'excurity" urls fixed + language switcher

2025-07-04 14:54:28 +00:00
parent 7aadc4378c
commit 6046093b24
25 changed files with 50 additions and 42 deletions
--- a/app.config.ts
+++ b/app.config.ts
@@ -29,6 +29,11 @@ export default defineAppConfig({
    image: '/img/social.png',
    socials: {
      github:'',
      Language: {
        label: '🇫🇷',
        icon:'material-symbols:language-french', 
        href: 'https:/docu.djeex.fr/fr/',
      },
      Gitea: {
        label: 'Gitea',
        icon: 'cib:gitea',
--- a/content/0.index.md
+++ b/content/0.index.md
@@ -13,6 +13,9 @@ main:
 cta:
  - Access the Docs
  - /about/welcome
 secondary:
  - 🇫🇷 →
  - https://docu.djeex.fr/fr/
 ---
 #title
--- a/content/3.serveex/1.introduction.md
+++ b/content/3.serveex/1.introduction.md
@@ -76,21 +76,21 @@ Security
  #title
  __VPN__
  #description
-  [Install and deploy Wireguard](/serveex/securite/wireguard)
+  [Install and deploy Wireguard](/serveex/security/wireguard)
  ::
  ::card{icon=noto:key}
  #title
  __SSO & MFA__
  #description
-  [Install and deploy Authentik](/serveex/securite/authentik)
+  [Install and deploy Authentik](/serveex/security/authentik)
  ::
  ::card{icon=logos:cloudflare-icon}
  #title
  __Zero Trust__
  #description
-  [Install and deploy Cloudflared](/serveex/securite/cloudflare)
+  [Install and deploy Cloudflared](/serveex/security/cloudflare)
  ::
 ::
--- a/content/3.serveex/2.core/3.swag.md
+++ b/content/3.serveex/2.core/3.swag.md
@@ -20,7 +20,7 @@ main:
 ::alert{type="warning"}
 :::list{type="warning"}
- SWAG is only useful for exposing your services to the internet—i.e., accessing them via a public URL like `https://service.mydomain.com`. If you don’t want to expose your services and prefer to always use a VPN to connect remotely, you can go [here instead](/serveex/securite/wireguard).
+- SWAG is only useful for exposing your services to the internet—i.e., accessing them via a public URL like `https://service.mydomain.com`. If you don’t want to expose your services and prefer to always use a VPN to connect remotely, you can go [here instead](/serveex/security/wireguard).
 :::
 ::
@@ -265,14 +265,14 @@ server {
 ---
 ::alert{type="info"}
 📋 __Prerequisite:__ <br/><br/>
-We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/nat).
+We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/nat).
 ::
 Now it's time to expose Dockge on the internet so you can access and manage your containers remotely. We assume you've set up the subdomain `dockge.mydomain.com` with a `CNAME` pointing to `mydomain.com`.
 ::alert{type="warning"}
 :::list{type="warning"}
- Dockge does not support multi-factor authentication. Exposing it online could compromise all connected machines. Only do this if you're using an MFA solution like [Authentik](/serveex/securite/authentik/). Otherwise, don’t expose it with SWAG — use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- Dockge does not support multi-factor authentication. Exposing it online could compromise all connected machines. Only do this if you're using an MFA solution like [Authentik](/serveex/security/authentik/). Otherwise, don’t expose it with SWAG — use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
--- a/content/3.serveex/3.security/1.wireguard.md
+++ b/content/3.serveex/3.security/1.wireguard.md
--- a/content/3.serveex/3.security/2.authentik.md
+++ b/content/3.serveex/3.security/2.authentik.md
@@ -197,7 +197,7 @@ To use Authentik outside your local network, you must expose it.
 ::alert{type="info"}
 📋 __Prerequisites:__  <br/><br/>
-We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
+We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
 ::
 Open the `authentik-server.conf` file:
@@ -363,7 +363,7 @@ Your new architecture looks like this:
 ## Protecting a Remote Server Service
 ---
-For a [native application](/serveex/securite/authentik/#protecting-a-native-app) (via OAuth 2.0 or other), nothing changes.
+For a [native application](/serveex/security/authentik/#protecting-a-native-app) (via OAuth 2.0 or other), nothing changes.
 For a non-native app behind a reverse proxy, you must deploy an __Outpost__. An Outpost is a container acting as a local proxy — it's the target of your app's auth requests and the only one authorized to communicate with your Authentik API.
