[{"data":1,"prerenderedAt":2117},["ShallowReactive",2],{"contentNavigation":3,"docs-\u002Fdocs\u002Fon-prem\u002Finstallation\u002Fdns-binding-and-setup":635,"\u002Fdocs\u002Fon-prem\u002Finstallation\u002Fdns-binding-and-setup-surround":2092,"mdc--t52x13-key":2095},[4,38,196,366,475,501,524,541],{"title":5,"path":6,"stem":7,"meta":8},"Welcome","\u002Fdocs","docs\u002Findex",{"icon":9,"layout":10,"cards":18},"hands-clapping",{"title":11,"description":13,"tableOfContents":15,"outline":16,"pagination":17},{"visible":12},true,{"visible":14},false,{"visible":12},{"visible":12},{"visible":12},[19,23,27,31,35],{"title":20,"description":21,"path":22},"Getting Started","Quick Start Guide","\u002Fdocs\u002Fgetting-started\u002Fquick-scan-guide",{"title":24,"description":25,"path":26},"Manage Targets","Target Configuration","\u002Fdocs\u002Fmanage-targets\u002Ftarget-configuration",{"title":28,"description":29,"path":30},"Manage Scans","View Scan Findings","\u002Fdocs\u002Fmanage-scans\u002Fscan-report",{"title":32,"description":33,"path":34},"Manage Organizations","Understanding User Roles","\u002Fdocs\u002Fmanage-organizations\u002Funderstanding-user-roles",{"title":20,"description":36,"path":37},"Concepts","\u002Fdocs\u002Fgetting-started\u002Fconcepts",{"title":20,"meta":39,"path":40,"stem":41,"children":42,"page":14},{},"\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started",[43,49,54,80,87,122,167,171,177,183,190],{"title":44,"path":45,"stem":46,"meta":47},"Welcome to ZeroThreat","\u002Fdocs\u002Fgetting-started\u002Fquickstart","docs\u002F1.getting-started\u002F01.quickstart",{"icon":48},"bullseye",{"title":50,"path":22,"stem":51,"meta":52},"Quick Scan Guide","docs\u002F1.getting-started\u002F02.quick-scan-guide",{"icon":53},"globe",{"title":55,"path":56,"stem":57,"children":58,"page":-1,"meta":60},"Authenticated Scan","\u002Fdocs\u002Fgetting-started\u002Fauthenticated-scan","docs\u002F1.getting-started\u002F03.authenticated-scan\u002Findex",[59,62,68,74],{"title":55,"path":56,"stem":57,"meta":60},{"icon":61},"shield-virus",{"title":63,"path":64,"stem":65,"meta":66},"Scan with Login Sequence","\u002Fdocs\u002Fgetting-started\u002Fauthenticated-scan\u002Fscan-with-login-sequence","docs\u002F1.getting-started\u002F03.authenticated-scan\u002F2.scan-with-login-sequence",{"icon":67},"expand",{"title":69,"path":70,"stem":71,"meta":72},"Scan MFA App","\u002Fdocs\u002Fgetting-started\u002Fauthenticated-scan\u002Fscan-mfa-app","docs\u002F1.getting-started\u002F03.authenticated-scan\u002F3.scan-mfa-app",{"imageSrc":73},"\u002FImages\u002Fscan-mfa-app-icon.svg",{"title":75,"path":76,"stem":77,"meta":78},"Scan Recorded Pages & Actions","\u002Fdocs\u002Fgetting-started\u002Fauthenticated-scan\u002Fscan-recorded-pages-and-actions","docs\u002F1.getting-started\u002F03.authenticated-scan\u002F4.scan-recorded-pages-and-actions",{"imageSrc":79},"\u002FImages\u002Fscan-navigation-sequence-icon.svg",{"title":81,"path":82,"stem":83,"meta":84},"Scan Profile","\u002Fdocs\u002Fgetting-started\u002Fscan-profile","docs\u002F1.getting-started\u002F04.scan-profile",{"icon":85,"imageSrc":86},null,"\u002FImages\u002Fscan-profile-icon.svg",{"title":88,"path":89,"stem":90,"children":91,"page":-1,"meta":93},"API Scan","\u002Fdocs\u002Fgetting-started\u002Fapi-scan","docs\u002F1.getting-started\u002F05.api-scan\u002Findex",[92,111,114,118],{"title":88,"path":89,"stem":90,"meta":93},{"imageSrc":94,"cards":95},"\u002FImages\u002Fapi-scan-icon.svg",[96,101,106],{"icon":97,"title":98,"path":99,"description":100},"file-circle-plus","Creating a Collection","\u002Fdocs\u002Fgetting-started\u002Fapi-scan\u002Fcreating-a-collection","Learn how to import and configure your API definitions in ZeroThreat.",{"icon":102,"title":103,"path":104,"description":105},"radar","Unauthenticated API Scan","\u002Fdocs\u002Fgetting-started\u002Fapi-scan\u002Funauthenticated-api-scan","Run scans on public-facing API endpoints without authentication.",{"icon":107,"title":108,"path":109,"description":110},"file-magnifying-glass","Authenticated API Scan","\u002Fdocs\u002Fgetting-started\u002Fapi-scan\u002Fauthenticated-api-scan","Configure and scan protected endpoints that require authentication.",{"title":98,"path":99,"stem":112,"meta":113},"docs\u002F1.getting-started\u002F05.api-scan\u002F2.creating-a-collection",{"icon":97},{"title":103,"path":104,"stem":115,"meta":116},"docs\u002F1.getting-started\u002F05.api-scan\u002F3.unauthenticated-api-scan",{"imageSrc":117},"\u002FImages\u002Funauthenticated-api-scan-icon.svg",{"title":108,"path":109,"stem":119,"meta":120},"docs\u002F1.getting-started\u002F05.api-scan\u002F4.authenticated-api-scan",{"imageSrc":121},"\u002FImages\u002Fauthenticated-api-scan-icon.svg",{"title":123,"path":124,"stem":125,"meta":126},"Scan Results","\u002Fdocs\u002Fgetting-started\u002Fscan-results","docs\u002F1.getting-started\u002F06.scan-results",{"icon":127,"cards":128},"square-poll-horizontal",[129,133,137,142,147,152,157,162],{"icon":127,"title":130,"path":131,"description":132},"Scanner","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fscanner","Displays real-time scan progress, including authenticated and unauthenticated crawling, along with OWASP Top 10 checks.",{"icon":53,"title":134,"path":135,"description":136},"Web App Vulnerabilities","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fweb-app-vulnerabilities","Lists detected security issues in web applications, categorized by severity, with detailed remediation steps.",{"icon":138,"title":139,"path":140,"description":141},"file-circle-check","Detected API Vulnerabilities","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fdetected-apis-vulnerabilities","Identifies all the security flaws found in a particular API endpoint, showing affected requests and responses.",{"icon":143,"title":144,"path":145,"description":146},"circle-info","Information Exposure","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Finformation-exposure","Highlights sensitive data leaks like PII, secret data leaks like credentials, and cloud misconfigurations.",{"icon":148,"title":149,"path":150,"description":151},"certificate","SSL Certificate Scan","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fssl-certificate","Analyzes SSL\u002FTLS configurations, checking for vulnerabilities, expiration status, and compliance issues.",{"icon":153,"title":154,"path":155,"description":156},"cube","Vulnerable Version Detection","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fvulnerable-version-detection","Detects outdated JavaScript libraries and server-side technologies with known security risks.",{"icon":158,"title":159,"path":160,"description":161},"database","Server Ports Scan","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fserver-ports-scan","Scans open ports on the server, assessing potential risks and providing mitigation strategies.",{"icon":163,"title":164,"path":165,"description":166},"envelope","Mail Configuration","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fmail-configuration","Evaluates the mail server for misconfigurations like open relays and reverse DNS mismatches.",{"title":36,"path":37,"stem":168,"meta":169},"docs\u002F1.getting-started\u002F07.concepts",{"hidden":12,"noRobotsIndex":12,"icon":170},"lightbulb",{"title":172,"path":173,"stem":174,"meta":175},"TroubleShoot","\u002Fdocs\u002Fgetting-started\u002Ftroubleshoot","docs\u002F1.getting-started\u002F08.troubleshoot",{"icon":176},"puzzle-piece",{"title":178,"path":179,"stem":180,"meta":181},"FAQs","\u002Fdocs\u002Fgetting-started\u002Ffaqs","docs\u002F1.getting-started\u002F09.faqs",{"icon":182},"question-circle",{"title":184,"path":185,"stem":186,"meta":187},"Vulnerability Registry","\u002Fdocs\u002Fgetting-started\u002Fvulnerability-registry","docs\u002F1.getting-started\u002F10.vulnerability-registry",{"icon":188,"layout":189},"bug","default",{"title":191,"path":192,"stem":193,"meta":194},"Best Practices","\u002Fdocs\u002Fgetting-started\u002Fbest-practices","docs\u002F1.getting-started\u002F11.best-practices",{"icon":195},"clipboard",{"title":24,"meta":197,"path":198,"stem":199,"children":200,"page":14},{},"\u002Fdocs\u002Fmanage-targets","docs\u002F2.manage-targets",[201,207,213,219,223,228,288,335,360],{"title":202,"path":203,"stem":204,"meta":205},"Targets","\u002Fdocs\u002Fmanage-targets\u002Ftargets-section","docs\u002F2.manage-targets\u002F01.targets-section",{"icon":206},"crosshairs",{"title":208,"path":209,"stem":210,"meta":211},"Add