Extend dev-env-setup; remove superfluous non-breaking spaces

README.md

@@ -79,7 +79,7 @@ _defguard is not an official WireGuard project, and WireGuard is a registered tr
 
 * Secure remote (over the internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment)
 * User [onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment)
-* Self-service for password reset 
+* Self-service for password reset
 
 ### Yubikey Provisioning
 

admin-and-features/features-and-configuration/openid-connect/django.md

@@ -40,7 +40,7 @@ openssl genpkey -out rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
 
 Now we need to set **DEFGUARD\_OPENID\_KEY** variable to path pointing to that _<mark style="color:purple;">rsakey.pem</mark>_ file.
 
-When starting Defguard now you should be able to see the following info log :&#x20;
+When starting Defguard now you should be able to see the following info log:
 
 ```log
 INFO defguard: Using RSA OpenID signing key
@@ -203,7 +203,7 @@ def defguard_authorize(request):
     return redirect("/admin")
 ```
 
-With the provided example, you will need to fill out only **DEFGUARD\_CLIENT\_ID** and **DEFGUARD\_CLIENT\_SECRET**.&#x20;
+With the provided example, you will need to fill out only **DEFGUARD\_CLIENT\_ID** and **DEFGUARD\_CLIENT\_SECRET**.
 
 Either provide them as environment variables or modify the views file and pass them as strings to oauth register function.
 

admin-and-features/features-and-configuration/openid-connect/minio.md

@@ -14,7 +14,7 @@ openssl genpkey -out rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
 
 Now we need to set **DEFGUARD\_OPENID\_KEY** variable to path pointing to that _<mark style="color:purple;">rsakey.pem</mark>_ file.
 