@@ -373,13 +373,13 @@ Prerequisites:
 - If the app has no native integration, use a compatible reverse proxy. We will use [SWAG](/serveex/core/swag) here.
 ::
-This container will forward requests to your main [Authentik](/serveex/securite/authentik#authentik) instance over the internet (or your local network). The server will perform checks and respond to the Outpost, which will allow or block access accordingly.
+This container will forward requests to your main [Authentik](/serveex/security/authentik#authentik) instance over the internet (or your local network). The server will perform checks and respond to the Outpost, which will allow or block access accordingly.
 ![auth-outpost](/img/serveex/auth-outpost.svg)
 ### Configuring Authentik
-Create your [providers and applications](/serveex/securite/authentik/#protecting-a-native-app) as shown earlier.
+Create your [providers and applications](/serveex/security/authentik/#protecting-a-native-app) as shown earlier.
 Then, in the admin panel, go to _Applications > Outposts_, and create a new outpost.
@@ -547,7 +547,7 @@ proxy_pass http://$upstream_authentik:9000;
 Save and exit with `Esc`, then `:x` and `Enter`.
-Then configure the applications to protect as you did on your main server, whether they are [native](/serveex/securite/authentik/#protecting-a-native-app) or protected via [reverse proxy](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+Then configure the applications to protect as you did on your main server, whether they are [native](/serveex/security/authentik/#protecting-a-native-app) or protected via [reverse proxy](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ## Migrating an Authentik Database
 ---
--- a/content/3.serveex/3.security/3.cloudflare.md
+++ b/content/3.serveex/3.security/3.cloudflare.md
@@ -21,7 +21,7 @@ main:
 ---
 The _Zero Trust_ architecture is the practice of designing systems based on the principle of __"never trust, always verify"__, as opposed to the traditional principle of __"trust, but verify"__. This concept has become increasingly popular recently due to the growing number of attacks targeting user data. It’s a broad concept, but we’ll focus on how to apply _Zero Trust_ to the web services we host.
-_Cloudflare tunnels_ offer a simple way to implement _Zero Trust_, using [SWAG](/serveex/core/swag) and [Authentik](/serveex/securite/authentik).
+_Cloudflare tunnels_ offer a simple way to implement _Zero Trust_, using [SWAG](/serveex/core/swag) and [Authentik](/serveex/security/authentik).
 Simply put, Cloudflare Tunnels allow you to:
--- a/content/3.serveex/3.security/_dir.yml
+++ b/content/3.serveex/3.security/_dir.yml
--- a/content/3.serveex/4.monitoring/1.uptime-kuma.md
+++ b/content/3.serveex/4.monitoring/1.uptime-kuma.md
@@ -68,12 +68,12 @@ You can now access the tool via `http://yourserverip:3200`.
 ::alert{type="info"}
 📋 __Before you begin:__ 
 <br/><br/>
-We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/nat).
+We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/nat).
 ::
 ::alert{type="warning"}
 :::list{type="warning"}
- Uptime-Kuma does not use multi-factor authentication. Exposing Uptime-Kuma on the internet could compromise the machines it monitors. Only do this if you're using an MFA system like [Authentik](/serveex/securite/authentik/). Otherwise, don’t expose it with SWAG; use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- Uptime-Kuma does not use multi-factor authentication. Exposing Uptime-Kuma on the internet could compromise the machines it monitors. Only do this if you're using an MFA system like [Authentik](/serveex/security/authentik/). Otherwise, don’t expose it with SWAG; use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
@@ -177,7 +177,7 @@ You can protect this app with Authentik by opening `stats.subdomain.conf` and un
 `include /config/nginx/authentik-server.conf;`  
 and  
 `include /config/nginx/authentik-location.conf;`.  
-Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy). If you want the public stats page to be accessible without authentication:
+Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy). If you want the public stats page to be accessible without authentication:
 - Edit the Uptime-Kuma provider
 - In *Advanced Protocol Settings > Authenticated Paths*, enter:
--- a/content/3.serveex/4.monitoring/2.dozzle.md
+++ b/content/3.serveex/4.monitoring/2.dozzle.md
@@ -72,7 +72,7 @@ Deploy the container and go to `http://yourserverip:9135`. Voilà, your Dozzle w
 ::alert{type="warning"}
 :::list{type="warning"}
- Dozzle does not use multi-factor authentication. Exposing Dozzle to the internet could compromise the connected machines. Only do this if you use a multi-factor authentication system like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose it with SWAG and instead use a VPN like [Wireguard](/serveex/securite/wireguard).
