cloudflare

apps/docs/content/elasticsearch/overview.mdx

@@ -2,7 +2,7 @@
 title: Elasticsearch
 ---
 
-Zerops provides Elasticsearch as a service, supporting both standalone and high-availability deployments.
+Deploy [Elasticsearch] instances in Zerops with flexible scaling options, from standalone to highly available clusters.
 
 ## Connection
 

apps/docs/content/features/access.mdx

@@ -144,12 +144,9 @@ All settings can be modified later as your needs change.
 
 ### DNS Configuration
 
-After setting up domain access in Zerops, update your DNS records with your domain registrar:
+After setting up domain access in Zerops, you'll need to configure your DNS records with your domain registrar.
 
-1. Add an A record pointing to your project's public IPv4 address
-2. Add an AAAA record pointing to your project's public IPv6 address
-
-Your application will become accessible through your domain after DNS propagation (depends on your TTL settings).
+For detailed instructions on DNS configuration, including specific implementation details for Cloudflare, please refer to the [DNS and Proxy Setup](/features/dns) guide.
 
 ### HTTPS Configuration
 
@@ -186,7 +183,7 @@ For applications requiring direct port access or non-HTTP protocols, Zerops prov
 
 ### Port Configuration
 
-1. Navigate to service detail page in Zerops GUI, select **Public access & internal ports** and click **Setup first access through IPv6** or activate **Unique IPv4**
+1. Navigate to service detail page in Zerops GUI, select **Public access & internal ports** and click **Setup first access through IPv6** or activate **Unique IPv4 add-on**
 2. Configure your port settings:
    - Choose any port from 10-65435 (except 80 and 443)
    - Select destination service and internal port