-When starting Defguard now you should be able to see the following info log :&#x20;
+When starting Defguard now you should be able to see the following info log:
 
 ```log
 INFO defguard: Using RSA OpenID signing key

admin-and-features/features-and-configuration/openid-connect/portainer.md

@@ -10,7 +10,7 @@ First, go to the defguard OpenID tab and click add new app button.
 
 * OpenID
 * Profile
-* Email 
+* Email
 
 Then add your app. After successfully adding your app you can see it in the OpenID apps list. When you click on it you will be redirected to the client details page. From this page copy Client ID and Client secret values for later.
 

admin-and-features/features-and-configuration/wireguard/create-your-vpn-network.md

@@ -43,7 +43,7 @@ By providing the VPN IP/mask, you are configuring both: **the VPN internal netwo
 
 ### Gateway address
 
-It's the **public IP** address to which the remote peer's/users will connect to. This IP address is **will be shared in the configuration** for the clients, but defguard gateways do **not bind to this address**. 
+It's the **public IP** address to which the remote peer's/users will connect to. This IP address is **will be shared in the configuration** for the clients, but defguard gateways do **not bind to this address**.
 
 {% hint style="warning" %}
 Defguard gateways bind to all IP addresses and the port defined below.
@@ -64,7 +64,7 @@ It supports multiple networks separated with comma, eg. 10.11.1.0/0, 192.168.1.0
 {% hint style="danger" %}
 Right now defguard only manages routing of AllowedIPs (adding to routing table the networks defined in AllowedIPs).
 
-If you want the _All Traffic_ to work in the desktop client you need to also configure MASQUARED/NAT for the VPN interface. [Example of that here.](../../../tutorials/step-by-step-setting-up-a-vpn-server/#enabling-to-access-internet-through-your-vpn) 
+If you want the _All Traffic_ to work in the desktop client you need to also configure MASQUARED/NAT for the VPN interface. [Example of that here.](../../../tutorials/step-by-step-setting-up-a-vpn-server/#enabling-to-access-internet-through-your-vpn)
 {% endhint %}
 
 ### DNS

admin-and-features/features-and-configuration/wireguard/dns-and-domains.md

@@ -2,7 +2,7 @@
 
 To change / add DNS settings or a DNS search domain:
 
-* Go to Location overview 
+* Go to Location overview
 * Click \*Edit location settings\* (right top corner)
 * In the DNS section enter the IP addresses of DNS servers (separated by commas ",") and a search domain
 

admin-and-features/features-and-configuration/wireguard/executing-custom-gateway-commands.md

@@ -3,7 +3,7 @@
 defguard gateway has ability to execute custom commands before and after the WireGuard tunnel us up or down.
 
 {% hint style="warning" %}
-If you want to run a shell script, you should pass it's path to your shell, for example: 
+If you want to run a shell script, you should pass it's path to your shell, for example:
 
 `/bin/sh -c /path/to/script`
 {% endhint %}
@@ -12,21 +12,21 @@ You can use this functionality in various ways:
 
 #### ENV Variables
 
-* `PRE_UP` - Command to run before bringing up the interface. 
+* `PRE_UP` - Command to run before bringing up the interface.
 * `POST_UP` - Command to run after bringing up the interface.
 * `PRE_DOWN` - Command to run before bringing down the interface.
 * `POST_DOWN` - Command to run after bringing down the interface.
 
 #### Command line arguments
 
-* `--pre-up` - Command to run before bringing up the interface. 
+* `--pre-up` - Command to run before bringing up the interface.
 * `--post-up` - Command to run after bringing up the interface.
 * `--pre-down` - Command to run before bringing down the interface.
 * `--post-down` - Command to run after bringing down the interface.
 
 #### /etc/defguard/gateway.toml - configuration file entries
 
-* `pre-up` - Command to run before bringing up the interface. 
+* `pre-up` - Command to run before bringing up the interface.
 * `post-up` - Command to run after bringing up the interface.
 * `pre-down` - Command to run before bringing down the interface.
 * `post-down` - Command to run after bringing down the interface.

admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/README.md

@@ -41,7 +41,7 @@ When MFA configuration is changed, all clients must do an [Instance Update](../.
 
 ### Testing MFA on defguard client
 
-If a VPN has MFA enabled, before connecting you will be asked to complete the authentication step first: 
+If a VPN has MFA enabled, before connecting you will be asked to complete the authentication step first:
 
 <figure><img src="../../../../.gitbook/assets/defguard-client-mfa-modal.png" alt=""><figcaption><p>MFA in defguard desktop client</p></figcaption></figure>
 