+- Dozzle does not use multi-factor authentication. Exposing Dozzle to the internet could compromise the connected machines. Only do this if you use a multi-factor authentication system like [Authentik](/serveex/security/authentik/). Otherwise, do not expose it with SWAG and instead use a VPN like [Wireguard](/serveex/security/wireguard).
 :::
 ::
@@ -81,7 +81,7 @@ You may want to access Dozzle remotely and on all your devices. To do so, we’l
 ::alert{type="info"}
 📋 __Before you begin:__
 <br/><br/>
-We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), you’ve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
+We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you’ve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
 ::
 Go to Dockge and edit the SWAG compose file to add Dozzle’s network:
@@ -177,5 +177,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
 And there you go, Dozzle is now exposed!
 ::alert{type="success"}
-✨ You can protect this app with Authentik by opening `dozzle.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and a provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ You can protect this app with Authentik by opening `dozzle.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and a provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/4.monitoring/3.speedtest-tracker.md
+++ b/content/3.serveex/4.monitoring/3.speedtest-tracker.md
@@ -91,14 +91,14 @@ Deploy the container and go to `http://yourserverip:3225`. Log in with the accou
 ---
 ::alert{type="info"}
 📋 **Prerequisites:**  
-We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless you’re using Cloudflare Zero Trust](/serveex/securite/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
+We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
 ::
 Now we want to expose Speedtest Tracker to the internet so you can access it remotely. We assume you've set up the DNS `CNAME` for `speedtest.yourdomain.com` pointing to `yourdomain.com`.
 ::alert{type="warning"}
 :::list{type="warning"}
- Speedtest Tracker does not use multi-factor authentication. Exposing it on the internet could compromise connected devices. Do so only if you use a multi-factor system like [Authentik](/serveex/securite/authentik/). Otherwise, avoid using SWAG and prefer a VPN like [Wireguard](/serveex/securite/wireguard).
+- Speedtest Tracker does not use multi-factor authentication. Exposing it on the internet could compromise connected devices. Do so only if you use a multi-factor system like [Authentik](/serveex/security/authentik/). Otherwise, avoid using SWAG and prefer a VPN like [Wireguard](/serveex/security/wireguard).
 :::
 ::
@@ -192,5 +192,5 @@ Wait a moment, then visit `https://speedtest.yourdomain.com` in your browser —
 ::alert{type="success"}
 ✨ You can protect this app with Authentik by opening `speedtest.subdomain.conf` and uncommenting  
 `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`.  
-Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/4.monitoring/4.beszel.md
+++ b/content/3.serveex/4.monitoring/4.beszel.md
@@ -148,7 +148,7 @@ Deploy the stack on the remote server. Data will begin flowing into the web UI a
 ::alert{type="warning"}
 :::list{type="warning"}
- Beszel does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Only do this if you're using a system like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- Beszel does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Only do this if you're using a system like [Authentik](/serveex/security/authentik/). Otherwise, do not expose with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
@@ -247,5 +247,5 @@ Press `Esc`, type `:x`, and hit `Enter` to save and exit.
 That’s it—Beszel is now exposed!
 ::alert{type="success"}
-✨ You can protect this app with Authentik by opening `beszel.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ You can protect this app with Authentik by opening `beszel.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/4.monitoring/5.upsnap.md
+++ b/content/3.serveex/4.monitoring/5.upsnap.md
@@ -85,7 +85,7 @@ Deploy the container and go to `http://yourserverip:8095`. Just follow the steps
 ::alert{type="warning"}
 :::list{type="warning"}
- UpSnap does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Do this only if you're using a multi-factor authentication system like [Authentik](/serveex/securite/authentik/). Otherwise, avoid exposing it with SWAG and use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- UpSnap does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Do this only if you're using a multi-factor authentication system like [Authentik](/serveex/security/authentik/). Otherwise, avoid exposing it with SWAG and use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
@@ -190,5 +190,5 @@ Press `Escape`, then save and exit by typing `:x` and pressing `Enter`.
 And that’s it — you’ve exposed UpSnap!
