GITBOOK-392: URL clarification

Author: defguard-community

features/setting-up-your-instance/configuration.md

@@ -4,7 +4,12 @@ icon: memo-circle-info
 
 # Configuration
 
-Here you can find a list of all configurable things through environmental variables, options or configuration files for all defguard components (each section for every component).
+Here you can find a list of all configurable things through environmental variables, options or configuration files for all defguard components (each top-level section for a specific component):
+
+* [Core config](configuration.md#core)
+* [Proxy config](configuration.md#proxy-service)
+* [Gateway config](configuration.md#gateway-configuration)
+* [YubiBridge config](configuration.md#yubibridge-configuration)
 
 {% hint style="info" %}
 If you are using [one-line installation](one-line-install.md), everything is generated and configured automatically.
@@ -26,11 +31,11 @@ You can generate random strings for secrets with e.g.:
 * `DEFGUARD_SECRET_KEY`: JWT secret key for encrypting private cookies; must be at least 64 characters long
 * `DEFGUARD_GATEWAY_SECRET`: JWT secret key for encrypting Gateway tokens, default: `DEFGUARD_GATEWAY_SECRET`
 * `DEFGUARD_YUBIBRIDGE_SECRET`: JWT secret key for encrypting YubiBridge tokens, default: `DEFGUARD_YUBIBRIDGE_SECRET`
-* `DEFGUARD_OPENID_KEY`: this is optional if you want to use [HMAC](https://en.wikipedia.org/wiki/HMAC) algorithm for OIDC token validation, if you want to use [RSA](https://en.wikipedia.org/wiki/RSA\_\(cryptosystem\)) please provide a path to a private key file used for OAuth2/OpenID, [more here](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#openid-rsa-setup).
+* `DEFGUARD_OPENID_KEY`: this is optional if you want to use [HMAC](https://en.wikipedia.org/wiki/HMAC) algorithm for OIDC token validation, if you want to use [RSA](https://en.wikipedia.org/wiki/RSA_\(cryptosystem\)) please provide a path to a private key file used for OAuth2/OpenID, [more here](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#openid-rsa-setup).
 
 ### General configuration
 
-* `DEFGUARD_URL`: URL of your server instance, default `http://localhost:8000.`This url is needed to be exact since it's needed for OpenID discovery endpoint to work correctly, so if you have a reverse-proxy, custom domain, please provide an actual URL for defguard core.
+* `DEFGUARD_URL`: URL of your server instance, default `http://localhost:8000. This is the address at which the Web UI you use to administer your instance and the REST API endpoints are available (both of those are served by defguard core on port 8000 by default; port can be configured with DEFGUARD_HTTP_PORT env variable).`This URL is needed to be exact since it's needed for OpenID discovery endpoint to work correctly, so if you have a reverse-proxy, custom domain, please provide an actual URL for defguard core.
 * `DEFGUARD_GATEWAY_DISCONNECTION_NOTIFICATION_TIMEOUT`: If gateway is disconnected for this long, send email notification, default: `10m` ([Humantime documentation](https://docs.rs/humantime/latest/humantime/struct.Duration.html))
 * `DEFGUARD_WEBAUTHN_RP_ID` (optional): Relying party ID and relying party origin for WebAuthn used for MFA. By default, it's generated by using a base domain of `DEFGUARD_URL` (for example https://defguard.example.com is converted to defguard.example.com).
 
@@ -78,7 +83,7 @@ This is of course not recommended in production but can be useful when testing w
 
 ### Enrollment configuration
 
-* `DEFGUARD_ENROLLMENT_URL`: external URL of the enrollment proxy server, default `http://localhost:8080` - this URL is send in enrollment emails as well as displayed when configuring the desktop client - thus must be to the actual URL you have configured the proxy to be visible at, otherwise the enrollment or desktop client configuration will not work.
+* `DEFGUARD_ENROLLMENT_URL`: external URL of the enrollment proxy server, default `http://localhost:8080` - this URL is sent in enrollment emails as well as displayed when configuring the desktop client - thus must be to the actual URL you have configured the proxy Web UI to be accessible at, otherwise the enrollment or desktop client configuration will not work.
 * `DEFGUARD_ENROLLMENT_TOKEN_TIMEOUT`: how long is the enrollment token valid for use, default: `24h` ([Humantime documentation](https://docs.rs/humantime/latest/humantime/struct.Duration.html))
 * `DEFGUARD_ENROLLMENT_SESSION_TIMEOUT`: how long in the enrollment session valid after a user uses the token to start the enrollment process, default: `10m` ([Humantime documentation](https://docs.rs/humantime/latest/humantime/struct.Duration.html))
 
@@ -105,11 +110,11 @@ This is of course not recommended in production but can be useful when testing w
 
 Here are proxy ENV variables. gRPC configuration is described more [on this help page.](../../admin-and-features/setting-up-your-instance/grpc-ssl-communication.md)
 
-* `DEFGUARD_PROXY_HTTP_PORT`: port the API server will listen on, default `8080`
+* `DEFGUARD_PROXY_HTTP_PORT`: port the proxy API server and Web UI will listen on, default `8080`
 * `DEFGUARD_PROXY_GRPC_PORT`: port the gRPCS server will listen on, default `50051`
 * `DEFGUARD_PROXY_GRPC_CERT` (optional): path to TLS certificate file
 * `DEFGUARD_PROXY_GRPC_KEY`(optional): path to TLS key file. [More on that in this help page.](../../admin-and-features/setting-up-your-instance/grpc-ssl-communication.md)
-* `DEFGUARD_PROXY_URL` - if you wish to use External OIDC enrollment/desktop client configuration, please set this value to the same as `DEFGUARD_ENROLLMENT_URL` in core.
+* `DEFGUARD_PROXY_URL` - if you wish to use External OIDC enrollment/desktop client configuration, please set this value to the same as `DEFGUARD_ENROLLMENT_URL` in core. This is the address at which the proxy Web UI is available.
 * `DEFGUARD_PROXY_LOG_LEVEL` : [Logger](https://crates.io/crates/log) log level, default: `info`, supported: `debug`, `warn`, `error`
 
 ## Gateway Configuration