diff --git a/404.html b/404.html
index 8005cfee..b2a06dd5 100644
--- a/404.html
+++ b/404.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/assets/files/ctrl-6c22ae02cafe307b82e5a1f783497950.yml b/assets/files/ctrl-06b900e22aab525ebec542dea6769d51.yml
similarity index 89%
rename from assets/files/ctrl-6c22ae02cafe307b82e5a1f783497950.yml
rename to assets/files/ctrl-06b900e22aab525ebec542dea6769d51.yml
index e2c06c5d..0c680b8d 100644
--- a/assets/files/ctrl-6c22ae02cafe307b82e5a1f783497950.yml
+++ b/assets/files/ctrl-06b900e22aab525ebec542dea6769d51.yml
@@ -9,7 +9,7 @@
 # configuration, the software will expect this field to be incremented. This protects you against invalid configuration
 # versions and will refer to you to the documentation when the configuration structure changes.
 #
-v: 3
+v: 4
 
 admin:
   # The `secrets` array contains a list of strings that represent valid `ZROK_ADMIN_TOKEN` values to be used for
@@ -74,44 +74,25 @@ invites:
   #
   token_contact:                  invite@zrok.io
 
-# Service instance limits configuration.
+# Service instance limits global configuration.
 #
 # See `docs/guides/metrics-and-limits/configuring-limits.md` for details.
 #
 limits:
   environments:     -1
   shares:           -1
+  reserved_shares:  -1
+  unique_names:     -1
   bandwidth:
-    per_account:
-      period:       5m
-      warning:
-        rx:         -1
-        tx:         -1
-        total:      7242880
-      limit:
-        rx:         -1
-        tx:         -1
-        total:      10485760
-    per_environment:
-      period:       5m
-      warning:
-        rx:         -1
-        tx:         -1
-        total:      -1
-      limit:
-        rx:         -1
-        tx:         -1
-        total:      -1
-    per_share:
-      period:       5m
-      warning:
-        rx:         -1
-        tx:         -1
-        total:      -1
-      limit:
-        rx:         -1
-        tx:         -1
-        total:      -1
+    period:         5m
+    warning:
+      rx:           -1
+      tx:           -1
+      total:        7242880
+    limit:
+      rx:           -1
+      tx:           -1
+      total:        10485760
   enforcing:        false
   cycle:            5m
 
diff --git a/assets/js/600b2345.9d8edfd8.js b/assets/js/600b2345.9d8edfd8.js
deleted file mode 100644
index 13c29489..00000000
--- a/assets/js/600b2345.9d8edfd8.js
+++ /dev/null
@@ -1 +0,0 @@
-"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[4900],{169:(e,i,n)=>{n.r(i),n.d(i,{assets:()=>a,contentTitle:()=>o,default:()=>d,frontMatter:()=>r,metadata:()=>l,toc:()=>c});var t=n(5893),s=n(1151);const r={sidebar_position:40},o="Configuring Limits",l={id:"guides/self-hosting/metrics-and-limits/configuring-limits",title:"Configuring Limits",description:"If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration.",source:"@site/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md",sourceDirName:"guides/self-hosting/metrics-and-limits",slug:"/guides/self-hosting/metrics-and-limits/configuring-limits",permalink:"/docs/guides/self-hosting/metrics-and-limits/configuring-limits",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md",tags:[],version:"current",sidebarPosition:40,frontMatter:{sidebar_position:40},sidebar:"tutorialSidebar",previous:{title:"Configuring Metrics",permalink:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics"},next:{title:"OAuth",permalink:"/docs/category/oauth"}},a={},c=[{value:"The Global Controls",id:"the-global-controls",level:2},{value:"Resource Limits",id:"resource-limits",level:2},{value:"Bandwidth Limits",id:"bandwidth-limits",level:2},{value:"Limit Actions",id:"limit-actions",level:3},{value:"Unlimited Accounts",id:"unlimited-accounts",level:2}];function h(e){const i={a:"a",blockquote:"blockquote",code:"code",em:"em",h1:"h1",h2:"h2",h3:"h3",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(i.h1,{id:"configuring-limits",children:"Configuring Limits"}),"\n",(0,t.jsxs)(i.blockquote,{children:["\n",(0,t.jsxs)(i.p,{children:["If you have not yet configured ",(0,t.jsx)(i.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"metrics"}),", please visit the ",(0,t.jsx)(i.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"metrics guide"})," first before working through the limits configuration."]}),"\n"]}),"\n",(0,t.jsxs)(i.p,{children:["The limits facility in ",(0,t.jsx)(i.code,{children:"zrok"})," is responsible for controlling the number of resources in use (environments, shares) and also for ensuring that any single account, environment, or share is held below the configured thresholds."]}),"\n",(0,t.jsxs)(i.p,{children:["Take this ",(0,t.jsx)(i.code,{children:"zrok"})," controller configuration stanza as an example:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-yaml",children:"limits:\n  enforcing:        true\n  cycle:            1m\n  environments:     -1\n  shares:           -1\n  bandwidth:\n    per_account:\n      period:       5m\n      warning:\n        rx:         -1\n        tx:         -1\n        total:      7242880\n      limit:\n        rx:         -1\n        tx:         -1\n        total:      10485760\n    per_environment:\n      period:       5m\n      warning:\n        rx:         -1\n        tx:         -1\n        total:      -1\n      limit:\n        rx:         -1\n        tx:         -1\n        total:      -1\n    per_share:\n      period:       5m\n      warning:\n        rx:         -1\n        tx:         -1\n        total:      -1\n      limit:\n        rx:         -1\n        tx:         -1\n        total:      -1\n"})}),"\n",(0,t.jsx)(i.h2,{id:"the-global-controls",children:"The Global Controls"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"enforcing"})," boolean will globally enable or disable limits for the controller."]}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"cycle"})," value controls how frequently the limits system will look for limited resources to re-enable."]}),"\n",(0,t.jsx)(i.h2,{id:"resource-limits",children:"Resource Limits"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"environments"})," and ",(0,t.jsx)(i.code,{children:"shares"})," values control the number of environments and shares that are allowed per-account. Any limit value can be set to ",(0,t.jsx)(i.code,{children:"-1"}),", which means ",(0,t.jsx)(i.em,{children:"unlimited"}),"."]}),"\n",(0,t.jsx)(i.h2,{id:"bandwidth-limits",children:"Bandwidth Limits"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"bandwidth"})," section is designed to provide a configurable system for controlling the amount of data transfer that can be performed by users of the ",(0,t.jsx)(i.code,{children:"zrok"})," service instance. The bandwidth limits are configurable for each share, environment, and account."]}),"\n",(0,t.jsxs)(i.p,{children:[(0,t.jsx)(i.code,{children:"per_account"}),", ",(0,t.jsx)(i.code,{children:"per_environment"}),", and ",(0,t.jsx)(i.code,{children:"per_share"})," are all configured the same way:"]}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"period"})," specifies the time window for the bandwidth limit. See the documentation for ",(0,t.jsx)(i.a,{href:"https://pkg.go.dev/time#ParseDuration",children:(0,t.jsx)(i.code,{children:"time.Duration.ParseDuration"})})," for details about the format used for these durations. If the ",(0,t.jsx)(i.code,{children:"period"})," is set to 5 minutes, then the limits implementation will monitor the send and receive traffic for the resource (share, environment, or account) for the last 5 minutes, and if the amount of data is greater than either the ",(0,t.jsx)(i.code,{children:"warning"})," or the ",(0,t.jsx)(i.code,{children:"limit"})," threshold, action will be taken."]}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"rx"})," value is the number of bytes ",(0,t.jsx)(i.em,{children:"received"})," by the resource. The ",(0,t.jsx)(i.code,{children:"tx"})," value is the number of bytes ",(0,t.jsx)(i.em,{children:"transmitted"})," by the resource. And ",(0,t.jsx)(i.code,{children:"total"})," is the combined ",(0,t.jsx)(i.code,{children:"rx"}),"+",(0,t.jsx)(i.code,{children:"tx"})," value."]}),"\n",(0,t.jsxs)(i.p,{children:["If the traffic quantity is greater than the ",(0,t.jsx)(i.code,{children:"warning"})," threshold, the user will receive an email notification letting them know that their data transfer size is rising and will eventually be limited (the email details the limit threshold)."]}),"\n",(0,t.jsxs)(i.p,{children:["If the traffic quantity is greater than the ",(0,t.jsx)(i.code,{children:"limit"})," threshold, the resources will be limited until the traffic in the window (the last 5 minutes in our example) falls back below the ",(0,t.jsx)(i.code,{children:"limit"})," threshold."]}),"\n",(0,t.jsx)(i.h3,{id:"limit-actions",children:"Limit Actions"}),"\n",(0,t.jsx)(i.p,{children:"When a resource is limited, the actions taken differ depending on what kind of resource is being limited."}),"\n",(0,t.jsxs)(i.p,{children:["When a share is limited, the dial service policies for that share are removed. No other action is taken. This means that public frontends will simply return a ",(0,t.jsx)(i.code,{children:"404"})," as if the share is no longer there. Private frontends will also return ",(0,t.jsx)(i.code,{children:"404"})," errors. When the limit is relaxed, the dial policies are put back in place and the share will continue operating normally."]}),"\n",(0,t.jsx)(i.p,{children:"When an environment is limited, all of the shares in that environment become limited, and the user is not able to create new shares in that environment. When the limit is relaxed, all of the share limits are relaxed and the user is again able to add shares to the environment."}),"\n",(0,t.jsx)(i.p,{children:"When an account is limited, all of the environments in that account become limited (limiting all of the shares), and the user is not able to create new environments or shares. When the limit is relaxed, all of the environments and shares will return to normal operation."}),"\n",(0,t.jsx)(i.h2,{id:"unlimited-accounts",children:"Unlimited Accounts"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"accounts"})," table in the database includes a ",(0,t.jsx)(i.code,{children:"limitless"})," column. When this column is set to ",(0,t.jsx)(i.code,{children:"true"})," the account is not subject to any of the limits in the system."]})]})}function d(e={}){const{wrapper:i}={...(0,s.a)(),...e.components};return i?(0,t.jsx)(i,{...e,children:(0,t.jsx)(h,{...e})}):h(e)}},1151:(e,i,n)=>{n.d(i,{Z:()=>l,a:()=>o});var t=n(7294);const s={},r=t.createContext(s);function o(e){const i=t.useContext(r);return t.useMemo((function(){return"function"==typeof e?e(i):{...i,...e}}),[i,e])}function l(e){let i;return i=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:o(e.components),t.createElement(r.Provider,{value:i},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/600b2345.b5dbe8be.js b/assets/js/600b2345.b5dbe8be.js
new file mode 100644
index 00000000..6f4ab809
--- /dev/null
+++ b/assets/js/600b2345.b5dbe8be.js
@@ -0,0 +1 @@
+"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[4900],{169:(e,i,n)=>{n.r(i),n.d(i,{assets:()=>o,contentTitle:()=>l,default:()=>h,frontMatter:()=>a,metadata:()=>r,toc:()=>c});var t=n(5893),s=n(1151);const a={sidebar_position:40},l="Configuring Limits",r={id:"guides/self-hosting/metrics-and-limits/configuring-limits",title:"Configuring Limits",description:"This guide is current as of zrok version v0.4.31.",source:"@site/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md",sourceDirName:"guides/self-hosting/metrics-and-limits",slug:"/guides/self-hosting/metrics-and-limits/configuring-limits",permalink:"/docs/guides/self-hosting/metrics-and-limits/configuring-limits",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md",tags:[],version:"current",sidebarPosition:40,frontMatter:{sidebar_position:40},sidebar:"tutorialSidebar",previous:{title:"Configuring Metrics",permalink:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics"},next:{title:"OAuth",permalink:"/docs/category/oauth"}},o={},c=[{value:"Understanding the zrok Limits Agent",id:"understanding-the-zrok-limits-agent",level:2},{value:"Types of Limits",id:"types-of-limits",level:3},{value:"The Global Configuration",id:"the-global-configuration",level:2},{value:"Global Resouce Count Limits",id:"global-resouce-count-limits",level:3},{value:"Global Bandwidth Limits",id:"global-bandwidth-limits",level:3},{value:"Limit Classes",id:"limit-classes",level:2},{value:"Unscoped Resource Count Classes",id:"unscoped-resource-count-classes",level:3},{value:"Unscoped Bandwidth Classes",id:"unscoped-bandwidth-classes",level:3},{value:"Scoped Classes",id:"scoped-classes",level:3},{value:"Limit Actions",id:"limit-actions",level:2},{value:"Unlimited Accounts",id:"unlimited-accounts",level:2},{value:"Experimental Limits Locking",id:"experimental-limits-locking",level:2},{value:"Caveats",id:"caveats",level:2},{value:"Aggregate Bandwidth",id:"aggregate-bandwidth",level:3},{value:"Administration Through SQL",id:"administration-through-sql",level:3},{value:"Performance",id:"performance",level:3}];function d(e){const i={a:"a",admonition:"admonition",code:"code",em:"em",h1:"h1",h2:"h2",h3:"h3",p:"p",pre:"pre",...(0,s.a)(),...e.components};return(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(i.h1,{id:"configuring-limits",children:"Configuring Limits"}),"\n",(0,t.jsx)(i.admonition,{type:"note",children:(0,t.jsxs)(i.p,{children:["This guide is current as of zrok version ",(0,t.jsx)(i.code,{children:"v0.4.31"}),"."]})}),"\n",(0,t.jsx)(i.admonition,{type:"warning",children:(0,t.jsxs)(i.p,{children:["If you have not yet configured ",(0,t.jsx)(i.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"metrics"}),", please visit the ",(0,t.jsx)(i.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"metrics guide"})," first before working through the limits configuration."]})}),"\n",(0,t.jsx)(i.h2,{id:"understanding-the-zrok-limits-agent",children:"Understanding the zrok Limits Agent"}),"\n",(0,t.jsx)(i.p,{children:"The limits agent is a component of the zrok controller. It can be enabled and configured through the zrok controller configuration."}),"\n",(0,t.jsx)(i.p,{children:"The limits agent is responsible for controlling the number of resources in use (environments, shares, etc.) and also for ensuring that accounts are held below the configured data transfer bandwidth thresholds. The limits agent exists to manage resource consumption for larger, multi-user zrok installations."}),"\n",(0,t.jsx)(i.h3,{id:"types-of-limits",children:"Types of Limits"}),"\n",(0,t.jsxs)(i.p,{children:["Limits can be specified that control the number of environments, shares, reserved shares, and unique names that can be created by an account. Limits that control the allowed number of resources are called ",(0,t.jsx)(i.em,{children:"resource count limits"}),"."]}),"\n",(0,t.jsxs)(i.p,{children:["Limits can be specified to control the amount of data that can be transferred within a time period. Limits that control the amount of data that can be transferred are called ",(0,t.jsx)(i.em,{children:"bandwidth limits"}),"."]}),"\n",(0,t.jsxs)(i.p,{children:["zrok limits can be specified ",(0,t.jsx)(i.em,{children:"globally"}),", applying to all users in a service instance. Limit ",(0,t.jsx)(i.em,{children:"classes"})," can be created to provide additional levels of resource allocation. Limit classes can then be ",(0,t.jsx)(i.em,{children:"applied"})," to multiple accounts, to alter their limit allocation beyond what's configured in the global configuration."]}),"\n",(0,t.jsx)(i.h2,{id:"the-global-configuration",children:"The Global Configuration"}),"\n",(0,t.jsxs)(i.p,{children:["The reference configuration for the zrok controller (found at ",(0,t.jsx)(i.a,{href:"https://github.com/openziti/zrok/blob/main/etc/ctrl.yml",children:(0,t.jsx)(i.code,{children:"etc/ctrl.yaml"})})," in the ",(0,t.jsx)(i.a,{href:"https://github.com/openziti/zrok",children:"repository"}),") contains the global limits configuration, which looks like this:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-yaml",children:"# Service instance limits global configuration.\n#\n# See `docs/guides/metrics-and-limits/configuring-limits.md` for details.\n#\nlimits:\n  environments:     -1\n  shares:           -1\n  reserved_shares:  -1\n  unique_names:     -1\n  bandwidth:\n    period:         5m\n    warning:\n      rx:           -1\n      tx:           -1\n      total:        7242880\n    limit:\n      rx:           -1\n      tx:           -1\n      total:        10485760\n  enforcing:        false\n  cycle:            5m\n"})}),"\n",(0,t.jsx)(i.admonition,{type:"note",children:(0,t.jsxs)(i.p,{children:["A value of ",(0,t.jsx)(i.code,{children:"-1"})," appearing in the limits configuration mean the value is ",(0,t.jsx)(i.em,{children:"unlimited"}),"."]})}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"enforcing"})," boolean specifies whether or not limits are enabled in the service instance. By default, limits is disabled. No matter what else is configured in this stanza, if ",(0,t.jsx)(i.code,{children:"enforcing"})," is set to ",(0,t.jsx)(i.code,{children:"false"}),", there will be no limits placed on any account in the service instance."]}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"cycle"}),' value controls how frequently the limits agent will evaluate enforced limits. When a user exceeds a limit and has their shares disabled, the limits agent will evaluate their bandwidth usage on this interval looking to "relax" the limit once their usage falls below the threshold.']}),"\n",(0,t.jsx)(i.h3,{id:"global-resouce-count-limits",children:"Global Resouce Count Limits"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"environments"}),", ",(0,t.jsx)(i.code,{children:"shares"}),", ",(0,t.jsx)(i.code,{children:"reserved_shares"}),", and ",(0,t.jsx)(i.code,{children:"unique_names"})," specify the resource count limits, globally for the service instance."]}),"\n",(0,t.jsx)(i.p,{children:"These resource counts will be applied to all users in the service instance by default."}),"\n",(0,t.jsx)(i.h3,{id:"global-bandwidth-limits",children:"Global Bandwidth Limits"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"bandwidth"})," section defines the global bandwidth limits for all users in the service instance."]}),"\n",(0,t.jsxs)(i.p,{children:["There are two levels of bandwidth limits that can be specified in the global configuration. The first limit defines a ",(0,t.jsx)(i.em,{children:"warning"})," threshold where the user will receive an email that they are using increased data transfer amounts and will ultimately be subject to a limit. If you do not want this warning email to be sent, then configure all of the values to ",(0,t.jsx)(i.code,{children:"-1"})," (unlimited)."]}),"\n",(0,t.jsxs)(i.p,{children:["The second limit defines the the actual ",(0,t.jsx)(i.em,{children:"limit"})," threshold, where the limits agent will disabled traffic for the account's shares."]}),"\n",(0,t.jsxs)(i.p,{children:["Bandwidth limits can be specified in terms of ",(0,t.jsx)(i.code,{children:"tx"})," (or ",(0,t.jsx)(i.em,{children:"transmitted"})," data), ",(0,t.jsx)(i.code,{children:"rx"})," (or ",(0,t.jsx)(i.em,{children:"received"})," data), and the ",(0,t.jsx)(i.code,{children:"total"})," bytes that are sent in either direction. If you only want to set the ",(0,t.jsx)(i.code,{children:"total"})," transferred limit, you can set ",(0,t.jsx)(i.code,{children:"rx"})," and ",(0,t.jsx)(i.code,{children:"tx"})," to ",(0,t.jsx)(i.code,{children:"-1"})," (for ",(0,t.jsx)(i.em,{children:"unlimited"}),"). You can configure any combination of these these values at either the limit or warning levels."]}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"period"})," specifies the time window for the bandwidth limit. See the documentation for ",(0,t.jsx)(i.a,{href:"https://pkg.go.dev/time#ParseDuration",children:(0,t.jsx)(i.code,{children:"time.Duration.ParseDuration"})})," for details about the format used for these durations. If the ",(0,t.jsx)(i.code,{children:"period"})," is set to 5 minutes, then the limits agent will monitor the transmitted and receivde traffic for the account for the last 5 minutes, and if the amount of data is greater than either the ",(0,t.jsx)(i.code,{children:"warning"})," or the ",(0,t.jsx)(i.code,{children:"limit"})," threshold, action will be taken."]}),"\n",(0,t.jsxs)(i.p,{children:["In the global configuration example above users are allowed to transfer a total of ",(0,t.jsx)(i.code,{children:"10485760"})," bytes in a ",(0,t.jsx)(i.code,{children:"5m"})," period, and they will receive a warning email after they transfer more than ",(0,t.jsx)(i.code,{children:"7242880"})," bytes in a ",(0,t.jsx)(i.code,{children:"5m"})," period."]}),"\n",(0,t.jsx)(i.h2,{id:"limit-classes",children:"Limit Classes"}),"\n",(0,t.jsxs)(i.p,{children:["The zrok limits agent includes a concept called ",(0,t.jsx)(i.em,{children:"limit classes"}),". Limit classes can be used to define resource count and bandwidth limits that can be selectively applied to individual accounts in a service instance."]