[Privacy Gateway] onboarding guide #18646
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Deploying cloudflare-docs with
|
| Latest commit: |
6bcd48b
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://113aed65.cloudflare-docs-7ou.pages.dev |
| Branch Preview URL: | https://kate-fixes-pgg.cloudflare-docs-7ou.pages.dev |
![hyperlint-ai[bot]](https://avatars.githubusercontent.com/in/718456?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 files reviewed, 9 total issue(s) found.
Note: We resolved prior Hyperlint review comments because:
We updated our inline suggestion AI.
We do this to avoid keeping outdated or irrelevant comments around. We'll leave a new review with current comments below.
deadlypants1973
commented
Dec 12, 2024
|
|
||
| If `key_id` is invalid, the response status code is `404`. | ||
|
|
||
| If one of the strings in the requests field is not correctly encoded base 64 string, the response status code is `400`. |
There was a problem hiding this comment.
Suggested change
| If one of the strings in the requests field is not correctly encoded base 64 string, the response status code is `400`. | |
| If one of the strings in the `requests` field is not correctly encoded base 64 string, the response status code is `400`. |
mgalicer
reviewed
Dec 27, 2024
|
|
||
| DNS resolution uses [Cloudflare’s public resolver (1.1.1.1)](/1.1.1.1/) infrastructure for name resolution. | ||
|
|
||
| ### System architecture |
|
|
||
| A client requires configuration data (the region public key) to request tokens. The key is used to initialize the request for blinded tokens from the Privacy API. | ||
|
|
||
| The client should periodically refresh this public key, especially after IP address changes, since Cloudflare will use the IP address to map to the region. |
There was a problem hiding this comment.
this should all be "region-based public key"
|
|
||
| ## Egress IP management | ||
|
|
||
| The Egress Selection service uses the client IP address to select an egress IP address that roughly approximates that of the client. Clients do not have control over which egress IP address is used, up to manually changing their IP address or location. |
There was a problem hiding this comment.
you can cut the second part of the sentence.
i.e. "Clients do not have control over which egress IP address is used."
| 1. Allocating a PresharedToken PAT for test devices that is known only to the client provider and Cloudflare. This PAT is not associated with any production egress IP address. This PAT is allocated and distributed out-of-band between Cloudflare and the client provider. | ||
| 2. Configuring control plane mutual TLS authentication for PrivacyToken issuance. Refer to [Appendix A. Control API](#appendix-a-control-api) for more details about this API. | ||
|
|
||
| To test that the PAT is configured correctly, clients can run the following test cURL command: |
deadlypants1973
commented
Jan 24, 2025
deadlypants1973
commented
Jan 24, 2025
deadlypants1973
commented
Jan 24, 2025
deadlypants1973
commented
Jan 24, 2025
deadlypants1973
commented
Jan 24, 2025
Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>
| The Cloudflare Privacy Proxy consists of a generic HTTPS CONNECT (and CONNECT-UDP ) proxy. | ||
| The Cloudflare Privacy Proxy consists of a generic HTTPS CONNECT (and CONNECT-UDP) proxy that protects sensitive network level metadata from being exposed to third parties. | ||
|
|
||
| A high-level overview of how the the Prixacy Proxy works is shown below. Control plane services are shown in orange. Dataplane services are shown in blue. |
There was a problem hiding this comment.
Suggested change
| A high-level overview of how the the Prixacy Proxy works is shown below. Control plane services are shown in orange. Dataplane services are shown in blue. | |
| A high-level overview of how the Prixacy Proxy works is shown below. Control plane services are shown in orange. Dataplane services are shown in blue. |
Issues:
- Style Guide - (Repetition-error) 'the' is repeated!
- Style Guide - (cloudflare.Repetition-warning) Warning: Remove this duplicate word: 'the'.
Fix Explanation:
Removed the repeated word 'the' to correct the typographical error and improve the sentence structure.
| The first CONNECT request in a newly established tunnel must provide a PAT. Until a PAT has been presented, each CONNECT request fails with a HTTP `401` error. Details about authenticating with a PAT are in [client authentication](#client-authentication). | ||
|
|
||
| - Each CONNECT request can identify a target either by name or IP address. | ||
| - In the case of a name, Cloudflare’s DNS Resolver service will be queried to map the name to an IP address. |
There was a problem hiding this comment.
Suggested change
| - In the case of a name, Cloudflare’s DNS Resolver service will be queried to map the name to an IP address. | |
| - In the case of a name, Cloudflare's DNS Resolver service will be queried to map the name to an IP address. |
Issues:
- Style Guide - (cloudflare.NonStandardQuotes-warning) Use standard single quotes or double quotes only. Do not use any of the following quote mark types: ‘ ’ “ ”. In the text, we found this character: ’
Fix Explanation:
Replaced the curly apostrophe with a standard straight apostrophe for consistency with style guidelines.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
14563
Summary
adding privacy proxy onboarding guide
Documentation checklist