/4",
- "image": "debian-plus-nap",
+ "image": "alpine-plus-nap-fips",
"type": "plus",
"nap_modules": "waf",
"marker": "appprotect_waf_policies_grpc",
diff --git a/.github/data/matrix-smoke-plus.json b/.github/data/matrix-smoke-plus.json
index b92ba8cfac..572d6e4d8a 100644
--- a/.github/data/matrix-smoke-plus.json
+++ b/.github/data/matrix-smoke-plus.json
@@ -37,7 +37,7 @@
},
{
"label": "ingresses 2/2",
- "image": "alpine-plus",
+ "image": "alpine-plus-fips",
"type": "plus",
"marker": "'annotations or basic_auth or hsts or watch_namespace or wildcard_tls'",
"platforms": "linux/arm64, linux/amd64"
@@ -51,7 +51,7 @@
},
{
"label": "VSR 2/3",
- "image": "alpine-plus",
+ "image": "alpine-plus-fips",
"type": "plus",
"marker": "'vsr_basic or vsr_canned or vsr_rewrite or vsr_redirects or vsr_upstream'",
"platforms": "linux/arm64, linux/amd64"
diff --git a/.github/data/patch-images.json b/.github/data/patch-images.json
index 9bb2490855..b258b2c4ce 100644
--- a/.github/data/patch-images.json
+++ b/.github/data/patch-images.json
@@ -35,6 +35,12 @@
"target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress",
"platforms": "linux/arm64, linux/amd64"
},
+ {
+ "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress",
+ "source_os": "alpine-fips",
+ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress",
+ "platforms": "linux/arm64, linux/amd64"
+ },
{
"source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress",
"source_os": "ubi",
@@ -65,6 +71,12 @@
"target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress",
"platforms": "linux/amd64"
},
+ {
+ "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress",
+ "source_os": "alpine-fips",
+ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress",
+ "platforms": "linux/amd64"
+ },
{
"source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress",
"source_os": "debian",
@@ -83,6 +95,12 @@
"target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress",
"platforms": "linux/amd64"
},
+ {
+ "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress",
+ "source_os": "alpine-fips",
+ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress",
+ "platforms": "linux/amd64"
+ },
{
"source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress",
"source_os": "debian",
diff --git a/site/content/releases.md b/site/content/releases.md
index 6b8aa8c6d4..cbb810d778 100644
--- a/site/content/releases.md
+++ b/site/content/releases.md
@@ -8,14 +8,6 @@ toc: true
weight: 2100
---
-{{< note >}}
-FIPS compliant images are currently impacted by compatibility issues with a dependent library.
-
-We recommend against:
-1. Patching older FIPS images, which could re-introduce the incompatible dependency.
-2. Building new custom FIPS images.
-{{< /note >}}
-
{{< note >}}
In our next major release, `v4.0.0`, the default log library for NGINX Ingress Controller will be changed from `golang/glog` to `log/slog`.
This will mean that logs generated by NGINX Ingress Controller will be in a structured format with the option to choose a `string` or `json` output.
diff --git a/site/content/technical-specifications.md b/site/content/technical-specifications.md
index 4bab37dac3..554569285c 100644
--- a/site/content/technical-specifications.md
+++ b/site/content/technical-specifications.md
@@ -74,6 +74,9 @@ NGINX Plus images are available through the F5 Container registry `private-regis
|Name
| Base image
| Third-party modules
| F5 Container Registry Image | Architectures |
| ---| ---| --- | --- | --- |
|Alpine-based image | ``alpine:3.20`` | NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine` | arm64
amd64 |
+|Alpine-based image with FIPS inside | ``alpine:3.20`` | NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog
FIPS module and OpenSSL configuration | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | arm64
amd64 |
+|Alpine-based image with NGINX App Protect WAF & FIPS inside | ``alpine:3.17`` | NGINX App Protect WAF
NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog
FIPS module and OpenSSL configuration | `nginx-ic-nap/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | arm64
amd64 |
+|Alpine-based image with NGINX App Protect WAF v5 & FIPS inside | ``alpine:3.17`` | NGINX App Protect WAF v5
NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog
FIPS module and OpenSSL configuration | `nginx-ic-nap-v5/nginx-plus-ingress:{{< nic-version >}}-alpine-fips` | arm64
amd64 |
|Debian-based image | ``debian:12-slim`` | NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:{{< nic-version >}}` | arm64
amd64 |
|Debian-based image with NGINX App Protect WAF | ``debian:12-slim`` | NGINX App Protect WAF
NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog | `nginx-ic-nap/nginx-plus-ingress:{{< nic-version >}}` | amd64 |
|Debian-based image with NGINX App Protect WAF v5 | ``debian:12-slim`` | NGINX App Protect WAF v5
NGINX Plus JavaScript and OpenTracing modules
OpenTracing tracers for Jaeger
Zipkin and Datadog | `nginx-ic-nap-v5/nginx-plus-ingress:{{< nic-version >}}` | amd64 |