}),"\n",(0,t.jsxs)(i.p,{children:["Limit classes are created by creating a record in the ",(0,t.jsx)(i.code,{children:"limit_classes"})," table in the zrok controller database. The table has this schema:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-sql",children:"CREATE TABLE public.limit_classes (\n    id integer NOT NULL,\n    backend_mode public.backend_mode,\n    environments integer DEFAULT '-1'::integer NOT NULL,\n    shares integer DEFAULT '-1'::integer NOT NULL,\n    reserved_shares integer DEFAULT '-1'::integer NOT NULL,\n    unique_names integer DEFAULT '-1'::integer NOT NULL,\n    period_minutes integer DEFAULT 1440 NOT NULL,\n    rx_bytes bigint DEFAULT '-1'::integer NOT NULL,\n    tx_bytes bigint DEFAULT '-1'::integer NOT NULL,\n    total_bytes bigint DEFAULT '-1'::integer NOT NULL,\n    limit_action public.limit_action DEFAULT 'limit'::public.limit_action NOT NULL,\n    created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,\n    updated_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,\n    deleted boolean DEFAULT false NOT NULL\n);\n\n"})}),"\n",(0,t.jsx)(i.p,{children:"This schema supports constructing the 3 different types of limits classes that the system supports."}),"\n",(0,t.jsxs)(i.p,{children:["After defining a limit class in the database, it can be applied to specific user accounts (overriding the relevant parts of the global configuration) by inserting a row into the ",(0,t.jsx)(i.code,{children:"applied_limit_classes"})," table:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-sql",children:"CREATE TABLE public.applied_limit_classes (\n    id integer NOT NULL,\n    account_id integer NOT NULL,\n    limit_class_id integer NOT NULL,\n    created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,\n    updated_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,\n    deleted boolean DEFAULT false NOT NULL\n);\n"})}),"\n",(0,t.jsxs)(i.p,{children:["Create a row in this table linking the ",(0,t.jsx)(i.code,{children:"account_id"})," to the ",(0,t.jsx)(i.code,{children:"limit_class_id"})," to apply the limit class to a specific user account."]}),"\n",(0,t.jsx)(i.h3,{id:"unscoped-resource-count-classes",children:"Unscoped Resource Count Classes"}),"\n",(0,t.jsxs)(i.p,{children:["To support overriding the resource count limits defined in the global limits configuration, a site administrator can create a limit class by inserting a row into the ",(0,t.jsx)(i.code,{children:"limit_classes"})," table structured like this:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-sql",children:"insert into limit_classes (environments, shares, reserved_shares, unique_names) values (1, 1, 1, 1);\n"})}),"\n",(0,t.jsxs)(i.p,{children:["This creates a limit class that sets the ",(0,t.jsx)(i.code,{children:"environments"}),", ",(0,t.jsx)(i.code,{children:"shares"}),", ",(0,t.jsx)(i.code,{children:"reserved_shares"}),", and ",(0,t.jsx)(i.code,{children:"unique_names"})," all to ",(0,t.jsx)(i.code,{children:"1"}),"."]}),"\n",(0,t.jsx)(i.p,{children:"When this limit class is applied to a user account those values would override the default resource count values configured globally."}),"\n",(0,t.jsxs)(i.p,{children:["Applying an unscoped resource count class ",(0,t.jsx)(i.em,{children:"does not"})," affect the bandwidth limits (either globally configured, or via a limit class)."]}),"\n",(0,t.jsx)(i.h3,{id:"unscoped-bandwidth-classes",children:"Unscoped Bandwidth Classes"}),"\n",(0,t.jsxs)(i.p,{children:["To support overriding the bandwidth limits defined in the global configuration, a site administrator can create a limit class by inserting a row into the ",(0,t.jsx)(i.code,{children:"limit_classes"})," table structured like this:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-sql",children:"insert into limit_classes (period_minutes, total_bytes, limit_action) values (2, 204800, 'limit');\n"})}),"\n",(0,t.jsxs)(i.p,{children:["This inserts a limit class that allows for a total bandwidth transfer of ",(0,t.jsx)(i.code,{children:"204800"})," bytes every ",(0,t.jsx)(i.code,{children:"2"})," minutes."]}),"\n",(0,t.jsx)(i.p,{children:"When this limit class is applied to a user account, those values would override the default bandwidth values configured globally."}),"\n",(0,t.jsxs)(i.p,{children:["Applying an unscoped bandwidth class ",(0,t.jsx)(i.em,{children:"does not"})," affect the resource count limits (either globally configured, or via a limit class)."]}),"\n",(0,t.jsx)(i.h3,{id:"scoped-classes",children:"Scoped Classes"}),"\n",(0,t.jsxs)(i.p,{children:["A scoped limit class specifies ",(0,t.jsx)(i.em,{children:"both"})," the resource counts (",(0,t.jsx)(i.code,{children:"shares"}),", ",(0,t.jsx)(i.code,{children:"reserved_shares"}),", and ",(0,t.jsx)(i.code,{children:"unique_names"}),", but ",(0,t.jsx)(i.em,{children:"NOT"})," ",(0,t.jsx)(i.code,{children:"environments"}),") for a ",(0,t.jsx)(i.em,{children:"specific"})," backend mode. Insert a row like this:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-sql",children:"insert into limit_classes (backend_mode, shares, reserved_shares, unique_names, period_minutes, total_bytes, limit_action) values ('web', 2, 1, 1, 2, 4096000, 'limit');\n"})}),"\n",(0,t.jsxs)(i.p,{children:["Scoped limits are designed to ",(0,t.jsx)(i.em,{children:"increase"})," the limits for a specific backend mode beyond what the global configuration and the unscoped classes provide. The general approach is to use the global configuration and the unscoped classes to provide the general account limits, and then the scoped classes can be used to further increase (or potentially ",(0,t.jsx)(i.em,{children:"decrease"}),")  the limits for a specific backend mode."]}),"\n",(0,t.jsx)(i.p,{children:"If a scoped limit class exists for a specific backend mode, then the limits agent will use that limit in making a decision about limiting the resource count or bandwidth. All other types of shares will fall back to the unscoped classes or the global configuration."}),"\n",(0,t.jsx)(i.h2,{id:"limit-actions",children:"Limit Actions"}),"\n",(0,t.jsx)(i.p,{children:"When an account exceeds a bandwidth limit, the limits agent will seek to limit the affected shares (based on the combination of global configuration, unscoped limit classes, and scoped limit classes). It applies the limit by removing the underlying OpenZiti dial policies for any frontends that are trying to access the share."}),"\n",(0,t.jsxs)(i.p,{children:["This means that public frontends will simply return a ",(0,t.jsx)(i.code,{children:"404"})," as if the share is no longer there. Private frontends will also return ",(0,t.jsx)(i.code,{children:"404"})," errors. When the limit is relaxed, the dial policies are put back in place and the share will continue operating normally."]}),"\n",(0,t.jsx)(i.h2,{id:"unlimited-accounts",children:"Unlimited Accounts"}),"\n",(0,t.jsxs)(i.p,{children:["The ",(0,t.jsx)(i.code,{children:"accounts"})," table in the database includes a ",(0,t.jsx)(i.code,{children:"limitless"})," column. When this column is set to ",(0,t.jsx)(i.code,{children:"true"})," the account is not subject to any of the limits in the system."]}),"\n",(0,t.jsx)(i.h2,{id:"experimental-limits-locking",children:"Experimental Limits Locking"}),"\n",(0,t.jsxs)(i.p,{children:["zrok versions prior to ",(0,t.jsx)(i.code,{children:"v0.4.31"})," had a potential race condition when enforcing resource count limits. This usually only manifested in cases where shares or environments were being allocated programmatically (and fast enough to win the limits race)."]}),"\n",(0,t.jsxs)(i.p,{children:["This occurs due to a lack of transactional database locking around the limited structures. ",(0,t.jsx)(i.code,{children:"v0.4.31"})," includes a pessimistic locking facility that can be enabled ",(0,t.jsx)(i.em,{children:"only"})," on the PostgreSQL store implemention."]}),"\n",(0,t.jsxs)(i.p,{children:["If you're running PostgreSQL for your service instance and you want to enable the new experimental locking facility that eliminates the potential resource count race condition, add the ",(0,t.jsx)(i.code,{children:"enable_locking: true"})," flag to your ",(0,t.jsx)(i.code,{children:"store"})," definition:"]}),"\n",(0,t.jsx)(i.pre,{children:(0,t.jsx)(i.code,{className:"language-yaml",children:"store:\n  enable_locking: true\n"})}),"\n",(0,t.jsx)(i.h2,{id:"caveats",children:"Caveats"}),"\n",(0,t.jsx)(i.p,{children:"There are a number of caveats that are important to understand when using the limits agent with more complicated limits scenarios:"}),"\n",(0,t.jsx)(i.h3,{id:"aggregate-bandwidth",children:"Aggregate Bandwidth"}),"\n",(0,t.jsx)(i.p,{children:"The zrok limits agent is a work in progress. The system currently does not track bandwidth individually for each backend mode type, which means all bandwidth values are aggregated between all of the share types that an account might be using. This will likely change in an upcoming release."}),"\n",(0,t.jsx)(i.h3,{id:"administration-through-sql",children:"Administration Through SQL"}),"\n",(0,t.jsx)(i.p,{children:"There are currently no administrative API endpoints (or corresponding CLI tools) to support creating and applying limit classes in the current release. The limits agent infrastructure was designed to support software integrations that directly manipulate the underlying database structures."}),"\n",(0,t.jsx)(i.p,{children:"A future release may provide API and CLI tooling to support the human administration of the limits agent."}),"\n",(0,t.jsx)(i.h3,{id:"performance",children:"Performance"}),"\n",(0,t.jsxs)(i.p,{children:["Be sure to minimize the number of different periods used for specifying bandwidth limits. Specifying limits in multiple different periods can cause a multiplicity of queries to be executed against the metrics store (InfluxDB). Standardizing on a period like ",(0,t.jsx)(i.code,{children:"24h"})," or ",(0,t.jsx)(i.code,{children:"6h"})," and using that consistently is the best way to to manage the performance of the metrics store."]})]})}function h(e={}){const{wrapper:i}={...(0,s.a)(),...e.components};return i?(0,t.jsx)(i,{...e,children:(0,t.jsx)(d,{...e})}):d(e)}},1151:(e,i,n)=>{n.d(i,{Z:()=>r,a:()=>l});var t=n(7294);const s={},a=t.createContext(s);function l(e){const i=t.useContext(a);return t.useMemo((function(){return"function"==typeof e?e(i):{...i,...e}}),[i,e])}function r(e){let i;return i=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:l(e.components),t.createElement(a.Provider,{value:i},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/d768dc0f.9162b0b5.js b/assets/js/d768dc0f.d9dde1b6.js
similarity index 99%
rename from assets/js/d768dc0f.9162b0b5.js
rename to assets/js/d768dc0f.d9dde1b6.js
index 07292d01..235bba60 100644
--- a/assets/js/d768dc0f.9162b0b5.js
+++ b/assets/js/d768dc0f.d9dde1b6.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[5882],{475:(e,n,r)=>{r.r(n),r.d(n,{assets:()=>c,contentTitle:()=>s,default:()=>h,frontMatter:()=>i,metadata:()=>l,toc:()=>d});var o=r(5893),t=r(1151);const i={sidebar_position:40,title:"Self-Hosting Guide for Linux",sidebar_label:"Linux"},s=void 0,l={id:"guides/self-hosting/linux/index",title:"Self-Hosting Guide for Linux",description:"Walkthrough Video",source:"@site/../docs/guides/self-hosting/linux/index.mdx",sourceDirName:"guides/self-hosting/linux",slug:"/guides/self-hosting/linux/",permalink:"/docs/guides/self-hosting/linux/",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/linux/index.mdx",tags:[],version:"current",sidebarPosition:40,frontMatter:{sidebar_position:40,title:"Self-Hosting Guide for Linux",sidebar_label:"Linux"},sidebar:"tutorialSidebar",previous:{title:"Self Hosting",permalink:"/docs/category/self-hosting"},next:{title:"NGINX TLS",permalink:"/docs/guides/self-hosting/linux/nginx"}},c={},d=[{value:"Walkthrough Video",id:"walkthrough-video",level:2},{value:"Before you Begin",id:"before-you-begin",level:2},{value:"OpenZiti",id:"openziti",level:2},{value:"Install zrok",id:"install-zrok",level:2},{value:"Configure the Controller",id:"configure-the-controller",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Bootstrap OpenZiti for zrok",id:"bootstrap-openziti-for-zrok",level:2},{value:"Run zrok Controller",id:"run-zrok-controller",level:2},{value:"Create zrok Frontend",id:"create-zrok-frontend",level:2},{value:"Configure the Public Frontend",id:"configure-the-public-frontend",level:2},{value:"Start Public Frontend",id:"start-public-frontend",level:2},{value:"Create a User Account",id:"create-a-user-account",level:2},{value:"Invite Additional Users",id:"invite-additional-users",level:2},{value:"Enable Your Environment",id:"enable-your-environment",level:2}];function a(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",li:"li",ol:"ol",p:"p",pre:"pre",ul:"ul",...(0,t.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(n.h2,{id:"walkthrough-video",children:"Walkthrough Video"}),"\n",(0,o.jsx)("iframe",{width:"100%",height:"315",src:"https://www.youtube.com/embed/870A5dke_u4",title:"YouTube video player",frameborder:"0",allow:"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share",allowfullscreen:!0}),"\n",(0,o.jsx)(n.h2,{id:"before-you-begin",children:"Before you Begin"}),"\n",(0,o.jsxs)(n.p,{children:["This will get you up and running with a self-hosted instance of ",(0,o.jsx)(n.code,{children:"zrok"}),". I'll assume you have the following:"]}),"\n",(0,o.jsxs)(n.ul,{children:["\n",(0,o.jsx)(n.li,{children:"a Linux server with a public IP"}),"\n",(0,o.jsxs)(n.li,{children:["a wildcard DNS record like ",(0,o.jsx)(n.code,{children:"*.zrok.quigley.com"})," that resolves to the server IP"]}),"\n"]}),"\n",(0,o.jsx)(n.h2,{id:"openziti",children:"OpenZiti"}),"\n",(0,o.jsxs)(n.p,{children:['OpenZiti (a.k.a. "Ziti") provides secure network backhaul for ',(0,o.jsx)(n.code,{children:"zrok"})," public and private shares. You need a Ziti Controller and a Ziti Router. You can run everything on the same Linux VPS."]}),"\n",(0,o.jsxs)(n.ol,{children:["\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Install the Ziti Controller package by following the ",(0,o.jsx)(n.a,{href:"https://openziti.io/docs/category/deployments",children:"Linux controller deployment guide"}),"."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Ensure your answer file (",(0,o.jsx)(n.code,{children:"/opt/openziti/etc/controller/bootstrap.env"}),") has the FQDN of your Linux server and an admin password defined."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Ensure your firewall allows the controller port from the answer file."}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Start the controller service (",(0,o.jsx)(n.code,{children:"ziti-controller.service"}),") and check the status."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Log in to the Ziti Controller"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"ziti edge login localhost:1280 -u admin -p <password>\n"})}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Administratively Create a Ziti Router"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:'ziti edge create edge-router "router1" -o /tmp/router1.jwt\n'})}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Install the Ziti Router package by following ",(0,o.jsx)(n.a,{href:"https://openziti.io/docs/category/deployments",children:"the Linux router deployment guide"}),"."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Ensure your answer file (",(0,o.jsx)(n.code,{children:"/opt/openziti/etc/router/bootstrap.env"}),") has the FQDN of your Linux server for both controller and router addresses and the enrollment token from the previous step."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Ensure your firewall allows the router port from the answer file."}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Start the router service (",(0,o.jsx)(n.code,{children:"ziti-router.service"}),") and check the status."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Verify the new router is online."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"ziti edge list edge-routers\n"})}),"\n"]}),"\n"]}),"\n",(0,o.jsx)(n.h2,{id:"install-zrok",children:"Install zrok"}),"\n",(0,o.jsxs)(n.p,{children:["Debian and RPM packages are available for ",(0,o.jsx)(n.code,{children:"zrok"}),"."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"sudo apt install zrok\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Follow ",(0,o.jsx)(n.a,{href:"/docs/guides/install/linux",children:"the Linux installation guide"})," to install the ",(0,o.jsx)(n.code,{children:"zrok"})," package from the repository or manually install the binary for your platform."]}),"\n",(0,o.jsx)(n.h2,{id:"configure-the-controller",children:"Configure the Controller"}),"\n",(0,o.jsxs)(n.p,{children:["Create a ",(0,o.jsx)(n.code,{children:"zrok"})," controller configuration file in ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"}),". The controller can terminate TLS or you may front the server with a reverse proxy that continually renews the necessary wildcard certificate (e.g., Caddy w/ a DNS provider plugin). This example will expose the non-TLS listener for the controller."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-yaml",children:'#    _____ __ ___ | | __\n#   |_  / \'__/ _ \\| |/ /\n#    / /| | | (_) |   <\n#   /___|_|  \\___/|_|\\_\\\n# controller configuration\n\nv:                  3\n\nadmin:\n  # generate these admin tokens from a source of randomness, e.g. \n  #  LC_ALL=C tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c32\n  secrets:\n    -               Q8V0LqnNb5wNX9kE1fgQ0H6VlcvJybB1  # be sure to change this!\n\nendpoint:\n  host:             0.0.0.0\n  port:             18080\n\ninvites:\n  invites_open:    true\n\nstore:\n  path:             zrok.db\n  type:             sqlite3\n\nziti:\n  api_endpoint:     "https://127.0.0.1:1280"\n  username:         admin\n  password:         "XO0xHp75uuyeireO2xmmVlK91T7B9fpD"\n\n# you can use certbot to renew the wildcard cert for the controller with a DNS provider API token or front this `zrok` # controller with Caddy\n#tls:\n#  cert_path: "/Path/To/Cert/zrok.crt"\n#  key_path:  "/Path/To/Cert/zrok.key"\n\n'})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"admin"})," section defines privileged administrative credentials and must be set in the ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," environment variable in shells where you want to run ",(0,o.jsx)(n.code,{children:"zrok admin"}),"."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"endpoint"})," section defines where your ",(0,o.jsx)(n.code,{children:"zrok"})," controller will listen."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"store"})," section defines the local ",(0,o.jsx)(n.code,{children:"sqlite3"})," database used by the controller."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"ziti"})," section defines how the ",(0,o.jsx)(n.code,{children:"zrok"})," controller should communicate with your OpenZiti installation. When using the OpenZiti quickstart, an administrative password will be generated; the ",(0,o.jsx)(n.code,{children:"password"})," in the ",(0,o.jsx)(n.code,{children:"ziti"})," stanza should reflect this password."]}),"\n",(0,o.jsxs)(n.admonition,{type:"note",children:[(0,o.jsxs)(n.p,{children:["Be sure to see the ",(0,o.jsxs)(n.a,{target:"_blank","data-noBrokenLinkCheck":!0,href:r(1855).Z+"",children:["reference configuration at ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"})]})," for the complete documentation of the current configuration file format for the ",(0,o.jsx)(n.code,{children:"zrok"})," controller and service instance components."]}),(0,o.jsxs)(n.p,{children:["See the separate guides on ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"configuring metrics"})," and ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-limits",children:"configuring limits"})," for details about both of these specialized areas of service instance configuration."]})]}),"\n",(0,o.jsx)(n.h2,{id:"environment-variables",children:"Environment Variables"}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"})," binaries are configured to work with the global ",(0,o.jsx)(n.code,{children:"zrok.io"})," service, and default to using ",(0,o.jsx)(n.code,{children:"api.zrok.io"})," as the endpoint for communicating with the service."]}),"\n",(0,o.jsxs)(n.p,{children:["To work with a self-hosted ",(0,o.jsx)(n.code,{children:"zrok"})," deployment, you'll need to set the ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variable to point to the address where your ",(0,o.jsx)(n.code,{children:"zrok"})," controller will be listening, according to ",(0,o.jsx)(n.code,{children:"endpoint"})," in the configuration file above."]}),"\n",(0,o.jsx)(n.p,{children:"In my case, I've set:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"export ZROK_API_ENDPOINT=http://127.0.0.1:18080\n"})}),"\n",(0,o.jsxs)(n.p,{children:[(0,o.jsxs)(n.a,{href:"/docs/guides/self-hosting/instance-configuration",children:["Read more about configuring your self-hosted ",(0,o.jsx)(n.code,{children:"zrok"})," instance"]}),"."]}),"\n",(0,o.jsx)(n.h2,{id:"bootstrap-openziti-for-zrok",children:"Bootstrap OpenZiti for zrok"}),"\n",(0,o.jsxs)(n.p,{children:["With your OpenZiti network running and your configuration saved to a local file (I refer to mine as ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"})," in these examples), you're ready to bootstrap the Ziti network."]}),"\n",(0,o.jsxs)(n.p,{children:["Use the ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command to bootstrap like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok admin bootstrap etc/ctrl.yml\n[   0.002]    INFO main.