apps/docs/content/features/dns.mdx

@@ -0,0 +1,176 @@
+---
+title: DNS and Proxy Configuration Guide
+desc: A comprehensive guide for configuring DNS records and proxy settings with Zerops applications, including shared and dedicated IPv4 setups, security measures, and troubleshooting tips.
+---
+
+This guide will show you how to configure DNS records and proxy settings to work with your Zerops applications, with specific implementation details for Cloudflare.
+
+## DNS Configuration
+
+DNS records for Zerops services can be configured in two main ways:
+* **With Proxy**: Routes traffic through proxy services, providing additional security and performance features
+* **Without Proxy (DNS Only)**: Direct connection to your Zerops service's IP address
+
+DNS allows you to set two records based on IP address type:
+* **A** record for **IPv4** - Zerops offers either a free **shared** IPv4 or a paid **dedicated** IPv4
+* **AAAA** record for **IPv6** - Zerops provides a free **dedicated** IPv6
+
+### With Proxy
+
+#### IPv6 only
+```bash
+Type    Name      Content                Proxy status   TTL
+AAAA    <name>    <your-project-ipv6>    Proxied        Auto
+```
+
+:::note
+Make sure your proxy service supports IPv4 to IPv6 translation for this configuration to work for **both IPv4 and IPv6** users.
+
+Do not add a proxied A record with shared IPv4 - doing so would prevent the proxy from properly routing IPv4 traffic to your service.
+:::
+
+#### Dedicated IPv4
+```bash
+Type    Name      Content                Proxy status   TTL
+A       <name>    <your-dedicated-ipv4>  Proxied        Auto
+# Optional
+AAAA    <name>    <your-project-ipv6>    Proxied        Auto
+```
+
+:::tip
+Adding also AAAA record can be beneficial as visitors with IPv6 support will connect directly via IPv6.
+:::
+
+#### Shared IPv4 *(valid but NOT recommended)*
+```bash
+Type    Name      Content                Proxy status  TTL
+AAAA    <name>    <your-project-ipv6>    DNS only      Auto
+A       <name>    <zerops-shared-ipv4>   Proxied       Auto
+```
+
+:::tip Why not?
+It does not make sense to expose your IPv6 address while proxying the shared IPv4. Use [IPv6 only](#ipv6-only) setup instead.
+:::
+
+### Without Proxy
+
+#### Shared IPv4
+```bash
+Type    Name      Content                Proxy status   TTL
+AAAA    <name>    <your-project-ipv6>    DNS only       Auto
+A       <name>    <zerops-shared-ipv4>   DNS only       Auto
+```
+
+:::note Both A + AAAA Required
+Adding AAAA record is essential for shared IPv4 configuration as it serves as a [security measure](#understand-shared-ipv4) to prevent unauthorized domain claims.
+:::
+
+#### Dedicated IPv4
+```bash
+Type    Name      Content                Proxy status   TTL
+A       <name>    <your-dedicated-ipv4>  DNS only       Auto
+# Optional
+AAAA    <name>    <your-project-ipv6>    DNS only       Auto
+```
+
+:::tip
+Adding also AAAA record can be beneficial as visitors with IPv6 support will connect directly via IPv6.
+:::
+
+#### IPv6 only
+```bash
+Type    Name      Content                Proxy status   TTL
+AAAA    <name>    <your-project-ipv6>    DNS only       Auto
+```
+
+:::note
+This configuration will only work for users with IPv6 connectivity, which may limit your service accessibility.
+:::
+
+### Understanding Shared IPv4 Addresses {#understand-shared-ipv4}
+
+Shared IPv4 allows multiple Zerops projects to use the same IPv4 address while maintaining separate routing for each project. Here's how it works:
+
+1. When a visitor makes a request, it first arrives at the shared IPv4 address
+2. The system looks at the domain name in the request (using SNI - Server Name Indication)
+3. For security, it checks if this domain properly resolves to your project's IPv6 address
+4. Only if IPv6 address matches your project will the traffic be routed correctly
+
+This is why configuring both A (IPv4) and AAAA (IPv6) records is crucial when using shared IPv4 addresses - the IPv6 record acts as a security key that helps prevent unauthorized use of the shared IPv4 address.
+
+### Best Practices
+
+#### Security
+- Enable proxy protection for DDoS mitigation when available
+- Review firewall rules regularly
+
+#### Performance
+- Enable Auto Minify and Brotli Compression
+- Configure appropriate cache rules
+- Monitor analytics and metrics
+- Review bandwidth usage patterns
+
+## General Troubleshooting Guide
+
+### Common Issues
+
+1. **DNS Resolution Issues**
+   - Confirm correct record configuration
+   - Verify proxy status settings
+   - Check IPv6 address accuracy
+   - Allow time for DNS propagation (typically 5-10 minutes)
+   - Verify DNS resolver settings
+
+2. **Connection Problems**
+   - Test both IPv4 and IPv6 connectivity
+   - Verify firewall rules
+   - Check proxy server status if applicable
+   - Confirm port configurations
+
+### Validation Steps
+
+Test your configuration:
+```bash
+# Check DNS resolution
+dig AAAA yourdomain.com
+
+# Verify connectivity
+curl -vI https://yourdomain.com
+
+# Test IPv4 access
+curl -4 -v https://yourdomain.com
+
+# Test IPv6 access
+curl -6 -v https://yourdomain.com
+```
+
+## Cloudflare Configuration
+
+### SSL/TLS Mode
+Set encryption mode to `Full (strict)` or `Full`
+   - Ensures end-to-end encryption
+   - *Full* mode requires any SSL certificate (even if self-signed/expired), while *Full (strict)* requires a valid certificate
+
+### Certificate Management
+1. Enable Edge Certificates to allow Cloudflare to manage SSL/TLS certificates
+2. During initial setup, handle HTTPS settings in one of two ways:
+   - **Option A (Simple but Limited)**:
+     - Disable `Always Use HTTPS`
+     - *This approach will interfere with automatic certificate renewal*
+   - **Option B (Recommended for Production)**:
+     - Keep `Always Use HTTPS` enabled
+     - Create and enable a Configuration Rule, which disables Automatic HTTPS Rewrites for this specific path:
+       ```
+       Field: URI Path
+       Operator: starts with
+       Value: /.well-known/acme-challenge/
+       ```
+       This rule disables Automatic HTTPS Rewrites for the certificate validation path.
+
+### Cloudflare Troubleshooting
+
+#### SSL Certificate Problems
+   - Verify `Always Use HTTPS` is disabled
+   - If you encounter **too many redirects** or similar SSL errors:
+       - Double-check that SSL/TLS encryption mode is set to *Full* or *Full (strict)*, not *Flexible*
+       - SSL mode might show incorrectly for newly added domains, try refreshing the page if settings appear incorrect

apps/docs/content/features/pricing.mdx

@@ -16,7 +16,7 @@ A Zerops project represents a private network where services can communicate int
 - Host multiple small websites within a single project
 - Create separate projects for different environments (production, development, local) of a larger application
 
-The total cost of deploying an application includes your project's **core package cost** + the **cost of the resources** of the services inside a project **(+ extra costs like Unique IPv4, Extra Egress, Object Storage, Backup Space, Build Time, etc)**.
+The total cost of deploying an application includes your project's **core package cost** + the **cost of the resources** of the services inside a project **(+ extra costs like Dedicated IPv4, Extra Egress, Object Storage, Backup Space, Build Time, etc)**.
 
 ## Project Plans
 
@@ -177,7 +177,7 @@ The following costs may apply if you opt for additional features:
   </thead>
   <tbody>
     <tr>
-      <td className="w-fit whitespace-nowrap"><strong>Unique IPv4 address</strong></td>
+      <td className="w-fit whitespace-nowrap"><strong>Dedicated IPv4 address</strong></td>
       <td className="w-fit"><strong>$3.00</strong> / 30 days</td>
     </tr>
     <tr>

apps/docs/content/help/faq.mdx

@@ -5,6 +5,7 @@ description: Get quick answers to your related questions about Zerops from frequ
 
 import Accordion from '/src/components/Accordion';
 import { FAQ, FAQItem } from '/src/components/Faq';
+import Image from '/src/components/Image';
 
 Get quick answers to your related questions about Zerops from frequently asked questions we get asked.
 
@@ -18,6 +19,16 @@ Get quick answers to your related questions about Zerops from frequently asked q
     It's free to get started, and no credit card is required! However, we
     recommend visiting our <a href="https://zerops.io/#pricing">pricing page</a> to explore the options that best suit your needs.
   </FAQItem>
+  <FAQItem question="How do I change my email?">
+    Navigate to the main menu in the Zerop GUI (with your icon) and add a new user with the selected email to your team.
+    <p align="center">
+        <Image
+        lightImage="/img/screenshots/add_user.png"
+        darkImage="/img/screenshots/add_user.png"
+        alt="Runtime Secret Variables"
+        />
+    </p>
+  </FAQItem>
   <FAQItem question="I have more questions. Where can I reach out to get help?">
     You can reach us on our <a href="https://docs.zerops.io/discord" target="_blank">Discord server</a> for support. For additional contact options, please visit our <a href="http://localhost:3001/help/contacts">contacts page</a>.
   </FAQItem>

apps/docs/sidebars.js

@@ -96,13 +96,26 @@ module.exports = {
       className: 'homepage-sidebar-item',
     },
     {
-      type: 'doc',
-      id: 'features/access',
+      type: 'category',
+      link: {
+        type: 'doc',
+        id: 'features/access',
+      },
       label: 'Custom Domains & IP Access',
       customProps: {
         sidebar_icon: 'globe-europe',
       },
       className: 'homepage-sidebar-item',
+      items: [
+        {
+          type: 'doc',
+          id: 'features/dns',
+          label: 'DNS & Proxy Setup',
+          customProps: {
+            exclude_from_doc_list: false,
+          },
+        },
+      ],
     },
     {
       type: 'doc',