a Target","\u002Fdocs\u002Fmanage-targets\u002Fadd-a-target","docs\u002F2.manage-targets\u002F2.add-a-target",{"icon":212},"plus",{"title":214,"path":215,"stem":216,"meta":217},"Target Verification","\u002Fdocs\u002Fmanage-targets\u002Ftarget-verification","docs\u002F2.manage-targets\u002F3.target-verification",{"icon":218},"check",{"title":25,"path":26,"stem":220,"meta":221},"docs\u002F2.manage-targets\u002F4.target-configuration",{"icon":222},"gear",{"title":224,"path":225,"stem":226,"meta":227},"Add Custom Headers","\u002Fdocs\u002Fmanage-targets\u002Fadd-custom-headers","docs\u002F2.manage-targets\u002F5.add-custom-headers",{"icon":97},{"title":229,"path":230,"stem":231,"children":232,"page":-1,"meta":234},"CI\u002FCD Integration","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration","docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002Findex",[233,266,270,274,279,284],{"title":229,"path":230,"stem":231,"meta":234},{"icon":235,"cards":236},"repeat",[237,241,245,249,253,257,260,262,264],{"title":238,"path":239,"description":240},"GitHub Actions","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration\u002Fgithub-actions","Integrate ZeroThreat scans using GitHub workflows, with support for triggers, and authenticated testing.",{"title":242,"path":243,"description":244},"Azure Pipelines","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration\u002Fazure-pipelines","Integrate ZeroThreat Scans in Azure DevOps with customizable YAML pipelines that suite your workflow.",{"title":246,"path":247,"description":248},"CircleCI","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration\u002Fcircle-ci","Integrate ZeroThreat scans using CircleCI to trigger automated scans in your CI\u002FCD pieplines that suite your needs.",{"title":250,"path":251,"description":252},"GitLab CI\u002FCD","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration\u002Fgitlab","Integrate ZeroThreat Scans in into GitLab CI\u002FCD pipelines that suite your workflow.",{"title":254,"path":255,"description":256},"AWS CI\u002FCD","\u002Fdocs\u002Fmanage-targets\u002Fci-cd-integration\u002Faws-ci-cd","Integrate ZeroThreat Scans in into AWS CI\u002FCD pipelines that suite your workflow.",{"title":258,"description":259},"Jenkins","Coming Soon",{"title":261,"description":259},"TeamCity",{"title":263,"description":259},"Bamboo",{"title":265,"description":259},"Travis CI",{"title":238,"path":239,"stem":267,"meta":268},"docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002F1.github-actions",{"icon":269},"fa-brands fa-github",{"title":242,"path":243,"stem":271,"meta":272},"docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002F2.azure-pipelines",{"imageSrc":273},"\u002FImages\u002Fazure-pipeline.svg",{"title":275,"path":247,"stem":276,"meta":277},"Circle Ci","docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002F3.circle-ci",{"imageSrc":278},"\u002FImages\u002Fcircle-ci.svg",{"title":280,"path":251,"stem":281,"meta":282},"Gitlab","docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002F4.gitlab",{"icon":283},"fa-brands fa-gitlab",{"title":254,"path":255,"stem":285,"meta":286},"docs\u002F2.manage-targets\u002F6.ci-cd-integration\u002F5.aws-ci-cd",{"icon":287},"fa-brands fa-aws",{"title":289,"path":290,"stem":291,"children":292,"page":-1,"meta":294},"Issue Tracking Integration","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking","docs\u002F2.manage-targets\u002F7.issue-tracking\u002Findex",[293,317,321,325,328,331],{"title":289,"path":290,"stem":291,"meta":294},{"icon":295,"cards":296},"id-card",[297,301,305,309,313],{"title":298,"path":299,"description":300},"Jira","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking\u002Fjira","Create Jira tickets from scan findings and assign them to specific boards, projects, and sprints with full vulnerability details.",{"title":302,"description":303,"path":304},"Azure Boards","Create Azure Boards work items from scan findings and assign them to specific projects, and boards with complete vulnerabiltiy details.","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking\u002Fazure-board",{"title":306,"description":307,"path":308},"GitHub Issues","Create GitHub issues from scan findings and assign them to specific repositories and Projects with full vulnerability details.","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking\u002Fgithub-issues",{"title":310,"description":311,"path":312},"GitLab Issues","Create GitLab issues from scan findings and assign them to specific projects and boards with full vulnerability details.","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking\u002Fgitlab-issues",{"title":314,"description":315,"path":316},"Trello","Create Trello cards from scan findings and assign them to specific boards and lists with full vulnerability details.","\u002Fdocs\u002Fmanage-targets\u002Fissue-tracking\u002Ftrello",{"title":298,"path":299,"stem":318,"meta":319},"docs\u002F2.manage-targets\u002F7.issue-tracking\u002F1.jira",{"icon":320},"fa-brands fa-atlassian",{"title":302,"path":304,"stem":322,"meta":323},"docs\u002F2.manage-targets\u002F7.issue-tracking\u002F2.azure-board",{"imageSrc":324},"\u002FImages\u002FAzure_Boards.svg",{"title":306,"path":308,"stem":326,"meta":327},"docs\u002F2.manage-targets\u002F7.issue-tracking\u002F3.github-issues",{"icon":269},{"title":310,"path":312,"stem":329,"meta":330},"docs\u002F2.manage-targets\u002F7.issue-tracking\u002F4.gitlab-issues",{"icon":283},{"title":314,"path":316,"stem":332,"meta":333},"docs\u002F2.manage-targets\u002F7.issue-tracking\u002F5.trello",{"icon":334},"fa-brands fa-trello",{"title":336,"path":337,"stem":338,"children":339,"page":-1,"meta":341},"Notification Integration","\u002Fdocs\u002Fmanage-targets\u002Fnotification-integration","docs\u002F2.manage-targets\u002F8.notification-integration\u002Findex",[340,352,356],{"title":336,"path":337,"stem":338,"meta":341},{"icon":342,"cards":343},"bell",[344,348],{"title":345,"path":346,"description":347},"Slack","\u002Fdocs\u002Fmanage-targets\u002Fnotification-integration\u002Fslack","Receive scan alerts in any Slack channel of your choice using incoming webhooks.",{"title":349,"description":350,"path":351},"Microsoft Teams","Use Teams workflows to post scan notifications into designated channels.","\u002Fdocs\u002Fmanage-targets\u002Fnotification-integration\u002Fmicrosoft-teams",{"title":345,"path":346,"stem":353,"meta":354},"docs\u002F2.manage-targets\u002F8.notification-integration\u002F1.slack",{"icon":355},"fa-brands fa-slack",{"title":349,"path":351,"stem":357,"meta":358},"docs\u002F2.manage-targets\u002F8.notification-integration\u002F2.microsoft-teams",{"imageSrc":359},"\u002FImages\u002FMicrosoft_Teams.svg",{"title":361,"path":362,"stem":363,"meta":364},"Playwright Specs","\u002Fdocs\u002Fmanage-targets\u002Fplaywright-specs","docs\u002F2.manage-targets\u002F9.playwright-specs",{"imageSrc":365},"\u002FImages\u002Fplaywright-specs.svg",{"title":28,"meta":367,"path":368,"stem":369,"children":370,"page":14},{},"\u002Fdocs\u002Fmanage-scans","docs\u002F3.manage-scans",[371,377,445,451,457,463,469],{"title":372,"path":373,"stem":374,"meta":375},"Scans","\u002Fdocs\u002Fmanage-scans\u002Fscans-section","docs\u002F3.manage-scans\u002F1.scans-section",{"icon":376},"magnifying-glass-chart",{"title":378,"path":30,"stem":379,"children":380,"page":-1,"meta":382},"Scan Report","docs\u002F3.manage-scans\u002F2.scan-report\u002Findex",[381,403,406,410,414,418,422,426,431,435,439],{"title":378,"path":30,"stem":379,"meta":382},{"icon":383,"cards":384},"file-lines",[385,387,391,393,396,397,399,400,401],{"icon":127,"title":130,"path":131,"description":386},"Displays real-time scan progress, including crawling and OWASP Top 10 vulnerabilities.",{"icon":383,"title":388,"path":389,"description":390},"Scan Summary","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fscan-summary","Provides a high-level overview of the security posture of the entire scanned application",{"icon":53,"title":134,"path":135,"description":392},"Lists detected