(*adminBootstrap).run: {\n\t...\n}\n[   0.002]    INFO zrok/controller/store.Open: database connected\n[   0.006]    INFO zrok/controller/store.(*Store).migrate: applied 0 migrations\n[   0.006]    INFO zrok/controller.Bootstrap: connecting to the ziti edge management api\n[   0.039]    INFO zrok/controller.Bootstrap: creating identity for controller ziti access\n[   0.071]    INFO zrok/controller.Bootstrap: controller identity: jKd8AINSz\n[   0.082]    INFO zrok/controller.assertIdentity: asserted identity 'jKd8AINSz'\n[   0.085]    INFO zrok/controller.assertErpForIdentity: asserted erps for 'ctrl' (jKd8AINSz)\n[   0.085]    INFO zrok/controller.Bootstrap: creating identity for frontend ziti access\n[   0.118]    INFO zrok/controller.Bootstrap: frontend identity: sqJRAINSiB\n[   0.119]    INFO zrok/controller.assertIdentity: asserted identity 'sqJRAINSiB'\n[   0.120]    INFO zrok/controller.assertErpForIdentity: asserted erps for 'frontend' (sqJRAINSiB)\n[   0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance\n[   0.123]    INFO zrok/controller.assertZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'\n[   0.124]    INFO zrok/controller.assertMetricsService: creating 'metrics' service\n[   0.126]    INFO zrok/controller.assertMetricsService: asserted 'metrics' service (5RpPZZ7T8bZf1ENjwGiPc3)\n[   0.128]    INFO zrok/controller.assertMetricsSerp: creating 'metrics' serp\n[   0.130]    INFO zrok/controller.assertMetricsSerp: asserted 'metrics' serp\n[   0.134]    INFO zrok/controller.assertCtrlMetricsBind: creating 'ctrl-metrics-bind' service policy\n[   0.135]    INFO zrok/controller.assertCtrlMetricsBind: asserted 'ctrl-metrics-bind' service policy\n[   0.138]    INFO zrok/controller.assertFrontendMetricsDial: creating 'frontend-metrics-dial' service policy\n[   0.140]    INFO zrok/controller.assertFrontendMetricsDial: asserted 'frontend-metrics-dial' service policy\n[   0.140]    INFO main.(*adminBootstrap).run: bootstrap complete!\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command configures the ",(0,o.jsx)(n.code,{children:"zrok"})," database, the necessary OpenZiti identities, and all of the OpenZiti policies required to run a ",(0,o.jsx)(n.code,{children:"zrok"})," service."]}),"\n",(0,o.jsx)(n.p,{children:"Notice this warning:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[   0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance\n"})}),"\n",(0,o.jsxs)(n.p,{children:["If you find it necessary to re-run the ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command, you may need to add the ",(0,o.jsx)(n.code,{children:"--skip-frontend"})," flag to avoid re-creating the default ",(0,o.jsx)(n.code,{children:"public"})," frontend's Ziti identity and router policy."]}),"\n",(0,o.jsx)(n.h2,{id:"run-zrok-controller",children:"Run zrok Controller"}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"}),' bootstrap process wants us to create a "public frontend" for our service. ',(0,o.jsx)(n.code,{children:"zrok"})," uses public frontends to allow users to specify where they would like public traffic to ingress from."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok admin create frontend"})," command requires a running ",(0,o.jsx)(n.code,{children:"zrok"})," controller, so let's start that up first:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok controller etc/ctrl.yml \n[   0.003]    INFO main.(*controllerCommand).run: {\n\t...\n}\n[   0.016]    INFO zrok/controller.inspectZiti: inspecting ziti controller configuration\n[   0.048]    INFO zrok/controller.findZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'\n[   0.048]    INFO zrok/controller/store.Open: database connected\n[   0.048]    INFO zrok/controller/store.(*Store).migrate: applied 0 migrations\n[   0.049]    INFO zrok/controller.(*metricsAgent).run: starting\n[   0.064]    INFO zrok/rest_server_zrok.setupGlobalMiddleware: configuring\n[   0.064]    INFO zrok/ui.StaticBuilder: building\n[   0.065]    INFO zrok/rest_server_zrok.(*Server).Logf: Serving zrok at http://[::]:18080\n[   0.085]    INFO zrok/controller.(*metricsAgent).listen: started\n"})}),"\n",(0,o.jsx)(n.h2,{id:"create-zrok-frontend",children:"Create zrok Frontend"}),"\n",(0,o.jsxs)(n.p,{children:["With our ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," and ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variables set, we can create our public frontend like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok admin create frontend sqJRAINSiB public http://{token}.zrok.quigley.com:8080\n[   0.037]    INFO main.(*adminCreateFrontendCommand).run: created global public frontend 'WEirJNHVlcW9'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The id of the frontend was emitted earlier in by the ",(0,o.jsx)(n.code,{children:"zrok"})," controller when we ran the bootstrap command. If you don't have that log message the you can find the id again with the ",(0,o.jsx)(n.code,{children:"ziti"})," CLI like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"# log in as admin (example)\nziti edge login localhost:1280 -u admin -p XO0xHp75uuyeireO2xmmVlK91T7B9fpD\n\n# list Ziti identities created by the quickstart and bootstrap\nziti edge list identities\n"})}),"\n",(0,o.jsx)(n.p,{children:'The id is shown for the frontend identity named "public."'}),"\n",(0,o.jsxs)(n.p,{children:["Nice work! The ",(0,o.jsx)(n.code,{children:"zrok"})," controller is fully configured now that you have created the ",(0,o.jsx)(n.code,{children:"zrok"})," frontend."]}),"\n",(0,o.jsx)(n.h2,{id:"configure-the-public-frontend",children:"Configure the Public Frontend"}),"\n",(0,o.jsxs)(n.p,{children:["Create an http frontend configuration file in ",(0,o.jsx)(n.code,{children:"etc/http-frontend.yml"}),"."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-yaml",children:"v:                  3\nhost_match:         zrok.quigley.com\naddress:            0.0.0.0:8080\n"})}),"\n",(0,o.jsxs)(n.p,{children:["This frontend config file has a ",(0,o.jsx)(n.code,{children:"host_match"})," pattern that represents the DNS zone you're using with this instance of ",(0,o.jsx)(n.code,{children:"zrok"}),". Incoming HTTP requests with a matching ",(0,o.jsx)(n.code,{children:"Host"})," header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests."]}),"\n",(0,o.jsxs)(n.p,{children:["The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the ",(0,o.jsx)(n.code,{children:"Host"})," header supplied by the viewer. This example will expose the non-TLS listener for the frontend."]}),"\n",(0,o.jsxs)(n.p,{children:["You can also specify an ",(0,o.jsx)(n.code,{children:"oauth"})," configuration in this file, full details of are found in ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/oauth/configuring-oauth#configuring-your-public-frontend",children:"OAuth Public Frontend Configuration"}),"."]}),"\n",(0,o.jsx)(n.h2,{id:"start-public-frontend",children:"Start Public Frontend"}),"\n",(0,o.jsx)(n.p,{children:"In another terminal window, run:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok access public etc/http-frontend.yml\n[   0.002]    INFO main.(*accessPublicCommand).run: {\n\t...\n}\n[   0.002]    INFO zrok/endpoints/public_frontend.newMetricsAgent: loaded 'public' identity\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"})," frontend uses the ",(0,o.jsx)(n.code,{children:"public"})," identity created during the bootstrap process to securely access zrok backends. to provide public access for the ",(0,o.jsx)(n.code,{children:"zrok"})," deployment. It is expected that the configured listener for this frontend corresponds to the DNS template specified when creating the public frontend record above."]}),"\n",(0,o.jsx)(n.h2,{id:"create-a-user-account",children:"Create a User Account"}),"\n",(0,o.jsxs)(n.p,{children:["With our ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," and ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variables set, we can create our first user account."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok admin create account etc/ctrl.yml <email> <password>\n"})}),"\n",(0,o.jsx)(n.p,{children:"The output is the account token you will use to enable each device's zrok environment."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"SuGzRPjVDIcF\n"})}),"\n",(0,o.jsx)(n.h2,{id:"invite-additional-users",children:"Invite Additional Users"}),"\n",(0,o.jsxs)(n.p,{children:["Offer this onboarding method to your users if you have configured an email-sending service in your ",(0,o.jsx)(n.code,{children:"zrok"})," controller configuration."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok invite\nNew Email: user@domain.com\nConfirm Email: user@domain.com\ninvitation sent to 'user@domain.com'!\n"})}),"\n",(0,o.jsxs)(n.p,{children:["If you look at the console output from your ",(0,o.jsx)(n.code,{children:"zrok"})," controller, you'll see a message like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[ 238.168]    INFO zrok/controller.(*inviteHandler).Handle: account request for 'user@domain.com' has registration token 'U2Ewt1UCn3ql'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["You can access your ",(0,o.jsx)(n.code,{children:"zrok"})," controller's registration UI by pointing a web browser at:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"http://localhost:18080/register/U2Ewt1UCn3ql\n"})}),"\n",(0,o.jsx)(n.p,{children:"The UI will ask you to set a password for your new account. Go ahead and do that."}),"\n",(0,o.jsx)(n.p,{children:"After doing that, I see the following output in my controller console:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[ 516.778]    INFO zrok/controller.(*registerHandler).Handle: created account 'user@domain.com' with token 'SuGzRPjVDIcF'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Keep track of the token listed above (",(0,o.jsx)(n.code,{children:"SuGzRPjVDIcF"}),"). We'll use this to enable our shell for this ",(0,o.jsx)(n.code,{children:"zrok"})," deployment."]}),"\n",(0,o.jsx)(n.h2,{id:"enable-your-environment",children:"Enable Your Environment"}),"\n",(0,o.jsx)(n.p,{children:"On another device that can reach your Linux server by FQDN, configure the API endpoint and enable the environment with the account token you received when you created the first user account."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"export ZROK_API_ENDPOINT=https://zrok.quigley.com\n# or\nzrok config set apiEndpoint https://zrok.quigley.com\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok enable SuGzRPjVDIcF\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"zrok environment '2AS1WZ3Sz' enabled for 'SuGzRPjVDIcF'\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok status --secrets\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"Config:\n\n  CONFIG       VALUE                      SOURCE\n  apiEndpoint  https://zrok.quigley.com   env\n\nEnvironment:\n\n  PROPERTY       VALUE\n  Secret Token   SuGzRPjVDIcF\n  Ziti Identity  2AS1WZ3Sz\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Congratulations. You have a working ",(0,o.jsx)(n.code,{children:"zrok"})," environment!"]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,o.jsx)(n,{...e,children:(0,o.jsx)(a,{...e})}):a(e)}},1855:(e,n,r)=>{r.d(n,{Z:()=>o});const o=r.p+"assets/files/ctrl-6c22ae02cafe307b82e5a1f783497950.yml"},1151:(e,n,r)=>{r.d(n,{Z:()=>l,a:()=>s});var o=r(7294);const t={},i=o.createContext(t);function s(e){const n=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function l(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:s(e.components),o.createElement(i.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[5882],{475:(e,n,r)=>{r.r(n),r.d(n,{assets:()=>c,contentTitle:()=>s,default:()=>h,frontMatter:()=>i,metadata:()=>l,toc:()=>d});var o=r(5893),t=r(1151);const i={sidebar_position:40,title:"Self-Hosting Guide for Linux",sidebar_label:"Linux"},s=void 0,l={id:"guides/self-hosting/linux/index",title:"Self-Hosting Guide for Linux",description:"Walkthrough Video",source:"@site/../docs/guides/self-hosting/linux/index.mdx",sourceDirName:"guides/self-hosting/linux",slug:"/guides/self-hosting/linux/",permalink:"/docs/guides/self-hosting/linux/",draft:!1,unlisted:!1,editUrl:"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/linux/index.mdx",tags:[],version:"current",sidebarPosition:40,frontMatter:{sidebar_position:40,title:"Self-Hosting Guide for Linux",sidebar_label:"Linux"},sidebar:"tutorialSidebar",previous:{title:"Self Hosting",permalink:"/docs/category/self-hosting"},next:{title:"NGINX TLS",permalink:"/docs/guides/self-hosting/linux/nginx"}},c={},d=[{value:"Walkthrough Video",id:"walkthrough-video",level:2},{value:"Before you Begin",id:"before-you-begin",level:2},{value:"OpenZiti",id:"openziti",level:2},{value:"Install zrok",id:"install-zrok",level:2},{value:"Configure the Controller",id:"configure-the-controller",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Bootstrap OpenZiti for zrok",id:"bootstrap-openziti-for-zrok",level:2},{value:"Run zrok Controller",id:"run-zrok-controller",level:2},{value:"Create zrok Frontend",id:"create-zrok-frontend",level:2},{value:"Configure the Public Frontend",id:"configure-the-public-frontend",level:2},{value:"Start Public Frontend",id:"start-public-frontend",level:2},{value:"Create a User Account",id:"create-a-user-account",level:2},{value:"Invite Additional Users",id:"invite-additional-users",level:2},{value:"Enable Your Environment",id:"enable-your-environment",level:2}];function a(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",li:"li",ol:"ol",p:"p",pre:"pre",ul:"ul",...(0,t.a)(),...e.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(n.h2,{id:"walkthrough-video",children:"Walkthrough Video"}),"\n",(0,o.jsx)("iframe",{width:"100%",height:"315",src:"https://www.youtube.com/embed/870A5dke_u4",title:"YouTube video player",frameborder:"0",allow:"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share",allowfullscreen:!0}),"\n",(0,o.jsx)(n.h2,{id:"before-you-begin",children:"Before you Begin"}),"\n",(0,o.jsxs)(n.p,{children:["This will get you up and running with a self-hosted instance of ",(0,o.jsx)(n.code,{children:"zrok"}),". I'll assume you have the following:"]}),"\n",(0,o.jsxs)(n.ul,{children:["\n",(0,o.jsx)(n.li,{children:"a Linux server with a public IP"}),"\n",(0,o.jsxs)(n.li,{children:["a wildcard DNS record like ",(0,o.jsx)(n.code,{children:"*.zrok.quigley.com"})," that resolves to the server IP"]}),"\n"]}),"\n",(0,o.jsx)(n.h2,{id:"openziti",children:"OpenZiti"}),"\n",(0,o.jsxs)(n.p,{children:['OpenZiti (a.k.a. "Ziti") provides secure network backhaul for ',(0,o.jsx)(n.code,{children:"zrok"})," public and private shares. You need a Ziti Controller and a Ziti Router. You can run everything on the same Linux VPS."]}),"\n",(0,o.jsxs)(n.ol,{children:["\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Install the Ziti Controller package by following the ",(0,o.jsx)(n.a,{href:"https://openziti.io/docs/category/deployments",children:"Linux controller deployment guide"}),"."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Ensure your answer file (",(0,o.jsx)(n.code,{children:"/opt/openziti/etc/controller/bootstrap.env"}),") has the FQDN of your Linux server and an admin password defined."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Ensure your firewall allows the controller port from the answer file."}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Start the controller service (",(0,o.jsx)(n.code,{children:"ziti-controller.service"}),") and check the status."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Log in to the Ziti Controller"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"ziti edge login localhost:1280 -u admin -p <password>\n"})}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Administratively Create a Ziti Router"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:'ziti edge create edge-router "router1" -o /tmp/router1.jwt\n'})}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Install the Ziti Router package by following ",(0,o.jsx)(n.a,{href:"https://openziti.io/docs/category/deployments",children:"the Linux router deployment guide"}),"."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Ensure your answer file (",(0,o.jsx)(n.code,{children:"/opt/openziti/etc/router/bootstrap.env"}),") has the FQDN of your Linux server for both controller and router addresses and the enrollment token from the previous step."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Ensure your firewall allows the router port from the answer file."}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsxs)(n.p,{children:["Start the router service (",(0,o.jsx)(n.code,{children:"ziti-router.service"}),") and check the status."]}),"\n"]}),"\n",(0,o.jsxs)(n.li,{children:["\n",(0,o.jsx)(n.p,{children:"Verify the new router is online."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"ziti edge list edge-routers\n"})}),"\n"]}),"\n"]}),"\n",(0,o.jsx)(n.h2,{id:"install-zrok",children:"Install zrok"}),"\n",(0,o.jsxs)(n.p,{children:["Debian and RPM packages are available for ",(0,o.jsx)(n.code,{children:"zrok"}),"."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"sudo apt install zrok\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Follow ",(0,o.jsx)(n.a,{href:"/docs/guides/install/linux",children:"the Linux installation guide"})," to install the ",(0,o.jsx)(n.code,{children:"zrok"})," package from the repository or manually install the binary for your platform."]}),"\n",(0,o.jsx)(n.h2,{id:"configure-the-controller",children:"Configure the Controller"}),"\n",(0,o.jsxs)(n.p,{children:["Create a ",(0,o.jsx)(n.code,{children:"zrok"})," controller configuration file in ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"}),". The controller can terminate TLS or you may front the server with a reverse proxy that continually renews the necessary wildcard certificate (e.g., Caddy w/ a DNS provider plugin). This example will expose the non-TLS listener for the controller."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-yaml",children:'#    _____ __ ___ | | __\n#   |_  / \'__/ _ \\| |/ /\n#    / /| | | (_) |   <\n#   /___|_|  \\___/|_|\\_\\\n# controller configuration\n\nv:                  3\n\nadmin:\n  # generate these admin tokens from a source of randomness, e.g. \n  #  LC_ALL=C tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c32\n  secrets:\n    -               Q8V0LqnNb5wNX9kE1fgQ0H6VlcvJybB1  # be sure to change this!\n\nendpoint:\n  host:             0.0.0.0\n  port:             18080\n\ninvites:\n  invites_open:    true\n\nstore:\n  path:             zrok.db\n  type:             sqlite3\n\nziti:\n  api_endpoint:     "https://127.0.0.1:1280"\n  username:         admin\n  password:         "XO0xHp75uuyeireO2xmmVlK91T7B9fpD"\n\n# you can use certbot to renew the wildcard cert for the controller with a DNS provider API token or front this `zrok` # controller with Caddy\n#tls:\n#  cert_path: "/Path/To/Cert/zrok.crt"\n#  key_path:  "/Path/To/Cert/zrok.key"\n\n'})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"admin"})," section defines privileged administrative credentials and must be set in the ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," environment variable in shells where you want to run ",(0,o.jsx)(n.code,{children:"zrok admin"}),"."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"endpoint"})," section defines where your ",(0,o.jsx)(n.code,{children:"zrok"})," controller will listen."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"store"})," section defines the local ",(0,o.jsx)(n.code,{children:"sqlite3"})," database used by the controller."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"ziti"})," section defines how the ",(0,o.jsx)(n.code,{children:"zrok"})," controller should communicate with your OpenZiti installation. When using the OpenZiti quickstart, an administrative password will be generated; the ",(0,o.jsx)(n.code,{children:"password"})," in the ",(0,o.jsx)(n.code,{children:"ziti"})," stanza should reflect this password."]}),"\n",(0,o.jsxs)(n.admonition,{type:"note",children:[(0,o.jsxs)(n.p,{children:["Be sure to see the ",(0,o.jsxs)(n.a,{target:"_blank","data-noBrokenLinkCheck":!0,href:r(1855).Z+"",children:["reference configuration at ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"})]})," for the complete documentation of the current configuration file format for the ",(0,o.jsx)(n.code,{children:"zrok"})," controller and service instance components."]}),(0,o.jsxs)(n.p,{children:["See the separate guides on ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics",children:"configuring metrics"})," and ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/metrics-and-limits/configuring-limits",children:"configuring limits"})," for details about both of these specialized areas of service instance configuration."]})]}),"\n",(0,o.jsx)(n.h2,{id:"environment-variables",children:"Environment Variables"}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"})," binaries are configured to work with the global ",(0,o.jsx)(n.code,{children:"zrok.io"})," service, and default to using ",(0,o.jsx)(n.code,{children:"api.zrok.io"})," as the endpoint for communicating with the service."]