rest of defguard->Defguard

baq04 · baq04 · commit 38f802e28a23 · 2025-07-17T09:32:49.000+02:00
diff --git a/admin-and-features/forward-auth.md b/admin-and-features/forward-auth.md
@@ -1,13 +1,13 @@
 # Forward auth
 
-defguard supports [forward auth](https://app.gitbook.com/o/Z3mGSAbEj9iLdZ7cNFlL/s/hM5HQk0xXl585Dm4YMUV/~/changes/48/features/forward-auth) integration with popular reverse proxies (tested with [traefik](https://doc.traefik.io/traefik/) and [caddy](https://caddyserver.com/)). This allows you to use Defguard to secure services which don't provide their own authorization or OAuth integration.
+Defguard supports [forward auth](https://app.gitbook.com/o/Z3mGSAbEj9iLdZ7cNFlL/s/hM5HQk0xXl585Dm4YMUV/~/changes/48/features/forward-auth) integration with popular reverse proxies (tested with [traefik](https://doc.traefik.io/traefik/) and [caddy](https://caddyserver.com/)). This allows you to use Defguard to secure services which don't provide their own authorization or OAuth integration.
 
 {% hint style="warning" %}
 In order for forward auth to work the services you are trying to protect must be available at URLs within the same base domain as your Defguard instance.
 
 For example if you are serving your Defguard UI at `id.yourdomain.com`, then your services must use other subdomains of `yourdomain.com`, e.g. ``app1.yourdomain.com, `service.yourdomain.com` etc``.
 
-Additionally you have to update your [defguard config](../configuration.md#auth-cookies-configuration) to set the cookies domain to `yourdomain.com`.
+Additionally you have to update your [Defguard config](../configuration.md#auth-cookies-configuration) to set the cookies domain to `yourdomain.com`.
 {% endhint %}
 
 ## Example configurations
diff --git a/admin-and-features/ldap-and-active-directory-integration/README.md b/admin-and-features/ldap-and-active-directory-integration/README.md
@@ -4,7 +4,7 @@
 This is an enterprise feature. To use it, purchase our [enterprise license](../../enterprise/license.md) or ensure that your deployment does not exceed the [usage limits](../../enterprise/license.md#enterprise-is-free-up-to-certain-limits).
 {% endhint %}
 
-defguard supports integration with LDAP and Microsoft Active Directory (AD), enabling seamless connectivity with your existing directory infrastructure. This integration allows organizations to centralize user management, streamline authentication processes, and synchronize user and group data between Defguard and external directory services.
+Defguard supports integration with LDAP and Microsoft Active Directory (AD), enabling seamless connectivity with your existing directory infrastructure. This integration allows organizations to centralize user management, streamline authentication processes, and synchronize user and group data between Defguard and external directory services.
 
 This chapter covers all aspects of LDAP and AD integration, including:
 
diff --git a/admin-and-features/remote-user-enrollment/README.md b/admin-and-features/remote-user-enrollment/README.md
@@ -1,10 +1,10 @@
 # Remote user enrollment
 
-By design **defguard core** is meant to be deployed **securely** within your infrastructure and only accessible from within the internal network or by VPN.
+By design **Defguard core** is meant to be deployed **securely** within your infrastructure and only accessible from within the internal network or by VPN.
 
 This introduces an issue with onboarding **new users** and forces the admin to choose an initial password, setup a VPN device for them, and pass on those details to the end user using possibly **insecure** channels.
 
-To avoid this issue you can deploy a **public** [defguard proxy](https://github.com/DefGuard/proxy) which enables a **secure enrollment process:**
+To avoid this issue you can deploy a **public** [Defguard proxy](https://github.com/DefGuard/proxy) which enables a **secure enrollment process:**
 
 <figure><img src="https://raw.githubusercontent.com/DefGuard/docs/docs/releases/0.7/enrollment.png" alt=""><figcaption></figcaption></figure>
 
diff --git a/admin-and-features/ssh-authentication.md b/admin-and-features/ssh-authentication.md
@@ -2,7 +2,7 @@
 
 ## Overview
 
-defguard allows you to configure SSH authentication on your servers to use public SSH keys stored in your instance's database. This is possible by using the [AuthorizedKeysCommand option](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd\_config.5#AuthorizedKeysCommand) in OpenSSH daemon configuration file.
+Defguard allows you to configure SSH authentication on your servers to use public SSH keys stored in your instance's database. This is possible by using the [AuthorizedKeysCommand option](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd\_config.5#AuthorizedKeysCommand) in OpenSSH daemon configuration file.
 
