diff --git a/Docker.md b/Docker.md
index 41ceef2..70ea801 100644
--- a/Docker.md
+++ b/Docker.md
@@ -214,7 +214,7 @@ your machine:
the `/etc/systemd/resolved.conf.d` directory if needed) and add the
following content to it:
- ```none
+ ```service
[Resolve]
DNS=127.0.0.1
DNSStubListener=no
diff --git a/Encryption.md b/Encryption.md
index a9be85d..902062b 100644
--- a/Encryption.md
+++ b/Encryption.md
@@ -17,13 +17,14 @@ AdGuard Home.
1. [Install AdGuard Home on your server](#install)
1. [Register a domain name](#register)
1. [Get an SSL certificate](#certificate)
- * [Install CertBot](#certbot)
- * [Get a certificate using DNS challenge](#certbot-dnschallenge)
- * [Alternative to CertBot: Lego](#lego)
+ * [Using CertBot](#certbot)
+ * [Get a certificate using DNS challenge](#certbot-dnschallenge)
+ * [Using Lego](#lego)
1. [Configure AdGuard Home](#configure-home)
1. [Using with reverse proxy](#reverse-proxy)
* [Nginx](#nginx)
* [Cloudflare CDN](#cf-cdn)
+ * [Other Headers](#other-hdrs)
1. [Configure your devices](#configure-devices)
* [Android](#android)
* [iOS](#ios)
@@ -80,7 +81,7 @@ Security Research Group (ISRG).
In this guide I'll explain how to get a certificate from them.
- ### Install CertBot
+ ### Using CertBot
Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt.
@@ -89,7 +90,7 @@ Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt
1. Follow the installation instructions, and stop there – don't get to the "Get
Started" section.
- ### Get a certificate using DNS challenge
+ #### Get a certificate using DNS challenge
You have just got a domain name so I suppose using DNS challenge will be the
easiest way to get a certificate.
@@ -111,7 +112,7 @@ Both will be necessary to configure AdGuard Home.
> You will need to use the very same procedure to renew the existing
> certificate.
- ### Alternative to CertBot: Lego
+ ### Using Lego
There's also a really nice and easy-to-use alternative to CertBot called
[lego][lego-source].
@@ -186,7 +187,7 @@ their hostnames.
For example, if the configuration of the reverse proxy server contains the
following directives:
-```none
+```nginx
location /dns-query {
# …
proxy_set_header Host $host;
@@ -210,6 +211,23 @@ inserted into `trusted_proxies` list directly. An official Cloudflare's
reference on restoring the original visitor's IP may be found
[here][cloudflare-real-ip].
+ ### Other Headers
+
+Other HTTP headers may be supported by AdGuard Home in the future. However, any
+headers-related feature requests should first be tried to be resolved by
+configuring the reverse proxy itself.
+
+For example, to implement the [HTTP Strict Transport Security][hsts] mechanism,
+something like the following piece of configuration might be used:
+
+```nginx
+location /dns-query {
+ # …
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ # …
+}
+```
+
[reverse-proxy-faq]: https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#how-to-configure-a-reverse-proxy-server-for-adguard-home
@@ -217,6 +235,7 @@ reference on restoring the original visitor's IP may be found
[cloudflare-headers]: https://support.cloudflare.com/hc/en-us/articles/200170986
[cloudflare-addresses]: https://www.cloudflare.com/ips
[cloudflare-real-ip]: https://support.cloudflare.com/hc/en-us/articles/200170786
+[hsts]: https://datatracker.ietf.org/doc/html/rfc6797
diff --git a/FAQ.md b/FAQ.md
index 396ad58..74f6a04 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -344,9 +344,11 @@ If you're already running a web server and want to access the AdGuard Home
dashboard UI from a URL like `http://YOUR_SERVER/aghome/`, you can use this
configuration for your web server:
+
+
### nginx
-```none
+```nginx
location /aghome/ {
proxy_cookie_path / /aghome/;
proxy_pass http://AGH_IP:AGH_PORT/;
@@ -368,8 +370,8 @@ location /aghome/ {
}
```
-Or, if you just want to serve AdGuard Home with automatic TLS, use
-a configuration similar to the example shown below:
+Or, if you just want to serve AdGuard Home with automatic TLS, use a
+configuration similar to the example shown below:
```none
DOMAIN {
@@ -393,9 +395,10 @@ AdGuard Home respond to DoH requests without TLS encryption.
**Since v0.107.0,** you can set the parameter `trusted_proxies` to the IP
address(es) of your HTTP proxy to make AdGuard Home take the headers containing
-the real client IP address into account. See the [configuration page][conf] for
-more information.
+the real client IP address into account. See the [configuration][conf] and
+[encryption][encr] pages for more information.
+[encr]: https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption#reverse-proxy
[conf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
diff --git a/VPS.md b/VPS.md
index 52035d6..f60a5cc 100644
--- a/VPS.md
+++ b/VPS.md
@@ -7,20 +7,20 @@ To run AdGuard Home on a VPS, you need a server with Debian 8 or 9, x64 or x32.
## Initial installation
First let's ensure that your VPS has necessary minimal requirements, run this as root:
-```bash
+```sh
apt-get install sudo nano bind9-host
```
Go to [AdGuard Home page](https://github.com/AdguardTeam/AdGuardHome#installation) and download binaries for your architecture (64-bit Linux in this example).
To download AdGuard Home and unpack it execute following commands:
-```bash
+```sh
wget https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz
tar xvf AdGuardHome_linux_amd64.tar.gz
```
You can find out the directory where you've unpacked it to by running these commands:
-```bash
+```sh
cd AdGuardHome
pwd
```
@@ -36,12 +36,12 @@ Here are the other commands you might need to control the service.
* `AdGuardHome -s status` - shows the current service status.
You can verify that it's working properly by running this command:
-```bash
+```sh
host doubleclick.net 127.0.0.1
```
If everything works correctly, you will get this output:
-```
+```none
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53