}),"\n",(0,o.jsxs)(n.p,{children:["To work with a self-hosted ",(0,o.jsx)(n.code,{children:"zrok"})," deployment, you'll need to set the ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variable to point to the address where your ",(0,o.jsx)(n.code,{children:"zrok"})," controller will be listening, according to ",(0,o.jsx)(n.code,{children:"endpoint"})," in the configuration file above."]}),"\n",(0,o.jsx)(n.p,{children:"In my case, I've set:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"export ZROK_API_ENDPOINT=http://127.0.0.1:18080\n"})}),"\n",(0,o.jsxs)(n.p,{children:[(0,o.jsxs)(n.a,{href:"/docs/guides/self-hosting/instance-configuration",children:["Read more about configuring your self-hosted ",(0,o.jsx)(n.code,{children:"zrok"})," instance"]}),"."]}),"\n",(0,o.jsx)(n.h2,{id:"bootstrap-openziti-for-zrok",children:"Bootstrap OpenZiti for zrok"}),"\n",(0,o.jsxs)(n.p,{children:["With your OpenZiti network running and your configuration saved to a local file (I refer to mine as ",(0,o.jsx)(n.code,{children:"etc/ctrl.yml"})," in these examples), you're ready to bootstrap the Ziti network."]}),"\n",(0,o.jsxs)(n.p,{children:["Use the ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command to bootstrap like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok admin bootstrap etc/ctrl.yml\n[   0.002]    INFO main.(*adminBootstrap).run: {\n\t...\n}\n[   0.002]    INFO zrok/controller/store.Open: database connected\n[   0.006]    INFO zrok/controller/store.(*Store).migrate: applied 0 migrations\n[   0.006]    INFO zrok/controller.Bootstrap: connecting to the ziti edge management api\n[   0.039]    INFO zrok/controller.Bootstrap: creating identity for controller ziti access\n[   0.071]    INFO zrok/controller.Bootstrap: controller identity: jKd8AINSz\n[   0.082]    INFO zrok/controller.assertIdentity: asserted identity 'jKd8AINSz'\n[   0.085]    INFO zrok/controller.assertErpForIdentity: asserted erps for 'ctrl' (jKd8AINSz)\n[   0.085]    INFO zrok/controller.Bootstrap: creating identity for frontend ziti access\n[   0.118]    INFO zrok/controller.Bootstrap: frontend identity: sqJRAINSiB\n[   0.119]    INFO zrok/controller.assertIdentity: asserted identity 'sqJRAINSiB'\n[   0.120]    INFO zrok/controller.assertErpForIdentity: asserted erps for 'frontend' (sqJRAINSiB)\n[   0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance\n[   0.123]    INFO zrok/controller.assertZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'\n[   0.124]    INFO zrok/controller.assertMetricsService: creating 'metrics' service\n[   0.126]    INFO zrok/controller.assertMetricsService: asserted 'metrics' service (5RpPZZ7T8bZf1ENjwGiPc3)\n[   0.128]    INFO zrok/controller.assertMetricsSerp: creating 'metrics' serp\n[   0.130]    INFO zrok/controller.assertMetricsSerp: asserted 'metrics' serp\n[   0.134]    INFO zrok/controller.assertCtrlMetricsBind: creating 'ctrl-metrics-bind' service policy\n[   0.135]    INFO zrok/controller.assertCtrlMetricsBind: asserted 'ctrl-metrics-bind' service policy\n[   0.138]    INFO zrok/controller.assertFrontendMetricsDial: creating 'frontend-metrics-dial' service policy\n[   0.140]    INFO zrok/controller.assertFrontendMetricsDial: asserted 'frontend-metrics-dial' service policy\n[   0.140]    INFO main.(*adminBootstrap).run: bootstrap complete!\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command configures the ",(0,o.jsx)(n.code,{children:"zrok"})," database, the necessary OpenZiti identities, and all of the OpenZiti policies required to run a ",(0,o.jsx)(n.code,{children:"zrok"})," service."]}),"\n",(0,o.jsx)(n.p,{children:"Notice this warning:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[   0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance\n"})}),"\n",(0,o.jsxs)(n.p,{children:["If you find it necessary to re-run the ",(0,o.jsx)(n.code,{children:"zrok admin bootstrap"})," command, you may need to add the ",(0,o.jsx)(n.code,{children:"--skip-frontend"})," flag to avoid re-creating the default ",(0,o.jsx)(n.code,{children:"public"})," frontend's Ziti identity and router policy."]}),"\n",(0,o.jsx)(n.h2,{id:"run-zrok-controller",children:"Run zrok Controller"}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"}),' bootstrap process wants us to create a "public frontend" for our service. ',(0,o.jsx)(n.code,{children:"zrok"})," uses public frontends to allow users to specify where they would like public traffic to ingress from."]}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok admin create frontend"})," command requires a running ",(0,o.jsx)(n.code,{children:"zrok"})," controller, so let's start that up first:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok controller etc/ctrl.yml \n[   0.003]    INFO main.(*controllerCommand).run: {\n\t...\n}\n[   0.016]    INFO zrok/controller.inspectZiti: inspecting ziti controller configuration\n[   0.048]    INFO zrok/controller.findZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'\n[   0.048]    INFO zrok/controller/store.Open: database connected\n[   0.048]    INFO zrok/controller/store.(*Store).migrate: applied 0 migrations\n[   0.049]    INFO zrok/controller.(*metricsAgent).run: starting\n[   0.064]    INFO zrok/rest_server_zrok.setupGlobalMiddleware: configuring\n[   0.064]    INFO zrok/ui.StaticBuilder: building\n[   0.065]    INFO zrok/rest_server_zrok.(*Server).Logf: Serving zrok at http://[::]:18080\n[   0.085]    INFO zrok/controller.(*metricsAgent).listen: started\n"})}),"\n",(0,o.jsx)(n.h2,{id:"create-zrok-frontend",children:"Create zrok Frontend"}),"\n",(0,o.jsxs)(n.p,{children:["With our ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," and ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variables set, we can create our public frontend like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok admin create frontend sqJRAINSiB public http://{token}.zrok.quigley.com:8080\n[   0.037]    INFO main.(*adminCreateFrontendCommand).run: created global public frontend 'WEirJNHVlcW9'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The id of the frontend was emitted earlier in by the ",(0,o.jsx)(n.code,{children:"zrok"})," controller when we ran the bootstrap command. If you don't have that log message the you can find the id again with the ",(0,o.jsx)(n.code,{children:"ziti"})," CLI like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"# log in as admin (example)\nziti edge login localhost:1280 -u admin -p XO0xHp75uuyeireO2xmmVlK91T7B9fpD\n\n# list Ziti identities created by the quickstart and bootstrap\nziti edge list identities\n"})}),"\n",(0,o.jsx)(n.p,{children:'The id is shown for the frontend identity named "public."'}),"\n",(0,o.jsxs)(n.p,{children:["Nice work! The ",(0,o.jsx)(n.code,{children:"zrok"})," controller is fully configured now that you have created the ",(0,o.jsx)(n.code,{children:"zrok"})," frontend."]}),"\n",(0,o.jsx)(n.h2,{id:"configure-the-public-frontend",children:"Configure the Public Frontend"}),"\n",(0,o.jsxs)(n.p,{children:["Create an http frontend configuration file in ",(0,o.jsx)(n.code,{children:"etc/http-frontend.yml"}),"."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-yaml",children:"v:                  3\nhost_match:         zrok.quigley.com\naddress:            0.0.0.0:8080\n"})}),"\n",(0,o.jsxs)(n.p,{children:["This frontend config file has a ",(0,o.jsx)(n.code,{children:"host_match"})," pattern that represents the DNS zone you're using with this instance of ",(0,o.jsx)(n.code,{children:"zrok"}),". Incoming HTTP requests with a matching ",(0,o.jsx)(n.code,{children:"Host"})," header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests."]}),"\n",(0,o.jsxs)(n.p,{children:["The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the ",(0,o.jsx)(n.code,{children:"Host"})," header supplied by the viewer. This example will expose the non-TLS listener for the frontend."]}),"\n",(0,o.jsxs)(n.p,{children:["You can also specify an ",(0,o.jsx)(n.code,{children:"oauth"})," configuration in this file, full details of are found in ",(0,o.jsx)(n.a,{href:"/docs/guides/self-hosting/oauth/configuring-oauth#configuring-your-public-frontend",children:"OAuth Public Frontend Configuration"}),"."]}),"\n",(0,o.jsx)(n.h2,{id:"start-public-frontend",children:"Start Public Frontend"}),"\n",(0,o.jsx)(n.p,{children:"In another terminal window, run:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok access public etc/http-frontend.yml\n[   0.002]    INFO main.(*accessPublicCommand).run: {\n\t...\n}\n[   0.002]    INFO zrok/endpoints/public_frontend.newMetricsAgent: loaded 'public' identity\n"})}),"\n",(0,o.jsxs)(n.p,{children:["The ",(0,o.jsx)(n.code,{children:"zrok"})," frontend uses the ",(0,o.jsx)(n.code,{children:"public"})," identity created during the bootstrap process to securely access zrok backends. to provide public access for the ",(0,o.jsx)(n.code,{children:"zrok"})," deployment. It is expected that the configured listener for this frontend corresponds to the DNS template specified when creating the public frontend record above."]}),"\n",(0,o.jsx)(n.h2,{id:"create-a-user-account",children:"Create a User Account"}),"\n",(0,o.jsxs)(n.p,{children:["With our ",(0,o.jsx)(n.code,{children:"ZROK_ADMIN_TOKEN"})," and ",(0,o.jsx)(n.code,{children:"ZROK_API_ENDPOINT"})," environment variables set, we can create our first user account."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok admin create account etc/ctrl.yml <email> <password>\n"})}),"\n",(0,o.jsx)(n.p,{children:"The output is the account token you will use to enable each device's zrok environment."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"SuGzRPjVDIcF\n"})}),"\n",(0,o.jsx)(n.h2,{id:"invite-additional-users",children:"Invite Additional Users"}),"\n",(0,o.jsxs)(n.p,{children:["Offer this onboarding method to your users if you have configured an email-sending service in your ",(0,o.jsx)(n.code,{children:"zrok"})," controller configuration."]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"$ zrok invite\nNew Email: user@domain.com\nConfirm Email: user@domain.com\ninvitation sent to 'user@domain.com'!\n"})}),"\n",(0,o.jsxs)(n.p,{children:["If you look at the console output from your ",(0,o.jsx)(n.code,{children:"zrok"})," controller, you'll see a message like this:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[ 238.168]    INFO zrok/controller.(*inviteHandler).Handle: account request for 'user@domain.com' has registration token 'U2Ewt1UCn3ql'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["You can access your ",(0,o.jsx)(n.code,{children:"zrok"})," controller's registration UI by pointing a web browser at:"]}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"http://localhost:18080/register/U2Ewt1UCn3ql\n"})}),"\n",(0,o.jsx)(n.p,{children:"The UI will ask you to set a password for your new account. Go ahead and do that."}),"\n",(0,o.jsx)(n.p,{children:"After doing that, I see the following output in my controller console:"}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{children:"[ 516.778]    INFO zrok/controller.(*registerHandler).Handle: created account 'user@domain.com' with token 'SuGzRPjVDIcF'\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Keep track of the token listed above (",(0,o.jsx)(n.code,{children:"SuGzRPjVDIcF"}),"). We'll use this to enable our shell for this ",(0,o.jsx)(n.code,{children:"zrok"})," deployment."]}),"\n",(0,o.jsx)(n.h2,{id:"enable-your-environment",children:"Enable Your Environment"}),"\n",(0,o.jsx)(n.p,{children:"On another device that can reach your Linux server by FQDN, configure the API endpoint and enable the environment with the account token you received when you created the first user account."}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"export ZROK_API_ENDPOINT=https://zrok.quigley.com\n# or\nzrok config set apiEndpoint https://zrok.quigley.com\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok enable SuGzRPjVDIcF\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"zrok environment '2AS1WZ3Sz' enabled for 'SuGzRPjVDIcF'\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-bash",children:"zrok status --secrets\n"})}),"\n",(0,o.jsx)(n.pre,{children:(0,o.jsx)(n.code,{className:"language-buttonless",metastring:'title="Example output"',children:"Config:\n\n  CONFIG       VALUE                      SOURCE\n  apiEndpoint  https://zrok.quigley.com   env\n\nEnvironment:\n\n  PROPERTY       VALUE\n  Secret Token   SuGzRPjVDIcF\n  Ziti Identity  2AS1WZ3Sz\n"})}),"\n",(0,o.jsxs)(n.p,{children:["Congratulations. You have a working ",(0,o.jsx)(n.code,{children:"zrok"})," environment!"]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,o.jsx)(n,{...e,children:(0,o.jsx)(a,{...e})}):a(e)}},1855:(e,n,r)=>{r.d(n,{Z:()=>o});const o=r.p+"assets/files/ctrl-06b900e22aab525ebec542dea6769d51.yml"},1151:(e,n,r)=>{r.d(n,{Z:()=>l,a:()=>s});var o=r(7294);const t={},i=o.createContext(t);function s(e){const n=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function l(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:s(e.components),o.createElement(i.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/ea84f538.298d3bea.js b/assets/js/ea84f538.aabd2b4e.js
similarity index 91%
rename from assets/js/ea84f538.298d3bea.js
rename to assets/js/ea84f538.aabd2b4e.js
index 04df35a0..f9e594f0 100644
--- a/assets/js/ea84f538.298d3bea.js
+++ b/assets/js/ea84f538.aabd2b4e.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[9944],{7105:e=>{e.exports=JSON.parse('{"version":{"pluginId":"default","version":"current","label":"Next","banner":null,"badge":false,"noIndex":false,"className":"docs-version-current","isLast":true,"docsSidebars":{"tutorialSidebar":[{"type":"link","label":"Getting Started","href":"/docs/getting-started","docId":"getting-started","unlisted":false},{"type":"category","label":"Concepts","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Private Shares","href":"/docs/concepts/sharing-private","docId":"concepts/sharing-private","unlisted":false},{"type":"link","label":"Public Shares","href":"/docs/concepts/sharing-public","docId":"concepts/sharing-public","unlisted":false},{"type":"link","label":"Reserved Shares","href":"/docs/concepts/sharing-reserved","docId":"concepts/sharing-reserved","unlisted":false},{"type":"link","label":"Sharing HTTP Servers","href":"/docs/concepts/http","docId":"concepts/http","unlisted":false},{"type":"link","label":"Sharing TCP and UDP Servers","href":"/docs/concepts/tunnels","docId":"concepts/tunnels","unlisted":false},{"type":"link","label":"Sharing Websites and Files","href":"/docs/concepts/files","docId":"concepts/files","unlisted":false},{"type":"link","label":"Open Source","href":"/docs/concepts/opensource","docId":"concepts/opensource","unlisted":false},{"type":"link","label":"Hosting","href":"/docs/concepts/hosting","docId":"concepts/hosting","unlisted":false}],"href":"/docs/concepts/"},{"type":"category","label":"Guides","collapsible":true,"collapsed":true,"items":[{"type":"category","label":"Install","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Linux","href":"/docs/guides/install/linux","docId":"guides/install/linux","unlisted":false},{"type":"link","label":"macOS","href":"/docs/guides/install/macos","docId":"guides/install/macos","unlisted":false},{"type":"link","label":"Windows","href":"/docs/guides/install/windows","docId":"guides/install/windows","unlisted":false}],"href":"/docs/guides/install/"},{"type":"link","label":"frontdoor","href":"/docs/guides/frontdoor","docId":"guides/frontdoor","unlisted":false},{"type":"link","label":"Permission Modes","href":"/docs/guides/permission-modes","docId":"guides/permission-modes","unlisted":false},{"type":"category","label":"Docker Share","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Public Share","href":"/docs/guides/docker-share/docker_public_share_guide","docId":"guides/docker-share/docker_public_share_guide","unlisted":false},{"type":"link","label":"Private Share","href":"/docs/guides/docker-share/docker_private_share_guide","docId":"guides/docker-share/docker_private_share_guide","unlisted":false}],"href":"/docs/guides/docker-share/"},{"type":"category","label":"Self Hosting","collapsible":true,"collapsed":true,"items":[{"type":"category","label":"Linux","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"NGINX TLS","href":"/docs/guides/self-hosting/linux/nginx","docId":"guides/self-hosting/linux/nginx","unlisted":false}],"href":"/docs/guides/self-hosting/linux/"},{"type":"link","label":"Docker","href":"/docs/guides/self-hosting/docker","docId":"guides/self-hosting/docker","unlisted":false},{"type":"category","label":"Metrics and Limits","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Configuring Metrics","href":"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics","docId":"guides/self-hosting/metrics-and-limits/configuring-metrics","unlisted":false},{"type":"link","label":"Configuring Limits","href":"/docs/guides/self-hosting/metrics-and-limits/configuring-limits","docId":"guides/self-hosting/metrics-and-limits/configuring-limits","unlisted":false}],"href":"/docs/category/metrics-and-limits"},{"type":"category","label":"OAuth","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"OAuth Public Frontend Configuration","href":"/docs/guides/self-hosting/oauth/configuring-oauth","docId":"guides/self-hosting/oauth/configuring-oauth","unlisted":false}],"href":"/docs/category/oauth"},{"type":"link","label":"Instance Config","href":"/docs/guides/self-hosting/instance-configuration","docId":"guides/self-hosting/instance-configuration","unlisted":false}],"href":"/docs/category/self-hosting"},{"type":"category","label":"drives","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"The Drives CLI","href":"/docs/guides/drives/cli","docId":"guides/drives/cli","unlisted":false}]},{"type":"link","label":"VPN","href":"/docs/guides/vpn/","docId":"guides/vpn/vpn","unlisted":false}],"href":"/docs/category/guides"}]},"docs":{"concepts/files":{"id":"concepts/files","title":"Sharing Websites and Files","description":"With zrok it is possible to share files quickly and easily as well. To share files using zrok use","sidebar":"tutorialSidebar"},"concepts/hosting":{"id":"concepts/hosting","title":"Hosting","description":"Self-Hosted","sidebar":"tutorialSidebar"},"concepts/http":{"id":"concepts/http","title":"Sharing HTTP Servers","description":"zrok can share HTTP and HTTPS resources natively. If you have an existing web server that you want to share with other users, you can use the zrok share command using the --backend-mode proxy flag.","sidebar":"tutorialSidebar"},"concepts/index":{"id":"concepts/index","title":"Concepts","description":"zrok was designed to make sharing local resources both secure and easy. In this section of the zrok documentation, we\'ll tour through all of the most important features.","sidebar":"tutorialSidebar"},"concepts/opensource":{"id":"concepts/opensource","title":"Open Source","description":"It\'s important to the zrok project that it remain free and open source software. The code is available on GitHub","sidebar":"tutorialSidebar"},"concepts/sharing-private":{"id":"concepts/sharing-private","title":"Private Shares","description":"zrok was built to share and access digital resources. A private share allows a resource to be","sidebar":"tutorialSidebar"},"concepts/sharing-public":{"id":"concepts/sharing-public","title":"Public Shares","description":"zrok supports public sharing for web-based (HTTP and HTTPS) resources. These resources are easily shared with the general internet through public access points.","sidebar":"tutorialSidebar"},"concepts/sharing-reserved":{"id":"concepts/sharing-reserved","title":"Reserved Shares","description":"By default a public or private share is assigned a share token when you create a share using the zrok share command. The zrok share command is the bridge between your local environment and the users you are sharing with. When you terminate the zrok share, the bridge is eliminated and the share token is deleted. If you run zrok share again, you will be allocated a brand new share token.","sidebar":"tutorialSidebar"},"concepts/tunnels":{"id":"concepts/tunnels","title":"Sharing TCP and UDP Servers","description":"zrok includes support for sharing low-level TCP and UDP network resources using the tcpTunnel and udpTunnel backend modes.","sidebar":"tutorialSidebar"},"getting-started":{"id":"getting-started","title":"Getting Started with zrok","description":"What\'s a zrok?","sidebar":"tutorialSidebar"},"guides/docker-share/docker_private_share_guide":{"id":"guides/docker-share/docker_private_share_guide","title":"Docker Private Share","description":"Goal","sidebar":"tutorialSidebar"},"guides/docker-share/docker_public_share_guide":{"id":"guides/docker-share/docker_public_share_guide","title":"Docker Compose Public Share","description":"Goal","sidebar":"tutorialSidebar"},"guides/docker-share/index":{"id":"guides/docker-share/index","title":"Getting Started with Docker","description":"Overview","sidebar":"tutorialSidebar"},"guides/drives/cli":{"id":"guides/drives/cli","title":"The Drives CLI","description":"The zrok drives CLI tools allow for simple, ergonomic management and synchronization of local and remote files.","sidebar":"tutorialSidebar"},"guides/frontdoor":{"id":"guides/frontdoor","title":"zrok frontdoor","description":"zrok frontdoor is the heavy-duty front door to your app or site. It makes your website or app available to your online audience through the shield of zrok.io\'s hardened, managed