diff --git a/apps/docs/content/elasticsearch/overview.mdx b/apps/docs/content/elasticsearch/overview.mdx index f39cfd9f..0b504f4f 100644 --- a/apps/docs/content/elasticsearch/overview.mdx +++ b/apps/docs/content/elasticsearch/overview.mdx @@ -2,7 +2,7 @@ title: Elasticsearch --- -Zerops provides Elasticsearch as a service, supporting both standalone and high-availability deployments. +Deploy [Elasticsearch] instances in Zerops with flexible scaling options, from standalone to highly available clusters. ## Connection diff --git a/apps/docs/content/features/access.mdx b/apps/docs/content/features/access.mdx index 6dc2aa6e..0b53d980 100644 --- a/apps/docs/content/features/access.mdx +++ b/apps/docs/content/features/access.mdx @@ -144,12 +144,9 @@ All settings can be modified later as your needs change. ### DNS Configuration -After setting up domain access in Zerops, update your DNS records with your domain registrar: +After setting up domain access in Zerops, you'll need to configure your DNS records with your domain registrar. -1. Add an A record pointing to your project's public IPv4 address -2. Add an AAAA record pointing to your project's public IPv6 address - -Your application will become accessible through your domain after DNS propagation (depends on your TTL settings). +For detailed instructions on DNS configuration, including specific implementation details for Cloudflare, please refer to the [DNS and Proxy Setup](/features/dns) guide. ### HTTPS Configuration @@ -186,7 +183,7 @@ For applications requiring direct port access or non-HTTP protocols, Zerops prov ### Port Configuration -1. Navigate to service detail page in Zerops GUI, select **Public access & internal ports** and click **Setup first access through IPv6** or activate **Unique IPv4** +1. Navigate to service detail page in Zerops GUI, select **Public access & internal ports** and click **Setup first access through IPv6** or activate **Unique IPv4 add-on** 2. Configure your port settings: - Choose any port from 10-65435 (except 80 and 443) - Select destination service and internal port diff --git a/apps/docs/content/features/dns.mdx b/apps/docs/content/features/dns.mdx new file mode 100644 index 00000000..d5471153 --- /dev/null +++ b/apps/docs/content/features/dns.mdx @@ -0,0 +1,176 @@ +--- +title: DNS and Proxy Configuration Guide +desc: A comprehensive guide for configuring DNS records and proxy settings with Zerops applications, including shared and dedicated IPv4 setups, security measures, and troubleshooting tips. +--- + +This guide will show you how to configure DNS records and proxy settings to work with your Zerops applications, with specific implementation details for Cloudflare. + +## DNS Configuration + +DNS records for Zerops services can be configured in two main ways: +* **With Proxy**: Routes traffic through proxy services, providing additional security and performance features +* **Without Proxy (DNS Only)**: Direct connection to your Zerops service's IP address + +DNS allows you to set two records based on IP address type: +* **A** record for **IPv4** - Zerops offers either a free **shared** IPv4 or a paid **dedicated** IPv4 +* **AAAA** record for **IPv6** - Zerops provides a free **dedicated** IPv6 + +### With Proxy + +#### IPv6 only +```bash +Type Name Content Proxy status TTL +AAAA Proxied Auto +``` + +:::note +Make sure your proxy service supports IPv4 to IPv6 translation for this configuration to work for **both IPv4 and IPv6** users. + +Do not add a proxied A record with shared IPv4 - doing so would prevent the proxy from properly routing IPv4 traffic to your service. +::: + +#### Dedicated IPv4 +```bash +Type Name Content Proxy status TTL +A Proxied Auto +# Optional +AAAA Proxied Auto +``` + +:::tip +Adding also AAAA record can be beneficial as visitors with IPv6 support will connect directly via IPv6. +::: + +#### Shared IPv4 *(valid but NOT recommended)* +```bash +Type Name Content Proxy status TTL +AAAA DNS only Auto +A Proxied Auto +``` + +:::tip Why not? +It does not make sense to expose your IPv6 address while proxying the shared IPv4. Use [IPv6 only](#ipv6-only) setup instead. +::: + +### Without Proxy + +#### Shared IPv4 +```bash +Type Name Content Proxy status TTL +AAAA DNS only Auto +A DNS only Auto +``` + +:::note Both A + AAAA Required +Adding AAAA record is essential for shared IPv4 configuration as it serves as a [security measure](#understand-shared-ipv4) to prevent unauthorized domain claims. +::: + +#### Dedicated IPv4 +```bash +Type Name Content Proxy status TTL +A DNS only Auto +# Optional +AAAA DNS only Auto +``` + +:::tip +Adding also AAAA record can be beneficial as visitors with IPv6 support will connect directly via IPv6. +::: + +#### IPv6 only +```bash +Type Name Content Proxy status TTL +AAAA DNS only Auto +``` + +:::note +This configuration will only work for users with IPv6 connectivity, which may limit your service accessibility. +::: + +### Understanding Shared IPv4 Addresses {#understand-shared-ipv4} + +Shared IPv4 allows multiple Zerops projects to use the same IPv4 address while maintaining separate routing for each project. Here's how it works: + +1. When a visitor makes a request, it first arrives at the shared IPv4 address +2. The system looks at the domain name in the request (using SNI - Server Name Indication) +3. For security, it checks if this domain properly resolves to your project's IPv6 address +4. Only if IPv6 address matches your project will the traffic be routed correctly + +This is why configuring both A (IPv4) and AAAA (IPv6) records is crucial when using shared IPv4 