admin-and-features/features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md

@@ -1,6 +1,6 @@
 # MFA Architecture
 
-WireGuard by itself does not have a concept of MFA or any additional authorization aside from validating peers cryptographically by their public and pre-shared keys. 
+WireGuard by itself does not have a concept of MFA or any additional authorization aside from validating peers cryptographically by their public and pre-shared keys.
 
 Desktop Client MFA functionality is build entirely in defguard as a layer above the WireGuard protocol. Below is a brief explanation of its architecture and the authorization process itself.
 

admin-and-features/features-and-configuration/wireguard/remote-desktop-activation.md

@@ -7,7 +7,7 @@ description: How to manually generate token for user as an administrator.
 This process enables system **administrators** to create and distribute desktop **activation tokens to users facing access issues to the defguard instance**. It's handy if a user is already enrolled (has an account) but has not configured the desktop client and doesn't have access to defguard (is outside the internal network and can't access defguard).
 
 {% hint style="info" %}
-Users can activate / configure their desktop client themselves - for that documentation please go to: [Adding an instance in the client documentation](../../../help/configuring-vpn/add-new-instance/). 
+Users can activate / configure their desktop client themselves - for that documentation please go to: [Adding an instance in the client documentation](../../../help/configuring-vpn/add-new-instance/).
 {% endhint %}
 
 Navigate to the user's list page.
@@ -17,7 +17,7 @@ Navigate to the user's list page.
 Select "Configure Desktop Client" from the action menu.
 
 {% hint style="info" %}
-This option is only available if the instance has at least one localization, and the user is 'active'. For users that require enrollment, you can choose the option 'Start enrollment' and that token will also work with the client. 
+This option is only available if the instance has at least one localization, and the user is 'active'. For users that require enrollment, you can choose the option 'Start enrollment' and that token will also work with the client.
 {% endhint %}
 
 <figure><img src="../../../.gitbook/assets/Remote Desktop Client config.png" alt=""><figcaption></figcaption></figure>

admin-and-features/features-and-configuration/yubikey-provisioning.md

@@ -29,7 +29,7 @@ It's completely safe, defguard does not store private keys. Every key is provisi
 
 That also means that the **master key** is deleted and only sub-keys are stored - so you will not be able for example to edit the GPG key and add additional emails, etc - as that requires the **master key** to be imported to GPG.
 
-As we do not want to store any private keys for security reasons, we have some ideas and plans for **optional master-key** storage based on **HSM encryption**, but we want to see if any actual companies/users need that, as there is always a way just to overwrite the existing YK and provision with new data. 
+As we do not want to store any private keys for security reasons, we have some ideas and plans for **optional master-key** storage based on **HSM encryption**, but we want to see if any actual companies/users need that, as there is always a way just to overwrite the existing YK and provision with new data.
 {% endhint %}
 
 ## Installation of provisioning service
@@ -54,7 +54,7 @@ yubikey-provision -h
 
 ### CLI options and configuration
 
-Configuration can be provided in CLI with options, in environment variables, or via `.env` file.  
+Configuration can be provided in CLI with options, in environment variables, or via `.env` file.
 
 <table><thead><tr><th>Name</th><th>Description</th><th data-type="checkbox">Required</th><th>CLI option</th><th>Environment variable</th><th>Default value</th></tr></thead><tbody><tr><td>Provisioner ID</td><td>Shown in Defguard UI</td><td>true</td><td>--id</td><td>WORKER_ID</td><td>YubikeyProvisioner</td></tr><tr><td>Log level</td><td>Sets logging level</td><td>false</td><td>--log-level</td><td>LOG_LEVEL</td><td>info</td></tr><tr><td>GRPC Endpoint</td><td>Url of your Defguard instance GRPC endpoint. Make sure you include <strong><code>http</code></strong> or <strong><code>https</code></strong>  !</td><td>true</td><td>--grpc</td><td>GRPC_URL</td><td><a href="http://127.0.0.1:50055">http://127.0.0.1:50055</a></td></tr><tr><td>GRPC CA File</td><td>Path to CA file. Needed if you want GRPC to use TLS. <br><br>You don't need to change http in endpoint if this is present.