frontends.","sidebar":"tutorialSidebar"},"guides/install/index":{"id":"guides/install/index","title":"Install","description":"<DownloadCard","sidebar":"tutorialSidebar"},"guides/install/linux":{"id":"guides/install/linux","title":"Install zrok in Linux","description":"Linux Binary","sidebar":"tutorialSidebar"},"guides/install/macos":{"id":"guides/install/macos","title":"Install zrok in macOS","description":"Darwin Binary","sidebar":"tutorialSidebar"},"guides/install/windows":{"id":"guides/install/windows","title":"Install zrok in Windows","description":"Windows Binary","sidebar":"tutorialSidebar"},"guides/permission-modes":{"id":"guides/permission-modes","title":"Permission Modes","description":"Shares created in zrok v0.4.26 and newer now include a choice of permission mode.","sidebar":"tutorialSidebar"},"guides/self-hosting/docker":{"id":"guides/self-hosting/docker","title":"Self-hosting guide for Docker","description":"","sidebar":"tutorialSidebar"},"guides/self-hosting/instance-configuration":{"id":"guides/self-hosting/instance-configuration","title":"Use Another zrok Instance","description":"This guide is relevant if you are self-hosting or using a friend\'s zrok instance instead of using zrok-as-a-service from zrok.io.","sidebar":"tutorialSidebar"},"guides/self-hosting/linux/index":{"id":"guides/self-hosting/linux/index","title":"Self-Hosting Guide for Linux","description":"Walkthrough Video","sidebar":"tutorialSidebar"},"guides/self-hosting/linux/nginx":{"id":"guides/self-hosting/linux/nginx","title":"NGINX Reverse Proxy for zrok","description":"Walkthrough Video","sidebar":"tutorialSidebar"},"guides/self-hosting/metrics-and-limits/configuring-limits":{"id":"guides/self-hosting/metrics-and-limits/configuring-limits","title":"Configuring Limits","description":"If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration.","sidebar":"tutorialSidebar"},"guides/self-hosting/metrics-and-limits/configuring-metrics":{"id":"guides/self-hosting/metrics-and-limits/configuring-metrics","title":"Configuring Metrics","description":"A fully configured, production-scale zrok service instance looks like this:","sidebar":"tutorialSidebar"},"guides/self-hosting/oauth/configuring-oauth":{"id":"guides/self-hosting/oauth/configuring-oauth","title":"OAuth Public Frontend Configuration","description":"As of v0.4.7, zrok includes OAuth integration for both Google and GitHub for zrok access public public frontends.","sidebar":"tutorialSidebar"},"guides/vpn/vpn":{"id":"guides/vpn/vpn","title":"zrok VPN Guide","description":"zrok VPN backend allows for simple host-to-host VPN setup.","sidebar":"tutorialSidebar"}}}}')}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[9944],{7105:e=>{e.exports=JSON.parse('{"version":{"pluginId":"default","version":"current","label":"Next","banner":null,"badge":false,"noIndex":false,"className":"docs-version-current","isLast":true,"docsSidebars":{"tutorialSidebar":[{"type":"link","label":"Getting Started","href":"/docs/getting-started","docId":"getting-started","unlisted":false},{"type":"category","label":"Concepts","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Private Shares","href":"/docs/concepts/sharing-private","docId":"concepts/sharing-private","unlisted":false},{"type":"link","label":"Public Shares","href":"/docs/concepts/sharing-public","docId":"concepts/sharing-public","unlisted":false},{"type":"link","label":"Reserved Shares","href":"/docs/concepts/sharing-reserved","docId":"concepts/sharing-reserved","unlisted":false},{"type":"link","label":"Sharing HTTP Servers","href":"/docs/concepts/http","docId":"concepts/http","unlisted":false},{"type":"link","label":"Sharing TCP and UDP Servers","href":"/docs/concepts/tunnels","docId":"concepts/tunnels","unlisted":false},{"type":"link","label":"Sharing Websites and Files","href":"/docs/concepts/files","docId":"concepts/files","unlisted":false},{"type":"link","label":"Open Source","href":"/docs/concepts/opensource","docId":"concepts/opensource","unlisted":false},{"type":"link","label":"Hosting","href":"/docs/concepts/hosting","docId":"concepts/hosting","unlisted":false}],"href":"/docs/concepts/"},{"type":"category","label":"Guides","collapsible":true,"collapsed":true,"items":[{"type":"category","label":"Install","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Linux","href":"/docs/guides/install/linux","docId":"guides/install/linux","unlisted":false},{"type":"link","label":"macOS","href":"/docs/guides/install/macos","docId":"guides/install/macos","unlisted":false},{"type":"link","label":"Windows","href":"/docs/guides/install/windows","docId":"guides/install/windows","unlisted":false}],"href":"/docs/guides/install/"},{"type":"link","label":"frontdoor","href":"/docs/guides/frontdoor","docId":"guides/frontdoor","unlisted":false},{"type":"link","label":"Permission Modes","href":"/docs/guides/permission-modes","docId":"guides/permission-modes","unlisted":false},{"type":"category","label":"Docker Share","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Public Share","href":"/docs/guides/docker-share/docker_public_share_guide","docId":"guides/docker-share/docker_public_share_guide","unlisted":false},{"type":"link","label":"Private Share","href":"/docs/guides/docker-share/docker_private_share_guide","docId":"guides/docker-share/docker_private_share_guide","unlisted":false}],"href":"/docs/guides/docker-share/"},{"type":"category","label":"Self Hosting","collapsible":true,"collapsed":true,"items":[{"type":"category","label":"Linux","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"NGINX TLS","href":"/docs/guides/self-hosting/linux/nginx","docId":"guides/self-hosting/linux/nginx","unlisted":false}],"href":"/docs/guides/self-hosting/linux/"},{"type":"link","label":"Docker","href":"/docs/guides/self-hosting/docker","docId":"guides/self-hosting/docker","unlisted":false},{"type":"category","label":"Metrics and Limits","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"Configuring Metrics","href":"/docs/guides/self-hosting/metrics-and-limits/configuring-metrics","docId":"guides/self-hosting/metrics-and-limits/configuring-metrics","unlisted":false},{"type":"link","label":"Configuring Limits","href":"/docs/guides/self-hosting/metrics-and-limits/configuring-limits","docId":"guides/self-hosting/metrics-and-limits/configuring-limits","unlisted":false}],"href":"/docs/category/metrics-and-limits"},{"type":"category","label":"OAuth","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"OAuth Public Frontend Configuration","href":"/docs/guides/self-hosting/oauth/configuring-oauth","docId":"guides/self-hosting/oauth/configuring-oauth","unlisted":false}],"href":"/docs/category/oauth"},{"type":"link","label":"Instance Config","href":"/docs/guides/self-hosting/instance-configuration","docId":"guides/self-hosting/instance-configuration","unlisted":false}],"href":"/docs/category/self-hosting"},{"type":"category","label":"drives","collapsible":true,"collapsed":true,"items":[{"type":"link","label":"The Drives CLI","href":"/docs/guides/drives/cli","docId":"guides/drives/cli","unlisted":false}]},{"type":"link","label":"VPN","href":"/docs/guides/vpn/","docId":"guides/vpn/vpn","unlisted":false}],"href":"/docs/category/guides"}]},"docs":{"concepts/files":{"id":"concepts/files","title":"Sharing Websites and Files","description":"With zrok it is possible to share files quickly and easily as well. To share files using zrok use","sidebar":"tutorialSidebar"},"concepts/hosting":{"id":"concepts/hosting","title":"Hosting","description":"Self-Hosted","sidebar":"tutorialSidebar"},"concepts/http":{"id":"concepts/http","title":"Sharing HTTP Servers","description":"zrok can share HTTP and HTTPS resources natively. If you have an existing web server that you want to share with other users, you can use the zrok share command using the --backend-mode proxy flag.","sidebar":"tutorialSidebar"},"concepts/index":{"id":"concepts/index","title":"Concepts","description":"zrok was designed to make sharing local resources both secure and easy. In this section of the zrok documentation, we\'ll tour through all of the most important features.","sidebar":"tutorialSidebar"},"concepts/opensource":{"id":"concepts/opensource","title":"Open Source","description":"It\'s important to the zrok project that it remain free and open source software. The code is available on GitHub","sidebar":"tutorialSidebar"},"concepts/sharing-private":{"id":"concepts/sharing-private","title":"Private Shares","description":"zrok was built to share and access digital resources. A private share allows a resource to be","sidebar":"tutorialSidebar"},"concepts/sharing-public":{"id":"concepts/sharing-public","title":"Public Shares","description":"zrok supports public sharing for web-based (HTTP and HTTPS) resources. These resources are easily shared with the general internet through public access points.","sidebar":"tutorialSidebar"},"concepts/sharing-reserved":{"id":"concepts/sharing-reserved","title":"Reserved Shares","description":"By default a public or private share is assigned a share token when you create a share using the zrok share command. The zrok share command is the bridge between your local environment and the users you are sharing with. When you terminate the zrok share, the bridge is eliminated and the share token is deleted. If you run zrok share again, you will be allocated a brand new share token.","sidebar":"tutorialSidebar"},"concepts/tunnels":{"id":"concepts/tunnels","title":"Sharing TCP and UDP Servers","description":"zrok includes support for sharing low-level TCP and UDP network resources using the tcpTunnel and udpTunnel backend modes.","sidebar":"tutorialSidebar"},"getting-started":{"id":"getting-started","title":"Getting Started with zrok","description":"What\'s a zrok?","sidebar":"tutorialSidebar"},"guides/docker-share/docker_private_share_guide":{"id":"guides/docker-share/docker_private_share_guide","title":"Docker Private Share","description":"Goal","sidebar":"tutorialSidebar"},"guides/docker-share/docker_public_share_guide":{"id":"guides/docker-share/docker_public_share_guide","title":"Docker Compose Public Share","description":"Goal","sidebar":"tutorialSidebar"},"guides/docker-share/index":{"id":"guides/docker-share/index","title":"Getting Started with Docker","description":"Overview","sidebar":"tutorialSidebar"},"guides/drives/cli":{"id":"guides/drives/cli","title":"The Drives CLI","description":"The zrok drives CLI tools allow for simple, ergonomic management and synchronization of local and remote files.","sidebar":"tutorialSidebar"},"guides/frontdoor":{"id":"guides/frontdoor","title":"zrok frontdoor","description":"zrok frontdoor is the heavy-duty front door to your app or site. It makes your website or app available to your online audience through the shield of zrok.io\'s hardened, managed frontends.","sidebar":"tutorialSidebar"},"guides/install/index":{"id":"guides/install/index","title":"Install","description":"<DownloadCard","sidebar":"tutorialSidebar"},"guides/install/linux":{"id":"guides/install/linux","title":"Install zrok in Linux","description":"Linux Binary","sidebar":"tutorialSidebar"},"guides/install/macos":{"id":"guides/install/macos","title":"Install zrok in macOS","description":"Darwin Binary","sidebar":"tutorialSidebar"},"guides/install/windows":{"id":"guides/install/windows","title":"Install zrok in Windows","description":"Windows Binary","sidebar":"tutorialSidebar"},"guides/permission-modes":{"id":"guides/permission-modes","title":"Permission Modes","description":"Shares created in zrok v0.4.26 and newer now include a choice of permission mode.","sidebar":"tutorialSidebar"},"guides/self-hosting/docker":{"id":"guides/self-hosting/docker","title":"Self-hosting guide for Docker","description":"","sidebar":"tutorialSidebar"},"guides/self-hosting/instance-configuration":{"id":"guides/self-hosting/instance-configuration","title":"Use Another zrok Instance","description":"This guide is relevant if you are self-hosting or using a friend\'s zrok instance instead of using zrok-as-a-service from zrok.io.","sidebar":"tutorialSidebar"},"guides/self-hosting/linux/index":{"id":"guides/self-hosting/linux/index","title":"Self-Hosting Guide for Linux","description":"Walkthrough Video","sidebar":"tutorialSidebar"},"guides/self-hosting/linux/nginx":{"id":"guides/self-hosting/linux/nginx","title":"NGINX Reverse Proxy for zrok","description":"Walkthrough Video","sidebar":"tutorialSidebar"},"guides/self-hosting/metrics-and-limits/configuring-limits":{"id":"guides/self-hosting/metrics-and-limits/configuring-limits","title":"Configuring Limits","description":"This guide is current as of zrok version v0.4.31.","sidebar":"tutorialSidebar"},"guides/self-hosting/metrics-and-limits/configuring-metrics":{"id":"guides/self-hosting/metrics-and-limits/configuring-metrics","title":"Configuring Metrics","description":"A fully configured, production-scale zrok service instance looks like this:","sidebar":"tutorialSidebar"},"guides/self-hosting/oauth/configuring-oauth":{"id":"guides/self-hosting/oauth/configuring-oauth","title":"OAuth Public Frontend Configuration","description":"As of v0.4.7, zrok includes OAuth integration for both Google and GitHub for zrok access public public frontends.","sidebar":"tutorialSidebar"},"guides/vpn/vpn":{"id":"guides/vpn/vpn","title":"zrok VPN Guide","description":"zrok VPN backend allows for simple host-to-host VPN setup.","sidebar":"tutorialSidebar"}}}}')}}]);
\ No newline at end of file
diff --git a/assets/js/runtime~main.c87a4c9b.js b/assets/js/runtime~main.cdb003c0.js
similarity index 51%
rename from assets/js/runtime~main.c87a4c9b.js
rename to assets/js/runtime~main.cdb003c0.js
index aec59530..044388cd 100644
--- a/assets/js/runtime~main.c87a4c9b.js
+++ b/assets/js/runtime~main.cdb003c0.js
@@ -1 +1 @@
-(()=>{"use strict";var e,a,t,r,d,b={},c={};function f(e){var a=c[e];if(void 0!==a)return a.exports;var t=c[e]={id:e,loaded:!1,exports:{}};return b[e].call(t.exports,t,t.exports,f),t.loaded=!0,t.exports}f.m=b,f.c=c,f.amdO={},e=[],f.O=(a,t,r,d)=>{if(!t){var b=1/0;for(i=0;i<e.length;i++){t=e[i][0],r=e[i][1],d=e[i][2];for(var c=!0,o=0;o<t.length;o++)(!1&d||b>=d)&&Object.keys(f.O).every((e=>f.O[e](t[o])))?t.splice(o--,1):(c=!1,d<b&&(b=d));if(c){e.splice(i--,1);var n=r();void 0!==n&&(a=n)}}return a}d=d||0;for(var i=e.length;i>0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[t,r,d]},f.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return f.d(a,{a:a}),a},t=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,f.t=function(e,r){if(1&r&&(e=this(e)),8&r)return e;if("object"==typeof e&&e){if(4&r&&e.__esModule)return e;if(16&r&&"function"==typeof e.then)return e}var d=Object.create(null);f.r(d);var b={};a=a||[null,t({}),t([]),t(t)];for(var c=2&r&&e;"object"==typeof c&&!~a.indexOf(c);c=t(c))Object.getOwnPropertyNames(c).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,f.d(d,b),d},f.d=(e,a)=>{for(var t in a)f.o(a,t)&&!f.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:a[t]})},f.f={},f.e=e=>Promise.all(Object.keys(f.f).reduce(((a,t)=>(f.f[t](e,a),a)),[])),f.u=e=>"assets/js/"+({58:"0c66edb9",826:"47881d5c",960:"b186d866",1004:"c141421f",1360:"34e1d3b9",1387:"4555b262",1889:"339d500a",2108:"288b1075",2732:"c015c796",2914:"618abc13",2992:"f2348458",3182:"6e881e32",3629:"aba21aa0",4031:"ef8afbfd",4195:"c4f5d8e4",4196:"bbbe662c",4368:"a94703ab",4778:"e1dfe4fe",4838:"75b20590",4900:"600b2345",5327:"c304be44",5882:"d768dc0f",5889:"cda0d2e5",5893:"2da89d45",5980:"a7456010",6062:"88b6e020",6913:"b6569025",7076:"2e812224",7142:"1ba5bc99",7176:"6272ba0e",7918:"17896441",7920:"1a4e3797",8156:"21880a4d",8198:"50ef9c44",8518:"a7bd4aaa",8905:"07d0b302",8938:"f888b719",8945:"bc747cac",8993:"5cd0a723",9661:"5e95c892",9714:"d9f29b48",9817:"14eb3368",9944:"ea84f538"}[e]||e)+"."+{58:"025d65ff",174:"691dcdd4",826:"ae1dcb33",960:"64871ffa",1004:"3e38baa4",1272:"43cc57fb",1360:"01c3d2bc",1387:"9af6f458",1426:"726339ca",1772:"2df7b54f",1889:"039a1491",2108:"a9435f23",2312:"2f123ece",2732:"c04c1507",2914:"60953b95",2992:"19be6454",3182:"e03d93bb",3629:"b0420849",4031:"addfcac8",4195:"ef51316b",4196:"b1bdc9a0",4368:"21ee911e",4778:"ecb8805e",4838:"3455a494",4900:"9d8edfd8",5327:"4a777c27",5882:"9162b0b5",5889:"236e5d28",5893:"49a97a4b",5980:"37bc4934",6062:"fa69d636",6913:"e0ac939e",6945:"8e8e2060",7076:"5284992e",7142:"37030d6d",7176:"35172d6c",7918:"48128ac6",7920:"56015c27",8156:"ffe0573f",8198:"5df32fc9",8518:"45274bc2",8894:"46125374",8905:"2f581655",8938:"b3481d16",8945:"975267a6",8993:"e3585e3a",9661:"d1615a49",9714:"6d24467b",9817:"038d23ea",9944:"298d3bea"}[e]+".js",f.miniCssF=e=>{},f.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),f.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),r={},d="website:",f.l=(e,a,t,b)=>{if(r[e])r[e].push(a);else{var c,o;if(void 0!==t)for(var n=document.getElementsByTagName("script"),i=0;i<n.length;i++){var u=n[i];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==d+t){c=u;break}}c||(o=!0,(c=document.createElement("script")).charset="utf-8",c.timeout=120,f.nc&&c.setAttribute("nonce",f.nc),c.setAttribute("data-webpack",d+t),c.src=e),r[e]=[a];var l=(a,t)=>{c.onerror=c.onload=null,clearTimeout(s);var d=r[e];if(delete r[e],c.parentNode&&c.parentNode.removeChild(c),d&&d.forEach((e=>e(t))),a)return a(t)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:c}),12e4);c.onerror=l.bind(null,c.onerror),c.onload=l.bind(null,c.onload),o&&document.head.appendChild(c)}},f.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.p="/",f.gca=function(e){return e={17896441:"7918","0c66edb9":"58","47881d5c":"826",b186d866:"960",c141421f:"1004","34e1d3b9":"1360","4555b262":"1387","339d500a":"1889","288b1075":"2108",c015c796:"2732","618abc13":"2914",f2348458:"2992","6e881e32":"3182",aba21aa0:"3629",ef8afbfd:"4031",c4f5d8e4:"4195",bbbe662c:"4196",a94703ab:"4368",e1dfe4fe:"4778","75b20590":"4838","600b2345":"4900",c304be44:"5327",d768dc0f:"5882",cda0d2e5:"5889","2da89d45":"5893",a7456010:"5980","88b6e020":"6062",b6569025:"6913","2e812224":"7076","1ba5bc99":"7142","6272ba0e":"7176","1a4e3797":"7920","21880a4d":"8156","50ef9c44":"8198",a7bd4aaa:"8518","07d0b302":"8905",f888b719:"8938",bc747cac:"8945","5cd0a723":"8993","5e95c892":"9661",d9f29b48:"9714","14eb3368":"9817",ea84f538:"9944"}[e]||e,f.p+f.u(e)},(()=>{var e={1303:0,532:0};f.f.j=(a,t)=>{var r=f.o(e,a)?e[a]:void 0;if(0!==r)if(r)t.push(r[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((t,d)=>r=e[a]=[t,d]));t.push(r[2]=d);var b=f.p+f.u(a),c=new Error;f.l(b,(t=>{if(f.o(e,a)&&(0!==(r=e[a])&&(e[a]=void 0),r)){var d=t&&("load"===t.type?"missing":t.type),b=t&&t.target&&t.target.src;c.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",c.name="ChunkLoadError",c.type=d,c.request=b,r[1](c)}}),"chunk-"+a,a)}},f.O.j=a=>0===e[a];var a=(a,t)=>{var r,d,b=t[0],c=t[1],o=t[2],n=0;if(b.some((a=>0!==e[a]))){for(r in c)f.o(c,r)&&(f.m[r]=c[r]);if(o)var i=o(f)}for(a&&a(t);n<b.length;n++)d=b[n],f.o(e,d)&&e[d]&&e[d][0](),e[d]=0;return f.O(i)},t=self.webpackChunkwebsite=self.webpackChunkwebsite||[];t.forEach(a.bind(null,0)),t.push=a.bind(null,t.push.bind(t))})()})();
\ No newline at end of file
