diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/migrating-custom-hostnames.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/migrating-custom-hostnames.mdx index c4b214ed5d3646a..5d24bbcab1c9068 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/migrating-custom-hostnames.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/migrating-custom-hostnames.mdx @@ -70,6 +70,6 @@ The custom hostname can activate on the new zone even if the certificate is stil :::note -Verify that the custom hostname successfully activated after the migration in the Cloudflare dashboard by selecting **SSL/TLS** > **Custom hostnames** > **`{your custom hostname}`**. +Verify that the custom hostname successfully activated after the migration on the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page. ::: diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/performance/early-hints-for-saas.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/performance/early-hints-for-saas.mdx index a6b32bf530545b0..64b1dedc42cbedf 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/performance/early-hints-for-saas.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/performance/early-hints-for-saas.mdx @@ -22,7 +22,7 @@ Before you can employ Early Hints for SaaS, you need to create a custom hostname 1. [Locate your zone ID](/fundamentals/account/find-account-and-zone-ids/), available in the Cloudflare dashboard. -2. Locate your Authentication Key by selecting **My Profile** > **API tokens** > **Global API Key**. +2. Locate your Authentication Key on the [**API Tokens**](https://dash.cloudflare.com/?to=/:account/profile/api-tokens) page, under **Global API Key**. 3. If you are [creating a new custom hostname](/api/resources/custom_hostnames/methods/create/), make an API call such as the example below, specifying `"early_hints": "on"`: diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/salesforce-commerce-cloud.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/salesforce-commerce-cloud.mdx index 68d15e026f7ef71..c48e31e48ff039e 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/salesforce-commerce-cloud.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/salesforce-commerce-cloud.mdx @@ -7,7 +7,7 @@ head: description: Learn how to configure your Enterprise zone with Salesforce Commerce Cloud. --- -import { Details, Render } from "~/components"; +import { Details, Render, DashButton } from "~/components"; Edge Certificates**, scroll down the page to find **Minimum TLS Version**, and set it to _TLS 1.2_. This setting applies to every Proxied DNS record in your Zone. + 1. Go to the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page, scroll down to find **Minimum TLS Version**, and set it to _TLS 1.2_. This setting applies to every Proxied DNS record in your Zone. 2. Match the **Security Level** set in **SFCC Business Manager** - 1. _Option 1: Zone-level_ - Navigate to **Security > Settings**, find **Security Level** and set **Security Level** to match what is configured in **SFCC Business Manager**. This setting applies to every Proxied DNS record in your Cloudflare zone. + 1. _Option 1: Zone-level_ - Go to the [**Settings**](https://dash.cloudflare.com/?to=/:account/:zone/security/settings) page under Security, find **Security Level** and set **Security Level** to match what is configured in **SFCC Business Manager**. This setting applies to every Proxied DNS record in your Cloudflare zone. 2. _Option 2: Per Proxied DNS record_ - If the **Security Level** differs between the Proxied DNS records targeting your SFCC environment and other Proxied DNS records in your Cloudflare zone, use a **Configuration Rule** to set the **Security Level** specifically for the Proxied DNS records targeting your SFCC environment. For example: - 1. Create a new **Configuration Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Configuration Rules**: + 1. Create a new **Configuration Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Configuration Rules**: 1. **Rule name:** `Match Security Level on SFCC hostnames` 2. **Field:** _Hostname_ 3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field) @@ -117,9 +117,9 @@ If you do have a `CAA` record, verify that it permits SSL certificates to be iss 1. **Select Security Level:** _Medium_ (this should match the **Security Level** set in **SFCC Business Manager**) 6. Scroll to the bottom of the page and click **Deploy** 3. Disable **Browser Integrity Check** - 1. _Option 1: Zone-level_ - Navigate to **Security > Settings**, find **Browser Integrity Check** and toggle it off to disable it. This setting applies to every Proxied DNS record in your Cloudflare zone. + 1. _Option 1: Zone-level_ - Go to the [**Settings**](https://dash.cloudflare.com/?to=/:account/:zone/security/settings) page under Security, find **Browser Integrity Check** and toggle it off to disable it. This setting applies to every Proxied DNS record in your Cloudflare zone. 2. _Option 2: Per Proxied DNS record_ - If you want to keep **Browser Integrity Check** enabled for other Proxied DNS records in your Cloudflare zone but want to disable it on Proxied DNS records targeting your SFCC environment, keep the Zone-level **Browser Integrity Check** feature enabled and use a **Configuration Rule** to disable **Browser Integrity Check** specifically for the hostnames targeting your SFCC environment. For example: - 1. Create a new **Configuration Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Configuration Rules**: + 1. Create a new **Configuration Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Configuration Rules**: 1. **Rule name:** `Disable Browser Integrity Check on SFCC hostnames` 2. **Field:** _Hostname_ 3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field) @@ -131,7 +131,7 @@ If you do have a `CAA` record, verify that it permits SSL certificates to be iss 1. Your SFCC environment, also called a **Realm**, will contain one to many SFCC Proxy Zones, which is where caching will always occur. In the corresponding SFCC Proxy Zone for your domain, SFCC performs their own cache optimization, so it is recommended to bypass the cache on the Proxied DNS records in your Cloudflare zone which target your SFCC environment to prevent a "double caching" scenario. This can be accomplished with a **Cache Rule**. 