Update README.md

README.md

@@ -12,7 +12,7 @@
 
 ## Introduction
 
-This project allows you to easily set up a Guacamole jump-host with optional TLS reverse proxy (self-signed or Let's Encrypt), Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, a custom UI dark themed template, auto database backup, email alerts and internal hardening options including fail2ban for defence against brute force attacks. There are also options for enterprise deployments similar to [Amazon's Guacamole Bastion Cluster](http://netcubed-ami.s3-website-us-east-1.amazonaws.com/guaws/v2.3.1/cluster/).
+This install script automatically sets up a Guacamole jump-host with optional for TLS reverse proxy (self-signed or Let's Encrypt), Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements. Other options also include a custom UI dark themed template, auto database backups, email alerts and internal hardening options including fail2ban for defence against brute force attacks. There is also faciltiy for enterprise deployments similar to [Amazon's Guacamole Bastion Cluster](http://netcubed-ami.s3-website-us-east-1.amazonaws.com/guaws/v2.3.1/cluster/).
 
 ## Automatic Installation
 
@@ -21,19 +21,20 @@ This project allows you to easily set up a Guacamole jump-host with optional TLS
 ```shell
 wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
 ```
+---
 
 ## Prerequisites
 
-🔒 **A Compatible OS:**
-  - **Debian: 12.x or 11.x**
-  - **Ubuntu LTS variants: 24.04, 23.04, 22.04**
-  - **Raspbian Buster or Bullseye**
+📋 **You will need:**
+  - **Debian: 11.x & 12.x** | **Ubuntu LTS 24.x & 22.x** | **Raspbian**
   - **1 CPU core + 2GB RAM for every 25 users (plus minimum RAM & disk space for your selected OS).**
 - **Open TCP ports: 22, 80, and 443 (no other services using 80, 8080 & 443)**
-- **If selecting either of the TLS reverse proxy options, you must create a PRIVATE DNS record for the internal proxy site, and an additional PUBLIC DNS record if selecting the Let's Encrypt option.**
+- **For both TLS reverse proxy options you will need a PRIVATE DNS record for the internal proxy site, and an additional PUBLIC DNS record for the Let's Encrypt option.**
 - **Sudo & wget packages installed**
 - **The user running `1-setup.sh` must have sudo permissions**
 
+---
+
 ## Setup Script Menu
 
 🔧 **The main `1-setup.sh` script guides the installation with the following steps:**
@@ -47,18 +48,20 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
      - New server & client browser certificates are saved to `$HOME/guac-setup/tls-certs/[date-time]/`.
      - Optionally follow on-screen instructions for client certificate import to avoid https browser warnings.
 
-## Custom Installation Instructions
+---
 
-⚙️ **To customize the many available script options:**
+## Customising The Build
+
+⚙️ **To customise the many available script options:**
 
 - Exit `1-setup.sh` at the first prompt.
 - All configurable script options are shown under **Silent setup options** at the start of `1-setup.sh`. 
 - Certain combinations of the **Silent setup options** will allow for a fully unattended install supporting mass deployment or highly customised docker builds.
-- Re-run your edited script locally after making changes (do not re-run the automatic install web link - see below. 
+- Re-run your edited script locally after making changes (do not re-run the automatic install web link - see below). 
 
 **Other custom install notes:**
-- **Caution:** Re-running the auto-installer re-downloads the suite of scripts and this will overwrite all your script edits. You must therefore run 1-setup.sh LOCALLY after editing. If any other child scripts are edited, their corresponding download links in the 1-setup.sh script must also be commented out.
-- Upgrade scripts are **automatically customised with your specifc installation settings** for consistent future updates. (Re-downloading from the auto install link after install will overwrite all custom settings as above.)
+- **Caution:** Re-running the auto-installer link re-downloads the suite of scripts which will overwrite any custom script edits. You must run 1-setup.sh LOCALLY after editing. If any child scripts are edited, their corresponding download links in 1-setup.sh script must also be commented out.
+- Upgrade scripts are **automatically customised with your specifc installation settings** for consistent future updates.
 - Nginx reverse proxy is configured to default to at least TLS 1.2. For ancient systems, see commented sections of the `/etc/nginx/nginx.conf` file after install.
 - A daily MySQL backup job is automatically configured under the script owner's crontab.
 - The Quick Connect option brings some extra security implications, be aware of potential risks in your environment.
@@ -70,32 +73,46 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 - `add-auth-ldap.sh`: Template script for simplified Active Directory integration.
 - `add-smtp-relay-o365.sh`: Template script for email alert integration with MSO65 (BYO app password).
 
-## Customise & Brand Your Guacamole Theme
+---
+
+## Branding The Guacamole UI Theme
 
 🎨 **Follow the theme and branding instructions** [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-custom-theme-builder). To revert to the default theme, simply delete the branding.jar file from `/etc/guacamole/extensions`, clear your browser cache and restart.
 
+---
+
 ## Managing Self-Signed TLS Certs With Nginx
 
 **To renew self-signed certificates or change the reverse proxy local DNS name/IP address:** 
-- Re-run `4a-install-tls-self-signed-nginx.sh` to create a new Nginx certificate (accompanying browser client certificates will also be updated). Always clear your browser cache after changing certificates.
+- Re-run `4a-install-tls-self-signed-nginx.sh` to create a new Nginx certificate (new browser client certificates will also be created for re-import). Always clear your browser cache after changing certificates.
+
+---
 
 ## Active Directory Integration
 
 🔑 See [here](https://github.com/itiligent/Guacamole-Install/blob/main/ACTIVE-DIRECTORY-HOW-TO.md).
 
-## For SS0 Extensions (Radius, Base, CAS, OpenID, SAML, Dist)
+---
+
+## SS0 Extensions (Radius, Base, CAS, OpenID, SAML, Dist)
 🔑 See [here](https://github.com/itiligent/Guacamole-Installer/blob/main/SSO-EXTENSIONS-HOW-TO.md)
 
+---
+
 ## Upgrading Guacamole
 
 🌐 To upgrade Guacamole, edit `upgrade-guacamole.sh` to reflect the latest versions of Guacamole & MySQL connector/J before running. This script will automatically update TOTP, DUO, LDAP, Quick Connect, and History Recorded Storage extensions if present.
 
+---
+
 ## High Availability Deployment
 
 - 👔 **For a separate DATABASE layer:** Use the `install-mysql-backend-only.sh` [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-enterprise-build) to install a standalone instance of the Guacamole MySQL database.
 - 👔 **For a separate APPLICATION layer:** Run `1-setup.sh` and point new installations to your separate database instance. Just say **no** to the "Install MySQL locally" option and any other local reverse proxy install options.
 - 👔 **For a separate FRONT END layer:** Use the included Nginx installer scripts to build out a separate Nginx front end layer, and then apply your preferred TLS load balancing technique. Alternatively, AWS/Azure/GCP load balancers or [HA Proxy](https://www.haproxy.org/) may provide superior session persistence & affinity compared to [Open Source Nginx](https://www.nginx.com/products/nginx/compare-models/).
 
+---
+
 ### Script Download Manifest
 
 📦 **The autorun link downloads these files into `$HOME/guac-setup`:**
@@ -118,4 +135,4 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 - `branding.jar`: Base template for customizing Guacamole's UI theme.
 
 😄🥑
-```
+