+(()=>{"use strict";var e,a,t,r,d,b={},f={};function c(e){var a=f[e];if(void 0!==a)return a.exports;var t=f[e]={id:e,loaded:!1,exports:{}};return b[e].call(t.exports,t,t.exports,c),t.loaded=!0,t.exports}c.m=b,c.c=f,c.amdO={},e=[],c.O=(a,t,r,d)=>{if(!t){var b=1/0;for(i=0;i<e.length;i++){t=e[i][0],r=e[i][1],d=e[i][2];for(var f=!0,o=0;o<t.length;o++)(!1&d||b>=d)&&Object.keys(c.O).every((e=>c.O[e](t[o])))?t.splice(o--,1):(f=!1,d<b&&(b=d));if(f){e.splice(i--,1);var n=r();void 0!==n&&(a=n)}}return a}d=d||0;for(var i=e.length;i>0&&e[i-1][2]>d;i--)e[i]=e[i-1];e[i]=[t,r,d]},c.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return c.d(a,{a:a}),a},t=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,c.t=function(e,r){if(1&r&&(e=this(e)),8&r)return e;if("object"==typeof e&&e){if(4&r&&e.__esModule)return e;if(16&r&&"function"==typeof e.then)return e}var d=Object.create(null);c.r(d);var b={};a=a||[null,t({}),t([]),t(t)];for(var f=2&r&&e;"object"==typeof f&&!~a.indexOf(f);f=t(f))Object.getOwnPropertyNames(f).forEach((a=>b[a]=()=>e[a]));return b.default=()=>e,c.d(d,b),d},c.d=(e,a)=>{for(var t in a)c.o(a,t)&&!c.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:a[t]})},c.f={},c.e=e=>Promise.all(Object.keys(c.f).reduce(((a,t)=>(c.f[t](e,a),a)),[])),c.u=e=>"assets/js/"+({58:"0c66edb9",826:"47881d5c",960:"b186d866",1004:"c141421f",1360:"34e1d3b9",1387:"4555b262",1889:"339d500a",2108:"288b1075",2732:"c015c796",2914:"618abc13",2992:"f2348458",3182:"6e881e32",3629:"aba21aa0",4031:"ef8afbfd",4195:"c4f5d8e4",4196:"bbbe662c",4368:"a94703ab",4778:"e1dfe4fe",4838:"75b20590",4900:"600b2345",5327:"c304be44",5882:"d768dc0f",5889:"cda0d2e5",5893:"2da89d45",5980:"a7456010",6062:"88b6e020",6913:"b6569025",7076:"2e812224",7142:"1ba5bc99",7176:"6272ba0e",7918:"17896441",7920:"1a4e3797",8156:"21880a4d",8198:"50ef9c44",8518:"a7bd4aaa",8905:"07d0b302",8938:"f888b719",8945:"bc747cac",8993:"5cd0a723",9661:"5e95c892",9714:"d9f29b48",9817:"14eb3368",9944:"ea84f538"}[e]||e)+"."+{58:"025d65ff",174:"691dcdd4",826:"ae1dcb33",960:"64871ffa",1004:"3e38baa4",1272:"43cc57fb",1360:"01c3d2bc",1387:"9af6f458",1426:"726339ca",1772:"2df7b54f",1889:"039a1491",2108:"a9435f23",2312:"2f123ece",2732:"c04c1507",2914:"60953b95",2992:"19be6454",3182:"e03d93bb",3629:"b0420849",4031:"addfcac8",4195:"ef51316b",4196:"b1bdc9a0",4368:"21ee911e",4778:"ecb8805e",4838:"3455a494",4900:"b5dbe8be",5327:"4a777c27",5882:"d9dde1b6",5889:"236e5d28",5893:"49a97a4b",5980:"37bc4934",6062:"fa69d636",6913:"e0ac939e",6945:"8e8e2060",7076:"5284992e",7142:"37030d6d",7176:"35172d6c",7918:"48128ac6",7920:"56015c27",8156:"ffe0573f",8198:"5df32fc9",8518:"45274bc2",8894:"46125374",8905:"2f581655",8938:"b3481d16",8945:"975267a6",8993:"e3585e3a",9661:"d1615a49",9714:"6d24467b",9817:"038d23ea",9944:"aabd2b4e"}[e]+".js",c.miniCssF=e=>{},c.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),c.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),r={},d="website:",c.l=(e,a,t,b)=>{if(r[e])r[e].push(a);else{var f,o;if(void 0!==t)for(var n=document.getElementsByTagName("script"),i=0;i<n.length;i++){var u=n[i];if(u.getAttribute("src")==e||u.getAttribute("data-webpack")==d+t){f=u;break}}f||(o=!0,(f=document.createElement("script")).charset="utf-8",f.timeout=120,c.nc&&f.setAttribute("nonce",c.nc),f.setAttribute("data-webpack",d+t),f.src=e),r[e]=[a];var l=(a,t)=>{f.onerror=f.onload=null,clearTimeout(s);var d=r[e];if(delete r[e],f.parentNode&&f.parentNode.removeChild(f),d&&d.forEach((e=>e(t))),a)return a(t)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:f}),12e4);f.onerror=l.bind(null,f.onerror),f.onload=l.bind(null,f.onload),o&&document.head.appendChild(f)}},c.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},c.p="/",c.gca=function(e){return e={17896441:"7918","0c66edb9":"58","47881d5c":"826",b186d866:"960",c141421f:"1004","34e1d3b9":"1360","4555b262":"1387","339d500a":"1889","288b1075":"2108",c015c796:"2732","618abc13":"2914",f2348458:"2992","6e881e32":"3182",aba21aa0:"3629",ef8afbfd:"4031",c4f5d8e4:"4195",bbbe662c:"4196",a94703ab:"4368",e1dfe4fe:"4778","75b20590":"4838","600b2345":"4900",c304be44:"5327",d768dc0f:"5882",cda0d2e5:"5889","2da89d45":"5893",a7456010:"5980","88b6e020":"6062",b6569025:"6913","2e812224":"7076","1ba5bc99":"7142","6272ba0e":"7176","1a4e3797":"7920","21880a4d":"8156","50ef9c44":"8198",a7bd4aaa:"8518","07d0b302":"8905",f888b719:"8938",bc747cac:"8945","5cd0a723":"8993","5e95c892":"9661",d9f29b48:"9714","14eb3368":"9817",ea84f538:"9944"}[e]||e,c.p+c.u(e)},(()=>{var e={1303:0,532:0};c.f.j=(a,t)=>{var r=c.o(e,a)?e[a]:void 0;if(0!==r)if(r)t.push(r[2]);else if(/^(1303|532)$/.test(a))e[a]=0;else{var d=new Promise(((t,d)=>r=e[a]=[t,d]));t.push(r[2]=d);var b=c.p+c.u(a),f=new Error;c.l(b,(t=>{if(c.o(e,a)&&(0!==(r=e[a])&&(e[a]=void 0),r)){var d=t&&("load"===t.type?"missing":t.type),b=t&&t.target&&t.target.src;f.message="Loading chunk "+a+" failed.\n("+d+": "+b+")",f.name="ChunkLoadError",f.type=d,f.request=b,r[1](f)}}),"chunk-"+a,a)}},c.O.j=a=>0===e[a];var a=(a,t)=>{var r,d,b=t[0],f=t[1],o=t[2],n=0;if(b.some((a=>0!==e[a]))){for(r in f)c.o(f,r)&&(c.m[r]=f[r]);if(o)var i=o(c)}for(a&&a(t);n<b.length;n++)d=b[n],c.o(e,d)&&e[d]&&e[d][0](),e[d]=0;return c.O(i)},t=self.webpackChunkwebsite=self.webpackChunkwebsite||[];t.forEach(a.bind(null,0)),t.push=a.bind(null,t.push.bind(t))})()})();
\ No newline at end of file
diff --git a/docs/category/guides/index.html b/docs/category/guides/index.html
index 56808e2a..efc74af8 100644
--- a/docs/category/guides/index.html
+++ b/docs/category/guides/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/category/metrics-and-limits/index.html b/docs/category/metrics-and-limits/index.html
index 54400d0a..9f4a9f80 100644
--- a/docs/category/metrics-and-limits/index.html
+++ b/docs/category/metrics-and-limits/index.html
@@ -9,12 +9,12 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
 <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MDFLZPK8" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
 
-<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return localStorage.getItem("theme")}catch(t){}}();t(null!==e?e:"dark")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">zrok</b></a></div><div class="navbar__items navbar__items--right"><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/getting-started/">Docs</a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Roadmap<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently dark mode)" aria-label="Switch between dark and light mode (currently dark mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/concepts/">Concepts</a><button aria-label="Expand sidebar category &#x27;Concepts&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/docs/category/guides/">Guides</a><button aria-label="Collapse sidebar category &#x27;Guides&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/install/">Install</a><button aria-label="Expand sidebar category &#x27;Install&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/frontdoor/">frontdoor</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/permission-modes/">Permission Modes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/docker-share/">Docker Share</a><button aria-label="Expand sidebar category &#x27;Docker Share&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/category/self-hosting/">Self Hosting</a><button aria-label="Collapse sidebar category &#x27;Self Hosting&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/self-hosting/linux/">Linux</a><button aria-label="Expand sidebar category &#x27;Linux&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/docker/">Docker</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible menu__list-item-collapsible--active"><a class="menu__link menu__link--sublist menu__link--active" aria-current="page" tabindex="0" href="/docs/category/metrics-and-limits/">Metrics and Limits</a><button aria-label="Collapse sidebar category &#x27;Metrics and Limits&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">Configuring Metrics</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/">Configuring Limits</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/category/oauth/">OAuth</a><button aria-label="Expand sidebar category &#x27;OAuth&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/instance-configuration/">Instance Config</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" tabindex="0" href="/docs/guides/drives/cli/">drives</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/vpn/">VPN</a></li></ul></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="generatedIndexPage_vN6x"><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/guides/"><span itemprop="name">Guides</span></a><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/self-hosting/"><span itemprop="name">Self Hosting</span></a><meta itemprop="position" content="2"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Metrics and Limits</span><meta itemprop="position" content="3"></li></ul></nav><header><h1 class="title_kItE">Metrics and Limits</h1></header><article class="margin-top--lg"><section class="row list_eTzJ"><article class="col col--6 margin-bottom--lg"><a class="card padding--lg cardContainer_fWXF" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><h2 class="text--truncate cardTitle_rnsV" title="Configuring Metrics">📄️<!-- --> <!-- -->Configuring Metrics</h2><p class="text--truncate cardDescription_PWke" title="A fully configured, production-scale zrok service instance looks like this:">A fully configured, production-scale zrok service instance looks like this:</p></a></article><article class="col col--6 margin-bottom--lg"><a class="card padding--lg cardContainer_fWXF" href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><h2 class="text--truncate cardTitle_rnsV" title="Configuring Limits">📄️<!-- --> <!-- -->Configuring Limits</h2><p class="text--truncate cardDescription_PWke" title="If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration.">If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration.</p></a></article></section></article><footer class="margin-top--lg"><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/guides/self-hosting/docker/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Docker</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Configuring Metrics</div></a></nav></footer></div></div></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
+<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return localStorage.getItem("theme")}catch(t){}}();t(null!==e?e:"dark")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">zrok</b></a></div><div class="navbar__items navbar__items--right"><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/getting-started/">Docs</a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Roadmap<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently dark mode)" aria-label="Switch between dark and light mode (currently dark mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/concepts/">Concepts</a><button aria-label="Expand sidebar category &#x27;Concepts&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/docs/category/guides/">Guides</a><button aria-label="Collapse sidebar category &#x27;Guides&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/install/">Install</a><button aria-label="Expand sidebar category &#x27;Install&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/frontdoor/">frontdoor</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/permission-modes/">Permission Modes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/docker-share/">Docker Share</a><button aria-label="Expand sidebar category &#x27;Docker Share&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/category/self-hosting/">Self Hosting</a><button aria-label="Collapse sidebar category &#x27;Self Hosting&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/self-hosting/linux/">Linux</a><button aria-label="Expand sidebar category &#x27;Linux&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/docker/">Docker</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible menu__list-item-collapsible--active"><a class="menu__link menu__link--sublist menu__link--active" aria-current="page" tabindex="0" href="/docs/category/metrics-and-limits/">Metrics and Limits</a><button aria-label="Collapse sidebar category &#x27;Metrics and Limits&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">Configuring Metrics</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/">Configuring Limits</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/category/oauth/">OAuth</a><button aria-label="Expand sidebar category &#x27;OAuth&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/instance-configuration/">Instance Config</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" tabindex="0" href="/docs/guides/drives/cli/">drives</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/vpn/">VPN</a></li></ul></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="generatedIndexPage_vN6x"><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/guides/"><span itemprop="name">Guides</span></a><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/self-hosting/"><span itemprop="name">Self Hosting</span></a><meta itemprop="position" content="2"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Metrics and Limits</span><meta itemprop="position" content="3"></li></ul></nav><header><h1 class="title_kItE">Metrics and Limits</h1></header><article class="margin-top--lg"><section class="row list_eTzJ"><article class="col col--6 margin-bottom--lg"><a class="card padding--lg cardContainer_fWXF" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><h2 class="text--truncate cardTitle_rnsV" title="Configuring Metrics">📄️<!-- --> <!-- -->Configuring Metrics</h2><p class="text--truncate cardDescription_PWke" title="A fully configured, production-scale zrok service instance looks like this:">A fully configured, production-scale zrok service instance looks like this:</p></a></article><article class="col col--6 margin-bottom--lg"><a class="card padding--lg cardContainer_fWXF" href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><h2 class="text--truncate cardTitle_rnsV" title="Configuring Limits">📄️<!-- --> <!-- -->Configuring Limits</h2><p class="text--truncate cardDescription_PWke" title="This guide is current as of zrok version v0.4.31.">This guide is current as of zrok version v0.4.31.</p></a></article></section></article><footer class="margin-top--lg"><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/guides/self-hosting/docker/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Docker</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Configuring Metrics</div></a></nav></footer></div></div></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/category/oauth/index.html b/docs/category/oauth/index.html
index 175b2614..e22fd3a3 100644
--- a/docs/category/oauth/index.html
+++ b/docs/category/oauth/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/category/self-hosting/index.html b/docs/category/self-hosting/index.html
index fa64eb1a..3fc13f33 100644
--- a/docs/category/self-hosting/index.html
+++ b/docs/category/self-hosting/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/files/index.html b/docs/concepts/files/index.html
index 5e2cdf34..a602aee4 100644
--- a/docs/concepts/files/index.html
+++ b/docs/concepts/files/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/hosting/index.html b/docs/concepts/hosting/index.html
index a110db79..4ae84f5f 100644
--- a/docs/concepts/hosting/index.html
+++ b/docs/concepts/hosting/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/http/index.html b/docs/concepts/http/index.html
index c3e39ac2..e3fce783 100644
--- a/docs/concepts/http/index.html
+++ b/docs/concepts/http/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/index.html b/docs/concepts/index.html
index db79a3bc..f1deba05 100644
--- a/docs/concepts/index.html
+++ b/docs/concepts/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/opensource/index.html b/docs/concepts/opensource/index.html
index 6ecbf3f3..a7e01410 100644
--- a/docs/concepts/opensource/index.html
+++ b/docs/concepts/opensource/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/sharing-private/index.html b/docs/concepts/sharing-private/index.html
index 7bd0a7eb..72158958 100644
--- a/docs/concepts/sharing-private/index.html
+++ b/docs/concepts/sharing-private/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/sharing-public/index.html b/docs/concepts/sharing-public/index.html
index f5f9207b..47d7fa05 100644
--- a/docs/concepts/sharing-public/index.html
+++ b/docs/concepts/sharing-public/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/sharing-reserved/index.html b/docs/concepts/sharing-reserved/index.html
index 5c40e766..9a965f13 100644
--- a/docs/concepts/sharing-reserved/index.html
+++ b/docs/concepts/sharing-reserved/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/concepts/tunnels/index.html b/docs/concepts/tunnels/index.html
index 154c730d..298a6e5f 100644
--- a/docs/concepts/tunnels/index.html
+++ b/docs/concepts/tunnels/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/getting-started/index.html b/docs/getting-started/index.html
index 5510aeab..c604809b 100644
--- a/docs/getting-started/index.html
+++ b/docs/getting-started/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/docker-share/docker_private_share_guide/index.html b/docs/guides/docker-share/docker_private_share_guide/index.html
index 51e2d241..21c25601 100644
--- a/docs/guides/docker-share/docker_private_share_guide/index.html
+++ b/docs/guides/docker-share/docker_private_share_guide/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/docker-share/docker_public_share_guide/index.html b/docs/guides/docker-share/docker_public_share_guide/index.html
index 0c354f3c..7888dbe8 100644
--- a/docs/guides/docker-share/docker_public_share_guide/index.html
+++ b/docs/guides/docker-share/docker_public_share_guide/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/docker-share/index.html b/docs/guides/docker-share/index.html
index 068dc547..633f8d56 100644
--- a/docs/guides/docker-share/index.html
+++ b/docs/guides/docker-share/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/drives/cli/index.html b/docs/guides/drives/cli/index.html
index 855ae6a7..749a2543 100644
--- a/docs/guides/drives/cli/index.html
+++ b/docs/guides/drives/cli/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/frontdoor/index.html b/docs/guides/frontdoor/index.html
index 862ca9a0..af8e19d1 100644
--- a/docs/guides/frontdoor/index.html
+++ b/docs/guides/frontdoor/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/install/index.html b/docs/guides/install/index.html
index f1da0c8b..99a2ab23 100644
--- a/docs/guides/install/index.html
+++ b/docs/guides/install/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/install/linux/index.html b/docs/guides/install/linux/index.html
index 6d0fd981..97a4d049 100644
--- a/docs/guides/install/linux/index.html
+++ b/docs/guides/install/linux/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/install/macos/index.html b/docs/guides/install/macos/index.html
index 9f9cb3cc..922a9d69 100644
--- a/docs/guides/install/macos/index.html
+++ b/docs/guides/install/macos/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/install/windows/index.html b/docs/guides/install/windows/index.html
index 4f283cad..aa603ae9 100644
--- a/docs/guides/install/windows/index.html
+++ b/docs/guides/install/windows/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/permission-modes/index.html b/docs/guides/permission-modes/index.html
index 68f6d89f..7c5a8b38 100644
--- a/docs/guides/permission-modes/index.html
+++ b/docs/guides/permission-modes/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/self-hosting/docker/index.html b/docs/guides/self-hosting/docker/index.html
index 2b46e003..147ae27f 100644
--- a/docs/guides/self-hosting/docker/index.html
+++ b/docs/guides/self-hosting/docker/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/self-hosting/instance-configuration/index.html b/docs/guides/self-hosting/instance-configuration/index.html
index 76a703a1..f3aba0ab 100644
--- a/docs/guides/self-hosting/instance-configuration/index.html
+++ b/docs/guides/self-hosting/instance-configuration/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/self-hosting/linux/index.html b/docs/guides/self-hosting/linux/index.html
index cc780418..d8fbac39 100644
--- a/docs/guides/self-hosting/linux/index.html
+++ b/docs/guides/self-hosting/linux/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
@@ -74,7 +74,7 @@
 <p>The <code>endpoint</code> section defines where your <code>zrok</code> controller will listen.</p>
 <p>The <code>store</code> section defines the local <code>sqlite3</code> database used by the controller.</p>
 <p>The <code>ziti</code> section defines how the <code>zrok</code> controller should communicate with your OpenZiti installation. When using the OpenZiti quickstart, an administrative password will be generated; the <code>password</code> in the <code>ziti</code> stanza should reflect this password.</p>
-<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>Be sure to see the <a href="/assets/files/ctrl-6c22ae02cafe307b82e5a1f783497950.yml/" target="_blank">reference configuration at <code>etc/ctrl.yml</code></a> for the complete documentation of the current configuration file format for the <code>zrok</code> controller and service instance components.</p><p>See the separate guides on <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">configuring metrics</a> and <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/">configuring limits</a> for details about both of these specialized areas of service instance configuration.</p></div></div>
+<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>Be sure to see the <a href="/assets/files/ctrl-06b900e22aab525ebec542dea6769d51.yml/" target="_blank">reference configuration at <code>etc/ctrl.yml</code></a> for the complete documentation of the current configuration file format for the <code>zrok</code> controller and service instance components.</p><p>See the separate guides on <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">configuring metrics</a> and <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/">configuring limits</a> for details about both of these specialized areas of service instance configuration.</p></div></div>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="environment-variables">Environment Variables<a href="#environment-variables" class="hash-link" aria-label="Direct link to Environment Variables" title="Direct link to Environment Variables">​</a></h2>
 <p>The <code>zrok</code> binaries are configured to work with the global <code>zrok.io</code> service, and default to using <code>api.zrok.io</code> as the endpoint for communicating with the service.</p>
 <p>To work with a self-hosted <code>zrok</code> deployment, you&#x27;ll need to set the <code>ZROK_API_ENDPOINT</code> environment variable to point to the address where your <code>zrok</code> controller will be listening, according to <code>endpoint</code> in the configuration file above.</p>
diff --git a/docs/guides/self-hosting/linux/nginx/index.html b/docs/guides/self-hosting/linux/nginx/index.html
index d13e24f0..bf5e7e10 100644
--- a/docs/guides/self-hosting/linux/nginx/index.html
+++ b/docs/guides/self-hosting/linux/nginx/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/self-hosting/metrics-and-limits/configuring-limits/index.html b/docs/guides/self-hosting/metrics-and-limits/configuring-limits/index.html
index 82c6764c..2476667b 100644
--- a/docs/guides/self-hosting/metrics-and-limits/configuring-limits/index.html
+++ b/docs/guides/self-hosting/metrics-and-limits/configuring-limits/index.html
@@ -3,43 +3,87 @@
 <head>
 <meta charset="UTF-8">
 <meta name="generator" content="Docusaurus v3.3.2">