 ::alert{type="success"}
-✨ You can protect this app with Authentik by opening `upsnap.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ You can protect this app with Authentik by opening `upsnap.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/5.media/1.plex.md
+++ b/content/3.serveex/5.media/1.plex.md
@@ -175,7 +175,7 @@ However, you may want to expose Tautulli so you can view stats from a simple URL
 ::alert{type="info"}
 :::list{type="info"}
- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/securite/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/nat).
+- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/security/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/nat).
 :::
 ::
@@ -298,7 +298,7 @@ server {
 ```
 ::alert{type="success"}
-✨ You can protect this app with Authentik by removing the `#` before `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ You can protect this app with Authentik by removing the `#` before `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
 Press `Esc` then save and quit by typing `:x`
--- a/content/3.serveex/5.media/2.qbittorrent.md
+++ b/content/3.serveex/5.media/2.qbittorrent.md
@@ -209,7 +209,7 @@ When adding a download, remember to select the proper directory so Plex can sync
 ::alert{type="warning"}
 :::list{type="warning"}
- Qbittorrent does not support multi-factor authentication. Exposing it to the internet may put your system at risk. Only do this if you use MFA via [Authentik](/serveex/securite/authentik/). Otherwise, don’t expose it with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- Qbittorrent does not support multi-factor authentication. Exposing it to the internet may put your system at risk. Only do this if you use MFA via [Authentik](/serveex/security/authentik/). Otherwise, don’t expose it with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
@@ -311,7 +311,7 @@ server {
 ```
 ::alert{type="success"}
-✨ You can secure this app with Authentik by uncommenting the `authentik-server.conf` and `authentik-location.conf` lines. Don’t forget to [create an app and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ You can secure this app with Authentik by uncommenting the `authentik-server.conf` and `authentik-location.conf` lines. Don’t forget to [create an app and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
 Press `Esc`, type `:x` to save and quit.
--- a/content/3.serveex/5.media/3.servarr.md
+++ b/content/3.serveex/5.media/3.servarr.md
@@ -385,7 +385,7 @@ It can be useful to expose Overseerr if you want to send requests from outside y
 ::alert{type="info"}
 :::list{type="info"}
- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/dns). And that [unless you’re using Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
+- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/dns). And that [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
 :::
 ::
--- a/content/3.serveex/6.cloud/1.immich.md
+++ b/content/3.serveex/6.cloud/1.immich.md
@@ -59,7 +59,7 @@ The main benefit of this setup is being able to access Immich remotely on all yo
 ::alert{type="info"}
 📋 __Before you begin:__ 
 <br/><br/>
-We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
+We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
 ::
 In Dockge, open the SWAG stack and edit the compose file to add Immich's network:
--- a/content/3.serveex/6.cloud/2.nextcloud.md
+++ b/content/3.serveex/6.cloud/2.nextcloud.md
@@ -89,7 +89,7 @@ The goal of this setup is to access Nextcloud remotely from all your devices. We
 ::alert{type="info"}
 :::list{type="info"}
- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). And unless you’re using [Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/nat).
+- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). And unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/nat).
 :::
 ::
--- a/content/3.serveex/7.files/1.file-browser.md
+++ b/content/3.serveex/7.files/1.file-browser.md
@@ -59,7 +59,7 @@ Deploy the container and go to `http://yourserverip:8010`. That’s it—your Fi
 ::alert{type="warning"}
 :::list{type="warning"}
- File Browser does not support multi-factor authentication. Exposing it publicly could put your systems at risk. Only do this if you’re using a secure authentication solution like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose it with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
+- File Browser does not support multi-factor authentication. Exposing it publicly could put your systems at risk. Only do this if you’re using a secure authentication solution like [Authentik](/serveex/security/authentik/). Otherwise, do not expose it with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
 :::
 ::
@@ -160,5 +160,5 @@ Press `Esc`, then save and exit with `:x` followed by `Enter`.
 That’s it—File Browser is now exposed!
 ::alert{type="success"}
-✨ __Tip:__ You can protect this app with Authentik by opening `files.subdomain.conf` and uncommenting `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ __Tip:__ You can protect this app with Authentik by opening `files.subdomain.conf` and uncommenting `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/7.files/2.pingvin.md
+++ b/content/3.serveex/7.files/2.pingvin.md
@@ -81,7 +81,7 @@ Tout l'intérêt d'une telle solution, c'est de pouvoir y accéder à distance e
 ::alert{type="info"}
 📋 __Au préalable :__ 
 <br/><br/>
-Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/securite/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/nat).
+Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/security/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/nat).
 ::
 Dans Dockge, rendez-vous dans la stack de SWAG et éditez le compose en ajoutant le réseau de pingvin :
--- a/content/3.serveex/8.development/1.code-server.md
+++ b/content/3.serveex/8.development/1.code-server.md
@@ -122,7 +122,7 @@ The whole point of such a solution is to access it remotely from any device. To
 ::alert{type="info"}
 :::list{type="info"}
- __Preliminary:__ We assume you’ve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare)—that you’ve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/nat).
+- __Preliminary:__ We assume you’ve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare)—that you’ve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/nat).
 :::
 ::
@@ -219,5 +219,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
 That’s it — code-server is now exposed!
 ::alert{type="success"}
-✨ __Tip:__ You can protect this app with Authentik by opening `code.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ __Tip:__ You can protect this app with Authentik by opening `code.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/8.development/2.gitea.md
+++ b/content/3.serveex/8.development/2.gitea.md
@@ -74,7 +74,7 @@ The benefit of this setup is being able to access it remotely from any of your d
 ::alert{type="info"}
 :::list{type="info"}
- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), you have already forwarded port `443` from your router to your server’s port `443` in the [NAT rules](/general/nat).
+- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you have already forwarded port `443` from your router to your server’s port `443` in the [NAT rules](/general/nat).
 :::
 ::
--- a/content/3.serveex/8.development/3.it-tools.md
+++ b/content/3.serveex/8.development/3.it-tools.md
@@ -58,7 +58,7 @@ You might want to access it remotely on all your devices. To do that, we'll expo
 ::alert{type="info"}
 :::list{type="info"}
- __Pre-requisite:__ We assume you’ve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` set to `yourdomain.com`. Also, unless you’re using [Cloudflare Zero Trust](/serveex/securite/cloudflare), make sure you’ve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/nat).
+- __Pre-requisite:__ We assume you’ve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` set to `yourdomain.com`. Also, unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure you’ve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/nat).
 :::
 ::
@@ -162,5 +162,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
 And that’s it — IT Tools is now exposed!
 ::alert{type="success"}
-✨ __Tip:__ You can secure this app with Authentik by opening `tools.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and a provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ __Tip:__ You can secure this app with Authentik by opening `tools.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don’t forget to [create an application and a provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::
--- a/content/3.serveex/9.apps/1.adguard.md
+++ b/content/3.serveex/9.apps/1.adguard.md
@@ -231,7 +231,7 @@ server {
 ::alert{type="success"}
 ✨ __Tip:__ 
 <br/><br/>
-You can protect this app with Authentik by opening `adguard.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and a provider in Authentik](/serveex/securite/authentik/#protéger-une-app-par-reverse-proxy). You’ll need to exclude the URL `https://adguard.mydomain.com/dns-query` from authentication:
+You can protect this app with Authentik by opening `adguard.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Don’t forget to [create an application and a provider in Authentik](/serveex/security/authentik/#protéger-une-app-par-reverse-proxy). You’ll need to exclude the URL `https://adguard.mydomain.com/dns-query` from authentication:
 - Edit the AdGuard provider
 - Under *Advanced Protocol Settings > Authenticated Paths*, enter `^/dns-query`
--- a/content/3.serveex/9.apps/2.vaultwarden.md
+++ b/content/3.serveex/9.apps/2.vaultwarden.md
@@ -240,5 +240,5 @@ And there you go — Vaultwarden is now exposed! Visit `vault.yourdomain.com` to
 Don't forget to install Bitwarden browser extensions (they work with Vaultwarden) for [Chrome](https://chromewebstore.google.com/detail/gestionnaire-de-mots-de-p/nngceckbapebfimnlniiiahkandclblb) and [Firefox](https://addons.mozilla.org/fr/firefox/addon/bitwarden-password-manager/), as well as [iOS](https://apps.apple.com/fr/app/bitwarden/id1137397744) and [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=fr) apps to sync your passwords.
 ::alert{type="success"}
-✨ __Tip:__ You can protect this app with Authentik by opening `tools.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don't forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
+✨ __Tip:__ You can protect this app with Authentik by opening `tools.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don't forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
 ::