</td><td>false</td><td>--ca-file</td><td>GRPC_CA</td><td></td></tr><tr><td>Authorization Token</td><td>Authorization Token found in Defguard UI on Provisioners page.</td><td>true</td><td>--token</td><td>DEFGUARD_TOKEN</td><td></td></tr><tr><td>Detection retries</td><td>How many times provisioner will check for YubiKey presence in system before abandoning the process.</td><td>false</td><td>--smartcard-retries</td><td>YUBIKEY_RETRIES</td><td>1</td></tr><tr><td>Retry interval</td><td>How long between retries provisioner will wait ( in seconds )</td><td>false</td><td>--smartcard-retry-interval</td><td>YUBIKEY_RETRY_INTERVAL</td><td>15</td></tr><tr><td>GPG debug level</td><td>Sets debug level for gpg command during gpg operations</td><td>false</td><td>--gpg-debug-level</td><td>GPG_DEBUG_LEVEL</td><td>none</td></tr></tbody></table>
 

admin-and-features/setting-up-your-instance/docker-images-and-tags.md

@@ -6,7 +6,6 @@ icon: container-storage
 
 All docker images for gateway, core and proxy have these aditional tags:
 
-* `latest` - this tag is for the latest production release - aka `vX.Y.Z` from the `main` branch 
+* `latest` - this tag is for the latest production release - aka `vX.Y.Z` from the `main` branch
 * `pre-release`- this tag is for the latest pre-production release - aka `vX.Y.Z-alpha/beta/rcX` from the `main` branch
 * `dev` - this tag is for the latest development relase from the `dev` branch.
-

admin-and-features/setting-up-your-instance/gateway/README.md

@@ -101,7 +101,7 @@ opnsense-patch
 
 <figure><img src="../../../.gitbook/assets/OPNSense Plugin.png" alt=""><figcaption></figcaption></figure>
 
-5. Fill form with appropriate values click `Save` then `Start/Restart`&#x20;
+5. Fill form with appropriate values click `Save` then `Start/Restart`
 
 {% hint style="info" %}
 You can find detailed description of all fields [here](../../../features/setting-up-your-instance/configuration.md#gateway-configuration).

admin-and-features/setting-up-your-instance/high-availability-and-failover.md

@@ -8,7 +8,7 @@ Currently we support the following HA/failover scenarios:
 
 ## Gateway - High Availability
 
-We support active-active configurations with multiple gateways for a single VPN instance or location. Since our gateway uses a vanilla kernel WireGuard®, there are multiple approaches for implementation. 
+We support active-active configurations with multiple gateways for a single VPN instance or location. Since our gateway uses a vanilla kernel WireGuard®, there are multiple approaches for implementation.
 
 {% hint style="info" %}
 Please also see documentation of [Creating a New VPN location](../features-and-configuration/wireguard/create-your-vpn-network.md) where each [location setting has information regarding high-availability](../features-and-configuration/wireguard/create-your-vpn-network.md#vpn-location-settings).
@@ -55,5 +55,4 @@ We recommend to deploy them on a failover solution - like on a kubernetes cluste
 Also failover is good eanough now, since:
 
 * gateways are fully active-active HA,
-* even if they fail, [peers are fully (or with configuration) persistent](high-availability-and-failover.md#what-is-the-gateway-peers-persistance-if-core-proxy-services-fail). 
-
+* even if they fail, [peers are fully (or with configuration) persistent](high-availability-and-failover.md#what-is-the-gateway-peers-persistance-if-core-proxy-services-fail).

admin-and-features/troubleshooting/README.md

@@ -9,7 +9,7 @@ description: Here are some common issues / problems that are frequently encounte
 Before contacting support, please see if the answer cannot be found here:
 {% endhint %}
 
-## Desktop client real-time/auto sync doesn't work 
+## Desktop client real-time/auto sync doesn't work
 
 The client communicates with core to initiate the handshake through the secure proxy (which is also the enrollment service - [more details about the architecture here](../features-and-configuration/wireguard/multi-factor-authentication-mfa-2fa/architecture.md)), so it's critical it works and is properly configured.
 
@@ -41,7 +41,7 @@ So if you are disconnected from the location:
 
 ## Client: failed to configure DNS (Linux)
 
-This error commonly occurs on Ubuntu 22. Defguard client internally calls `resolvconf` to set DNS servers. The only tested backend is `systemd-resolved`, so make sure you use it before proceeding further (`systemctl status systemd-resolved`). 
+This error commonly occurs on Ubuntu 22. Defguard client internally calls `resolvconf` to set DNS servers. The only tested backend is `systemd-resolved`, so make sure you use it before proceeding further (`systemctl status systemd-resolved`).
 
