22 files changed, 157 insertions, 89 deletions

diff --git a/README.md b/README.md
index 5dcbde1b..908d04d3 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ You can either build the container on your own or directly fetch it prebuild
 from Dockerhub. If you want to build it for yourself, use the following command.
 
 ```bash
-$ docker build -t vyos-docu docker
+$ docker build -t vyos/vyos-documentation docker
 ```
 
 ### Build documentation
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 89f77125..80e58b1a 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -12,6 +12,7 @@ RUN echo "dash dash/sh boolean false" | debconf-set-selections && \
 
 RUN apt-get update && apt-get install -y \
     vim \
+    nano \
     git \
     mc \
     make \
@@ -24,7 +25,9 @@ RUN apt-get update && apt-get install -y \
     texlive-latex-extra \
     sudo \
     gosu \
-    curl
+    graphviz \
+    curl \
+    dos2unix
 
 RUN pip3 install sphinx-autobuild
 
@@ -40,8 +43,12 @@ RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
 # vale
 RUN curl -sfL https://install.goreleaser.com/github.com/ValeLint/vale.sh | sh -s v1.7.1
 
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 
+# we need to convert the entrypoint with appropriate line endings, else
+# there will be an error:
+#     standard_init_linux.go:175: exec user process caused
+#     "no such file or directory"
+RUN dos2unix /usr/local/bin/entrypoint.sh
 
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index d9cbc33c..8db41103 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,6 +1,5 @@
 #!/bin/bash
 set -e
-exec "$@"
 
 USER_NAME="vyos_bld"
 NEW_UID=$(stat -c "%u" .)
diff --git a/docs/about.rst b/docs/about.rst
index 9a7a7aac..15a672a6 100644
--- a/docs/about.rst
+++ b/docs/about.rst
@@ -25,24 +25,3 @@ always refer to the documentation matching your current, running installation.
 If a change in the CLI is required, VyOS will ship a so called migration script
 which will take care of adjusting the synatax. No action needs to be taken by
 you.
-
-
-****************
-Copyright Notice
-****************
-
-Copyright (C) 2018-2019 VyOS maintainers and contributors
-
-Permission is granted to make and distribute verbatim copies of this manual
-provided the copyright notice and this permission notice are preserved on all
-copies.
-
-Permission is granted to copy and distribute modified versions of this manual
-under the conditions for verbatim copying, provided that the entire resulting
-derived work is distributed under the terms of a permission notice identical
-to this one.
-
-Permission is granted to copy and distribute translations of this manual into
-another language, under the above conditions for modified versions, except that
-this permission notice may be stated in a translation approved by the VyOS
-maintainers.
\ No newline at end of file
diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst
index db985258..666fc99b 100644
--- a/docs/appendix/examples/zone-policy.rst
+++ b/docs/appendix/examples/zone-policy.rst
@@ -18,7 +18,7 @@ We have three networks.
 This specific example is for a router on a stick, but is very easily adapted
 for however many NICs you have.
 
-[http://imgur.com/Alz1J.png Topology Image]
+[https://i.imgur.com/Alz1J.png Topology Image]
 
 The VyOS interface is assigned the .1/:1 address of their respective networks.
 WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30.
diff --git a/docs/appendix/vyos-on-baremetal.rst b/docs/appendix/vyos-on-baremetal.rst
index 2b155fd7..76b5e210 100644
--- a/docs/appendix/vyos-on-baremetal.rst
+++ b/docs/appendix/vyos-on-baremetal.rst
@@ -306,8 +306,7 @@ Partaker i5
 .. figure:: ../_static/images/600px-Partaker-i5.jpg
 
 I believe this is actually the same hardware as the Protectli. I purchased it
-from `Amazon <https://www.amazon.com/gp/product/B073F9GHKL/>`_ in June 2018.
-It came pre-loaded with pfSense.
+in June 2018. It came pre-loaded with pfSense.
 