security issues in web applications, categorized by severity, with detailed remediation steps",{"icon":138,"title":394,"path":140,"description":395},"Detected API vulnerabilities","Identifies all the security flaws found in a particular API endpoint, showing affected requests",{"icon":143,"title":144,"path":145,"description":146},{"icon":148,"title":398,"path":150,"description":151},"SSL Certificate",{"icon":153,"title":154,"path":155,"description":156},{"icon":158,"title":159,"path":160,"description":161},{"icon":163,"title":164,"path":165,"description":402},"Evaluates the mail server for misconfigurations like open relays and reverse DNS mismatches",{"title":130,"path":131,"stem":404,"meta":405},"docs\u002F3.manage-scans\u002F2.scan-report\u002F01.scanner",{"icon":67},{"title":388,"path":389,"stem":407,"meta":408},"docs\u002F3.manage-scans\u002F2.scan-report\u002F02.scan-summary",{"icon":409},"list-check",{"title":134,"path":135,"stem":411,"meta":412},"docs\u002F3.manage-scans\u002F2.scan-report\u002F03.web-app-vulnerabilities",{"imageSrc":413},"\u002FImages\u002Fgravity-ui--diamond-exclamation.svg",{"title":394,"path":140,"stem":415,"meta":416},"docs\u002F3.manage-scans\u002F2.scan-report\u002F04.detected-apis-vulnerabilities",{"imageSrc":417},"\u002FImages\u002Fuil--exclamation-octagon.svg",{"title":144,"path":145,"stem":419,"meta":420},"docs\u002F3.manage-scans\u002F2.scan-report\u002F05.information-exposure",{"imageSrc":421},"\u002FImages\u002Fstreamline--arrow-expand.svg",{"title":398,"path":150,"stem":423,"meta":424},"docs\u002F3.manage-scans\u002F2.scan-report\u002F06.ssl-certificate",{"imageSrc":425},"\u002FImages\u002Fla--certificate.svg",{"title":427,"path":155,"stem":428,"meta":429},"Vulnerable Version detection","docs\u002F3.manage-scans\u002F2.scan-report\u002F07.vulnerable-version-detection",{"imageSrc":430},"\u002FImages\u002Ff7--exclamationmark-square.svg",{"title":159,"path":160,"stem":432,"meta":433},"docs\u002F3.manage-scans\u002F2.scan-report\u002F08.server-ports-scan",{"imageSrc":434},"\u002FImages\u002Ftdesign--server.svg",{"title":164,"path":165,"stem":436,"meta":437},"docs\u002F3.manage-scans\u002F2.scan-report\u002F09.mail-configuration",{"imageSrc":438},"\u002FImages\u002Ftabler--mail.svg",{"title":440,"path":441,"stem":442,"meta":443},"Compliance","\u002Fdocs\u002Fmanage-scans\u002Fscan-report\u002Fcompliance","docs\u002F3.manage-scans\u002F2.scan-report\u002F10. Compliance",{"imageSrc":444},"\u002FImages\u002Fgg--list.svg",{"title":446,"path":447,"stem":448,"meta":449},"Download Scan Report","\u002Fdocs\u002Fmanage-scans\u002Fdownload-report","docs\u002F3.manage-scans\u002F3.download-report",{"icon":450},"download",{"title":452,"path":453,"stem":454,"meta":455},"Share Scan Results","\u002Fdocs\u002Fmanage-scans\u002Fshare-scan-results","docs\u002F3.manage-scans\u002F4.share-scan-results",{"icon":456},"up-right-from-square",{"title":458,"path":459,"stem":460,"meta":461},"Retest Vulnerability","\u002Fdocs\u002Fmanage-scans\u002Fretest-vulnerability","docs\u002F3.manage-scans\u002F5.retest-vulnerability",{"icon":462},"rotate-right",{"title":464,"path":465,"stem":466,"meta":467},"Schedule Scan","\u002Fdocs\u002Fmanage-scans\u002Fschedule-scan","docs\u002F3.manage-scans\u002F6.schedule-scan",{"icon":468},"calendar-days",{"title":470,"path":471,"stem":472,"meta":473},"API Discovery from Code","\u002Fdocs\u002Fmanage-scans\u002Fapi-discovery-from-code","docs\u002F3.manage-scans\u002F7.api-discovery-from-code",{"icon":474},"fa-file-code",{"title":32,"meta":476,"path":477,"stem":478,"children":479,"page":14},{},"\u002Fdocs\u002Fmanage-organizations","docs\u002F4.manage-organizations",[480,492,496],{"title":481,"path":482,"stem":483,"meta":484},"Manage Organization","\u002Fdocs\u002Fmanage-organizations\u002Fmanage-organization","docs\u002F4.manage-organizations\u002F1.manage-organization",{"icon":485,"cards":486},"building",[487,489],{"title":32,"description":488,"path":34},"Understanding Roles",{"title":481,"description":490,"path":491},"How to add new User","\u002Fdocs\u002Fmanage-organizations\u002Fadd-user",{"title":33,"path":34,"stem":493,"meta":494},"docs\u002F4.manage-organizations\u002F2.understanding-user-roles",{"icon":495},"user-check",{"title":497,"path":491,"stem":498,"meta":499},"Add User","docs\u002F4.manage-organizations\u002F3.add-user",{"icon":500},"user-plus",{"title":502,"meta":503,"path":504,"stem":505,"children":506,"page":14},"Organization Settings",{},"\u002Fdocs\u002Forganization-settings","docs\u002F5.organization-settings",[507,513,518],{"title":508,"path":509,"stem":510,"meta":511},"Report Branding","\u002Fdocs\u002Forganization-settings\u002Freport-configuration","docs\u002F5.organization-settings\u002F01.report-configuration",{"imageSrc":512},"\u002FImages\u002Freport-configuration.svg",{"title":184,"path":514,"stem":515,"meta":516},"\u002Fdocs\u002Forganization-settings\u002Fvulnerability-registry-configuration","docs\u002F5.organization-settings\u002F02.vulnerability-registry-configuration",{"imageSrc":517},"\u002FImages\u002Fvulnerability-registry-config.svg",{"title":519,"path":520,"stem":521,"meta":522},"Attack Templates","\u002Fdocs\u002Forganization-settings\u002Fattack-templates","docs\u002F5.organization-settings\u002F03.attack-templates",{"imageSrc":523},"\u002FImages\u002Fattack-templates.svg",{"title":525,"path":526,"stem":527,"children":528,"page":14},"Plans","\u002Fdocs\u002Fplans","docs\u002F6.plans",[529,535],{"title":530,"path":531,"stem":532,"meta":533},"ZeroThreat Plans","\u002Fdocs\u002Fplans\u002Fzerothreat-plans","docs\u002F6.plans\u002F01.zerothreat-plans",{"imageSrc":534},"\u002FImages\u002Fzerothreat-plans.svg",{"title":536,"path":537,"stem":538,"meta":539},"Target Association","\u002Fdocs\u002Fplans\u002Ftarget-association","docs\u002F6.plans\u002F02.target-association",{"icon":540},"link",{"title":542,"path":543,"stem":544,"children":545,"page":14},"On Prem","\u002Fdocs\u002Fon-prem","docs\u002F7.on-prem",[546,552,566,572,598],{"title":547,"path":548,"stem":549,"meta":550},"On-Prem","\u002Fdocs\u002Fon-prem\u002Fon-prem","docs\u002F7.on-prem\u002F01.on-prem",{"imageSrc":551},"\u002FImages\u002Fon-prem.svg",{"title":553,"path":554,"stem":555,"children":556,"page":-1,"meta":558},"Installation","\u002Fdocs\u002Fon-prem\u002Finstallation","docs\u002F7.on-prem\u002F02.installation\u002Findex",[557,560],{"title":553,"path":554,"stem":555,"meta":558},{"imageSrc":559},"\u002FImages\u002Finstallation.svg",{"title":561,"path":562,"stem":563,"meta":564},"DNS Binding and Setup","\u002Fdocs\u002Fon-prem\u002Finstallation\u002Fdns-binding-and-setup","docs\u002F7.on-prem\u002F02.installation\u002F01.DNS-binding-and-setup",{"imageSrc":565},"\u002FImages\u002Fdns-binding.svg",{"title":567,"path":568,"stem":569,"meta":570},"License Management","\u002Fdocs\u002Fon-prem\u002Flicense-management","docs\u002F7.on-prem\u002F03.license-management",{"imageSrc":571},"\u002FImages\u002Flicense-management.svg",{"title":573,"path":574,"stem":575,"children":576,"page":-1,"meta":578},"Configuration","\u002Fdocs\u002Fon-prem\u002Fconfiguration","docs\u002F7.on-prem\u002F4.configuration\u002Findex",[577,589,594],{"title":573,"path":574,"stem":575,"meta":578},{"imageSrc":579,"cards":580},"\u002FImages\u002Fconfiguration.svg",[581,585],{"title":582,"path":583,"description":584},"AI Features Configuration","\u002Fdocs\u002Fon-prem\u002Fconfiguration\u002Fai-configuration","ZeroThreat uses AI-driven capabilities across multiple areas of the platform to improve clarity, reduce manual effort, and accelerate security analysis.",{"title":586,"path":587,"description":588},"Mail Server Configuration","\u002Fdocs\u002Fon-prem\u002Fconfiguration\u002Fmail-server-configuration","Mail server configuration allows ZeroThreat to send operational and system-related notifications from your On-Prem deployment.",{"title":590,"path":583,"stem":591,"meta":592},"Gen AI