2. If the **Cache Rule** is not created, caching will occur in both your Cloudflare zone and your corresponding SFCC Proxy Zone, which can cause issues if and when the cache is invalidated or purged in your SFCC environment. 1. Additional information on caching in your SFCC environment can be found in [SFCC's Content Cache Documentation](https://developer.salesforce.com/docs/commerce/b2c-commerce/guide/b2c-content-cache.html) - 3. Create a new **Cache Rule** by navigating to **Rules** > **Overview** and selecting **Create rule** next to **Cache Rules**: + 3. Create a new **Cache Rule** on the [**Rules Overview**](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview) page by selecting **Create rule** next to **Cache Rules**: 1. **Rule name:** `Bypass cache on SFCC hostnames` 2. **Field:** _Hostname_ 3. **Operator:** _is in_ (this will match against multiple hostnames specified in the **Value** field) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx index 61b4e6f53d80a31..4942cbaa37670e6 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx @@ -40,7 +40,7 @@ While TLS 1.3 is the most recent and secure version, it is not supported by some ### Scope -Minimum TLS version exists both as a [zone-level setting](/ssl/edge-certificates/additional-options/minimum-tls/) (under **Edge certificates** > **Minimum TLS Version**) and as a custom hostname setting. What this implies is: +Minimum TLS version exists both as a [zone-level setting](/ssl/edge-certificates/additional-options/minimum-tls/) (on the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page under **Minimum TLS Version**) and as a custom hostname setting. What this implies is: - For custom hostnames created via API, it is possible not to explicitly define a value for `min_tls_version`. When that is the case, whatever value is defined as your zone's minimum TLS version will be applied. To confirm whether a given custom hostname has a specific minimum TLS version set, use the following API call. diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv.mdx index ba7aef96f1215c3..38c939d90cad5ef 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv.mdx @@ -22,7 +22,7 @@ DCV Delegation requires your customers to place a one-time record at their autho To set up Delegated DCV: 1. Add a [custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/) for your zone, choosing `TXT` as the **Certificate validation method**. -2. On **SSL/TLS** > **Custom Hostnames**, go to **DCV Delegation for Custom Hostnames**. +2. On the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page, go to **DCV Delegation for Custom Hostnames**. 3. Copy the hostname value. 4. For each hostname, the domain owner needs to place a `CNAME` record at their authoritative DNS. In this example, the SaaS zone is `example.com`. ```txt diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx index 3bb5936a3433093..1e82505f3bbf875 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx @@ -59,7 +59,7 @@ If you would like to complete the issuance process before asking your customer t
- [**API**](/api/resources/custom_hostnames/methods/get/): Within the `ssl` object, store the values present in the `validation_records` array (specifically `http_url` and `http_body`). -- **Dashboard**: When viewing an individual certificate at **SSL/TLS** > **Custom Hostnames**, refer to the values for **Certificate validation request** and **Certificate validation response**. +- **Dashboard**: When viewing an individual certificate on the [**Custom Hostnames**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames) page, refer to the values for **Certificate validation request** and **Certificate validation response**. At your origin, make the `http_body` available in a TXT record at the path specified in `http_url`. This path should also be publicly accessible to anyone on the Internet so your CA can access it. diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/waf-for-saas/index.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/waf-for-saas/index.mdx index f49405de6ef1eeb..f3d5177e2fb8e83 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/waf-for-saas/index.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/waf-for-saas/index.mdx @@ -37,7 +37,7 @@ To apply WAF to your custom hostname, you need to create an association between 1. [Locate your zone ID](/fundamentals/account/find-account-and-zone-ids/), available in the Cloudflare dashboard. -2. Locate your Authentication Key by selecting **My Profile** > **API tokens** > **Global API Key**. +2. Locate your Authentication Key on the [**API Tokens**](https://dash.cloudflare.com/?to=/:account/profile/api-tokens) page, under **Global API Key**. 3. Locate your custom hostname ID by making a `GET` call in the API: diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/start/enable.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/start/enable.mdx index ea37849492735fa..64dec22b93b898d 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/start/enable.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/start/enable.mdx @@ -9,13 +9,16 @@ head: --- +import { DashButton } from "~/components"; + To enable Cloudflare for SaaS for your account: -1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com). -2. Select your account and zone. -3. Go to **SSL/TLS** > **Custom Hostnames**. -4. Select **Enable**. -5. The next step depends on the zone's plan: +1. In the Cloudflare dashboard, go to the **Custom Hostnames** page. + + + +2. Select **Enable**. +3. The next step depends on the zone's plan: * **Enterprise**: Can preview this product as a [non-contract service](/billing/preview-services/), which provide full access, free of metered usage fees, limits, and certain other restrictions. * **Non-enterprise**: Will have to enter payment information. diff --git a/src/content/partials/cloudflare-for-platforms/create-custom-hostname.mdx b/src/content/partials/cloudflare-for-platforms/create-custom-hostname.mdx index 3110051620f3bcd..5734dd54f9b5277 100644 --- a/src/content/partials/cloudflare-for-platforms/create-custom-hostname.mdx +++ b/src/content/partials/cloudflare-for-platforms/create-custom-hostname.mdx @@ -5,18 +5,16 @@ import { DashButton } from "~/components"; -1. In the Cloudflare dashboard, go to the **Account home** page and select your account. +1. In the Cloudflare dashboard, go to the **Custom Hostnames** page. - + -2. Select your Cloudflare for SaaS application. -3. Navigate to **SSL/TLS** > **Custom Hostnames**. -4. Click **Add Custom Hostname**. -5. Add your customer's hostname `app.customer.com` and set the relevant options, including: +2. Select **Add Custom Hostname**. +3. Add your customer's hostname `app.customer.com` and set the relevant options, including: - The [minimum TLS version](/ssl/reference/protocols/). - Defining whether you want to use a certificate provided by Cloudflare or [upload a custom certificate](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates/). - Selecting the [certificate authority (CA)](/ssl/reference/certificate-authorities/) that will issue the certificate. - Choosing the [validation method](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/). - Whether you want to **Enable wildcard**, which adds a `*.` SAN to the custom hostname certificate. For more details, refer to [Hostname priority](/ssl/reference/certificate-and-hostname-priority/#hostname-priority). - Choosing a value for [Custom origin server](/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/custom-origin/). -6. Click **Add Custom Hostname**. +4. Select **Add Custom Hostname**. diff --git a/src/content/partials/cloudflare-for-platforms/delete-custom-hostname-dash.mdx b/src/content/partials/cloudflare-for-platforms/delete-custom-hostname-dash.mdx index 1d71525d006f8ef..dd9e0a9dbf02a89 100644 --- a/src/content/partials/cloudflare-for-platforms/delete-custom-hostname-dash.mdx +++ b/src/content/partials/cloudflare-for-platforms/delete-custom-hostname-dash.mdx @@ -5,12 +5,10 @@ import { DashButton } from "~/components"; -1. In the Cloudflare dashboard, go to the **Account home** page and select your account and website. +1. In the Cloudflare dashboard, go to the **Custom Hostnames** page. - + -2. Select **SSL/TLS** > **Custom Hostnames**. +2. Select the custom hostname and select **Delete**. -3. Select the custom hostname and select **Delete**. - -4. A confirmation window will appear. Acknowledge the warning and select **Delete** again. +3. A confirmation window will appear. Acknowledge the warning and select **Delete** again. diff --git a/src/content/partials/cloudflare-for-platforms/get-started-fallback-origin.mdx b/src/content/partials/cloudflare-for-platforms/get-started-fallback-origin.mdx index fe6d4c3fa2559c1..06378b11d612b37 100644 --- a/src/content/partials/cloudflare-for-platforms/get-started-fallback-origin.mdx +++ b/src/content/partials/cloudflare-for-platforms/get-started-fallback-origin.mdx @@ -2,7 +2,7 @@ {} --- -import { Example, TabItem, Tabs } from "~/components"; +import { Example, TabItem, Tabs, DashButton } from "~/components"; The fallback origin is where Cloudflare will route traffic sent to your custom hostnames (must be proxied). @@ -28,11 +28,12 @@ To create your fallback origin: -1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com). -2. Select your account and zone. -3. Go to **SSL/TLS** > **Custom Hostnames**. -4. For **Fallback Origin**, enter the hostname for your fallback origin. -5. Select **Add Fallback Origin**. +1. In the Cloudflare dashboard, go to the **Custom Hostnames** page. + + + +2. For **Fallback Origin**, enter the hostname for your fallback origin. +3. Select **Add Fallback Origin**. diff --git a/src/content/partials/cloudflare-for-platforms/txt-validation_dashboard.mdx b/src/content/partials/cloudflare-for-platforms/txt-validation_dashboard.mdx index 9f3f47cc8adf6cf..1b2e4694b7a24a3 100644 --- a/src/content/partials/cloudflare-for-platforms/txt-validation_dashboard.mdx +++ b/src/content/partials/cloudflare-for-platforms/txt-validation_dashboard.mdx @@ -5,13 +5,11 @@ import { DashButton } from "~/components"; -1. In the Cloudflare dashboard, go to the **Account home** page and select your account. +1. In the Cloudflare dashboard, go to the **Custom Hostnames** page. - + -2. Select your Cloudflare for SaaS application. -3. Navigate to **SSL/TLS** > **Custom Hostnames**. -4. Select a hostname. -5. Copy the values for **Certificate validation TXT name** and **Certificate validation TXT value**. +2. Select a hostname. +3. Copy the values for **Certificate validation TXT name** and **Certificate validation TXT value**. If you had previously created a **wildcard** custom hostname, you would need to copy the values for two different validation TXT records.