 `Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_.
 
diff --git a/docs/conf.py b/docs/conf.py
index 2bc581be..76293898 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -40,7 +40,8 @@ release = u'1.3.x (equuleus)'
 # ones.
 extensions = ['sphinx.ext.intersphinx',
               'sphinx.ext.todo',
-              'sphinx.ext.ifconfig']
+              'sphinx.ext.ifconfig',
+              'sphinx.ext.graphviz']
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst
index 51cfc7a4..bc113750 100644
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@@ -156,7 +156,7 @@ versions, so we are building it from source.
 Debian does keep their package in git, but it's upstream tarball imported into
 git without its original commit history. To be able to merge new tags in, we
 keep a fork of the upstream repository with packaging files imported from
-Debian at http://github.com/vyos/keepalived-upstream
+Debian at https://github.com/vyos/keepalived-upstream
 
 strongswan
 ^^^^^^^^^^
diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst
index 12d706f3..1c257772 100644
--- a/docs/contributing/development.rst
+++ b/docs/contributing/development.rst
@@ -1,7 +1,8 @@
 .. _development:
 
+###########
 Development
-===========
+###########
 
 All VyOS source code is hosted on GitHub under the VyOS organization which can
 be found here: https://github.com/vyos
@@ -20,8 +21,8 @@ https://github.com/vyos/vyos-build
 
 The README.md file will guide you to use the this top level repository.
 
-Submit a patch
---------------
+Submit a Patch
+==============
 
 Patches are always more then welcome. To have a clean and easy to maintain
 repository we have some guidelines when working with Git. A clean repository
@@ -32,22 +33,26 @@ file(s) history by invoking ``git log path/to/file.txt``.
 
 .. _prepare_commit:
 
-Preparing patch/commit
-^^^^^^^^^^^^^^^^^^^^^^
+Prepare patch/commit
+--------------------
 
 In a big system, such as VyOS, that is comprised of multiple components, it's
 impossible to keep track of all the changes and bugs/feature requests in one's
 head. We use a bugtracker known as Phabricator_ for it ("issue tracker" would
 be a better term, but this one stuck).
 
-The information is used in two ways:
+The information is used in three ways:
 
 * Keep track of the progress (what we've already done in this branch and what
   we still need to do).
 
 * Prepare release notes for upcoming releases
 
-To make this approach work, every change must be associated with a bug number
+* Help future maintainers of VyOS (it could be you!) to find out why certain
+  things have been changed in the codebase or why certain features have been
+  added
+
+To make this approach work, every change must be associated with a task number
 (prefixed with **T**) and a component. If there is no bug report/feature request
 for the changes you are going to make, you have to create a Phabricator_ task
 first. Once there is an entry in Phabricator_, you should reference its id in
@@ -60,19 +65,21 @@ If there is no Phabricator_ reference in the commits of your pull request, we
 have to ask you to ammend the commit message. Otherwise we will have to reject
 it.
 
-In general, use an editor to create your commit messages rather than passing
-them on the command line. The format should be and is inspired by this blog
-post: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+Writing good commit messages
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* A single, short, summary of the commit (recommended 70 characters or less,
-  but not exceeding 80 characters)
+The format should be and is inspired by: https://git-scm.com/book/ch5-2.html
 
-  * Add a prefix of the changed component to your commit headline, e.g. ``snmp:
-    T1111:`` or ``ethernet: T2222:``. If multiple components are touched by this
-    commit, you can use multiple prefixes, e.g.: ``snmp: ethernet:``
+* A single, short, summary of the commit (recommended 50 characters or less,
+  not exceeding 80 characters) containing a prefix of the changed component
+  and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or
+  ``ethernet: T2222:`` - multiple components could be concatenated as in
+  ``snmp: ethernet: T3333``
 
-* Followed by a blank line (this is mandatory - else Git will treat the whole
-  commit message as the headline only)
+* In some contexts, the first line is treated as the subject of an email and
+  the rest of the text as the body. The blank line separating the summary from
+  the body is critical (unless you omit the body entirely); tools like rebase
+  can get confused if you run the two together.
 
 * Followed by a message which describes all the details like:
 
@@ -107,8 +114,9 @@ Limits:
 Please submit your patches using the well-known GitHub pull-request against our
 repositories found in the VyOS GitHub organisation at https://github.com/vyos
 
-Determining package for a fix
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Determinine source package
+--------------------------
 
 Suppose you want to make a change in the webproxy script but yet you do not know
 which of the many VyOS packages ship this file. You can determine the VyOS
@@ -124,8 +132,9 @@ This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``)
 is located in the ``vyatta-webproxy`` package which can be found here:
 https://github.com/vyos/vyatta-webproxy
 
-Fork repository to submit a Patch
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Fork Repository and submit Patch
+--------------------------------
 
 Forking the repository and submitting a GitHub pull-request is the preferred
 way of submitting your changes to VyOS. You can fork any VyOS repository to your
@@ -160,8 +169,9 @@ record them in your created Git commit:
 
 * Submit the patch ``git push`` and create the GitHub pull-request.
 