Configuration","docs\u002F7.on-prem\u002F4.configuration\u002F01.AI-configuration",{"imageSrc":593},"\u002FImages\u002Fai-config.svg",{"title":586,"path":587,"stem":595,"meta":596},"docs\u002F7.on-prem\u002F4.configuration\u002F02.mail-server-configuration",{"imageSrc":597},"\u002FImages\u002Fmail-server-config.svg",{"title":289,"path":599,"stem":600,"children":601,"page":-1,"meta":603},"\u002Fdocs\u002Fon-prem\u002Fissue-tracking-integration","docs\u002F7.on-prem\u002F5.issue-tracking-integration\u002Findex",[602,622,626,629,632],{"title":289,"path":599,"stem":600,"meta":603},{"icon":604,"cards":605},"file-circle-exclamation",[606,610,614,618],{"title":607,"path":608,"description":609},"Jira (On-Prem)","\u002Fdocs\u002Fon-prem\u002Fissue-tracking-integration\u002Fjira-on-prem","Create Jira tickets from scan findings and assign them to specific projects and boards with full vulnerability details.",{"title":611,"path":612,"description":613},"GitHub Issues (On-Prem)","\u002Fdocs\u002Fon-prem\u002Fissue-tracking-integration\u002Fgithub-issues-on-prem","Create GitHub issues from scan findings and assign them to repositories and Projects with detailed vulnerability evidence.",{"title":615,"path":616,"description":617},"GitLab Issues (On-Prem)","\u002Fdocs\u002Fon-prem\u002Fissue-tracking-integration\u002Fgitlab-issues-on-prem","Create GitLab issues from scan findings and assign them to specific projects with structured remediation details.",{"title":619,"path":620,"description":621},"Trello (On-Prem)","\u002Fdocs\u002Fon-prem\u002Fissue-tracking-integration\u002Ftrello-on-prem","Create Trello cards from scan findings and organize them into boards and lists with full vulnerability context.",{"title":607,"path":608,"stem":623,"meta":624},"docs\u002F7.on-prem\u002F5.issue-tracking-integration\u002F01.jira-on-prem",{"icon":625},"fa-brands fa-jira",{"title":611,"path":612,"stem":627,"meta":628},"docs\u002F7.on-prem\u002F5.issue-tracking-integration\u002F02.github-issues-on-prem",{"icon":269},{"title":615,"path":616,"stem":630,"meta":631},"docs\u002F7.on-prem\u002F5.issue-tracking-integration\u002F03.gitlab-issues-on-prem",{"icon":283},{"title":619,"path":620,"stem":633,"meta":634},"docs\u002F7.on-prem\u002F5.issue-tracking-integration\u002F04.trello-on-prem",{"icon":334},{"id":636,"title":561,"body":637,"description":2087,"extension":2088,"meta":2089,"navigation":12,"path":562,"seo":2090,"stem":563,"__hash__":2091},"content\u002Fdocs\u002F7.on-prem\u002F02.installation\u002F01.DNS-binding-and-setup.md",{"type":638,"value":639,"toc":2071},"minimark",[640,644,666,671,674,677,691,694,702,705,721,725,741,744,747,755,767,771,774,777,800,807,810,815,818,855,858,877,883,887,890,910,913,931,934,950,953,969,972,989,993,1000,1003,1011,1014,1022,1025,1028,1043,1046,1060,1063,1069,1073,1076,1093,1096,1102,1108,1147,1270,1280,1283,1307,1310,1327,1330,1348,1351,1359,1362,1366,1373,1376,1402,1408,1411,1429,1432,1435,1449,1452,1466,1486,1490,1493,1513,1516,1558,1561,1568,1571,1591,1641,1645,1648,1662,1665,1673,1800,1803,1805,1819,1821,1837,1840,1866,1869,1877,1880,1884,1887,1890,1904,1907,1915,1918,1934,1937,1944,1947,1951,1954,1966,1968,1980,1983,1997,2000,2016,2019,2033,2036,2054,2057,2060,2064,2067],[641,642,643],"p",{},"This page explains how to bind a domain to your installed ZeroThreat On-Prem instance using Nginx as a reverse proxy and mkcert for locally trusted HTTPS certificates.",[645,646,649,657,662],"hint",{"icon":143,"icon-class":647,"style":648},"text-sky-600","background-color:#f7fcff; border:1px solid #07405a33; color:#1e6995;",[650,651,653],"h5",{"id":652},"reverse-proxy-choice",[654,655,656],"strong",{},"Reverse proxy choice",[658,659,661],"h6",{"id":660},"this-guide-uses-nginx-as-an-example-you-can-also-use-apache-an-internal-load-balancer-an-ingress-controller-or-any-other-reverse-proxy-that-can-route-httphttps-traffic-to-your-zerothreat-on-prem-instance","This guide uses Nginx as an example. You can also use Apache, an internal load balancer, an ingress controller, or any other reverse proxy that can route HTTP\u002FHTTPS traffic to your ZeroThreat On-Prem instance.",[658,663,665],{"id":664},"the-goal-is-the-same-regardless-of-tool-resolve-a-supported-domain-inside-your-network-proxy-traffic-to-the-local-zerothreat-instance-and-configure-https","The goal is the same regardless of tool: resolve a supported domain inside your network, proxy traffic to the local ZeroThreat instance, and configure HTTPS.",[667,668,670],"h2",{"id":669},"domain-requirements-for-zerothreat-chrome-extension","Domain Requirements for ZeroThreat Chrome Extension",[641,672,673],{},"The ZeroThreat Chrome Extension will only open or load correctly when the On-Prem instance is bound to one of the supported domain patterns.",[641,675,676],{},"Supported domain patterns:",[678,679,680],"u-code",{},[681,682,688],"pre",{"className":683,"code":685,"language":686,"meta":687},[684],"language-text","https:\u002F\u002F*.websec.ai\u002F*\nhttps:\u002F\u002F*.webpentest.ai\u002F*\nhttps:\u002F\u002F*.webscan.ai\u002F*\nhttps:\u002F\u002F*.dastscan.ai\u002F*\nhttps:\u002F\u002F*.websectest.ai\u002F*\nhttps:\u002F\u002F*.apiscan.ai\u002F*\nhttps:\u002F\u002F*.apiscantest.ai\u002F*\n","text","",[689,690,685],"code",{"__ignoreMap":687},[641,692,693],{},"For On-Prem setups, this domain should be configured inside your private network DNS. For example, your internal DNS can resolve a supported domain such as:",[678,695,696],{},[681,697,700],{"className":698,"code":699,"language":686,"meta":687},[684],"local.zerothreat.webscan.ai\n",[689,701,699],{"__ignoreMap":687},[641,703,704],{},"to the private IP address of your ZeroThreat On-Prem server.",[645,706,707,713,717],{"icon":143,"icon-class":647,"style":648},[650,708,710],{"id":709},"extension-compatibility",[654,711,712],{},"Extension compatibility",[658,714,716],{"id":715},"the-zerothreat-chrome-extension-will-only-open-or-load-when-the-on-prem-instance-is-bound-to-a-supported-domain-pattern-we-recommend-using-one-of-the-supported-domains-listed-above","The ZeroThreat Chrome Extension will only open or load when the On-Prem instance is bound to a supported domain pattern. We recommend using one of the supported domains listed above.",[658,718,720],{"id":719},"if-you-have-an-exceptional-requirement-to-use-a-different-domain-contact-the-zerothreat-support-team","If you have an exceptional requirement to use a different domain, contact the ZeroThreat support team.",[667,722,724],{"id":723},"google-and-microsoft-sso-domain-whitelisting","Google and Microsoft SSO Domain Whitelisting",[641,726,727,728,734,735,740],{},"If you want ",[729,730,731],"em",{},[654,732,733],{},"Login with Google"," or ",[729,736,737],{},[654,738,739],{},"Login with Microsoft"," to work on your On-Prem domain, you will have to share the final domain name with the ZeroThreat support team.",[641,742,743],{},"The domain must be whitelisted by ZeroThreat before Google or Microsoft SSO can work correctly for your On-Prem instance.",[641,745,746],{},"Example domain to share:",[678,748,749],{},[681,750,753],{"className":751,"code":752,"language":686,"meta":687},[684],"https:\u002F\u002Flocal.zerothreat.webscan.ai\n",[689,754,752],{"__ignoreMap":687},[645,756,757,763],{"icon":143,"icon-class":647,"style":648},[650,758,760],{"id":759},"sso-setup-requirement",[654,761,762],{},"SSO setup requirement",[658,764,766],{"id":765},"for-google-or-microsoft-sso-send-your-on-prem-domain-to-zerothreat-support-for-whitelisting-without-this-step-sso-login-may-not-work-even-if-dns-and-https-are-configured-correctly","For Google or Microsoft SSO, send your On-Prem domain to ZeroThreat support for whitelisting. Without this step, SSO login may not work even if DNS and HTTPS are configured correctly.",[667,768,770],{"id":769},"before-you-start","Before You Start",[641,772,773],{},"Before binding a domain, make sure your ZeroThreat On-Prem installation is complete and the instance is accessible through the local URL shown by the installer.",[641,775,776],{},"You should also have:",[778,779,780,790,793],"ul",{},[781,782,783,784,734,787],"li",{},"A supported internal domain or subdomain, such as ",[689,785,786],{},"company.webscan.ai",[689,788,789],{},"company.websec.ai",[781,791,792],{},"Access to your internal DNS system.",[781,794,795,796,799],{},"Server access with ",[689,797,798],{},"sudo"," privileges.",[641,801,802,803,806],{},"The local ZeroThreat On-Prem URL or port shown after installation. You will use this value in the Nginx ",[689,804,805],{},"proxy_pass"," configuration.",[641,808,809],{},"Access to update internal firewall rules if required.",[811,812,814],"h3",{"id":813},"step-1-install-nginx","Step 1: Install Nginx",[641,816,817],{},"Install Nginx on the server where ZeroThreat On-Prem is running.",[678,819,820],{},[681,821,825],{"className":822,"code":823,"language":824,"meta":687,"style":687},"language-bash shiki shiki-themes github-light github-dark","sudo apt update\nsudo apt install nginx\n","bash",[689,826,827,842],{"__ignoreMap":687},[828,829,832,835,839],"span",{"class":830,"line":831},"line",1,[828,833,798],{"class":834},"sScJk",[828,836,838],{"class":837},"sZZnC"," apt",[828,840,841],{"class":837}," update\n",[828,843,845,847,849,852],{"class":830,"line":844},2,[828,846,798],{"class":834},[828,848,838],{"class":837},[828,850,851],{"class":837}," install",[828,853,854],{"class":837}," nginx\n",[641,856,857],{},"Once installed, verify that Nginx is running:",[678,859,860],{},[681,861,863],{"className":822,"code":862,"language":824,"meta":687,"style":687},"sudo systemctl status nginx\n",[689,864,865],{"__ignoreMap":687},[828,866,867,869,872,875],{"class":830,"line":831},[828,868,798],{"class":834},[828,870,871],{"class":837}," systemctl",[828,873,874],{"class":837}," status",[828,876,854],{"class":837},[641,878,879,880,882],{},"Nginx supports reverse proxying requests to backend services using ",[689,881,805],{},", which is what allows the supported domain to route traffic to the local ZeroThreat service.",[811,884,886],{"id":885},"step-2-configure-local-firewall-rules","Step 2: Configure Local Firewall Rules",[641,888,889],{},"Allow SSH first so you do not accidentally lock yourself out of the server.",[678,891,892],{},[681,893,895],{"className":822,"code":894,"language":824,"meta":687,"style":687},"sudo ufw allow OpenSSH\n",[689,896,897],{"__ignoreMap":687},[828,898,899,901,904,907],{"class":830,"line":831},[828,900,798],{"class":834},[828,902,903],{"class":837}," ufw",[828,905,906],{"class":837}," allow",[828,908,909],{"class":837}," OpenSSH\n",[641,911,912],{},"Allow Nginx HTTP traffic:",[678,914,915],{},[681,916,918],{"className":822,"code":917,"language":824,"meta":687,"style":687},"sudo ufw allow 'Nginx HTTP'\n",[689,919,920],{"__ignoreMap":687},[828,921,922,924,926,928],{"class":830,"line":831},[828,923,798],{"class":834},[828,925,903],{"class":837},[828,927,906],{"class":837},[828,929,930],{"class":837}," 'Nginx HTTP'\n",[641,932,933],{},"Enable the firewall:",[678,935,936],{},[681,937,939],{"className":822,"code":938,"language":824,"meta":687,"style":687},"sudo ufw enable\n",[689,940,941],{"__ignoreMap":687},[828,942,943,945,947],{"class":830,"line":831},[828,944,798],{"class":834},[828,946,903],{"class":837},[828,948,949],{"class":837}," enable\n",[641,951,952],{},"Check firewall status:",[678,954,955],{},[681,956,958],{"className":822,"code":957,"language":824,"meta":687,"style":687},"sudo ufw status\n",[689,959,960],{"__ignoreMap":687},[828,961,962,964,966],{"class":830,"line":831},[828,963,798],{"class":834},[828,965,903],{"class":837},[828,967,968],{"class":837}," status\n",[641,970,971],{},"At this stage, HTTP traffic on port 80 should be allowed on the server.",[645,973,977],{"icon":974,"icon-class":975,"style":976},"triangle-exclamation","text-[#f97316]","background-color:#fff4e6; color:#f97316; border:1px solid #f6d2b0;",[658,978,980,981,984,985,988],{"id":979},"if-your-organization-uses-additional-internal-firewalls-or-network-acls-make-sure-traffic-to-ports-80-and-443-is-allowed-from-the-intended-internal-network-ranges","If your organization uses additional internal firewalls or network ACLs, make sure traffic to ports ",[654,982,983],{},"80"," and ",[654,986,987],{},"443"," is allowed from the intended internal network ranges.",[811,990,992],{"id":991},"step-3-add-the-internal-dns-record","Step 3: Add the Internal DNS Record",[641,994,995,996,999],{},"In your internal DNS system, create an ",[654,997,998],{},"A record"," for the supported domain or subdomain you want to use.",[641,1001,1002],{},"Example:",[678,1004,1005],{},[681,1006,1009],{"className":1007,"code":1008,"language":686,"meta":687},[684],"Type: A\nName: company\nValue: \u003CzeroThreat-onprem-private-ip>\nTTL: Auto or default\n",[689,1010,1008],{"__ignoreMap":687},[641,1012,1013],{},"For example, this points:",[678,1015,1016],{},[681,1017,1020],{"className":1018,"code":1019,"language":686,"meta":687},[684],"company.webscan.ai\n",[689,1021,1019],{"__ignoreMap":687},[641,1023,1024],{},"to your ZeroThreat On-Prem server’s private IP address.",[641,1026,1027],{},"After adding the record, verify that the domain resolves correctly from a machine inside the intended network.",[678,1029,1030],{},[681,1031,1033],{"className":822,"code":1032,"language":824,"meta":687,"style":687},"dig company.webscan.ai\n",[689,1034,1035],{"__ignoreMap":687},[828,1036,1037,1040],{"class":830,"line":831},[828,1038,1039],{"class":834},"dig",[828,1041,1042],{"class":837}," company.webscan.ai\n",[641,1044,1045],{},"or:",[678,1047,1048],{},[681,1049,1051],{"className":822,"code":1050,"language":824,"meta":687,"style":687},"nslookup company.webscan.ai\n",[689,1052,1053],{"__ignoreMap":687},[828,1054,1055,1058],{"class":830,"line":831},[828,1056,1057],{"class":834},"nslookup",[828,1059,1042],{"class":837},[641,1061,1062],{},"Make sure the domain resolves to the expected private IP before continuing.",[645,1064,1065],{"icon":143,"icon-class":647,"style":648},[658,1066,1068],{"id":1067},"the-domain-must-resolve-correctly-from-the-machines-where-users-will-access-zerothreat-on-prem-if-users-connect-through-vpn-verify-dns-resolution-from-a-vpn-connected-machine-as-well","The domain must resolve correctly from the machines where users will access ZeroThreat On-Prem. If users connect through VPN, verify DNS resolution from a VPN-connected machine as well.",[811,1070,1072],{"id":1071},"step-4-configure-nginx-reverse-proxy","Step 4: Configure Nginx Reverse Proxy",[641,1074,1075],{},"Create an Nginx site configuration for your domain.",[678,1077,1078],{},[681,1079,1081],{"className":822,"code":1080,"language":824,"meta":687,"style":687},"sudo nano \u002Fetc\u002Fnginx\u002Fsites-available\u002Fzerothreat\n",[689,1082,1083],{"__ignoreMap":687},[828,1084,1085,1087,1090],{"class":830,"line":831},[828,1086,798],{"class":834},[828,1088,1089],{"class":837}," nano",[828,1091,1092],{"class":837}," \u002Fetc\u002Fnginx\u002Fsites-available\u002Fzerothreat\n",[641,1094,1095],{},"Add a configuration similar to the following.",[641,1097,1098,1099,1101],{},"Replace ",[689,1100,786],{}," with your actual supported domain.",[641,1103,1098,1104,1107],{},[689,1105,1106],{},"http:\u002F\u002F127.0.0.1:3203"," with the local ZeroThreat URL or port shown after installation.",[645,1109,1110,1116,1120,1140],{"icon":143,"icon-class":647,"style":648},[650,1111,1113],{"id":1112},"increase-upload-size-limit",[654,1114,1115],{},"Increase Upload Size Limit",[658,1117,1119],{"id":1118},"some-zerothreat-on-prem-features-require-uploading-project-or-template-files-through-the-portal-for-example-application-journeys-playwright-zip-upload-and-custom-attack-coverage-zip-upload-may-involve-files-larger-than-the-default-nginx-request-body-limit","Some ZeroThreat On-Prem features require uploading project or template files through the portal. For example, Application Journeys \u002F Playwright ZIP upload and Custom Attack Coverage ZIP upload may involve files larger than the default Nginx request body limit.",[658,1121,1123,1124,1127,1128,1131,1132,1135,1136,1139],{"id":1122},"by-default-nginx-limits-the-client-request-body-size-to-1-mb-if-an-uploaded-file-exceeds-this-limit-nginx-can-reject-the-request-with-a-413-request-entity-too-large-error-before-it-reaches-zerothreat-nginx-supports-increasing-this-limit-using-the-client_max_body_size-directive-inside-the-http-server-or-location-block-if-you-are-using-https-add-the-same-directive-inside-the-https-server-block-as-well","By default, Nginx limits the client request body size to 1 MB. If an uploaded file exceeds this limit, Nginx can reject the request with a 413 Request Entity Too Large error before it reaches ZeroThreat. Nginx supports increasing this limit using the ",[689,1125,1126],{},"client_max_body_size"," directive inside the ",[689,1129,1130],{},"http",", ",[689,1133,1134],{},"server",", or ",[689,1137,1138],{},"location"," block. If you are using HTTPS, add the same directive inside the HTTPS server block as well.",[658,1141,1143,1146],{"id":1142},"note-if-you-are-using-apache-an-internal-load-balancer-an-ingress-controller-or-another-reverse-proxy-instead-of-nginx-configure-the-equivalent-request-body-or-upload-size-limit-there-as-well-otherwise-large-zip-uploads-may-fail-even-if-zerothreat-itself-supports-the-file-size",[654,1144,1145],{},"Note",": If you are using Apache, an internal load balancer, an ingress controller, or another reverse proxy instead of Nginx, configure the equivalent request body or upload size limit there as well. Otherwise, large ZIP uploads may fail even if ZeroThreat itself supports the file size.",[678,1148,1149],{},[681,1150,1154],{"className":1151,"code":1152,"language":1153,"meta":687,"style":687},"language-nginx shiki shiki-themes github-light github-dark","server {\n    listen 80;\n\n    server_name company.webscan.ai;\n\n    client_max_body_size 100M;\n\n    location \u002F {\n        proxy_pass http:\u002F\u002F127.0.0.1:3203;\n\n        proxy_http_version 1.1;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}\n\n","nginx",[689,1155,1156,1161,1166,1172,1178,1183,1189,1194,1200,1206,1211,1217,1223,1229,1235,1241,1246,1252,1258,1264],{"__ignoreMap":687},[828,1157,1158],{"class":830,"line":831},[828,1159,1160],{},"server {\n",[828,1162,1163],{"class":830,"line":844},[828,1164,1165],{},"    listen 80;\n",[828,1167,1169],{"class":830,"line":1168},3,[828,1170,1171],{"emptyLinePlaceholder":12},"\n",[828,1173,1175],{"class":830,"line":1174},4,[828,1176,1177],{},"    server_name company.webscan.ai;\n",[828,1179,1181],{"class":830,"line":1180},5,[828,1182,1171],{"emptyLinePlaceholder":12},[828,1184,1186],{"class":830,"line":1185},6,[828,1187,1188],{},"    client_max_body_size 100M;\n",[828,1190,1192],{"class":830,"line":1191},7,[828,1193,1171],{"emptyLinePlaceholder":12},[828,1195,1197],{"class":830,"line":1196},8,[828,1198,1199],{},"    location \u002F {\n",[828,1201,1203],{"class":830,"line":1202},9,[828,1204,1205],{},"        proxy_pass http:\u002F\u002F127.0.0.1:3203;\n",[828,1207,1209],{"class":830,"line":1208},10,[828,1210,1171],{"emptyLinePlaceholder":12},[828,1212,1214],{"class":830,"line":1213},11,[828,1215,1216],{},"        proxy_http_version 1.1;\n",[828,1218,1220],{"class":830,"line":1219},12,[828,1221,1222],{},"        proxy_set_header Host $host;\n",[828,1224,1226],{"class":830,"line":1225},13,[828,1227,1228],{},"        proxy_set_header X-Real-IP $remote_addr;\n",[828,1230,1232],{"class":830,"line":1231},14,[828,1233,1234],{},"        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n",[828,1236,1238],{"class":830,"line":1237},15,[828,1239,1240],{},"        proxy_set_header X-Forwarded-Proto $scheme;\n",[828,1242,1244],{"class":830,"line":1243},16,[828,1245,1171],{"emptyLinePlaceholder":12},[828,1247,1249],{"class":830,"line":1248},17,[828,1250,1251],{},"        proxy_set_header Upgrade $http_upgrade;\n",[828,1253,1255],{"class":830,"line":1254},18,[828,1256,1257],{},"        proxy_set_header Connection \"upgrade\";\n",[828,1259,1261],{"class":830,"line":1260},19,[828,1262,1263],{},"    }\n",[828,1265,1267],{"class":830,"line":1266},20,[828,1268,1269],{},"}\n",[641,1271,1272,1273,1275,1276,1279],{},"Nginx reverse proxy configuration uses ",[689,1274,805],{}," to forward requests to the backend service, and ",[689,1277,1278],{},"proxy_set_header"," can be used to pass the original host, client IP, and protocol details to the proxied service.",[641,1281,1282],{},"Enable the site:",[678,1284,1285],{},[681,1286,1288],{"className":822,"code":1287,"language":824,"meta":687,"style":687},"sudo ln -s \u002Fetc\u002Fnginx\u002Fsites-available\u002Fzerothreat \u002Fetc\u002Fnginx\u002Fsites-enabled\u002F\n",[689,1289,1290],{"__ignoreMap":687},[828,1291,1292,1294,1297,1301,1304],{"class":830,"line":831},[828,1293,798],{"class":834},[828,1295,1296],{"class":837}," ln",[828,1298,1300],{"class":1299},"sj4cs"," -s",[828,1302,1303],{"class":837}," \u002Fetc\u002Fnginx\u002Fsites-available\u002Fzerothreat",[828,1305,1306],{"class":837}," \u002Fetc\u002Fnginx\u002Fsites-enabled\u002F\n",[641,1308,1309],{},"Test the Nginx configuration:",[678,1311,1312],{},[681,1313,1315],{"className":822,"code":1314,"language":824,"meta":687,"style":687},"sudo nginx -t\n",[689,1316,1317],{"__ignoreMap":687},[828,1318,1319,1321,1324],{"class":830,"line":831},[828,1320,798],{"class":834},[828,1322,1323],{"class":837}," nginx",[828,1325,1326],{"class":1299}," -t\n",[641,1328,1329],{},"Reload Nginx:",[678,1331,1332],{},[681,1333,1335],{"className":822,"code":1334,"language":824,"meta":687,"style":687},"sudo systemctl reload nginx\n",[689,1336,1337],{"__ignoreMap":687},[828,1338,1339,1341,1343,1346],{"class":830,"line":831},[828,1340,798],{"class":834},[828,1342,871],{"class":837},[828,1344,1345],{"class":837}," reload",[828,1347,854],{"class":837},[641,1349,1350],{},"Now open the domain in the browser from inside your network:",[678,1352,1353],{},[681,1354,1357],{"className":1355,"code":1356,"language":686,"meta":687},[684],"http:\u002F\u002Fcompany.webscan.ai\n",[689,1358,1356],{"__ignoreMap":687},[641,1360,1361],{},"If DNS and proxy configuration are correct, the domain should route to your ZeroThreat On-Prem instance.",[811,1363,1365],{"id":1364},"step-5-install-mkcert","Step 5: Install mkcert",[641,1367,1368,1369,1372],{},"For internal HTTPS, this guide uses ",[654,1370,1371],{},"mkcert",". mkcert creates a local Certificate Authority and generates locally trusted certificates for development or internal domains. The official mkcert project states that it creates and installs a local CA in the system trust store and generates locally trusted certificates, but it does not configure servers automatically.",[641,1374,1375],{},"Install the required NSS tools first:",[678,1377,1378],{},[681,1379,1381],{"className":822,"code":1380,"language":824,"meta":687,"style":687},"sudo apt update\nsudo apt install libnss3-tools\n",[689,1382,1383,1391],{"__ignoreMap":687},[828,1384,1385,1387,1389],{"class":830,"line":831},[828,1386,798],{"class":834},[828,1388,838],{"class":837},[828,1390,841],{"class":837},[828,1392,1393,1395,1397,1399],{"class":830,"line":844},[828,1394,798],{"class":834},[828,1396,838],{"class":837},[828,1398,851],{"class":837},[828,1400,1401],{"class":837}," libnss3-tools\n",[641,1403,1404,1405,1407],{},"Install ",[689,1406,1371],{},".",[641,1409,1410],{},"On Ubuntu\u002FDebian systems where mkcert is available from the package repository, you can use:",[678,1412,1413],{},[681,1414,1416],{"className":822,"code":1415,"language":824,"meta":687,"style":687},"sudo apt install mkcert\n",[689,1417,1418],{"__ignoreMap":687},[828,1419,1420,1422,1424,1426],{"class":830,"line":831},[828,1421,798],{"class":834},[828,1423,838],{"class":837},[828,1425,851],{"class":837},[828,1427,1428],{"class":837}," mkcert\n",[641,1430,1431],{},"If your package repository does not provide mkcert or provides an older version, install it from the official mkcert GitHub releases according to your OS and architecture.",[641,1433,1434],{},"Verify installation:",[678,1436,1437],{},[681,1438,1440],{"className":822,"code":1439,"language":824,"meta":687,"style":687},"mkcert -version\n",[689,1441,1442],{"__ignoreMap":687},[828,1443,1444,1446],{"class":830,"line":831},[828,1445,1371],{"class":834},[828,1447,1448],{"class":1299}," -version\n",[641,1450,1451],{},"Install the local CA on the server:",[678,1453,1454],{},[681,1455,1457],{"className":822,"code":1456,"language":824,"meta":687,"style":687},"mkcert -install\n",[689,1458,1459],{"__ignoreMap":687},[828,1460,1461,1463],{"class":830,"line":831},[828,1462,1371],{"class":834},[828,1464,1465],{"class":1299}," -install\n",[645,1467,1468,1474,1482],{"icon":143,"icon-class":647,"style":648},[650,1469,1471],{"id":1470},"client-trust-requirement",[654,1472,1473],{},"Client trust requirement",[658,1475,1477,1478,1481],{"id":1476},"running-mkcert-install-on-the-server-trusts-the-mkcert-root-ca-on-that-server-for-browsers-on-user-machines-to-trust-the-certificate-the-mkcert-root-ca-must-also-be-trusted-on-those-user-machines-or-your-organization-should-use-its-own-internal-ca-certificate","Running ",[689,1479,1480],{},"mkcert -install"," on the server trusts the mkcert root CA on that server. For browsers on user machines to trust the certificate, the mkcert root CA must also be trusted on those user machines, or your organization should use its own internal CA certificate.",[658,1483,1485],{"id":1484},"if-the-ca-is-not-trusted-on-the-users-machine-the-browser-may-show-a-certificate-warning-even-though-nginx-is-correctly-configured","If the CA is not trusted on the user’s machine, the browser may show a certificate warning even though Nginx is correctly configured.",[811,1487,1489],{"id":1488},"step-6-generate-a-local-https-certificate","Step 6: Generate a Local HTTPS Certificate",[641,1491,1492],{},"Create a directory to store certificates:",[678,1494,1495],{},[681,1496,1498],{"className":822,"code":1497,"language":824,"meta":687,"style":687},"sudo mkdir -p \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\n",[689,1499,1500],{"__ignoreMap":687},[828,1501,1502,1504,1507,1510],{"class":830,"line":831},[828,1503,798],{"class":834},[828,1505,1506],{"class":837}," mkdir",[828,1508,1509],{"class":1299}," -p",[828,1511,1512],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\n",[641,1514,1515],{},"Generate a certificate for your supported domain:",[678,1517,1518],{},[681,1519,1521],{"className":822,"code":1520,"language":824,"meta":687,"style":687},"sudo mkcert \\\n  -key-file \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem \\\n  -cert-file \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai.pem \\\n  company.webscan.ai\n",[689,1522,1523,1533,1543,1553],{"__ignoreMap":687},[828,1524,1525,1527,1530],{"class":830,"line":831},[828,1526,798],{"class":834},[828,1528,1529],{"class":837}," mkcert",[828,1531,1532],{"class":1299}," \\\n",[828,1534,1535,1538,1541],{"class":830,"line":844},[828,1536,1537],{"class":1299},"  -key-file",[828,1539,1540],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem",[828,1542,1532],{"class":1299},[828,1544,1545,1548,1551],{"class":830,"line":1168},[828,1546,1547],{"class":1299},"  -cert-file",[828,1549,1550],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai.pem",[828,1552,1532],{"class":1299},[828,1554,1555],{"class":830,"line":1174},[828,1556,1557],{"class":837},"  company.webscan.ai\n",[641,1559,1560],{},"This creates a certificate and private key for:",[678,1562,1563],{},[681,1564,1566],{"className":1565,"code":1019,"language":686,"meta":687},[684],[689,1567,1019],{"__ignoreMap":687},[641,1569,1570],{},"Restrict access to the private key:",[678,1572,1573],{},[681,1574,1576],{"className":822,"code":1575,"language":824,"meta":687,"style":687},"sudo chmod 600 \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem\n",[689,1577,1578],{"__ignoreMap":687},[828,1579,1580,1582,1585,1588],{"class":830,"line":831},[828,1581,798],{"class":834},[828,1583,1584],{"class":837}," chmod",[828,1586,1587],{"class":1299}," 600",[828,1589,1590],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem\n",[645,1592,1593,1597,1600],{"icon":143,"icon-class":647,"style":648},[658,1594,1596],{"id":1595},"if-you-need-the-certificate-to-support-more-than-one-internal-hostname-include-all-required-names-in-the-same-mkcert-command","If you need the certificate to support more than one internal hostname, include all required names in the same mkcert command.",[658,1598,1002],{"id":1599},"example",[678,1601,1602],{},[681,1603,1605],{"className":822,"code":1604,"language":824,"meta":687,"style":687},"sudo mkcert \\\n  -key-file \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fzerothreat-key.pem \\\n  -cert-file \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fzerothreat.pem \\\n  company.webscan.ai company.websec.ai\n",[689,1606,1607,1615,1624,1633],{"__ignoreMap":687},[828,1608,1609,1611,1613],{"class":830,"line":831},[828,1610,798],{"class":834},[828,1612,1529],{"class":837},[828,1614,1532],{"class":1299},[828,1616,1617,1619,1622],{"class":830,"line":844},[828,1618,1537],{"class":1299},[828,1620,1621],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fzerothreat-key.pem",[828,1623,1532],{"class":1299},[828,1625,1626,1628,1631],{"class":830,"line":1168},[828,1627,1547],{"class":1299},[828,1629,1630],{"class":837}," \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fzerothreat.pem",[828,1632,1532],{"class":1299},[828,1634,1635,1638],{"class":830,"line":1174},[828,1636,1637],{"class":837},"  company.webscan.ai",[828,1639,1640],{"class":837}," company.websec.ai\n",[811,1642,1644],{"id":1643},"step-7-configure-nginx-for-https","Step 7: Configure Nginx for HTTPS",[641,1646,1647],{},"Update the Nginx site configuration:",[678,1649,1650],{},[681,1651,1652],{"className":822,"code":1080,"language":824,"meta":687,"style":687},[689,1653,1654],{"__ignoreMap":687},[828,1655,1656,1658,1660],{"class":830,"line":831},[828,1657,798],{"class":834},[828,1659,1089],{"class":837},[828,1661,1092],{"class":837},[641,1663,1664],{},"Replace the existing configuration with the following.",[641,1666,1667,1668,984,1670,1672],{},"Update ",[689,1669,786],{},[689,1671,1106],{}," as needed.",[678,1674,1675],{},[681,1676,1678],{"className":1151,"code":1677,"language":1153,"meta":687,"style":687},"server {\n    listen 80;\n    server_name company.webscan.ai;\n\n    return 301 https:\u002F\u002F$host$request_uri;\n}\n\nserver {\n    listen 443 ssl;\n    server_name company.webscan.ai;\n\n    ssl_certificate \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai.pem;\n    ssl_certificate_key \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem;\n\n    location \u002F {\n        proxy_pass http:\u002F\u002F127.0.0.1:3203;\n\n        proxy_http_version 1.1;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto https;\n\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}\n",[689,1679,1680,1684,1688,1692,1696,1701,1705,1709,1713,1718,1722,1726,1731,1736,1740,1744,1748,1752,1756,1760,1764,1769,1775,1780,1785,1790,1795],{"__ignoreMap":687},[828,1681,1682],{"class":830,"line":831},[828,1683,1160],{},[828,1685,1686],{"class":830,"line":844},[828,1687,1165],{},[828,1689,1690],{"class":830,"line":1168},[828,1691,1177],{},[828,1693,1694],{"class":830,"line":1174},[828,1695,1171],{"emptyLinePlaceholder":12},[828,1697,1698],{"class":830,"line":1180},[828,1699,1700],{},"    return 301 https:\u002F\u002F$host$request_uri;\n",[828,1702,1703],{"class":830,"line":1185},[828,1704,1269],{},[828,1706,1707],{"class":830,"line":1191},[828,1708,1171],{"emptyLinePlaceholder":12},[828,1710,1711],{"class":830,"line":1196},[828,1712,1160],{},[828,1714,1715],{"class":830,"line":1202},[828,1716,1717],{},"    listen 443 ssl;\n",[828,1719,1720],{"class":830,"line":1208},[828,1721,1177],{},[828,1723,1724],{"class":830,"line":1213},[828,1725,1171],{"emptyLinePlaceholder":12},[828,1727,1728],{"class":830,"line":1219},[828,1729,1730],{},"    ssl_certificate \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai.pem;\n",[828,1732,1733],{"class":830,"line":1225},[828,1734,1735],{},"    ssl_certificate_key \u002Fetc\u002Fnginx\u002Fssl\u002Fzerothreat\u002Fcompany.webscan.ai-key.pem;\n",[828,1737,1738],{"class":830,"line":1231},[828,1739,1171],{"emptyLinePlaceholder":12},[828,1741,1742],{"class":830,"line":1237},[828,1743,1199],{},[828,1745,1746],{"class":830,"line":1243},[828,1747,1205],{},[828,1749,1750],{"class":830,"line":1248},[828,1751,1171],{"emptyLinePlaceholder":12},[828,1753,1754],{"class":830,"line":1254},[828,1755,1216],{},[828,1757,1758],{"class":830,"line":1260},[828,1759,1222],{},[828,1761,1762],{"class":830,"line":1266},[828,1763,1228],{},[828,1765,1767],{"class":830,"line":1766},21,[828,1768,1234],{},[828,1770,1772],{"class":830,"line":1771},22,[828,1773,1774],{},"        proxy_set_header X-Forwarded-Proto https;\n",[828,1776,1778],{"class":830,"line":1777},23,[828,1779,1171],{"emptyLinePlaceholder":12},[828,1781,1783],{"class":830,"line":1782},24,[828,1784,1251],{},[828,1786,1788],{"class":830,"line":1787},25,[828,1789,1257],{},[828,1791,1793],{"class":830,"line":1792},26,[828,1794,1263],{},[828,1796,1798],{"class":830,"line":1797},27,[828,1799,1269],{},[641,1801,1802],{},"Nginx HTTPS configuration requires SSL to be enabled on the listening socket and requires the server certificate and private