 {% hint style="info" %}
 Each user can manage their public SSH (and GPG keys) in their user profile.
diff --git a/admin-and-features/wireguard/behavior-customization.md b/admin-and-features/wireguard/behavior-customization.md
@@ -26,7 +26,7 @@ Please note that Defguard has only **desktop clients** and **no official mobile*
 
 ### Disable _All Traffic_ option in the desktop client
 
-One of Defguarddesktop client uniqe features is the possibility for the user to automatically route **All network traffic** from their device **through the connected VPN Location**, when the user checks _All traffic_ optio&#x6E;_**:**_
+One of Defguard desktop client uniqe features is the possibility for the user to automatically route **All network traffic** from their device **through the connected VPN Location**, when the user checks _All traffic_ optio&#x6E;_**:**_
 
 ![](<../../.gitbook/assets/Screenshot 2024-10-14 at 12.49.30.png>)
 
diff --git a/admin-and-features/wireguard/create-your-vpn-network.md b/admin-and-features/wireguard/create-your-vpn-network.md
@@ -53,7 +53,7 @@ Defguard assigns IP addresses to clients by sequentially scanning each defined s
 
 ### Gateway address
 
-It's the **public IP address** or **DNS domain** to which the remote peer's/users will connect to. This address is **will be shared in the configuration** for the clients, but Defguardgateways do **not bind to this address**.
+It's the **public IP address** or **DNS domain** to which the remote peer's/users will connect to. This address is **will be shared in the configuration** for the clients, but Defguard gateways do **not bind to this address**.
 
 {% hint style="info" %}
 **Defguard gateways bind to all IP addresses and the port defined below.**
diff --git a/admin-and-features/wireguard/executing-custom-gateway-commands.md b/admin-and-features/wireguard/executing-custom-gateway-commands.md
@@ -1,6 +1,6 @@
 # Executing custom gateway commands
 
-defguard gateway has ability to execute custom commands before and after the WireGuard tunnel us up or down.
+Defguard gateway has ability to execute custom commands before and after the WireGuard tunnel us up or down.
 
 {% hint style="warning" %}
 If you want to run a shell script, you should pass it's path to your shell, for example:
diff --git a/configuration.md b/configuration.md
@@ -144,7 +144,7 @@ The following env variables or gateway arguments define which commands gateway w
 It's usfull for exaple to use those commands to launch custom firewall commands or scripts that do various operations needed to be done on those ocasions.
 
 {% hint style="danger" %}
-defguard is built with highest security standards in mind, thus the options below **accept only a full path to one command and it's arguments.**
+Defguard is built with highest security standards in mind, thus the options below **accept only a full path to one command and it's arguments.**
 
 If you would like to have **multiple commands run,** you can create a shell script which will define the acceptable and preferred shell you would like to use and then all the commands you like to execute.
 {% endhint %}
diff --git a/deployment-strategies/pre-production-and-development-releases.md b/deployment-strategies/pre-production-and-development-releases.md
@@ -10,7 +10,7 @@ The simplest way to test the latest development or pre-release version is to use
 
 Each GitHub repository ([core](https://github.com/DefGuard/defguard/releases), [gateway](https://github.com/DefGuard/gateway/releases), [proxy](https://github.com/DefGuard/proxy/releases), and [client](https://github.com/DefGuard/client/releases)) has its **pre-prelease versions** available on the GitHub release page. This is where you can download binaries or packages with the pre-release, e.g.:
 
-<figure><img src="../.gitbook/assets/Screenshot 2024-10-18 at 14.51.11.png" alt=""><figcaption><p>defguard core example pre-release</p></figcaption></figure>
+<figure><img src="../.gitbook/assets/Screenshot 2024-10-18 at 14.51.11.png" alt=""><figcaption><p>Defguard core example pre-release</p></figcaption></figure>
 