+
 Attach patch to Phabricator task
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+--------------------------------
 
 Follow the above steps on how to "Fork repository to submit a Patch". Instead
 of uploading "pushing" your changes to GitHub you can export the patches/
@@ -171,8 +181,9 @@ commits and send it to maintainers@vyos.net or attach it directly to the bug
 * Export last commit to patch file: ``git format-patch`` or export the last two
   commits into its appropriate patch files: ``git format-patch -2``
 
+
 Coding Guidelines
------------------
+=================
 
 Like any other project we have some small guidelines about our source code, too.
 The rules we have are not there to punish you - the rules are in place to help
@@ -183,8 +194,9 @@ implied logic of any one source file..
 Python 3 **shall** be used. How long can we keep Python 2 alive anyway? No
 considerations for Python 2 compatibility **should** be taken at any time.
 
+
 Formatting
-^^^^^^^^^^
+----------
 
 * Python: Tabs **shall not** be used. Every indentation level should be 4 spaces
 * XML: Tabs **shall not** be used. Every indentation level should be 2 spaces
@@ -194,8 +206,9 @@ Formatting
    ``au FileType xml setlocal equalprg=xmllint\ --format\ --recover\ -\
    2>/dev/null`` now you can call the linter using ``gg=G`` in command mode.
 
+
 Text generation
-###############
+^^^^^^^^^^^^^^^
 
 Template processor **should** be used for generating config files. Built-in
 string formatting **may** be used for simple line-oriented formats where every
@@ -204,8 +217,9 @@ used for structured, multi-line formats such as those used by ISC DHCPd.
 
 The default template processor for VyOS code is Jinja2_.
 
+
 Summary
-#######
+-------
 
 When modifying the source code, remember these rules of the legacy elimination
 campaign:
@@ -214,8 +228,9 @@ campaign:
 * No old style command definitions
 * No code incompatible with Python3
 
+
 Python
-------
+======
 
 The switch to the Python programming language for new code is not merely a
 change of the language, but a chance to rethink and improve the programming
@@ -239,8 +254,9 @@ Please use the following template as good starting point when developing new
 modules or even rewrite a whole bunch of code in the new style XML/Pyhon
 interface.
 
-Configuration script structure and behaviour
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Configuration Script Structure and Behaviour
+--------------------------------------------
 
 Your configuration script or operation mode script which is also written in
 Python3 should have a line break on 80 characters. This seems to be a bit odd
@@ -360,8 +376,9 @@ For easy orientation we suggest you take a look on the ``ntp.py`` or
 ``interfaces-bonding.py`` (for tag nodes) implementation. Both files can be
 found in the vyos-1x_ repository.
 
-XML - CLI
----------
+
+XML (used for CLI definitions)
+==============================
 
 The bash (or better vbash) completion in VyOS is defined in *templates*.
 Templates are text files (called ``node.def``) stored in a directory tree. The
@@ -384,7 +401,6 @@ there is no other format now that would allow this. Besides, a specialized XML
 editor can alleviate the issue with verbosity.
 
 Example:
-^^^^^^^^
 
 .. code-block:: xml
 
@@ -466,18 +482,58 @@ Command definitions are purely declarative, and cannot contain any logic. All
 logic for generating config files for target applications, restarting services
 and so on is implemented in configuration scripts instead.
 
+GNU Preprocessor
+----------------
+
+XML interface definition files use the `xml.in` file extension which was
+implemented in T1843_. XML interface definitions tend to have a lot of
+duplicated code in areas such as:
+
+* VIF (incl. VIF-S/VIF-C)
+* Address
+* Description
+* Enabled/Disabled
+
+Instead of supplying all those XML nodes multiple times there are now include
+files with predefined features. Brief overview:
+
+* `IPv4, IPv6 and DHCP(v6)`_ address assignment
+* `IPv4, IPv6`_ address assignment
+* `VLAN (VIF)`_ definition
+* `MAC address`_ assignment
+
+All interface definition XML input files (.in suffix) will be sent to the GCC
+preprocess and the output is stored in the `build/interface-definitions`
+folder. The previously mentioned `scripts/build-command-templates` script
+operates on the `build/interface-definitions` folder to generate all required
+CLI nodes.
+
+.. code-block:: none
+
+  $ make interface_definitions
+  install -d -m 0755 build/interface-definitions
+  install -d -m 0755 build/op-mode-definitions
+  Generating build/interface-definitions/intel_qat.xml from interface-definitions/intel_qat.xml.in
+  Generating build/interface-definitions/interfaces-bonding.xml from interface-definitions/interfaces-bonding.xml.in
+  Generating build/interface-definitions/cron.xml from interface-definitions/cron.xml.in
+  Generating build/interface-definitions/pppoe-server.xml from interface-definitions/pppoe-server.xml.in
+  Generating build/interface-definitions/mdns-repeater.xml from interface-definitions/mdns-repeater.xml.in
+  Generating build/interface-definitions/tftp-server.xml from interface-definitions/tftp-server.xml.in
+  [...]
+
+
 Guidelines
-^^^^^^^^^^
+----------
 
 Use of numbers
-##############
+^^^^^^^^^^^^^^^
 
 Use of numbers in command names **should** be avoided unless a number is a
 part of a protocol name or similar. Thus, ``protocols ospfv3`` is perfectly
 fine, but something like ``server-1`` is questionable at best.
 
 Help String
-###########
+^^^^^^^^^^^
 
 To ensure uniform look and feel, and improve readability, we should follow a
 set of guidelines consistently.
@@ -554,7 +610,7 @@ Examples:
 * Bad: "Disables IPv6 forwarding"
 
 Migrating old CLI
-^^^^^^^^^^^^^^^^^
+-----------------
 
 .. list-table::
    :widths: 25 25 50
@@ -618,7 +674,7 @@ Migrating old CLI
      - All logic should be in the scripts
 
 Continous Integration
----------------------
+=====================
 
 VyOS makes use of Jenkins_ as our Continous Integration (CI) service. Our CI
 server is publicly accessible here: https://ci.vyos.net. You can get a brief
@@ -636,9 +692,14 @@ to our Debian repository which is used during build time. It is located here:
 http://dev.packages.vyos.net/repositories/.
 
 .. _process: https://blog.vyos.io/vyos-development-digest-10
-.. _VyConf: https://github.com/vyos/vyconf/blob/master/data/schemata
-.. _vyos-1x: https://github.com/vyos/vyos-1x/blob/current/schema/
+.. _VyConf: https://github.com/vyos/vyconf/tree/master/data/schemata
+.. _vyos-1x: https://github.com/vyos/vyos-1x/tree/current/schema
 .. _Jinja2: https://jinja.palletsprojects.com/
 .. _Phabricator: https://phabricator.vyos.net/
 .. _Jenkins: https://jenkins.io/
 .. _Dockerhub: https://hub.docker.com/u/vyos/
+.. _T1843: https://phabricator.vyos.net/T1843
+.. _`IPv4, IPv6 and DHCP(v6)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i
+.. _`IPv4, IPv6`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/address-ipv4-ipv6.xml.i
+.. _`VLAN (VIF)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/vif.xml.i
+.. _`MAC address`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/interface-mac.xml.i
diff --git a/docs/contributing/issues-features.rst b/docs/contributing/issues-features.rst
index fd6225b9..3a1738d7 100644
--- a/docs/contributing/issues-features.rst
+++ b/docs/contributing/issues-features.rst
@@ -66,7 +66,7 @@ please search Phabricator_ if there is already a request pending. You can
 enhance it or if you don't find one, create a new one by use the quick link in
 the left side under the specific project.
 
-.. _documentation: https://vyos.redthedocs.io
+.. _documentation: https://docs.vyos.io
 .. _Slack: https://slack.vyos.io
 .. _Forum: https://forum.vyos.io
 .. _Phabricator: https://phabricator.vyos.net
\ No newline at end of file
diff --git a/docs/firewall.rst b/docs/firewall.rst
index 59bbaa31..f6967850 100644
--- a/docs/firewall.rst
+++ b/docs/firewall.rst
@@ -3,7 +3,7 @@
 Firewall
 ========
 
-VyOS makes use of Linux `netfilter <http://netfilter.org/>`_ for packet filtering.
+VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering.
 