-<title data-rh="true">Configuring Limits | Zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Configuring Limits | Zrok"><meta data-rh="true" name="description" content="If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration."><meta data-rh="true" property="og:description" content="If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration."><link data-rh="true" rel="icon" href="/img/space-ziggy.png"><link data-rh="true" rel="canonical" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://CO73R59OLO-dsn.algolia.net" crossorigin="anonymous"><link rel="preconnect" href="https://www.googletagmanager.com">
+<title data-rh="true">Configuring Limits | Zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Configuring Limits | Zrok"><meta data-rh="true" name="description" content="This guide is current as of zrok version v0.4.31."><meta data-rh="true" property="og:description" content="This guide is current as of zrok version v0.4.31."><link data-rh="true" rel="icon" href="/img/space-ziggy.png"><link data-rh="true" rel="canonical" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://CO73R59OLO-dsn.algolia.net" crossorigin="anonymous"><link rel="preconnect" href="https://www.googletagmanager.com">
 <script>window.dataLayer=window.dataLayer||[]</script>
 <script>!function(e,t,a,n,g){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var m=t.getElementsByTagName(a)[0],r=t.createElement(a);r.async=!0,r.src="https://www.googletagmanager.com/gtm.js?id=GTM-MDFLZPK8",m.parentNode.insertBefore(r,m)}(window,document,"script","dataLayer")</script>
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
 <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MDFLZPK8" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
 
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return localStorage.getItem("theme")}catch(t){}}();t(null!==e?e:"dark")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">zrok</b></a></div><div class="navbar__items navbar__items--right"><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/getting-started/">Docs</a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Roadmap<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently dark mode)" aria-label="Switch between dark and light mode (currently dark mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/concepts/">Concepts</a><button aria-label="Expand sidebar category &#x27;Concepts&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/docs/category/guides/">Guides</a><button aria-label="Collapse sidebar category &#x27;Guides&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/install/">Install</a><button aria-label="Expand sidebar category &#x27;Install&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/frontdoor/">frontdoor</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/permission-modes/">Permission Modes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/docker-share/">Docker Share</a><button aria-label="Expand sidebar category &#x27;Docker Share&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/category/self-hosting/">Self Hosting</a><button aria-label="Collapse sidebar category &#x27;Self Hosting&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/guides/self-hosting/linux/">Linux</a><button aria-label="Expand sidebar category &#x27;Linux&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/docker/">Docker</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" tabindex="0" href="/docs/category/metrics-and-limits/">Metrics and Limits</a><button aria-label="Collapse sidebar category &#x27;Metrics and Limits&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">Configuring Metrics</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/guides/self-hosting/metrics-and-limits/configuring-limits/">Configuring Limits</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/category/oauth/">OAuth</a><button aria-label="Expand sidebar category &#x27;OAuth&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/self-hosting/instance-configuration/">Instance Config</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" tabindex="0" href="/docs/guides/drives/cli/">drives</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/guides/vpn/">VPN</a></li></ul></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/guides/"><span itemprop="name">Guides</span></a><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/self-hosting/"><span itemprop="name">Self Hosting</span></a><meta itemprop="position" content="2"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item"><a class="breadcrumbs__link" itemprop="item" href="/docs/category/metrics-and-limits/"><span itemprop="name">Metrics and Limits</span></a><meta itemprop="position" content="3"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Configuring Limits</span><meta itemprop="position" content="4"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Configuring Limits</h1>
-<blockquote>
-<p>If you have not yet configured <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics</a>, please visit the <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics guide</a> first before working through the limits configuration.</p>
-</blockquote>
-<p>The limits facility in <code>zrok</code> is responsible for controlling the number of resources in use (environments, shares) and also for ensuring that any single account, environment, or share is held below the configured thresholds.</p>
-<p>Take this <code>zrok</code> controller configuration stanza as an example:</p>
-<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">limits</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">enforcing</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">        </span><span class="token boolean important">true</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">cycle</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">            1m</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">environments</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">     </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">bandwidth</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">per_account</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">period</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">       5m</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">warning</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">7242880</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">limit</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">10485760</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">per_environment</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">period</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">       5m</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">warning</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">limit</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">per_share</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">period</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">       5m</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">warning</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">limit</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">        </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">      </span><span class="token number">-1</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
-<h2 class="anchor anchorWithStickyNavbar_LWe7" id="the-global-controls">The Global Controls<a href="#the-global-controls" class="hash-link" aria-label="Direct link to The Global Controls" title="Direct link to The Global Controls">​</a></h2>
-<p>The <code>enforcing</code> boolean will globally enable or disable limits for the controller.</p>
-<p>The <code>cycle</code> value controls how frequently the limits system will look for limited resources to re-enable.</p>
-<h2 class="anchor anchorWithStickyNavbar_LWe7" id="resource-limits">Resource Limits<a href="#resource-limits" class="hash-link" aria-label="Direct link to Resource Limits" title="Direct link to Resource Limits">​</a></h2>
-<p>The <code>environments</code> and <code>shares</code> values control the number of environments and shares that are allowed per-account. Any limit value can be set to <code>-1</code>, which means <em>unlimited</em>.</p>
-<h2 class="anchor anchorWithStickyNavbar_LWe7" id="bandwidth-limits">Bandwidth Limits<a href="#bandwidth-limits" class="hash-link" aria-label="Direct link to Bandwidth Limits" title="Direct link to Bandwidth Limits">​</a></h2>
-<p>The <code>bandwidth</code> section is designed to provide a configurable system for controlling the amount of data transfer that can be performed by users of the <code>zrok</code> service instance. The bandwidth limits are configurable for each share, environment, and account.</p>
-<p><code>per_account</code>, <code>per_environment</code>, and <code>per_share</code> are all configured the same way:</p>
-<p>The <code>period</code> specifies the time window for the bandwidth limit. See the documentation for <a href="https://pkg.go.dev/time#ParseDuration" target="_blank" rel="noopener noreferrer"><code>time.Duration.ParseDuration</code></a> for details about the format used for these durations. If the <code>period</code> is set to 5 minutes, then the limits implementation will monitor the send and receive traffic for the resource (share, environment, or account) for the last 5 minutes, and if the amount of data is greater than either the <code>warning</code> or the <code>limit</code> threshold, action will be taken.</p>
-<p>The <code>rx</code> value is the number of bytes <em>received</em> by the resource. The <code>tx</code> value is the number of bytes <em>transmitted</em> by the resource. And <code>total</code> is the combined <code>rx</code>+<code>tx</code> value.</p>
-<p>If the traffic quantity is greater than the <code>warning</code> threshold, the user will receive an email notification letting them know that their data transfer size is rising and will eventually be limited (the email details the limit threshold).</p>
-<p>If the traffic quantity is greater than the <code>limit</code> threshold, the resources will be limited until the traffic in the window (the last 5 minutes in our example) falls back below the <code>limit</code> threshold.</p>
-<h3 class="anchor anchorWithStickyNavbar_LWe7" id="limit-actions">Limit Actions<a href="#limit-actions" class="hash-link" aria-label="Direct link to Limit Actions" title="Direct link to Limit Actions">​</a></h3>
-<p>When a resource is limited, the actions taken differ depending on what kind of resource is being limited.</p>
-<p>When a share is limited, the dial service policies for that share are removed. No other action is taken. This means that public frontends will simply return a <code>404</code> as if the share is no longer there. Private frontends will also return <code>404</code> errors. When the limit is relaxed, the dial policies are put back in place and the share will continue operating normally.</p>
-<p>When an environment is limited, all of the shares in that environment become limited, and the user is not able to create new shares in that environment. When the limit is relaxed, all of the share limits are relaxed and the user is again able to add shares to the environment.</p>
-<p>When an account is limited, all of the environments in that account become limited (limiting all of the shares), and the user is not able to create new environments or shares. When the limit is relaxed, all of the environments and shares will return to normal operation.</p>
+<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>This guide is current as of zrok version <code>v0.4.31</code>.</p></div></div>
+<div class="theme-admonition theme-admonition-warning admonition_xJq3 alert alert--warning"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.893 1.5c-.183-.31-.52-.5-.887-.5s-.703.19-.886.5L.138 13.499a.98.98 0 0 0 0 1.001c.193.31.53.501.886.501h13.964c.367 0 .704-.19.877-.5a1.03 1.03 0 0 0 .01-1.002L8.893 1.5zm.133 11.497H6.987v-2.003h2.039v2.003zm0-3.004H6.987V5.987h2.039v4.006z"></path></svg></span>warning</div><div class="admonitionContent_BuS1"><p>If you have not yet configured <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics</a>, please visit the <a href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics guide</a> first before working through the limits configuration.</p></div></div>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="understanding-the-zrok-limits-agent">Understanding the zrok Limits Agent<a href="#understanding-the-zrok-limits-agent" class="hash-link" aria-label="Direct link to Understanding the zrok Limits Agent" title="Direct link to Understanding the zrok Limits Agent">​</a></h2>
+<p>The limits agent is a component of the zrok controller. It can be enabled and configured through the zrok controller configuration.</p>
+<p>The limits agent is responsible for controlling the number of resources in use (environments, shares, etc.) and also for ensuring that accounts are held below the configured data transfer bandwidth thresholds. The limits agent exists to manage resource consumption for larger, multi-user zrok installations.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="types-of-limits">Types of Limits<a href="#types-of-limits" class="hash-link" aria-label="Direct link to Types of Limits" title="Direct link to Types of Limits">​</a></h3>
+<p>Limits can be specified that control the number of environments, shares, reserved shares, and unique names that can be created by an account. Limits that control the allowed number of resources are called <em>resource count limits</em>.</p>
+<p>Limits can be specified to control the amount of data that can be transferred within a time period. Limits that control the amount of data that can be transferred are called <em>bandwidth limits</em>.</p>
+<p>zrok limits can be specified <em>globally</em>, applying to all users in a service instance. Limit <em>classes</em> can be created to provide additional levels of resource allocation. Limit classes can then be <em>applied</em> to multiple accounts, to alter their limit allocation beyond what&#x27;s configured in the global configuration.</p>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="the-global-configuration">The Global Configuration<a href="#the-global-configuration" class="hash-link" aria-label="Direct link to The Global Configuration" title="Direct link to The Global Configuration">​</a></h2>
+<p>The reference configuration for the zrok controller (found at <a href="https://github.com/openziti/zrok/blob/main/etc/ctrl.yml" target="_blank" rel="noopener noreferrer"><code>etc/ctrl.yaml</code></a> in the <a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer">repository</a>) contains the global limits configuration, which looks like this:</p>
+<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token comment" style="color:rgb(98, 114, 164)"># Service instance limits global configuration.</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token comment" style="color:rgb(98, 114, 164)">#</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token comment" style="color:rgb(98, 114, 164)"># See `docs/guides/metrics-and-limits/configuring-limits.md` for details.</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token comment" style="color:rgb(98, 114, 164)">#</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token key atrule">limits</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">environments</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">     </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">reserved_shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">  </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">unique_names</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">     </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">bandwidth</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">period</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">         5m</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">warning</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">        </span><span class="token number">7242880</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    </span><span class="token key atrule">limit</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">rx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">tx</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">           </span><span class="token number">-1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">      </span><span class="token key atrule">total</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">        </span><span class="token number">10485760</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">enforcing</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">        </span><span class="token boolean important">false</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">cycle</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain">            5m</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>A value of <code>-1</code> appearing in the limits configuration mean the value is <em>unlimited</em>.</p></div></div>
+<p>The <code>enforcing</code> boolean specifies whether or not limits are enabled in the service instance. By default, limits is disabled. No matter what else is configured in this stanza, if <code>enforcing</code> is set to <code>false</code>, there will be no limits placed on any account in the service instance.</p>
+<p>The <code>cycle</code> value controls how frequently the limits agent will evaluate enforced limits. When a user exceeds a limit and has their shares disabled, the limits agent will evaluate their bandwidth usage on this interval looking to &quot;relax&quot; the limit once their usage falls below the threshold.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="global-resouce-count-limits">Global Resouce Count Limits<a href="#global-resouce-count-limits" class="hash-link" aria-label="Direct link to Global Resouce Count Limits" title="Direct link to Global Resouce Count Limits">​</a></h3>
+<p>The <code>environments</code>, <code>shares</code>, <code>reserved_shares</code>, and <code>unique_names</code> specify the resource count limits, globally for the service instance.</p>
+<p>These resource counts will be applied to all users in the service instance by default.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="global-bandwidth-limits">Global Bandwidth Limits<a href="#global-bandwidth-limits" class="hash-link" aria-label="Direct link to Global Bandwidth Limits" title="Direct link to Global Bandwidth Limits">​</a></h3>
+<p>The <code>bandwidth</code> section defines the global bandwidth limits for all users in the service instance.</p>
+<p>There are two levels of bandwidth limits that can be specified in the global configuration. The first limit defines a <em>warning</em> threshold where the user will receive an email that they are using increased data transfer amounts and will ultimately be subject to a limit. If you do not want this warning email to be sent, then configure all of the values to <code>-1</code> (unlimited).</p>
+<p>The second limit defines the the actual <em>limit</em> threshold, where the limits agent will disabled traffic for the account&#x27;s shares.</p>
+<p>Bandwidth limits can be specified in terms of <code>tx</code> (or <em>transmitted</em> data), <code>rx</code> (or <em>received</em> data), and the <code>total</code> bytes that are sent in either direction. If you only want to set the <code>total</code> transferred limit, you can set <code>rx</code> and <code>tx</code> to <code>-1</code> (for <em>unlimited</em>). You can configure any combination of these these values at either the limit or warning levels.</p>
+<p>The <code>period</code> specifies the time window for the bandwidth limit. See the documentation for <a href="https://pkg.go.dev/time#ParseDuration" target="_blank" rel="noopener noreferrer"><code>time.Duration.ParseDuration</code></a> for details about the format used for these durations. If the <code>period</code> is set to 5 minutes, then the limits agent will monitor the transmitted and receivde traffic for the account for the last 5 minutes, and if the amount of data is greater than either the <code>warning</code> or the <code>limit</code> threshold, action will be taken.</p>
+<p>In the global configuration example above users are allowed to transfer a total of <code>10485760</code> bytes in a <code>5m</code> period, and they will receive a warning email after they transfer more than <code>7242880</code> bytes in a <code>5m</code> period.</p>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="limit-classes">Limit Classes<a href="#limit-classes" class="hash-link" aria-label="Direct link to Limit Classes" title="Direct link to Limit Classes">​</a></h2>
+<p>The zrok limits agent includes a concept called <em>limit classes</em>. Limit classes can be used to define resource count and bandwidth limits that can be selectively applied to individual accounts in a service instance.</p>
+<p>Limit classes are created by creating a record in the <code>limit_classes</code> table in the zrok controller database. The table has this schema:</p>
