update browser rendering

Author: ranbel

src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx

@@ -5,34 +5,35 @@ sidebar:
   order: 3
 ---
 
-Cloudflare can render certain non-web applications in your browser without the need for client software or end-user configuration changes. Cloudflare currently supports rendering a terminal for SSH and VNC connections in a user's browser.
+Cloudflare can render SSH, VNC, and RDP applications in a browser without the need for client software or end-user configuration changes. Browser rendering is only supported for [self-hosted public applications](/cloudflare-one/applications/configure-apps/self-hosted-public-app/), not private IPs or hostnames. Additionally, you can only render a browser-rendered terminal on domains and subdomains, not on specific paths.
 
-:::note
-You can only enable browser rendering on domains and subdomains, not for specific paths.
-:::
+## Turn on browser rendering
 
-## Enable browser rendering
+### SSH and VNC
 
-To enable browser rendering:
+To turn on browser rendering for an SSH or VNC application:
 
-1.  In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
-2.  Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
-3.  In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
-4.  Go to **Advanced settings** > **Browser rendering settings**.
-5.  For **Browser rendering**, choose _SSH_ or _VNC_.
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
+3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
+4. Go to **Advanced settings** > **Browser rendering settings**.
+5. For **Browser rendering**, choose _SSH_ or _VNC_.
+6.  Select **Save application**.
 
-        	:::note
+When users authenticate and visit the URL of the application, Cloudflare will render a terminal in their browser.
 
-        	When connecting over SSH, Cloudflare supports following key exchange algorithms:
+### RDP
 
-        	- `[email protected]`
-        	- `curve25519-sha256`
-        	- `ecdh-sha2-nistp256`
-        	- `ecdh-sha2-nistp384`
-        	- `ecdh-sha2-nistp521`
+To set up browser-rendering for RDP, refer to our [browser-based RDP guide](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
 
-        	:::
+## SSH key exchange algorithms
 
-6.  Select **Save application**.
+Cloudflare's browser-rendered SSH terminal supports the following Key Exchange (KEX) algorithms:
 
-When users authenticate and visit the URL of the application, Cloudflare will render a terminal in their browser.
+	- `[email protected]`
+	- `curve25519-sha256`
+	- `ecdh-sha2-nistp256`
+	- `ecdh-sha2-nistp384`
+	- `ecdh-sha2-nistp521`
+
+For browser-rendered SSH connections to work, you may need to update the `sshd_config` file on your server to accept these algorithms.

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser.mdx

@@ -48,6 +48,10 @@ Browser-based RDP can be used in conjunction with [routing over WARP](/cloudflar
 
 7. <Render file="access/self-hosted-app/choose-domain" product="cloudflare-one" />
 
+		:::note
+		You can only enable browser-based RDP on domains and subdomains, not for specific paths.
+		:::
+
 8. Expand **Browser rendering settings**. In the **Browser rendering** dropdown, select _RDP_.
 
 9. In **Target criteria**, select the [target hostname(s)](#2-add-a-target) that define your RDP servers. The application definition will apply to all targets that share the selected target hostname, including any targets added in the future.
@@ -58,14 +62,18 @@ Browser-based RDP can be used in conjunction with [routing over WARP](/cloudflar
 
 12. <Render file="access/add-access-policies" product="cloudflare-one" />
 
+:::note
+Ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
+:::
+
 13. <Render file="access/access-choose-idps" product="cloudflare-one" />
 
 14. Select **Next**.
 
 15. (Recommended) Turn on **Show application in App Launcher** and configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application. The App Launcher allows users to view the Windows servers that they can access using browser-based RDP. Without the App Launcher, users will need to know each target's direct URL.
 
 		:::note
-		Ensure that users have a matching rule in your [App Launcher policies](/cloudflare-one/applications/app-launcher/#enable-the-app-launcher).
+		Ensure that users match an Allow rule in your [App Launcher policies](/cloudflare-one/applications/app-launcher/#enable-the-app-launcher).
 		:::
 
 16. <Render file="access/access-block-page" product="cloudflare-one" />

src/content/partials/cloudflare-one/access/self-hosted-app/advanced-settings.mdx

@@ -14,5 +14,5 @@ import { Render } from "~/components"
 
 		{
 			props.private && (
-				<p> These settings only apply to private hostnames and require Gateway TLS decryption.</p> )
+				<p> These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).</p> )
 			}

src/content/partials/cloudflare-one/access/self-hosted-app/generic-public-app.mdx

@@ -11,19 +11,23 @@ import { Render } from "~/components"
 
 7. <Render file="access/self-hosted-app/choose-domain" product="cloudflare-one" />
 
-8. <Render file="access/add-access-policies" product="cloudflare-one" />
+8. (Optional) Configure **Browser rendering settings**:
+		- [Automatic `cloudflared` authentication](/cloudflare-one/applications/non-http/cloudflared-authentication/automatic-cloudflared-authentication/)
+		- [Browser rendering for SSH, VNC, or RDP](/cloudflare-one/applications/non-http/browser-rendering/)
 
-9. <Render file="access/access-choose-idps" product="cloudflare-one" />
+9. <Render file="access/add-access-policies" product="cloudflare-one" />
 
-10. Select **Next**.
+10. <Render file="access/access-choose-idps" product="cloudflare-one" />
 
-11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
+11. Select **Next**.
 
-12. <Render file="access/access-block-page" product="cloudflare-one" />
+12. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
 
-13. Select **Next**.
+13. <Render file="access/access-block-page" product="cloudflare-one" />
 
-14. <Render file="access/self-hosted-app/advanced-settings" product="cloudflare-one" />
+14. Select **Next**.
 
-15. Select **Save**.
+15. <Render file="access/self-hosted-app/advanced-settings" product="cloudflare-one" />
+
+16. Select **Save**.