 ### Docker images
 
diff --git a/deployment-strategies/setting-up-your-instance.md b/deployment-strategies/setting-up-your-instance.md
@@ -4,7 +4,7 @@ Welcome to the deployment strategies section of Defguard documentation. This gui
 
 ## Components
 
-defguard comes with four main components:
+Defguard comes with four main components:
 
 * **Core service** - main web UI and database
 * **Proxy service** - used to safely expose a subset of public functionalities
diff --git a/enterprise/license.md b/enterprise/license.md
@@ -32,7 +32,7 @@ You can buy a monthly (soon yearly) subscription on our website: [https://defgua
 After purchasing:
 
 1. The license will be emailed to you on the email defined in the purchase form. Also there will be a second email with the invoice.
-2. Each month (on the date the license expires) **defguard core will contact our licensing server** and if the monthly payment was successful, our licensing server will **automatically issue a new license and the enterprise plan will be extended to new date.**
+2. Each month (on the date the license expires) **Defguard core will contact our licensing server** and if the monthly payment was successful, our licensing server will **automatically issue a new license and the enterprise plan will be extended to new date.**
 
 {% hint style="warning" %}
 If your setup / firewall / network policy **doesn't allow that Defguard will contact our licensing server, please contact us for the** [**Offline license**](license.md#offline-license)**.**
@@ -56,7 +56,7 @@ To configure Defguard with the received license, please go to **Settings** -> en
 
 The license will be validated and detailed information about the license will be diplayed (validity period and the license type):
 
-<figure><img src="../.gitbook/assets/enterprise-settings.png" alt=""><figcaption><p>defguard enterprise license settings</p></figcaption></figure>
+<figure><img src="../.gitbook/assets/enterprise-settings.png" alt=""><figcaption><p>Defguard enterprise license settings</p></figcaption></figure>
 
 
 
