fixes broken links, adds checker workarounds (#2878)

docs/docs/identity-providers/okta.md

@@ -97,5 +97,5 @@ IDP_SERVICE_ACCOUNT="REPLACE_ME" # base64 encoded JSON object
 [environmental variables]: https://en.wikipedia.org/wiki/Environment_variable
 [oauth2]: https://oauth.net/2/
 [openid connect]: https://en.wikipedia.org/wiki/OpenID_Connect
-[pomerium-install]: /docs/install/
+[pomerium-install]: /docs/install/readme.md
 [Group ID]: https://developer.okta.com/docs/reference/api/groups/

docs/docs/topics/device-identity.md

@@ -57,7 +57,7 @@ Pomerium supports policies that use device identity since version [0.16.0](/docs
 
 To get started, review the following pages:
 
-- [Pomerium Policy Language](/docs/topcics/ppl.md) to learn how to build policies that use device ID.
+- [Pomerium Policy Language](/docs/topics/ppl.md) to learn how to build policies that use device ID.
 - [Enroll a Device](/guides/enroll-device.md) to teach end-users how to enroll devices on Pomerium.
 - [pomerium/webauthn](https://github.com/pomerium/webauthn) on GitHub, our implementation of the WebAuthn specification.
 

docs/docs/upgrading.md

@@ -44,7 +44,7 @@ To improve performance, IdP directory synchronization for GitHub now uses the Gr
 ### CLI Source and Packaging Update
 `pomerium-cli` has been factored out of the core repository and now resides at <https://github.com/pomerium/cli>. If you currently install the CLI tool from [Packages](/docs/releases.md#packages-2) or [Homebrew](/docs/releases.md#homebrew), no changes should be required to your process. However, users of docker images or direct github release downloads will need to update their references.
 
-Please see the [updated install instructions](/docs/releases.html#pomerium-cli) for additional details.
+Please see the [updated install instructions](/docs/releases.md#pomerium-cli) for additional details.
 
 # Since 0.14.0
 

docs/enterprise/changelog.md

@@ -27,7 +27,7 @@ sidebarDepth: 0
 
 ### New
 
-- [Telemetry]: View real time metrics and status from Pomerium components inside the Enterprise Console.
+- [Telemetry] - View real time metrics and status from Pomerium components inside the Enterprise Console.
 - More expressive policy syntax: Pomerium's new extended [policy language] allows more complex policies to be configured, along with non-identity based conditions for access.
 - Support for [Google Cloud Serverless] configuration on routes.
 - Support for [SPDY] configuration on routes.
@@ -35,14 +35,14 @@ sidebarDepth: 0
 
 ### Updated
 
-- Certificate Management: Certificates with overlapping SAN names are no longer permitted.
-- [Policies]: New editing screen supports Wizard based, Text based or Rego based policy.
-- Policies: Only global administrators may manage Rego based policies.
-- Policies: Support time based criteria.
-- [Service Accounts]: Simplified UI.
-- Service Accounts: Support token expiration time.
-- Service Accounts: Namespace support.
-- Impersonation: Impersonation is now done on an individual session basis.
+- Certificate Management - Certificates with overlapping SAN names are no longer permitted.
+- [Policies] - New editing screen supports Wizard based, Text based or Rego based policy.
+- Policies - Only global administrators may manage Rego based policies.
+- Policies - Support time based criteria.
+- [Service Accounts] - Simplified UI.
+- Service Accounts - Support token expiration time.
+- Service Accounts - Namespace support.
+- Impersonation - Impersonation is now done on an individual session basis.
 - Various other bug fixes and improvements.
 
 [`signing key`]: /reference/readme.md#signing-key

docs/guides/grafana.md

@@ -20,7 +20,7 @@ This guide will demonstrate how to secure an instance of Grafana behind Pomerium
 
 This guide begins with the following steps assumed complete:
 
-- A running instance of Pomerium. If you haven't already installed Pomerium, see our articles for installation on [Docker](/docs/install/readme.md), [Kubernetes](/docs/install/helm.md), or as an all-in-one [binary](/docs/install/binary.html).
+- A running instance of Pomerium. If you haven't already installed Pomerium, see our articles for installation on [Docker](/docs/install/readme.md), [Kubernetes](/docs/k8s/helm.md), or as an all-in-one [binary](/docs/install/binary.md).
 - Administrator access to a working Grafana instance, including write access to the config file `grafana.ini`, usually found in `/etc/grafana`.
 
 This guide uses the following temporary values in commands and configuration examples, which will need to be adjusted for your setup:

docs/guides/kubernetes-dashboard.md

@@ -37,7 +37,7 @@ Though securing [Kubernetes Dashboard] as an example may seem contrived, the dam
 
 [Kubernetes Dashboard] is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
 
-Use [Helm] to install a new instance of [Kubernetes Dashboard]:
+Use [Helm] to install a new instance of [Kubernetes Dashboard] :
 
 ```bash
 helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
@@ -107,6 +107,6 @@ Your browser does not support the video tag.
 [helm chart]: https://github.com/pomerium/pomerium-helm
 [Helm]: https://helm.sh
 [Install Pomerium using Helm]: /docs/k8s/helm.md
-[kubernetes dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
+[Kubernetes Dashboard]: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
 [Securing Kubernetes]: /guides/kubernetes.md
 [User Permissions]: /guides/kubernetes.md#user-permissions

docs/guides/kubernetes.md

@@ -213,4 +213,4 @@ You should be prompted to login and see the resulting cluster info.
 
 [kubernetes]: https://kubernetes.io
 [pomerium-cli]: /docs/releases.md#pomerium-cli
-[Pomerium using Helm]: /docs/install/helm.md
+[Pomerium using Helm]: /docs/k8s/helm.md

docs/reference/readme.md

@@ -953,7 +953,7 @@ Set Response Headers specifies a mapping of [HTTP Header](https://developer.mozi
 
 By default, conservative [secure HTTP headers](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) are set:
 
-  - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#hsts) for more information.
+  - `max-age=31536000` instructs the browser to pin the certificate for a domain for a year. This helps prevent man-in-the-middle attacks, but can create issues when developing new environments with temporary certificates. See [Troubleshooting - HSTS](/docs/troubleshooting.md#http-strict-transport-security-hsts) for more information.
   - `includeSubDomains` applies these rules to subdomains, which is how individual routes are defined.
   - `preload` instructs the browser to preload the certificate from an HSTS preload service if available. This means that the certificate can be loaded from an already-trusted secure connection, and the user never needs to connect to your domain without TLS.