 On newer Ubuntu distributions (23 and up) `resolvconf` is, by default, a symbolic link to `resolvectl` and this is the recommended way of interacting with the system's DNS configuration. On Ubuntu 22 the symbolic link doesn't exist and the most straightforward way to fix this issue is to manually create it:
 
@@ -61,7 +61,7 @@ Best would be to setup on the server NTP time synchronization.
 
 This error is common if you use a reverse-proxy for any of our components.
 
-Every reverse proxy has a timeout for keeping the connection alive. You can increase the timeout value to see less errors, but they will eventually appear. 
+Every reverse proxy has a timeout for keeping the connection alive. You can increase the timeout value to see less errors, but they will eventually appear.
 
 Ignore them, this is a normal behaviour.
 

contact-us/support.md

@@ -1,6 +1,6 @@
 # Community & Support
 
-## Contacting Support 
+## Contacting Support
 
 If you have bought an [Enterprise plan with premium support ](https://defguard.net/pricing/)you can reach us at:
 
@@ -29,5 +29,3 @@ Matrix is vastly more secure then those (convenient) platforms - and open source
 Please do **not open Github Issues for security issues you encounter**. To reporting a vulnerability open a [security advisory here](https://github.com/defguard/defguard/security/advisories/new).
 
 \
-
-

enterprise/all-enteprise-features/README.md

@@ -7,9 +7,8 @@ icon: square-web-awesome-stroke
 Here is a list of all Enterprise features:
 
 * [Ability to use external OIDC](external-openid-providers/) (Google/Microsoft/Okta/JumpCloud/Custom) to login or create defguard account.
-* [Real time sync for client configurations](automatic-real-time-desktop-client-configuration.md)! **First WireGuard client to support this feature!** 
+* [Real time sync for client configurations](automatic-real-time-desktop-client-configuration.md)! **First WireGuard client to support this feature!**
 * Ability to use [external OIDC for secure remote enrollment and Desktop client configuration](external-oidc-secure-enrollment.md)
 * Ability to [disable for users to manage their devices](behavior-customization.md#disable-for-users-to-manage-their-devices) (just admin will have this possibility).
 * Ability to [disable for users to configure WireGuard clients other then defguard desktop client](behavior-customization.md#disable-ability-to-configure-other-vpn-clients-then-defguard-desktop-client).
 * Ability to [disable "All traffic" in the desktop client ](behavior-customization.md#disable-all-traffic-option-in-the-desktop-client)- just "predefined" traffic by admins.
-

enterprise/all-enteprise-features/automatic-real-time-desktop-client-configuration.md

@@ -11,9 +11,8 @@ In the course of time: new locations can be added by administrators, existing on
 In order to reconfigure users desktop client the administrator has two possibilities:
 
 1. If using the **Open Source Open Core** - the administrator needs to send a new configuration token to each user affected, and the user needs to [Update the instance](../../help/configuring-vpn/add-new-instance/update-instance.md) in the desktop client with the new obtained token.
-2. Obtain the **Enterprise License**, then each users desktop client (and all Locations) are **reconfigured automatically, real time** (propagation takes around 30 seconds to 1 minute) each time any VPN Location is reconfigured or the user is assigned to a different group. 
+2. Obtain the **Enterprise License**, then each users desktop client (and all Locations) are **reconfigured automatically, real time** (propagation takes around 30 seconds to 1 minute) each time any VPN Location is reconfigured or the user is assigned to a different group.
 
 {% hint style="warning" %}
 If you have been using defguard prior to version 1.0.0, upgraded and have Enterprise License, to take advantage of the real-time config sync on an already configured desktop client, [please refer to Upgrade notes documentation.](../../features/setting-up-your-instance/upgrading.md#desktop-client-real-time-sync)
 {% endhint %}
-

enterprise/all-enteprise-features/behavior-customization.md

@@ -28,7 +28,7 @@ Please note that defguard has only **desktop clients** and **no official mobile*
 
 Of of defguard desktop client uniqe features is the possibility for the user to automatically route **All network traffic** from their device **through the connected VPN Location**, when the user checks _All traffic_ option_**:**_
 
-&#x20;![](<../../.gitbook/assets/Screenshot 2024-10-14 at 12.49.30.png>)
+![](<../../.gitbook/assets/Screenshot 2024-10-14 at 12.49.30.png>)
 
 But there are scenarios that administrator would like that users have only access to the **Predefined traffic** (meaning Allowed IPs in the Network VPN configuration) and the possibility to access all networks disabled.