key paths to be specified in the server block.",[641,1804,1309],{},[678,1806,1807],{},[681,1808,1809],{"className":822,"code":1314,"language":824,"meta":687,"style":687},[689,1810,1811],{"__ignoreMap":687},[828,1812,1813,1815,1817],{"class":830,"line":831},[828,1814,798],{"class":834},[828,1816,1323],{"class":837},[828,1818,1326],{"class":1299},[641,1820,1329],{},[678,1822,1823],{},[681,1824,1825],{"className":822,"code":1334,"language":824,"meta":687,"style":687},[689,1826,1827],{"__ignoreMap":687},[828,1828,1829,1831,1833,1835],{"class":830,"line":831},[828,1830,798],{"class":834},[828,1832,871],{"class":837},[828,1834,1345],{"class":837},[828,1836,854],{"class":837},[641,1838,1839],{},"Allow HTTPS through UFW:",[678,1841,1842],{},[681,1843,1845],{"className":822,"code":1844,"language":824,"meta":687,"style":687},"sudo ufw allow 'Nginx Full'\nsudo ufw status\n",[689,1846,1847,1858],{"__ignoreMap":687},[828,1848,1849,1851,1853,1855],{"class":830,"line":831},[828,1850,798],{"class":834},[828,1852,903],{"class":837},[828,1854,906],{"class":837},[828,1856,1857],{"class":837}," 'Nginx Full'\n",[828,1859,1860,1862,1864],{"class":830,"line":844},[828,1861,798],{"class":834},[828,1863,903],{"class":837},[828,1865,968],{"class":837},[641,1867,1868],{},"Now open the domain from inside your network:",[678,1870,1871],{},[681,1872,1875],{"className":1873,"code":1874,"language":686,"meta":687},[684],"https:\u002F\u002Fcompany.webscan.ai\n",[689,1876,1874],{"__ignoreMap":687},[641,1878,1879],{},"Your ZeroThreat On-Prem instance should now be accessible over HTTPS.",[811,1881,1883],{"id":1882},"step-8-trust-the-mkcert-root-ca-on-user-machines","Step 8: Trust the mkcert Root CA on User Machines",[641,1885,1886],{},"For the certificate to appear trusted in user browsers, the CA that issued the certificate must be trusted by those machines.",[641,1888,1889],{},"On the server where you generated the certificate, find the mkcert CA location:",[678,1891,1892],{},[681,1893,1895],{"className":822,"code":1894,"language":824,"meta":687,"style":687},"mkcert -CAROOT\n",[689,1896,1897],{"__ignoreMap":687},[828,1898,1899,1901],{"class":830,"line":831},[828,1900,1371],{"class":834},[828,1902,1903],{"class":1299}," -CAROOT\n",[641,1905,1906],{},"This directory contains the local root CA files. The file commonly used for trust distribution is:",[678,1908,1909],{},[681,1910,1913],{"className":1911,"code":1912,"language":686,"meta":687},[684],"rootCA.pem\n",[689,1914,1912],{"__ignoreMap":687},[641,1916,1917],{},"Your IT team can distribute and trust this CA certificate on the machines that need to access the On-Prem instance.",[645,1919,1920,1926,1930],{"icon":974,"icon-class":975,"style":976},[650,1921,1923],{"id":1922},"protect-the-root-ca-private-key",[654,1924,1925],{},"Protect the root CA private key",[658,1927,1929],{"id":1928},"do-not-distribute-the-root-ca-private-key-only-distribute-the-ca-certificate-required-for-trust","Do not distribute the root CA private key. Only distribute the CA certificate required for trust.",[658,1931,1933],{"id":1932},"if-your-organization-already-has-an-internal-certificate-authority-using-that-internal-ca-is-usually-preferred-for-managed-environments","If your organization already has an internal certificate authority, using that internal CA is usually preferred for managed environments.",[641,1935,1936],{},"After the CA is trusted on a user machine, restart the browser and open:",[678,1938,1939],{},[681,1940,1942],{"className":1941,"code":1874,"language":686,"meta":687},[684],[689,1943,1874],{"__ignoreMap":687},[641,1945,1946],{},"The certificate should now be trusted.",[811,1948,1950],{"id":1949},"common-checks","Common Checks",[641,1952,1953],{},"If the domain does not open correctly, check DNS first:",[678,1955,1956],{},[681,1957,1958],{"className":822,"code":1032,"language":824,"meta":687,"style":687},[689,1959,1960],{"__ignoreMap":687},[828,1961,1962,1964],{"class":830,"line":831},[828,1963,1039],{"class":834},[828,1965,1042],{"class":837},[641,1967,1045],{},[678,1969,1970],{},[681,1971,1972],{"className":822,"code":1050,"language":824,"meta":687,"style":687},[689,1973,1974],{"__ignoreMap":687},[828,1975,1976,1978],{"class":830,"line":831},[828,1977,1057],{"class":834},[828,1979,1042],{"class":837},[641,1981,1982],{},"Check that Nginx configuration is valid:",[678,1984,1985],{},[681,1986,1987],{"className":822,"code":1314,"language":824,"meta":687,"style":687},[689,1988,1989],{"__ignoreMap":687},[828,1990,1991,1993,1995],{"class":830,"line":831},[828,1992,798],{"class":834},[828,1994,1323],{"class":837},[828,1996,1326],{"class":1299},[641,1998,1999],{},"Check that Nginx is running:",[678,2001,2002],{},[681,2003,2004],{"className":822,"code":862,"language":824,"meta":687,"style":687},[689,2005,2006],{"__ignoreMap":687},[828,2007,2008,2010,2012,2014],{"class":830,"line":831},[828,2009,798],{"class":834},[828,2011,871],{"class":837},[828,2013,874],{"class":837},[828,2015,854],{"class":837},[641,2017,2018],{},"Check that firewall rules allow Nginx traffic:",[678,2020,2021],{},[681,2022,2023],{"className":822,"code":957,"language":824,"meta":687,"style":687},[689,2024,2025],{"__ignoreMap":687},[828,2026,2027,2029,2031],{"class":830,"line":831},[828,2028,798],{"class":834},[828,2030,903],{"class":837},[828,2032,968],{"class":837},[641,2034,2035],{},"Confirm HTTPS is listening locally:",[678,2037,2038],{},[681,2039,2041],{"className":822,"code":2040,"language":824,"meta":687,"style":687},"curl -k https:\u002F\u002Fcompany.webscan.ai\n",[689,2042,2043],{"__ignoreMap":687},[828,2044,2045,2048,2051],{"class":830,"line":831},[828,2046,2047],{"class":834},"curl",[828,2049,2050],{"class":1299}," -k",[828,2052,2053],{"class":837}," https:\u002F\u002Fcompany.webscan.ai\n",[641,2055,2056],{},"If the local ZeroThreat URL does not respond from the server, fix the local ZeroThreat service or port configuration before debugging DNS or Nginx.",[641,2058,2059],{},"If the HTTPS page opens with a certificate warning, confirm that the issuing CA is trusted on the client machine.",[667,2061,2063],{"id":2062},"whats-next","What’s Next?",[641,2065,2066],{},"After DNS binding and HTTPS setup are complete, users can access ZeroThreat On-Prem through the configured supported domain from the intended internal network.",[2068,2069,2070],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":687,"searchDepth":844,"depth":844,"links":2072},[2073,2074,2075,2086],{"id":669,"depth":844,"text":670},{"id":723,"depth":844,"text":724},{"id":769,"depth":844,"text":770,"children":2076},[2077,2078,2079,2080,2081,2082,2083,2084,2085],{"id":813,"depth":1168,"text":814},{"id":885,"depth":1168,"text":886},{"id":991,"depth":1168,"text":992},{"id":1071,"depth":1168,"text":1072},{"id":1364,"depth":1168,"text":1365},{"id":1488,"depth":1168,"text":1489},{"id":1643,"depth":1168,"text":1644},{"id":1882,"depth":1168,"text":1883},{"id":1949,"depth":1168,"text":1950},{"id":2062,"depth":844,"text":2063},"After ZeroThreat On-Prem is installed, the installer displays a local access URL for your instance. This is useful for initial access, but for regular usage, you should bind the instance to a supported domain and serve it over HTTPS. The guide already assumes that successful onprem installation [**setup**](\u002Fdocs\u002Fon-prem\u002Finstallation 'mention').","md",{"imageSrc":565},{"title":561,"description":2087},"MVmWNrgtaie4Dy461T67n3_-nHfsLGF_JRpKT2d99Oo",[2093,2094],{"title":553,"path":554,"stem":555,"children":-1},{"title":567,"path":568,"stem":569,"children":-1},{"data":2096,"body":2097},{},{"type":2098,"children":2099},"root",[2100],{"type":2101,"tag":641,"props":2102,"children":2103},"element",{},[2104,2106,2116],{"type":686,"value":2105},"After ZeroThreat On-Prem is installed, the installer displays a local access URL for your instance. This is useful for initial access, but for regular usage, you should bind the instance to a supported domain and serve it over HTTPS. The guide already assumes that successful onprem installation ",{"type":2101,"tag":2107,"props":2108,"children":2110},"a",{"href":554,"title":2109},"mention",[2111],{"type":2101,"tag":654,"props":2112,"children":2113},{},[2114],{"type":686,"value":2115},"setup",{"type":686,"value":1407},1779455393290]