 The firewall supports the creation of groups for ports, addresses, and networks
 (implemented using netfilter ipset) and the option of interface or zone based
diff --git a/docs/history.rst b/docs/history.rst
index b1393520..25affaf8 100644
--- a/docs/history.rst
+++ b/docs/history.rst
@@ -8,13 +8,13 @@ VyOS is a Linux-based network operating system that provides software-based
 network routing, firewall, and VPN functionality.
 
 The VyOS project was started in late 2013 as a community fork of the
-`GPL <http://en.wikipedia.org/wiki/GNU_General_Public_License>`_ portions of
+`GPL <https://en.wikipedia.org/wiki/GNU_General_Public_License>`_ portions of
 Vyatta Core 6.6R1 with the goal of maintaining a free and open source network
 operating system in response to the decision to discontinue the community
 edition of Vyatta. Here everyone loves learning, older managers and new users.
 
-VyOS is primarily based on `Debian GNU/Linux <http://www.debian.org/>`_ and the
-`Quagga <http://www.nongnu.org/quagga/>`_ routing engine. Its configuration
+VyOS is primarily based on `Debian GNU/Linux <https://www.debian.org/>`_ and
+the `Quagga <http://www.nongnu.org/quagga/>`_ routing engine. Its configuration
 syntax and :ref:`cli` are loosely derived from Juniper JUNOS as modelled by the
 `XORP project <http://www.xorp.org/>`_, which was the original routing engine
 for Vyatta.
diff --git a/docs/index.rst b/docs/index.rst
index 48fce5b6..8305b344 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -67,4 +67,25 @@ VyOS User Guide
    contributing/build-vyos
    contributing/issues-features
    contributing/development
-   contributing/documentation
\ No newline at end of file
+   contributing/documentation
+
+
+################
+Copyright Notice
+################
+
+Copyright (C) 2018-2019 VyOS maintainers and contributors
+
+Permission is granted to make and distribute verbatim copies of this manual
+provided the copyright notice and this permission notice are preserved on all
+copies.
+
+Permission is granted to copy and distribute modified versions of this manual
+under the conditions for verbatim copying, provided that the entire resulting
+derived work is distributed under the terms of a permission notice identical
+to this one.
+
+Permission is granted to copy and distribute translations of this manual into
+another language, under the above conditions for modified versions, except that
+this permission notice may be stated in a translation approved by the VyOS
+maintainers.
\ No newline at end of file
diff --git a/docs/install.rst b/docs/install.rst
index c42eda6b..1bd6c87e 100644
--- a/docs/install.rst
+++ b/docs/install.rst
@@ -275,7 +275,7 @@ Requirements
 * A **HTTP server** (optional, but we will use it to speed up intallation)
 * The **VyOS ISO** image to be installed (do not use images prior to VyOS 1.2.3)
 * The ``pxelinux.0`` and ``ldlinux.c32`` files from the Syslinux distribution
-  https://kernel.org/pub/linux/utils/boot/syslinux/
+  https://mirrors.edge.kernel.org/pub/linux/utils/boot/syslinux/
 
 Step 1: DHCP
 ^^^^^^^^^^^^
diff --git a/docs/interfaces/l2tpv3.rst b/docs/interfaces/l2tpv3.rst
index 4574e731..a53c7b1d 100644
--- a/docs/interfaces/l2tpv3.rst
+++ b/docs/interfaces/l2tpv3.rst
@@ -117,4 +117,4 @@ L2TPv3:
   set interfaces l2tpv3 l2tpeth0 source-port '5000'
   set interfaces l2tpv3 l2tpeth0 tunnel-id '10'
 
-.. _`Wikipedia L2TPv3`: http://en.wikipedia.org/wiki/L2TPv3
+.. _`Wikipedia L2TPv3`: https://en.wikipedia.org/wiki/L2TPv3
diff --git a/docs/interfaces/tunnel.rst b/docs/interfaces/tunnel.rst
index 98d3766c..87de9000 100644
--- a/docs/interfaces/tunnel.rst
+++ b/docs/interfaces/tunnel.rst
@@ -201,5 +201,5 @@ Results in:
       description "Description"
   }
 
-.. _`other proposals`: https://www.isc.org/downloads/aftr
+.. _`other proposals`: https://www.isc.org/othersoftware/
 .. _`Hurricane Electric`: https://tunnelbroker.net/
diff --git a/docs/nat.rst b/docs/nat.rst
index a8475978..714697d3 100644
--- a/docs/nat.rst
+++ b/docs/nat.rst
@@ -152,7 +152,7 @@ To setup a destination NAT rule we need to gather:
 
 In our example, we will be forwarding web server traffic to an internal web
 server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80.
-For other common port numbers, see: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
+For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
 
 Our configuration commands would be:
 
@@ -469,4 +469,4 @@ Start by checking for IPSec SAs (Security Associations) with:
 
 That looks good - we defined 2 tunnels and they're both up and running.
 
