docs: fix misc url issues (#4503)

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Anybody willing to contribute to the project either with code, documentation, security reviews or whatever, are very
 welcome to create or review pull requests and take part in discussions in any of our public
-[chat rooms](./README.md#contact-options).
+[chat rooms](README.md#contact-options).
 
 It's also possible to contribute financially in order to support the community.
 
@@ -42,4 +42,4 @@ Read more about this in the [GitHub docs, Re-requesting a review](https://docs.g
 Sometimes the codebase can be a challenge to navigate, especially for a first-time contributor. We don't want you
 spending an hour trying to work out something that would take us only a minute to explain.
 
-If you'd like some help getting started we have several [contact options](./README.md#contact-options) available.
+If you'd like some help getting started we have several [contact options](README.md#contact-options) available.

README.md

@@ -184,7 +184,7 @@ Internet (your reverse proxies are) however, it's still the control plane for yo
 
 ## Contribute
 
-If you want to contribute to Authelia, please read our [contribution guidelines](./CONTRIBUTING.md).
+If you want to contribute to Authelia, please read our [contribution guidelines](CONTRIBUTING.md).
 
 Authelia exists thanks to all the people who contribute so don't be shy, come chat with us on either [Matrix](#matrix)
 or [Discord](#discord) and start contributing too.
@@ -379,7 +379,7 @@ Companies contributing to Authelia via Open Collective will have a special menti
 ## License
 
 **Authelia** is **licensed** under the **[Apache 2.0]** license. The terms of the license are detailed in
-[LICENSE](./LICENSE).
+[LICENSE](LICENSE).
 
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauthelia%2Fauthelia.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauthelia%2Fauthelia?ref=badge_large)
 

SECURITY.md

@@ -19,14 +19,14 @@ For more information about [security](https://www.authelia.com/information/secur
 
 ## Contact Options
 
-Several [contact options](./README.md#contact-options) exist, it's important to make sure you contact the maintainers
-privately which is described in each available contact method. The methods include our [security email](./README.md#security),
-[Matrix](./README.md#matrix), and [Discord](./README.md#discord).
+Several [contact options](README.md#contact-options) exist, it's important to make sure you contact the maintainers
+privately which is described in each available contact method. The methods include our [security email](README.md#security),
+[Matrix](README.md#matrix), and [Discord](README.md#discord).
 
 ## Credit
 
 Users who report bugs will optionally be credited for the discovery. Both in the [security advisory] and in our
-[all contributors](./README.md#contribute) configuration/documentation.
+[all contributors](README.md#contribute) configuration/documentation.
 
 ## Process
 

docs/content/en/configuration/first-factor/ldap.md

@@ -167,14 +167,14 @@ section [here](../prologue/common.md#tls-configuration).
 
 Sets the base distinguished name container for all LDAP queries. If your LDAP domain is example.com this is usually
 `DC=example,DC=com`, however you can fine tune this to be more specific for example to only include objects inside the
-authelia OU: `OU=authelia,DC=example,DC=com`. This is prefixed with the [additional_users_dn](#additional_users_dn) for
-user searches and [additional_groups_dn](#additional_groups_dn) for groups searches.
+authelia OU: `OU=authelia,DC=example,DC=com`. This is prefixed with the [additional_users_dn](#additionalusersdn) for
+user searches and [additional_groups_dn](#additionalgroupsdn) for groups searches.
 
 ### additional_users_dn
 
 {{< confkey type="string" required="no" >}}
 
-Additional LDAP path to append to the [base_dn](#base_dn) when searching for users. Useful if you want to restrict
+Additional LDAP path to append to the [base_dn](#basedn) when searching for users. Useful if you want to restrict
 exactly which OU to get users from for either security or performance reasons. For example setting it to
 `OU=users,OU=people` with a base_dn set to `DC=example,DC=com` will mean user searches will occur in
 `OU=users,OU=people,DC=example,DC=com`.
@@ -184,28 +184,31 @@ exactly which OU to get users from for either security or performance reasons. F
 {{< confkey type="string" required="situational" >}}
 
 *__Note:__ This option is technically required however the [implementation](#implementation) option can implicitly set a
-default negating this requirement. Refer to the [filter defaults](#filter-defaults) for more information.*
+default negating this requirement. Refer to the [filter defaults](../../reference/guides/ldap.md#filter-defaults) for
+more information.*
 
 The LDAP filter to narrow down which users are valid. This is important to set correctly as to exclude disabled users.
 The default value is dependent on the [implementation](#implementation), refer to the
-[attribute defaults](#attribute-defaults) for more information.
+[attribute defaults](../../reference/guides/ldap.md#attribute-defaults) for more information.
 
 ### username_attribute
 
 {{< confkey type="string" required="situational" >}}
 
 *__Note:__ This option is technically required however the [implementation](#implementation) option can implicitly set a
-default negating this requirement. Refer to the [attribute defaults](#attribute-defaults) for more information.*
+default negating this requirement. Refer to the [attribute defaults](../../reference/guides/ldap.md#attribute-defaults)
+for more information.*
 
 The LDAP attribute that maps to the username in *Authelia*. This must contain the `{username_attribute}`
-[placeholder](#users-filter-replacements).
+[placeholder](../../reference/guides/ldap.md#users-filter-replacements).
 
 ### mail_attribute
 
 {{< confkey type="string" required="situational" >}}
 
 *__Note:__ This option is technically required however the [implementation](#implementation) option can implicitly set a
-default negating this requirement. Refer to the [attribute defaults](#attribute-defaults) for more information.*
+default negating this requirement. Refer to the [attribute defaults](../../reference/guides/ldap.md#attribute-defaults)
+for more information.*
 
 The attribute to retrieve which contains the users email addresses. This is important for the device registration and
 password reset processes. The user must have an email address in order for Authelia to perform identity verification
@@ -294,7 +297,7 @@ characters and the user password is changed to this value.
 
 ## Refresh Interval
 
-It's recommended you either use the default [refresh interval](./introduction.md#refresh_interval) or configure this to
+It's recommended you either use the default [refresh interval](introduction.md#refreshinterval) or configure this to
 a value low enough to refresh the user groups and status (deleted, disabled, etc) to adequately secure your environment.
 
 ## Important notes
@@ -311,6 +314,6 @@ for your users.
 
 - [LDAP Reference Guide](../../reference/guides/ldap.md)
 
-[username attribute]: #username_attribute
+[username attribute]: #usernameattribute
 [TechNet wiki]: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
 [RFC2307]: https://www.rfc-editor.org/rfc/rfc2307.html

docs/content/en/configuration/identity-providers/open-id-connect.md

@@ -157,8 +157,8 @@ The HMAC secret used to sign the [JWT]'s. The provided string is hashed to a SHA
 purpose of meeting the required format.
 
 It's __strongly recommended__ this is a
-[Random Alphanumeric String](../../reference/guides/generating-secure-values.md#generating-a-random-alphanumeric-string) with 64 or more
-characters.
+[Random Alphanumeric String](../../reference/guides/generating-secure-values.md#generating-a-random-alphanumeric-string)
+with 64 or more characters.
 
 ### issuer_certificate_chain
 
@@ -173,7 +173,7 @@ as per [RFC7517].
 [x5c]: https://www.rfc-editor.org/rfc/rfc7517#section-4.7
 [x5t]: https://www.rfc-editor.org/rfc/rfc7517#section-4.8
 
-The first certificate in the chain must have the public key for the [issuer_private_key](#issuer_private_key), each
+The first certificate in the chain must have the public key for the [issuer_private_key](#issuerprivatekey), each
 certificate in the chain must be valid for the current date, and each certificate in the chain should be signed by the
 certificate immediately following it if present.
 
@@ -185,14 +185,15 @@ certificate immediately following it if present.
 especially for containerized deployments.*
 
 The private key used to sign/encrypt the [OpenID Connect] issued [JWT]'s. The key must be generated by the administrator
-and can be done by following the [Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide.
+and can be done by following the
+[Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide.
 
 The private key *__MUST__*:
 * Be a PEM block encoded in the DER base64 format ([RFC4648]).
 * Be an RSA Key.
 * Have a key size of at least 2048 bits.
 
-If the [issuer_certificate_chain](#issuer_certificate_chain) is provided the private key must include matching public
+If the [issuer_certificate_chain](#issuercertificatechain) is provided the private key must include matching public
 key data for the first certificate in the chain.
 
 ### access_token_lifespan
@@ -302,7 +303,7 @@ you must configure this option manually if you want http endpoints to be permitt
 Origins must only have the scheme, hostname and port, they may not have a trailing slash or path.
 
 In addition to an Origin URI, you may specify the wildcard origin in the allowed_origins. It MUST be specified by itself
-and the [allowed_origins_from_client_redirect_uris](#allowed_origins_from_client_redirect_uris) MUST NOT be enabled. The
+and the [allowed_origins_from_client_redirect_uris](#allowedoriginsfromclientredirecturis) MUST NOT be enabled. The
 wildcard origin is denoted as `*`. Examples:
 
 ```yaml
@@ -422,7 +423,7 @@ Configures the consent mode. The following table describes the different modes:
 |    implicit    | Automatically assumes consent for every authorization, never asking the user if they wish to give consent. *__Note:__* this option is not technically part of the specification. |
 | pre-configured |                                             Allows the end-user to remember their consent for the [pre_configured_consent_duration].                                             |
 
-[pre_configured_consent_duration]: #pre_configured_consent_duration
+[pre_configured_consent_duration]: #preconfiguredconsentduration
 
 #### pre_configured_consent_duration
 
@@ -439,7 +440,7 @@ The period of time dictates how long a users choice to remember the pre-configur
 Pre-configured consents are only valid if the subject, client id are exactly the same and the requested scopes/audience
 match exactly with the granted scopes/audience.
 
-[consent_mode]: #consent_mode
+[consent_mode]: #consentmode
 
 #### audience
 

docs/content/en/configuration/methods/environment.md

@@ -27,7 +27,7 @@ likely result in an error or even worse misconfiguration.
 ### Kubernetes
 
 Please see the
-[Kubernetes Integration: Enable Service Links](../../integration/kubernetes/introduction/index.md#enable-service-links)
+[Kubernetes Integration: Enable Service Links](../../integration/kubernetes/introduction.md#enable-service-links)
 documentation for specific requirements for using *Authelia* with Kubernetes.
 
 ## Mapping

docs/content/en/configuration/methods/secrets.md

@@ -55,15 +55,15 @@ other configuration using the environment but instead of loading a file the valu
 {{% table-config-keys secrets="true" %}}
 
 [server.tls.key]: ../miscellaneous/server.md#key
-[jwt_secret]: ../miscellaneous/introduction.md#jwt_secret
-[duo_api.integration_key]: ../second-factor/duo.md#integration_key
-[duo_api.secret_key]: ../second-factor/duo.md#secret_key
+[jwt_secret]: ../miscellaneous/introduction.md#jwtsecret
+[duo_api.integration_key]: ../second-factor/duo.md#integrationkey
+[duo_api.secret_key]: ../second-factor/duo.md#secretkey
 [session.secret]: ../session/introduction.md#secret
 [session.redis.password]: ../session/redis.md#password
 [session.redis.tls.certificate_chain]: ../session/redis.md#tls
 [session.redis.tls.private_key]: ../session/redis.md#tls
-[session.redis.high_availability.sentinel_password]: ../session/redis.md#sentinel_password
-[storage.encryption_key]: ../storage/introduction.md#encryption_key
+[session.redis.high_availability.sentinel_password]: ../session/redis.md#sentinelpassword
+[storage.encryption_key]: ../storage/introduction.md#encryptionkey
 [storage.mysql.password]: ../storage/mysql.md#password
 [storage.mysql.tls.certificate_chain]: ../storage/mysql.md#tls
 [storage.mysql.tls.private_key]: ../storage/mysql.md#tls
@@ -77,9 +77,9 @@ other configuration using the environment but instead of loading a file the valu
 [authentication_backend.ldap.password]: ../first-factor/ldap.md#password
 [authentication_backend.ldap.tls.certificate_chain]: ../first-factor/ldap.md#tls
 [authentication_backend.ldap.tls.private_key]: ../first-factor/ldap.md#tls
-[identity_providers.oidc.issuer_certificate_chain]: ../identity-providers/open-id-connect.md#issuer_certificate_chain
-[identity_providers.oidc.issuer_private_key]: ../identity-providers/open-id-connect.md#issuer_private_key
-[identity_providers.oidc.hmac_secret]: ../identity-providers/open-id-connect.md#hmac_secret
+[identity_providers.oidc.issuer_certificate_chain]: ../identity-providers/open-id-connect.md#issuercertificatechain
+[identity_providers.oidc.issuer_private_key]: ../identity-providers/open-id-connect.md#issuerprivatekey
+[identity_providers.oidc.hmac_secret]: ../identity-providers/open-id-connect.md#hmacsecret
 
 
 ## Secrets in configuration file

docs/content/en/configuration/miscellaneous/introduction.md

@@ -73,7 +73,7 @@ default_2fa_method: totp
 especially for containerized deployments.*
 
 Defines the secret used to craft JWT tokens leveraged by the identity verification process. This can a random string.
-It's strongly recommended this is a [Random Alphanumeric String](../../reference/guides/generating-secure-values.md/#generating-a-random-alphanumeric-string) with
+It's strongly recommended this is a [Random Alphanumeric String](../../reference/guides/generating-secure-values.md#generating-a-random-alphanumeric-string) with
 64 or more characters.
 
 ### theme

docs/content/en/configuration/miscellaneous/ntp.md

@@ -68,4 +68,4 @@ Setting this to true will disable the startup check entirely.
 
 Setting this to true will allow Authelia to start and just log an error instead of exiting. The default is that if
 Authelia can contact the NTP server successfully, and the time reported by the server is greater than what is configured
-in [max_desync](#max_desync) that Authelia fails to start and logs a fatal error.
+in [max_desync](#maxdesync) that Authelia fails to start and logs a fatal error.

docs/content/en/configuration/prologue/common.md

@@ -123,7 +123,7 @@ require an IP address for the host of the backend service but want to verify a s
 
 The key `skip_verify` completely negates validating the certificate of the backend service. This is not recommended,
 instead you should tweak the `server_name` option, and the global option
-[certificates directory](../miscellaneous/introduction.md#certificates_directory).
+[certificates directory](../miscellaneous/introduction.md#certificatesdirectory).
 
 ### minimum_version
 
@@ -147,7 +147,7 @@ this value. At the time of this writing `SSL3.0` will always produce errors.
 
 {{< confkey type="string" required="no" >}}
 
-The certificate chain/bundle to be used with the [private_key](#private_key) to perform mutual TLS authentication with
+The certificate chain/bundle to be used with the [private_key](#privatekey) to perform mutual TLS authentication with
 the server.
 
 The value must be one or more certificates encoded in the DER base64 ([RFC4648]) encoded PEM format.
@@ -159,7 +159,7 @@ The value must be one or more certificates encoded in the DER base64 ([RFC4648])
 *__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
 especially for containerized deployments.*
 
-The private key to be used with the [certificate_chain](#certificate_chain) for mutual TLS authentication.
+The private key to be used with the [certificate_chain](#certificatechain) for mutual TLS authentication.
 
 The value must be one private key encoded in the DER base64 ([RFC4648]) encoded PEM format.
 

docs/content/en/configuration/prologue/migration.md

@@ -73,7 +73,7 @@ environment variable or other environment variables set. This also applies to ot
 
 *__Please Note:__ if you're using Authelia with Kubernetes and are not using the provided
 [helm chart](https://charts.authelia.com) you will be required to
-[configure the enableServiceLinks](../../integration/kubernetes/introduction/index.md#enable-service-links) option.*
+[configure the enableServiceLinks](../../integration/kubernetes/introduction.md#enable-service-links) option.*
 
 ### 4.25.0
 
@@ -99,7 +99,7 @@ The following changes occurred in 4.7.0:
 |  logs_level  | log_level |
 |  logs_file   | log_file  |
 
-*__Please Note:__ The new keys also changed in [4.30.0](#4.30.0) so you will need to update them to the new values if you
-are using [4.30.0](#4.30.0) or newer instead of the new keys listed here.*
+*__Please Note:__ The new keys also changed in [4.30.0](#4300) so you will need to update them to the new values if you
+are using [4.30.0](#4300) or newer instead of the new keys listed here.*
 
 [YAML]: https://yaml.org/

docs/content/en/configuration/second-factor/time-based-one-time-password.md

@@ -61,10 +61,12 @@ by Authelia from others.
 
 *__Important Note:__ Many TOTP applications do not support this option. It is strongly advised you find out which
 applications your users use and test them before changing this option. It is insufficient to test that the application
-can add the key, it must also authenticate with Authelia as some applications silently ignore these options. Bitwarden
+can add the key, it must also authenticate with Authelia as some applications silently ignore these options. [Bitwarden]
 is the only one that has been tested at this time. If you'd like to contribute to documenting support for this option
 please see [Issue 2650](https://github.com/authelia/authelia/issues/2650).*
 
+[Bitwarden]: https://bitwarden.com/
+
 The algorithm used for the TOTP key.
 
 Possible Values (case-insensitive):
@@ -82,7 +84,7 @@ information.
 
 *__Important Note:__ Some TOTP applications do not support this option. It is strongly advised you find out which
 applications your users use and test them before changing this option. It is insufficient to test that the application
-can add the key, it must also authenticate with Authelia as some applications silently ignore these options. Bitwarden
+can add the key, it must also authenticate with Authelia as some applications silently ignore these options. [Bitwarden]
 is the only one that has been tested at this time. If you'd like to contribute to documenting support for this option
 please see [Issue 2650](https://github.com/authelia/authelia/issues/2650).*
 
@@ -160,7 +162,7 @@ check the clients.
 
 ## Encryption
 
-The TOTP secret is [encrypted](../storage/introduction.md#encryption_key) in the database in version 4.33.0 and above.
+The TOTP secret is [encrypted](../storage/introduction.md#encryptionkey) in the database in version 4.33.0 and above.
 This is so a user having access to only the database cannot easily compromise your two-factor authentication method.
 
 This may be inconvenient for some users who wish to export TOTP keys from Authelia to other services. As such there is