diff --git a/getting-started/one-line-install.md b/getting-started/one-line-install.md
@@ -123,7 +123,7 @@ There are several options that can be configured to customize your Defguard inst
 ### CLI options
 
 ```
-defguard deployment setup script v1.1.0
+Defguard deployment setup script v1.1.0
 Copyright (C) 2023 teonite <https://teonite.com>
 
 Usage:  [options]
diff --git a/help/configuring-vpn/adding-wireguard-devices/README.md b/help/configuring-vpn/adding-wireguard-devices/README.md
@@ -19,7 +19,7 @@ Please note that <mark style="color:red;">WireGuard clients other than</mark> [D
 
 <figure><img src="../../../.gitbook/assets/add-device2.png" alt=""><figcaption></figcaption></figure>
 
-a. **Generate key pair** - if you are a new user, just select this option - it will generate a secure key pair (private and public key) - **securly in you browser (defguard doesn't store user private keys)**
+a. **Generate key pair** - if you are a new user, just select this option - it will generate a secure key pair (private and public key) - **securly in you browser (Defguard doesn't store user private keys)**
 
 {% hint style="info" %}
 Choosing this option - when you download your configuration (or use QR Code to configure Wireguard on your mobile device) - **the private key will be included in your configuration and there will be noting else you need to do**
diff --git a/help/configuring-vpn/adding-wireguard-devices/configuring-a-device-for-a-new-vpn-location.md b/help/configuring-vpn/adding-wireguard-devices/configuring-a-device-for-a-new-vpn-location.md
@@ -20,7 +20,7 @@ The configuration will be named **LocationName-device.conf** - just add a new co
 5. **Replacing the PrivateKey**
 
 {% hint style="danger" %}
-**defguard doesn't store any user devices' private keys - you need to provide them**
+**Defguard doesn't store any user devices' private keys - you need to provide them**
 {% endhint %}
 
 Since Defguard doesn't have access to your private keys - **but has your public key stored for that device** - you need to replace the **PrivateKey value** in the new configuration location.
diff --git a/help/enrollment/with-external-sso-google-microsoft-custom.md b/help/enrollment/with-external-sso-google-microsoft-custom.md
@@ -18,4 +18,4 @@ Now log in with your SSO and after successful login process, you will receive in
 
 <figure><img src="../../.gitbook/assets/Screenshot 2024-11-15 at 18.52.56.png" alt=""><figcaption></figcaption></figure>
 
-Download the [defguard desktop client](https://defguard.net/download/), and [enter _Instance URL_ and _token_ shown on this screen - more details here](../configuring-vpn/#automatic-with-defguard-client).
+Download the [Defguard desktop client](https://defguard.net/download/), and [enter _Instance URL_ and _token_ shown on this screen - more details here](../configuring-vpn/#automatic-with-defguard-client).
diff --git a/help/enrollment/with-internal-defguard-sso.md b/help/enrollment/with-internal-defguard-sso.md
@@ -16,7 +16,7 @@ All done by a nice wizard:
 
 <figure><img src="https://github.com/DefGuard/docs/raw/docs/releases/0.7/enrollment.png?raw=true" alt=""><figcaption></figcaption></figure>
 
-This can be done in **two ways** - either in the **browser** (web based) or by using a **defguard desktop client**. For both ways, there is an email that is sent to the user with explanation and relevant URLs/tokens.
+This can be done in **two ways** - either in the **browser** (web based) or by using a **Defguard desktop client**. For both ways, there is an email that is sent to the user with explanation and relevant URLs/tokens.
 
 {% hint style="warning" %}
 When starting the enrollment process - a user will have only **10minutes** to complete the process.
diff --git a/help/setting-up-2fa-mfa.md b/help/setting-up-2fa-mfa.md
@@ -41,7 +41,7 @@ After doing that, a new screen will show on the _Authenticator_ app, that will g
 
 <figure><img src="../.gitbook/assets/authenticator.png" alt="" width="188"><figcaption></figcaption></figure>
 
-**Enter the code you see on the mobile app**, to confirm, that the process has been done correctly (defguard will now validate the code).
+**Enter the code you see on the mobile app**, to confirm, that the process has been done correctly (Defguard will now validate the code).
 
 After the code has been validated, either:
 
diff --git a/in-depth/architecture/README.md b/in-depth/architecture/README.md
@@ -1,8 +1,8 @@
 # Architecture
 
-By design **defguard core (the main component) is meant to be deployed in your secure network segments** (available only from an internal network or by VPN) and operations that require public access (like user onboarding, enrollment, password reset, etc.) **are done using a secure proxy:**
+By design **Defguard core (the main component) is meant to be deployed in your secure network segments** (available only from an internal network or by VPN) and operations that require public access (like user onboarding, enrollment, password reset, etc.) **are done using a secure proxy:**
 
-<figure><img src="../../.gitbook/assets/defguard-architecture.png" alt=""><figcaption><p>defguard architecture</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/defguard-architecture.png" alt=""><figcaption><p>Defguard architecture</p></figcaption></figure>
 
 This approach is vastly different from most (if not all) VPN/IdP solutions, which are a simple or monolithic application focus on functionalities (like generating configs, managing users, etc.) and most of the time is publicly available in the Internet for any attacker.
 
diff --git a/in-depth/puml/architecture-components.puml b/in-depth/puml/architecture-components.puml
@@ -16,7 +16,7 @@ System_Boundary(c1, "Community", "Core server") {
 }
 System_Boundary(c2, "Enterprise",) {
     Container(openid, "OpenID provider", "Rust", "Provides Login with Defguard functionality in trusted apps")
-    Container(yubibridge, "Yubi-Bridge", "Python", "Allows to create PGP keys based on user data from defguard and transfer them to YubiKey")
+    Container(yubibridge, "Yubi-Bridge", "Python", "Allows to create PGP keys based on user data from Defguard and transfer them to YubiKey")
     Container(ldap, "OpenLDAP synchronization", "Provide OpenLDAP sync functionality")
     Container(oauth2, "OAuth2", "Provides OAuth2 functionality")
 }
diff --git a/in-depth/puml/architecture-containers.puml b/in-depth/puml/architecture-containers.puml
@@ -9,7 +9,7 @@ System_Boundary(c1, "Defguard web platform") {
     Container(gateway, "Gateway client", "Rust", "Allows to manage wireguard server from defguard")
     Container(web_app, "Defguard web application", "React, Typescript", "Provides UI for user")
     ContainerDb(db, "Database", "PostgreSQL", "Stores all platform data")
-    Container(yubibridge, "Yubi-Bridge", "Python", "Allows to create PGP keys based on user data from defguard and transfer them to YubiKey")
+    Container(yubibridge, "Yubi-Bridge", "Python", "Allows to create PGP keys based on user data from Defguard and transfer them to YubiKey")
 }
 Rel(user, mfa, "Uses", "HTTPS", $tags="firewall")
 Rel(user, web_app, "Uses", "HTTPS", $tags="firewall")
diff --git a/integrations/api-tokens.md b/integrations/api-tokens.md
@@ -43,7 +43,7 @@ In the API token list you can later rename or delete a token:
 
 ## Usage
 
-defguard API uses a standard **Bearer token authentication** scheme.
+Defguard API uses a standard **Bearer token authentication** scheme.
 
 This means that an API token can be passed in the `Authorization`header to authenticate a given request instead of a session cookie used by the web UI:
 
diff --git a/support.md b/support.md
@@ -12,7 +12,7 @@ If you have bought an [Enterprise plan with premium support](https://defguard.ne
 
 ## Community Support
 
-Community support is done by the community as well as us (defguard authors) on our [Matrix](https://matrix.to/#/#defguard:teonite.com) - **Support** channel.
+Community support is done by the community as well as us (Defguard authors) on our [Matrix](https://matrix.to/#/#defguard:teonite.com) - **Support** channel.
 
 {% hint style="info" %}
 Since this a community support please remember that it may take some time to get a response, as there is no-one _assigned_ for the support 24/h - especially during the weekends, when people are just off.
diff --git a/tutorials/step-by-step-setting-up-a-vpn-server/README.md b/tutorials/step-by-step-setting-up-a-vpn-server/README.md
@@ -36,7 +36,7 @@ curl --proto '=https' --tlsv1.2 -sSf -L https://raw.githubusercontent.com/DefGua
 In this example we are answering the questions with the following answers:
 
