Minor re-organising of Instructions, correction of INI file and NGinx configuration.

INSTALL.txt

@@ -2,11 +2,14 @@ Start with Debian 12
 
 When you create your machine create two other DNS entries using your base Domain Name.  They will be "authserver" and "idp."
 
+After you have done the steps described in README.md, continue here.
+
+As Root:
 APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
 Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
 Apt-Install certbot python3-certbot-nginx golang-go 
 
-If necessary create a "normal" user and give them "sudo" access in /etc/group
+As described in README.md, create a "normal" user and give them "sudo" access in /etc/group
 
 Become that user.
 

cacert.ini.sample

@@ -4,7 +4,7 @@ Password="Password for DB"
 
 [URLs]
 InternalHydraEndpointURL="https://hydra.cacert.localhost:4445"
-WellKnownURL="https://registration.<Your URL>:4444/.well-known/openid-configuration"
-AuthURL="https://authserver.<Your URL>:4444/oauth2/auth"
-TokenURL="https://authserver.<Your URL>:4444/oauth2/token"
-UserInfoURL="https://authserver.<Your URL>:4444/userinfo"
+WellKnownURL="https://authserver.<Your URL>/.well-known/openid-configuration"
+AuthURL="https://authserver.<Your URL>/oauth2/auth"
+TokenURL="https://authserver.<Your URL>/oauth2/token"
+UserInfoURL="https://authserver.<Your URL>/userinfo"

misc/reverse-proxy.conf

@@ -7,6 +7,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
+
+    listen <Host IP>:4444 ssl;
 }
 server {
     server_name idp.<My Domain Name>;