# Shade Network Configuration Guide ### Overview This document provides the network configuration requirements for deploying Shade within enterprise environments. To ensure proper functionality, your network administrators will need to whitelist the following domains and ports. ### Required Domain Whitelisting The following domains must be whitelisted to allow Shade to function properly: #### Shade Core Services * `storageapi.shade.inc` - Storage API endpoint * `app.shade.inc` - Main application interface * `fs.shade.inc` - File system service * `*.shade.inc` - All Shade subdomains (wildcard) * `wasabisys.com` - Storage for Vault drives (via Wasabi) * `cloudflarestorage.com` - Storage for Active drives (via Cloudflare) #### Shade File System * `shadefs.com` - File system domain #### Third-Party Services * `storage.googleapis.com` - Google Cloud Storage API * `*.googleapis.com` - Google Cloud services (recommended for full compatibility) #### Notification Services * `https://api.knock.app` - Knock service for Slack notifications ### Required Port Configuration #### HTTPS Traffic * **Port 443 (TCP)** - All HTTPS traffic for the domains listed above All Shade services communicate over encrypted HTTPS connections on port 443. ### Implementation Checklist To configure your network for Shade, complete the following steps: 1. **Firewall Configuration** * Add all listed domains to your firewall's allowlist * Ensure outbound TCP port 443 is open for these domains 2. **Proxy Configuration** (if applicable) * Configure your proxy servers to allow traffic to the listed domains * Ensure SSL/TLS inspection (if enabled) doesn't interfere with connections 3. **DNS Resolution** * Verify that your DNS servers can resolve all listed domains * Consider adding the domains to internal DNS forwarding rules if needed 4. **Testing** * After configuration, test connectivity to each domain * Verify that users can access `app.shade.inc` and perform file operations ### Security Considerations * All communication with Shade services is encrypted using industry-standard TLS * The wildcard domain `*.shade.inc` is used to accommodate new services and features * If your security policy doesn't permit wildcard domains, please contact Shade support for a complete list of current subdomains ### Support If you encounter any issues during configuration or need additional information about specific domains, please contact: **Shade Enterprise Support**\ Email: \ Documentation: