Add docs on restricting public access to management operations.

[Yasasr1]

This pull request adds documentation on how to restrict public access to management operations in WSO2 Identity Server across versions 7.1.0, 7.2.0, and next. It introduces a new guide that explains two main strategies—network-level and proxy-level isolation—and updates navigation to include this guide in the deployment section.

Documentation Additions:

• Added a new guide, configure-console-hostname.md, detailing two approaches to isolate management operations from public access: (1) network-level separation between control and data planes, and (2) proxy-level isolation using a separate hostname and NGINX configuration. The guide includes diagrams, configuration samples, and step-by-step instructions.

Navigation Updates:

• Updated the navigation in mkdocs.yml for versions 7.1.0, 7.2.0, and next to include the new "Restrict public access to management operations" guide under the deployment section.

Summary by CodeRabbit

• Documentation
  • Added a comprehensive guide "Restrict public access to management operations" covering two isolation strategies: network-level separation and proxy-based isolation with sample reverse-proxy configuration, URL rewriting guidance, and step-by-step setup.
  • Surfaced the new guide in the deployment/navigation across documentation versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds a new shared documentation page describing strategies to restrict public access to management operations and wires it into versioned docs (7.1.0, 7.2.0, next) with corresponding mkdocs navigation entries. No code or API changes.

Changes

Cohort / File(s)	Summary
Shared Documentation en/includes/deploy/configure-console-hostname.md	New comprehensive guide (~183 lines) describing control/data-plane isolation and proxy-based (NGINX) hostname separation, with architecture notes, endpoint visibility rules, sample NGINX blocks, deployment.toml snippets, and step-by-step instructions.
Versioned Doc Pages (includes) en/identity-server/7.1.0/docs/deploy/configure-console-hostname.md, en/identity-server/7.2.0/docs/deploy/configure-console-hostname.md, en/identity-server/next/docs/deploy/configure-console-hostname.md	New lightweight pages added that each contain a single include directive pulling in the shared documentation.
Navigation Updates en/identity-server/7.1.0/mkdocs.yml, en/identity-server/7.2.0/mkdocs.yml, en/identity-server/next/mkdocs.yml	MkDocs navigation entries added for "Restrict public access to management operations" under Deploy, linking to the new pages and adjusting nav order.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I hopped through docs both near and far,

To tuck the console behind a star.
With proxies, hosts, and rules aligned,
Management paths now gently signed.
🍃 Hop—securely—one config at a time.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete against the template. It lacks required sections: Purpose/issue links, Related PRs, Test environment, and Security checks—all mandatory template fields.	Add missing template sections including Purpose with issue links, Related PRs section, Test environment details, and Security checks with appropriate checkboxes marked.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding documentation on restricting public access to management operations, which matches the primary purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds comprehensive documentation on restricting public access to management operations in WSO2 Identity Server. The guide introduces two security approaches for isolating administrative operations from runtime traffic: network-level separation (control plane vs. data plane) and proxy-level isolation using separate hostnames.

Changes:

• Added new deployment guide explaining control plane/data plane separation and proxy-level isolation strategies
• Included NGINX configuration samples and WSO2 Identity Server configuration instructions
• Updated navigation across three versions (7.1.0, 7.2.0, and next) to include the new guide

Reviewed changes

Copilot reviewed 7 out of 10 changed files in this pull request and generated 17 comments.

Show a summary per file

File	Description
en/includes/deploy/configure-console-hostname.md	New comprehensive guide with two approaches for restricting public access to management operations, including diagrams, NGINX configurations, and Identity Server settings
en/identity-server/next/mkdocs.yml	Added navigation entry for the new guide in the deployment section
en/identity-server/next/docs/deploy/configure-console-hostname.md	Include file that references the shared documentation
en/identity-server/7.2.0/mkdocs.yml	Added navigation entry for the new guide in the deployment section
en/identity-server/7.2.0/docs/deploy/configure-console-hostname.md	Include file that references the shared documentation
en/identity-server/7.1.0/mkdocs.yml	Added navigation entry for the new guide in the deployment section
en/identity-server/7.1.0/docs/deploy/configure-console-hostname.md	Include file that references the shared documentation

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@en/includes/deploy/configure-console-hostname.md`:
- Line 154: Replace the typo "dosen't" with the correct contraction "doesn't" in
the sentence mentioning load balancers and URL rewrite rules (the line
containing "Some load balancers dosen't support URL rewrite rules similar to
`sub_filter` on NGINX."). Ensure the corrected sentence reads "Some load
balancers doesn't support..."—actually use "Some load balancers don't support
URL rewrite rules similar to `sub_filter` on NGINX." to match plural subject
"load balancers."

🧹 Nitpick comments (1)

en/includes/deploy/configure-console-hostname.md (1)

16-16: Optional: Image filename contains typo.

The image filename data-plane-control-plane-seperation.png has "seperation" misspelled (should be "separation"). Consider renaming both the file and this reference for consistency.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@en/includes/deploy/configure-console-hostname.md`:
- Line 40: The word "seperation" in the sentence should be corrected to
"separation"; update the Markdown in the section containing the sentence that
currently reads "logical isolation by exposing the Console application on a
different hostname instead of a full network seperation" to use "separation" so
it reads "...instead of a full network separation," ensuring the spelling change
is applied to the content that mentions the Console and runtime domain examples
(`is.dev.wso2.com`, `carbon.dev.wso2.com`).