addresses - the IPv6 record acts as a security key that helps prevent unauthorized use of the shared IPv4 address. + +### Best Practices + +#### Security +- Enable proxy protection for DDoS mitigation when available +- Review firewall rules regularly + +#### Performance +- Enable Auto Minify and Brotli Compression +- Configure appropriate cache rules +- Monitor analytics and metrics +- Review bandwidth usage patterns + +## General Troubleshooting Guide + +### Common Issues + +1. **DNS Resolution Issues** + - Confirm correct record configuration + - Verify proxy status settings + - Check IPv6 address accuracy + - Allow time for DNS propagation (typically 5-10 minutes) + - Verify DNS resolver settings + +2. **Connection Problems** + - Test both IPv4 and IPv6 connectivity + - Verify firewall rules + - Check proxy server status if applicable + - Confirm port configurations + +### Validation Steps + +Test your configuration: +```bash +# Check DNS resolution +dig AAAA yourdomain.com + +# Verify connectivity +curl -vI https://yourdomain.com + +# Test IPv4 access +curl -4 -v https://yourdomain.com + +# Test IPv6 access +curl -6 -v https://yourdomain.com +``` + +## Cloudflare Configuration + +### SSL/TLS Mode +Set encryption mode to `Full (strict)` or `Full` + - Ensures end-to-end encryption + - *Full* mode requires any SSL certificate (even if self-signed/expired), while *Full (strict)* requires a valid certificate + +### Certificate Management +1. Enable Edge Certificates to allow Cloudflare to manage SSL/TLS certificates +2. During initial setup, handle HTTPS settings in one of two ways: + - **Option A (Simple but Limited)**: + - Disable `Always Use HTTPS` + - *This approach will interfere with automatic certificate renewal* + - **Option B (Recommended for Production)**: + - Keep `Always Use HTTPS` enabled + - Create and enable a Configuration Rule, which disables Automatic HTTPS Rewrites for this specific path: + ``` + Field: URI Path + Operator: starts with + Value: /.well-known/acme-challenge/ + ``` + This rule disables Automatic HTTPS Rewrites for the certificate validation path. + +### Cloudflare Troubleshooting + +#### SSL Certificate Problems + - Verify `Always Use HTTPS` is disabled + - If you encounter **too many redirects** or similar SSL errors: + - Double-check that SSL/TLS encryption mode is set to *Full* or *Full (strict)*, not *Flexible* + - SSL mode might show incorrectly for newly added domains, try refreshing the page if settings appear incorrect \ No newline at end of file diff --git a/apps/docs/content/features/pricing.mdx b/apps/docs/content/features/pricing.mdx index 29118f71..8bc8f90f 100644 --- a/apps/docs/content/features/pricing.mdx +++ b/apps/docs/content/features/pricing.mdx @@ -16,7 +16,7 @@ A Zerops project represents a private network where services can communicate int - Host multiple small websites within a single project - Create separate projects for different environments (production, development, local) of a larger application -The total cost of deploying an application includes your project's **core package cost** + the **cost of the resources** of the services inside a project **(+ extra costs like Unique IPv4, Extra Egress, Object Storage, Backup Space, Build Time, etc)**. +The total cost of deploying an application includes your project's **core package cost** + the **cost of the resources** of the services inside a project **(+ extra costs like Dedicated IPv4, Extra Egress, Object Storage, Backup Space, Build Time, etc)**. ## Project Plans @@ -177,7 +177,7 @@ The following costs may apply if you opt for additional features: - Unique IPv4 address + Dedicated IPv4 address $3.00 / 30 days diff --git a/apps/docs/content/help/faq.mdx b/apps/docs/content/help/faq.mdx index 0d859da8..b671da13 100644 --- a/apps/docs/content/help/faq.mdx +++ b/apps/docs/content/help/faq.mdx @@ -5,6 +5,7 @@ description: Get quick answers to your related questions about Zerops from frequ import Accordion from '/src/components/Accordion'; import { FAQ, FAQItem } from '/src/components/Faq'; +import Image from '/src/components/Image'; Get quick answers to your related questions about Zerops from frequently asked questions we get asked. @@ -18,6 +19,16 @@ Get quick answers to your related questions about Zerops from frequently asked q It's free to get started, and no credit card is required! However, we recommend visiting our pricing page to explore the options that best suit your needs. + + Navigate to the main menu in the Zerop GUI (with your icon) and add a new user with the selected email to your team. +

+ Runtime Secret Variables +

+ You can reach us on our Discord server for support. For additional contact options, please visit our contacts page. diff --git a/apps/docs/sidebars.js b/apps/docs/sidebars.js index 148135cb..ab62c5b8 100644 --- a/apps/docs/sidebars.js +++ b/apps/docs/sidebars.js @@ -96,13 +96,26 @@ module.exports = { className: 'homepage-sidebar-item', }, { - type: 'doc', - id: 'features/access', + type: 'category', + link: { + type: 'doc', + id: 'features/access', + }, label: 'Custom Domains & IP Access', customProps: { sidebar_icon: 'globe-europe', }, className: 'homepage-sidebar-item', + items: [ + { + type: 'doc', + id: 'features/dns', + label: 'DNS & Proxy Setup', + customProps: { + exclude_from_doc_list: false, + }, + }, + ], }, { type: 'doc', diff --git a/apps/docs/static/img/screenshots/add_user.png b/apps/docs/static/img/screenshots/add_user.png new file mode 100644 index 00000000..4e60670a Binary files /dev/null and b/apps/docs/static/img/screenshots/add_user.png differ