docs: clarify README

README.md

@@ -6,24 +6,18 @@ a configuration for each running docker container. The base template for configu
 All `*.template` files are written with [mustache-js](https://github.com/janl/mustache.js "GitHub") syntax.
 The templates are assembled by the Node.js program.
 
-## Docker Mapping
-
-The Node.js script reads out the `/var/run/docker.sock` to get the containers of the host system via
-[dockerode](https://github.com/apocas/dockerode "GitHub").
-
 **Important:**
 
 The proxy expects your backend containers to provide following structure:
 
-* `stapps.version`-label of docker container to be set to a valid active version. See configuration....
-* Service name for the backend container should be `backend` in docker-compose.yml. If you don't use docker-compose
+* Service name for the backend container has to be `backend` in docker-compose.yml. If you don't use docker-compose
 set `com.docker.compose.service`-label to `backend`.
-* The proxy container to run with `--net="host"`
-* A port exposed to the host machine. If you want to expose it only to the host machines internal loopback use following
+* Set the `stapps.version`-label of the container/service to coresponing the backend version
+* The proxy container has to be executed with `--net=host`
+* Port 80 or 443 being free for exclusive use by the proxy container
+* Always publish the backend container ports to the host machines internal loopback interface or an interace you control. This is the only way communication with the internet is restricted to going through the proxy. E.g this can be achieved by the `ports` syntax `127.0.0.1:3000-4000:3000` in the docker-compose file (here with a random port to avoid collisions).
 
-syntax: `127.0.0.1:3000-3500:3000` in docker-compose or docker ports configuration. This will attach the internal 3000
-port to the host's loopback on any port between 3000-3500. The proxy will see in the docker.sock which
-port and ip was chosen. Internal loopback should be 127.0.0.1 tho.
+## SSL/TLS
 
 For a working https configuration you need to have a valid certificate ***including the intemediate certificas without the root*** (*.crt file ) and its private key (*.key file) in two ***seperate*** files. In addition to your certificate you need to provide the certificate chain ***including*** the root certificate. [Read up on](https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce) how to [create this chain](https://blog.pki.dfn.de/2015/06/ocsp-stapling-in-nginx/) (*.crt file) or ask your admins to provide you one. The final and easiest requirement of the ssl setup is to create custom Diffie-Hellman parameters in a file:
 
@@ -31,10 +25,11 @@ For a working https configuration you need to have a valid certificate ***includ
 openssl dhparam -out dhparams.pem 4096
 ```
 
-## Configuration (Status Codes)
+## Configuration file
 
-Config files can be added by multiple universities (adding files like `config/default-b-tu`) and selected via the
-`NODE_APP_INSTANCE` environment variable.
+To Provide your own configuration file you can create a `default.json` file in the `config` directory. The JSON structure has to follow `config/default.ts`. Adding this file via docker mount is also possible (eg. `-v <path JSON file>:/app/config/default.json`)
+
+## Status Codes
 
 * OutdatedVersions return a `HTTP 404`
 * ActiveVersions return a `HTTP 503` if currently unavailable or the given code by running backend-node
@@ -50,6 +45,9 @@ and SMTP-Configuration via environment-variables for monitoring in production us
 
 ## Usage
 
+The Node.js script reads out the `/var/run/docker.sock` to get the containers of the host system via
+[dockerode](https://github.com/apocas/dockerode "GitHub").
+
 Without ssl:
 
 ```sh