-.. _ULAs: http://en.wikipedia.org/wiki/Unique_local_address
+.. _ULAs: https://en.wikipedia.org/wiki/Unique_local_address
diff --git a/docs/qos.rst b/docs/qos.rst
index f3b3d36c..72666d3d 100644
--- a/docs/qos.rst
+++ b/docs/qos.rst
@@ -1372,7 +1372,7 @@ tcp
 .. note:: You must set ipv6 protocol to TCP to use the TCP filters.
 
 .. note:: This filter will only match IPv6 packets with no header extension, see
-   http://en.wikipedia.org/wiki/IPv6_packet#Extension_headers for no header
+   https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers for no header
    extension.
 
 .. code-block:: none
@@ -1406,7 +1406,7 @@ vif
   set interfaces ethernet eth0 traffic-policy out 'WAN-OUT'
   set interfaces ethernet eth1 traffic-policy out 'LAN-OUT'
 
-.. _tc: http://en.wikipedia.org/wiki/Tc_(Linux)
+.. _tc: https://en.wikipedia.org/wiki/Tc_(Linux)
 .. _TBF: https://en.wikipedia.org/wiki/Token_bucket
 .. _HFSC: https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve
-.. _IFB: http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb
+.. _IFB: https://www.linuxfoundation.org/collaborate/workgroups/networking/ifb
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 9eee49a6..ad0d896f 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -211,4 +211,4 @@ SSH:
 
 Commit and save.
 
-.. _tc: http://en.wikipedia.org/wiki/Tc_(Linux)
+.. _tc: https://en.wikipedia.org/wiki/Tc_(Linux)
diff --git a/docs/services/references.rst b/docs/services/references.rst
index 408d5288..7d9ae82c 100644
--- a/docs/services/references.rst
+++ b/docs/services/references.rst
@@ -1,5 +1,5 @@
 .. _`Cisco Discovery Protocol`: https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol
-.. _ddclient: http://sourceforge.net/p/ddclient/wiki/Home/
+.. _ddclient: https://sourceforge.net/p/ddclient/wiki/Home/
 .. _`Foundry Discovery Protocol`: https://en.wikipedia.org/wiki/Foundry_Discovery_Protocol
 .. _MIB: https://en.wikipedia.org/wiki/Management_information_base
 .. _SNMP: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
diff --git a/docs/troubleshooting.rst b/docs/troubleshooting.rst
index 148bce4c..b3b8ff3d 100644
--- a/docs/troubleshooting.rst
+++ b/docs/troubleshooting.rst
@@ -335,7 +335,7 @@ These are the boot steps for VyOS 1.2
   11. Finally it runs the post-config script
       ``/config/scripts/vyos-postconfig-bootup.script``
 
-.. _Quagga: http://www.quagga.net/
+.. _Quagga: https://www.quagga.net/
 .. _`GNU Zebra`: https://www.gnu.org/software/zebra/
 .. _FRR: https://frrouting.org/
 .. _vyatta-cfg: https://github.com/vyos/vyatta-cfg
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 1c728ef6..69961f0c 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -183,8 +183,8 @@ Server
 ======
 
 Multi-client server is the most popular OpenVPN mode on routers. It always uses
-x.509 authentication and therefore requires a PKI setup. This guide assumes you
-have already setup a PKI and have a CA certificate, a server certificate and
+x.509 authentication and therefore requires a PKI setup. This guide assumes
+`you have already setup a PKI`_ and have a CA certificate, a server certificate and
 key, a certificate revocation list, a Diffie-Hellman key exchange parameters
 file. You do not need client certificates and keys for the server setup.
 
@@ -254,6 +254,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves:
 
   set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10
 
+.. _`you have already setup a PKI`: https://support.vyos.io/en/kb/articles/using-easy-rsa-to-generate-x-509-certificates-and-keys-2
 
 Client Authentication
 ---------------------