+<div class="language-sql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-sql codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CREATE</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">TABLE</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">public</span><span class="token punctuation" style="color:rgb(248, 248, 242)">.</span><span class="token plain">limit_classes </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    id </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    backend_mode </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">public</span><span class="token punctuation" style="color:rgb(248, 248, 242)">.</span><span class="token plain">backend_mode</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    environments </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    shares </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    reserved_shares </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    unique_names </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    period_minutes </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token number">1440</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    rx_bytes </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">bigint</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    tx_bytes </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">bigint</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    total_bytes </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">bigint</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;-1&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    limit_action </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">public</span><span class="token punctuation" style="color:rgb(248, 248, 242)">.</span><span class="token plain">limit_action </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;limit&#x27;</span><span class="token plain">::</span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">public</span><span class="token punctuation" style="color:rgb(248, 248, 242)">.</span><span class="token plain">limit_action </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    created_at </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">timestamp</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">with</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">time</span><span class="token plain"> zone </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CURRENT_TIMESTAMP</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    updated_at </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">timestamp</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">with</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">time</span><span class="token plain"> zone </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CURRENT_TIMESTAMP</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    deleted </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">boolean</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token boolean">false</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token punctuation" style="color:rgb(248, 248, 242)">;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<p>This schema supports constructing the 3 different types of limits classes that the system supports.</p>
+<p>After defining a limit class in the database, it can be applied to specific user accounts (overriding the relevant parts of the global configuration) by inserting a row into the <code>applied_limit_classes</code> table:</p>
+<div class="language-sql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-sql codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CREATE</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">TABLE</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">public</span><span class="token punctuation" style="color:rgb(248, 248, 242)">.</span><span class="token plain">applied_limit_classes </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    id </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    account_id </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    limit_class_id </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">integer</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    created_at </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">timestamp</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">with</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">time</span><span class="token plain"> zone </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CURRENT_TIMESTAMP</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    updated_at </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">timestamp</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">with</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">time</span><span class="token plain"> zone </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">CURRENT_TIMESTAMP</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">    deleted </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">boolean</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">DEFAULT</span><span class="token plain"> </span><span class="token boolean">false</span><span class="token plain"> </span><span class="token operator">NOT</span><span class="token plain"> </span><span class="token boolean">NULL</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"></span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token punctuation" style="color:rgb(248, 248, 242)">;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<p>Create a row in this table linking the <code>account_id</code> to the <code>limit_class_id</code> to apply the limit class to a specific user account.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="unscoped-resource-count-classes">Unscoped Resource Count Classes<a href="#unscoped-resource-count-classes" class="hash-link" aria-label="Direct link to Unscoped Resource Count Classes" title="Direct link to Unscoped Resource Count Classes">​</a></h3>
+<p>To support overriding the resource count limits defined in the global limits configuration, a site administrator can create a limit class by inserting a row into the <code>limit_classes</code> table structured like this:</p>
+<div class="language-sql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-sql codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">insert</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">into</span><span class="token plain"> limit_classes </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain">environments</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> reserved_shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> unique_names</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">values</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token punctuation" style="color:rgb(248, 248, 242)">;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<p>This creates a limit class that sets the <code>environments</code>, <code>shares</code>, <code>reserved_shares</code>, and <code>unique_names</code> all to <code>1</code>.</p>
+<p>When this limit class is applied to a user account those values would override the default resource count values configured globally.</p>
+<p>Applying an unscoped resource count class <em>does not</em> affect the bandwidth limits (either globally configured, or via a limit class).</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="unscoped-bandwidth-classes">Unscoped Bandwidth Classes<a href="#unscoped-bandwidth-classes" class="hash-link" aria-label="Direct link to Unscoped Bandwidth Classes" title="Direct link to Unscoped Bandwidth Classes">​</a></h3>
+<p>To support overriding the bandwidth limits defined in the global configuration, a site administrator can create a limit class by inserting a row into the <code>limit_classes</code> table structured like this:</p>
+<div class="language-sql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-sql codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">insert</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">into</span><span class="token plain"> limit_classes </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain">period_minutes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> total_bytes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> limit_action</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">values</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token number">2</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">204800</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;limit&#x27;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token punctuation" style="color:rgb(248, 248, 242)">;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<p>This inserts a limit class that allows for a total bandwidth transfer of <code>204800</code> bytes every <code>2</code> minutes.</p>
+<p>When this limit class is applied to a user account, those values would override the default bandwidth values configured globally.</p>
+<p>Applying an unscoped bandwidth class <em>does not</em> affect the resource count limits (either globally configured, or via a limit class).</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="scoped-classes">Scoped Classes<a href="#scoped-classes" class="hash-link" aria-label="Direct link to Scoped Classes" title="Direct link to Scoped Classes">​</a></h3>
+<p>A scoped limit class specifies <em>both</em> the resource counts (<code>shares</code>, <code>reserved_shares</code>, and <code>unique_names</code>, but <em>NOT</em> <code>environments</code>) for a <em>specific</em> backend mode. Insert a row like this:</p>
+<div class="language-sql codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-sql codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">insert</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">into</span><span class="token plain"> limit_classes </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token plain">backend_mode</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> reserved_shares</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> unique_names</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> period_minutes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> total_bytes</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> limit_action</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token plain"> </span><span class="token keyword" style="color:rgb(189, 147, 249);font-style:italic">values</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(248, 248, 242)">(</span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;web&#x27;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">2</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">1</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">2</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token number">4096000</span><span class="token punctuation" style="color:rgb(248, 248, 242)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(255, 121, 198)">&#x27;limit&#x27;</span><span class="token punctuation" style="color:rgb(248, 248, 242)">)</span><span class="token punctuation" style="color:rgb(248, 248, 242)">;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<p>Scoped limits are designed to <em>increase</em> the limits for a specific backend mode beyond what the global configuration and the unscoped classes provide. The general approach is to use the global configuration and the unscoped classes to provide the general account limits, and then the scoped classes can be used to further increase (or potentially <em>decrease</em>)  the limits for a specific backend mode.</p>
+<p>If a scoped limit class exists for a specific backend mode, then the limits agent will use that limit in making a decision about limiting the resource count or bandwidth. All other types of shares will fall back to the unscoped classes or the global configuration.</p>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="limit-actions">Limit Actions<a href="#limit-actions" class="hash-link" aria-label="Direct link to Limit Actions" title="Direct link to Limit Actions">​</a></h2>
+<p>When an account exceeds a bandwidth limit, the limits agent will seek to limit the affected shares (based on the combination of global configuration, unscoped limit classes, and scoped limit classes). It applies the limit by removing the underlying OpenZiti dial policies for any frontends that are trying to access the share.</p>
+<p>This means that public frontends will simply return a <code>404</code> as if the share is no longer there. Private frontends will also return <code>404</code> errors. When the limit is relaxed, the dial policies are put back in place and the share will continue operating normally.</p>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="unlimited-accounts">Unlimited Accounts<a href="#unlimited-accounts" class="hash-link" aria-label="Direct link to Unlimited Accounts" title="Direct link to Unlimited Accounts">​</a></h2>
-<p>The <code>accounts</code> table in the database includes a <code>limitless</code> column. When this column is set to <code>true</code> the account is not subject to any of the limits in the system.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Configuring Metrics</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/category/oauth/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">OAuth</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#the-global-controls" class="table-of-contents__link toc-highlight">The Global Controls</a></li><li><a href="#resource-limits" class="table-of-contents__link toc-highlight">Resource Limits</a></li><li><a href="#bandwidth-limits" class="table-of-contents__link toc-highlight">Bandwidth Limits</a><ul><li><a href="#limit-actions" class="table-of-contents__link toc-highlight">Limit Actions</a></li></ul></li><li><a href="#unlimited-accounts" class="table-of-contents__link toc-highlight">Unlimited Accounts</a></li></ul></div></div></div></div></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
+<p>The <code>accounts</code> table in the database includes a <code>limitless</code> column. When this column is set to <code>true</code> the account is not subject to any of the limits in the system.</p>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="experimental-limits-locking">Experimental Limits Locking<a href="#experimental-limits-locking" class="hash-link" aria-label="Direct link to Experimental Limits Locking" title="Direct link to Experimental Limits Locking">​</a></h2>
+<p>zrok versions prior to <code>v0.4.31</code> had a potential race condition when enforcing resource count limits. This usually only manifested in cases where shares or environments were being allocated programmatically (and fast enough to win the limits race).</p>
+<p>This occurs due to a lack of transactional database locking around the limited structures. <code>v0.4.31</code> includes a pessimistic locking facility that can be enabled <em>only</em> on the PostgreSQL store implemention.</p>
+<p>If you&#x27;re running PostgreSQL for your service instance and you want to enable the new experimental locking facility that eliminates the potential resource count race condition, add the <code>enable_locking: true</code> flag to your <code>store</code> definition:</p>
+<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token key atrule">store</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">  </span><span class="token key atrule">enable_locking</span><span class="token punctuation" style="color:rgb(248, 248, 242)">:</span><span class="token plain"> </span><span class="token boolean important">true</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div>
+<h2 class="anchor anchorWithStickyNavbar_LWe7" id="caveats">Caveats<a href="#caveats" class="hash-link" aria-label="Direct link to Caveats" title="Direct link to Caveats">​</a></h2>
+<p>There are a number of caveats that are important to understand when using the limits agent with more complicated limits scenarios:</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="aggregate-bandwidth">Aggregate Bandwidth<a href="#aggregate-bandwidth" class="hash-link" aria-label="Direct link to Aggregate Bandwidth" title="Direct link to Aggregate Bandwidth">​</a></h3>
+<p>The zrok limits agent is a work in progress. The system currently does not track bandwidth individually for each backend mode type, which means all bandwidth values are aggregated between all of the share types that an account might be using. This will likely change in an upcoming release.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="administration-through-sql">Administration Through SQL<a href="#administration-through-sql" class="hash-link" aria-label="Direct link to Administration Through SQL" title="Direct link to Administration Through SQL">​</a></h3>
+<p>There are currently no administrative API endpoints (or corresponding CLI tools) to support creating and applying limit classes in the current release. The limits agent infrastructure was designed to support software integrations that directly manipulate the underlying database structures.</p>
+<p>A future release may provide API and CLI tooling to support the human administration of the limits agent.</p>
+<h3 class="anchor anchorWithStickyNavbar_LWe7" id="performance">Performance<a href="#performance" class="hash-link" aria-label="Direct link to Performance" title="Direct link to Performance">​</a></h3>
+<p>Be sure to minimize the number of different periods used for specifying bandwidth limits. Specifying limits in multiple different periods can cause a multiplicity of queries to be executed against the metrics store (InfluxDB). Standardizing on a period like <code>24h</code> or <code>6h</code> and using that consistently is the best way to to manage the performance of the metrics store.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/metrics-and-limits/configuring-limits.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Configuring Metrics</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/category/oauth/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">OAuth</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#understanding-the-zrok-limits-agent" class="table-of-contents__link toc-highlight">Understanding the zrok Limits Agent</a><ul><li><a href="#types-of-limits" class="table-of-contents__link toc-highlight">Types of Limits</a></li></ul></li><li><a href="#the-global-configuration" class="table-of-contents__link toc-highlight">The Global Configuration</a><ul><li><a href="#global-resouce-count-limits" class="table-of-contents__link toc-highlight">Global Resouce Count Limits</a></li><li><a href="#global-bandwidth-limits" class="table-of-contents__link toc-highlight">Global Bandwidth Limits</a></li></ul></li><li><a href="#limit-classes" class="table-of-contents__link toc-highlight">Limit Classes</a><ul><li><a href="#unscoped-resource-count-classes" class="table-of-contents__link toc-highlight">Unscoped Resource Count Classes</a></li><li><a href="#unscoped-bandwidth-classes" class="table-of-contents__link toc-highlight">Unscoped Bandwidth Classes</a></li><li><a href="#scoped-classes" class="table-of-contents__link toc-highlight">Scoped Classes</a></li></ul></li><li><a href="#limit-actions" class="table-of-contents__link toc-highlight">Limit Actions</a></li><li><a href="#unlimited-accounts" class="table-of-contents__link toc-highlight">Unlimited Accounts</a></li><li><a href="#experimental-limits-locking" class="table-of-contents__link toc-highlight">Experimental Limits Locking</a></li><li><a href="#caveats" class="table-of-contents__link toc-highlight">Caveats</a><ul><li><a href="#aggregate-bandwidth" class="table-of-contents__link toc-highlight">Aggregate Bandwidth</a></li><li><a href="#administration-through-sql" class="table-of-contents__link toc-highlight">Administration Through SQL</a></li><li><a href="#performance" class="table-of-contents__link toc-highlight">Performance</a></li></ul></li></ul></div></div></div></div></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/index.html b/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/index.html
index d672cb0c..46bb0d68 100644
--- a/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/index.html
+++ b/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/self-hosting/oauth/configuring-oauth/index.html b/docs/guides/self-hosting/oauth/configuring-oauth/index.html
index ceb131e1..291e31f1 100644
--- a/docs/guides/self-hosting/oauth/configuring-oauth/index.html
+++ b/docs/guides/self-hosting/oauth/configuring-oauth/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/docs/guides/vpn/index.html b/docs/guides/vpn/index.html
index 9b0cab2d..d729d479 100644
--- a/docs/guides/vpn/index.html
+++ b/docs/guides/vpn/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/index.html b/index.html
index d02e3218..b05ebe6b 100644
--- a/index.html
+++ b/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
diff --git a/search/index.html b/search/index.html
index 7c6fce1c..5e6a3a0e 100644
--- a/search/index.html
+++ b/search/index.html
@@ -9,7 +9,7 @@
 
 
 <link rel="search" type="application/opensearchdescription+xml" title="Zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.44f28847.css">
-<script src="/assets/js/runtime~main.c87a4c9b.js" defer="defer"></script>
+<script src="/assets/js/runtime~main.cdb003c0.js" defer="defer"></script>
 <script src="/assets/js/main.53605760.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">