diff --git a/docs/docs/identity-providers/okta.md b/docs/docs/identity-providers/okta.md index e6083b91e..f0eb73939 100644 --- a/docs/docs/identity-providers/okta.md +++ b/docs/docs/identity-providers/okta.md @@ -97,5 +97,5 @@ IDP_SERVICE_ACCOUNT="REPLACE_ME" # base64 encoded JSON object [environmental variables]: https://en.wikipedia.org/wiki/Environment_variable [oauth2]: https://oauth.net/2/ [openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect -[pomerium-install]: /docs/install/ +[pomerium-install]: /docs/install/readme.md [Group ID]: https://developer.okta.com/docs/reference/api/groups/ diff --git a/docs/docs/topics/device-identity.md b/docs/docs/topics/device-identity.md index 7b8426150..05a472477 100644 --- a/docs/docs/topics/device-identity.md +++ b/docs/docs/topics/device-identity.md @@ -57,7 +57,7 @@ Pomerium supports policies that use device identity since version [0.16.0](/docs To get started, review the following pages: -- [Pomerium Policy Language](/docs/topcics/ppl.md) to learn how to build policies that use device ID. +- [Pomerium Policy Language](/docs/topics/ppl.md) to learn how to build policies that use device ID. - [Enroll a Device](/guides/enroll-device.md) to teach end-users how to enroll devices on Pomerium. - [pomerium/webauthn](https://github.com/pomerium/webauthn) on GitHub, our implementation of the WebAuthn specification. diff --git a/docs/docs/upgrading.md b/docs/docs/upgrading.md index 5745855fc..0e7fd0400 100644 --- a/docs/docs/upgrading.md +++ b/docs/docs/upgrading.md @@ -44,7 +44,7 @@ To improve performance, IdP directory synchronization for GitHub now uses the Gr ### CLI Source and Packaging Update `pomerium-cli` has been factored out of the core repository and now resides at . If you currently install the CLI tool from [Packages](/docs/releases.md#packages-2) or [Homebrew](/docs/releases.md#homebrew), no changes should be required to your process. However, users of docker images or direct github release downloads will need to update their references. -Please see the [updated install instructions](/docs/releases.html#pomerium-cli) for additional details. +Please see the [updated install instructions](/docs/releases.md#pomerium-cli) for additional details. # Since 0.14.0 diff --git a/docs/enterprise/changelog.md b/docs/enterprise/changelog.md index a110cc7ff..60dd84753 100644 --- a/docs/enterprise/changelog.md +++ b/docs/enterprise/changelog.md @@ -27,7 +27,7 @@ sidebarDepth: 0 ### New -- [Telemetry]: View real time metrics and status from Pomerium components inside the Enterprise Console. +- [Telemetry] - View real time metrics and status from Pomerium components inside the Enterprise Console. - More expressive policy syntax: Pomerium's new extended [policy language] allows more complex policies to be configured, along with non-identity based conditions for access. - Support for [Google Cloud Serverless] configuration on routes. - Support for [SPDY] configuration on routes. @@ -35,14 +35,14 @@ sidebarDepth: 0 ### Updated -- Certificate Management: Certificates with overlapping SAN names are no longer permitted. -- [Policies]: New editing screen supports Wizard based, Text based or Rego based policy. -- Policies: Only global administrators may manage Rego based policies. -- Policies: Support time based criteria. -- [Service Accounts]: Simplified UI. -- Service Accounts: Support token expiration time. -- Service Accounts: Namespace support. -- Impersonation: Impersonation is now done on an individual session basis. +- Certificate Management - Certificates with overlapping SAN names are no longer permitted. +- [Policies] - New editing screen supports Wizard based, Text based or Rego based policy. +- Policies - Only global administrators may manage Rego based policies. +- Policies - Support time based criteria. +- [Service Accounts] - Simplified UI. +- Service Accounts - Support token expiration time. +- Service Accounts - Namespace support. +- Impersonation - Impersonation is now done on an individual session basis. - Various other bug fixes and improvements. [`signing key`]: /reference/readme.md#signing-key diff --git a/docs/guides/grafana.md b/docs/guides/grafana.md index cbd6e7e90..1474615b5 100644 --- a/docs/guides/grafana.md +++ b/docs/guides/grafana.md @@ -20,7 +20,7 @@ This guide will demonstrate how to secure an instance of Grafana behind Pomerium This guide begins with the following steps assumed complete: -- A running instance of Pomerium. If you haven't already installed Pomerium, see our articles for installation on [Docker](/docs/install/readme.md), [Kubernetes](/docs/install/helm.md), or as an all-in-one [binary](/docs/install/binary.html). +- A running instance of Pomerium. If you haven't already installed Pomerium, see our articles for installation on [Docker](/docs/install/readme.md), [Kubernetes](/docs/k8s/helm.md), or as an all-in-one [binary](/docs/install/binary.md). - Administrator access to a working Grafana instance, including write access to the config file `grafana.ini`, usually found in `/etc/grafana`. This guide uses the following temporary values in commands and configuration examples, which will need to be adjusted for your setup: diff --git a/docs/guides/kubernetes-dashboard.md b/docs/guides/kubernetes-dashboard.md index 0e9dc9266..ef05b776c 100644 --- a/docs/guides/kubernetes-dashboard.md +++ b/docs/guides/kubernetes-dashboard.md @@ -37,7 +37,7 @@ Though securing [Kubernetes Dashboard] as an example may seem contrived, the dam [Kubernetes Dashboard] is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. -Use [Helm] to install a new instance of [Kubernetes Dashboard]: +Use [Helm] to install a new instance of [Kubernetes Dashboard] : ```bash helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ @@ -107,6 +107,6 @@ Your browser does not support the video tag. [helm chart]: https://github.com/pomerium/pomerium-helm [Helm]: https://helm.sh [Install Pomerium using Helm]: /docs/k8s/helm.md -[kubernetes dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ +[Kubernetes Dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ [Securing Kubernetes]: /guides/kubernetes.md [User Permissions]: /guides/kubernetes.md#user-permissions diff --git a/docs/guides/kubernetes.md b/docs/guides/kubernetes.md index c36dea1ca..08c9032ec 100644 --- a/docs/guides/kubernetes.md +++ b/docs/guides/kubernetes.md @@ -213,4 +213,4 @@ You should be prompted to login and see the resulting cluster info. [kubernetes]: https://kubernetes.io [pomerium-cli]: /docs/releases.md#pomerium-cli -[Pomerium using Helm]: /docs/install/helm.md +[Pomerium using Helm]: /docs/k8s/helm.md diff --git a/docs/reference/readme.md b/docs/reference/readme.md index dea93d252..69de5d073 100644 --- a/docs/reference/readme.md +++ b/docs/reference/readme.md @@ -953,7 +953,7 @@ Set Response Headers specifies a mapping of [HTTP Header](https://developer.mozi By default, conservative [secure HTTP headers](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) are set: - - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#hsts) for more information. + - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#http-strict-transport-security-hsts) for more information. - `includeSubDomains` applies these rules to subdomains, which is how individual routes are defined. - `preload` instructs the browser to preload the certificate from an HSTS preload service if available. This means that the certificate can be loaded from an already-trusted secure connection, and the user never needs to connect to your domain without TLS.