initial commit

asamborski · asamborski · commit 31b6e15b9d68 · 2024-10-08T12:07:11.000-07:00
diff --git a/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx b/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx
@@ -56,6 +56,8 @@ Certain protocols require configuring the server to trust connections through Ac
 
 Users connect to the target's IP address as if they were on your private network, using their preferred client software. The user must be logged into WARP on their device, but no other system configuration is required. You can optionally configure a [private DNS resolver](/cloudflare-one/policies/gateway/resolver-policies/) to allow connections to the target's private hostname.
 
+SSH with Access for Infrastructure also supports `scp` and `rsync` functions. At this time, `sftp` is not supported.
+
 ### Connect to different VNET
 
 To connect to targets that are in different VNETS, users will need to [switch their connected virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/#connect-to-a-virtual-network) in the WARP client.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx
@@ -25,8 +25,9 @@ import { Tabs, TabItem, Badge, Render } from "~/components";
 To connect your devices to Cloudflare:
 
 1. [Deploy the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) on your devices in Gateway with WARP mode.
-2. Install and trust the [Cloudflare root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on your devices.
-3. [Create device enrollment rules](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/) to determine which devices can enroll to your Zero Trust organization.
+2. [Enable proxy mode for WARP](/cloudflare-one/connections/connect-networks/warp/warp-modes/#proxy-mode).
+3. Install and trust the [Cloudflare root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on your devices.
+4. [Create device enrollment rules](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/) to determine which devices can enroll to your Zero Trust organization.
 
 ## 3. Route private network IPs through WARP
 
diff --git a/src/content/partials/cloudflare-one/access/add-target.mdx b/src/content/partials/cloudflare-one/access/add-target.mdx
@@ -11,7 +11,7 @@ To create a new target:
 
 <Tabs>
 <TabItem label="Dashboard">
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Network** > **Targets**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Targets**.
 2. Select **Add a target**.
 3. In **Target hostname**, enter a user-friendly name for the target resource. We recommend using the server hostname, for example `production-server`. The hostname does not need to be unique and can be reused for multiple targets. Hostnames are used to define the subset of targets included in an infrastructure application and are not used in DNS address resolution.
 	<Details header="Format restrictions">
diff --git a/src/content/partials/cloudflare-one/ssh/ssh-proxy-ca.mdx b/src/content/partials/cloudflare-one/ssh/ssh-proxy-ca.mdx
@@ -5,7 +5,7 @@
 
 import { Render } from "~/components"
 
-1. Make a `POST` request to the Cloudflare API with your email address and [API key](/fundamentals/api/get-started/keys/) as request headers.
+1. If you have not yet generated your Cloudflare SSH CA, make a `POST` request to the Cloudflare API with your email address and [API key](/fundamentals/api/get-started/keys/) as request headers.
 
    ```bash
    curl --request POST \
@@ -14,4 +14,22 @@ import { Render } from "~/components"
    --header "X-Auth-Key: <API_KEY>"
    ```
 
-2. Copy the `public_key` value returned in the response.
+2. If you have already created your Cloudflare SSH CA or try the above and receive the error message, "access.api.error.gateway_ca_already_exists," modify the above command to a `GET` request instead.
+
+   ```bash
+   curl --request GET \
+   "https://api.cloudflare.com/client/v4/accounts/{account_id}/access/gateway_ca" \
+   --header "X-Auth-Email: <EMAIL>" \
+   --header "X-Auth-Key: <API_KEY>"
+   ```
+
+3. If you would like to use an API token instead of a Global API key, the token must have edit permissions for "Access: SSH Auditing" permissions. The `POST` or `GET` request should be modified to use the "Authorization: Bearer" value instead of "X-Auth-Key."
+
+   ```bash
+   curl --request POST \
+   "https://api.cloudflare.com/client/v4/accounts/{account_id}/access/gateway_ca" \
+   --header "X-Auth-Email: <EMAIL>" \
+   --header "Authorization: Bearer <API_TOKEN>"
+   ```
+
+4. Copy the `public_key` value returned in the response.