 ```
-Enter defguard domain [default: ]: my-server.defguard.net
+Enter Defguard domain [default: ]: my-server.defguard.net
 Enter enrollment domain [default: ]: enroll.defguard.net
 Use HTTPS [default: false]: true
 Enter VPN location name [default: ]: Example
@@ -48,7 +48,7 @@ Enter VPN gateway public port [default: ]: 50555
 When finished you should see the following message:
 
 ```
-defguard setup finished successfully
+Defguard setup finished successfully
 If your DNS configuration is correct your Defguard instance should be available at:
 
 	Web UI: https://my-server.defguard.net
@@ -64,7 +64,7 @@ You can log into the UI using the default admin user:
 
 When you log in to your instance with user admin and the password that was generated for you, you should see that the VPN gateway is connected:
 
-<figure><img src="../../.gitbook/assets/SCR-20240118-ralh.png" alt=""><figcaption><p>defguard live status of WireGuard VPN gateway</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-ralh.png" alt=""><figcaption><p>Defguard live status of WireGuard VPN gateway</p></figcaption></figure>
 
 ### Connecting to your VPN using Defguard desktop client
 
@@ -110,7 +110,7 @@ Now let's test if the VPN network is accessible. To do so, let's ping the VPN ga
 
 As an administrator, you will probably be happy to see this - Defguard VPN dashboard:
 
-<figure><img src="../../.gitbook/assets/SCR-20240118-sthz.png" alt=""><figcaption><p>defguard VPN dashboard</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sthz.png" alt=""><figcaption><p>Defguard VPN dashboard</p></figcaption></figure>
 
 {% hint style="info" %}
 This completes your VPN setup - both server and client.
@@ -254,4 +254,4 @@ We put a lot! of effort in development, testing and documentation - to make diff
 * star us on GitHub: [https://github.com/defguard/defguard](https://github.com/defguard/defguard)
 * and spread the word about Defguard however you like!
 
-Thank you from the whole [defguard team.](https://teonite.com)
+Thank you from the whole [Defguard team.](https://teonite.com)
diff --git a/user-snat-bindings.md b/user-snat-bindings.md
@@ -12,7 +12,7 @@ This feature is available starting from version 1.5
 
 ## Overview
 
-defguard administrators are able to create SNAT (Source Network Address Translation) bindings which include following information:
+Defguard administrators are able to create SNAT (Source Network Address Translation) bindings which include following information:
 
 * location ID
 * user ID
