Format .md with markdownlint

Author: lewisgoddard

.github/CONTRIBUTING.md

@@ -6,7 +6,9 @@ We love pull requests from everyone. Check out our [open issues](https://github.
 
 We recommend forking the repository, and then cloning your new repo.
 
-    git clone git@github.com:your-username/bubbly.git
+```bash
+git clone git@github.com:your-username/bubbly.git
+```
 
 Once you've made changes and committed them in your fork, preferably on a nicely named branch with descriptive commit messages, you can move on to [Creating a Pull Request](#creating-a-pull-request).
 
@@ -32,9 +34,9 @@ In [`nginx-config/directive/bubbly_rock-hard-ssl.conf`](https://github.com/eusta
 
 Drops everything older than ~2020 browsers.
 
-- Supports Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, Safari 12.1
+* Supports Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, Safari 12.1
 
-```
+```nginx
 ssl_protocols TLSv1.3;
 ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1;
 ssl_prefer_server_ciphers off;
@@ -44,9 +46,9 @@ ssl_prefer_server_ciphers off;
 
 Supports the last several versions of every modern browser, plus a long tail.
 
-- Supports Firefox 31.3.0, Android 4.4.2, Chrome 49, Edge 15 on Windows 10, IE 11 on Windows 10, Java 8u161, OpenSSL 1.0.1l, Opera 20, Safari 9
+* Supports Firefox 31.3.0, Android 4.4.2, Chrome 49, Edge 15 on Windows 10, IE 11 on Windows 10, Java 8u161, OpenSSL 1.0.1l, Opera 20, Safari 9
 
-```
+```nginx
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
@@ -57,28 +59,28 @@ ssl_prefer_server_ciphers off;
 
 Various headers are delivered from various configuration files. This list should help source any undesired headers you see being sent. Some headers can be sent from multiple locations.
 
-- [`nginx-config/directive/bubbly_security-headers.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/bubbly_security-headers.conf)
-- - `Access-Control-Allow-Origin`
-- - `Content-Security-Policy-Report-Only`
-- - `Content-Security-Policy`
-- - `Cross-Origin-Embedder-Policy`
-- - `Cross-Origin-Opener-Policy`
-- - `Cross-Origin-Resource-Policy`
-- - `X-Content-Type-Options`
-- - `X-Frame-Options`
-- - `Feature-Policy`
-- - `Permissions-Policy`
-- - `Referrer-Policy`
-- - `Server`
-- - `Strict-Transport-Security`
-- - `X-XSS-Protection`
-- [`nginx-config/location/h5bp_expires.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/location/h5bp_expires.conf)
-- - `Cache-Control`
-- [`nginx-config/directive/h5bp_no-transform.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/h5bp_no-transform.conf)
-- - `Cache-Control`
-- [`nginx-config/location/bubbly_extensionless-php.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/location/bubbly_extensionless-php.conf)
-- - Suppresses `X-Powered-By`
-- [`nginx-config/directive/bubbly_rock-hard-ssl.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/bubbly_rock-hard-ssl.conf)
+* [`nginx-config/directive/bubbly_security-headers.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/bubbly_security-headers.conf)
+* * `Access-Control-Allow-Origin`
+* * `Content-Security-Policy-Report-Only`
+* * `Content-Security-Policy`
+* * `Cross-Origin-Embedder-Policy`
+* * `Cross-Origin-Opener-Policy`
+* * `Cross-Origin-Resource-Policy`
+* * `X-Content-Type-Options`
+* * `X-Frame-Options`
+* * `Feature-Policy`
+* * `Permissions-Policy`
+* * `Referrer-Policy`
+* * `Server`
+* * `Strict-Transport-Security`
+* * `X-XSS-Protection`
+* [`nginx-config/location/h5bp_expires.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/location/h5bp_expires.conf)
+* * `Cache-Control`
+* [`nginx-config/directive/h5bp_no-transform.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/h5bp_no-transform.conf)
+* * `Cache-Control`
+* [`nginx-config/location/bubbly_extensionless-php.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/location/bubbly_extensionless-php.conf)
+* * Suppresses `X-Powered-By`
+* [`nginx-config/directive/bubbly_rock-hard-ssl.conf`](https://github.com/eustasy/Bubbly/blob/master/nginx-config/directive/bubbly_rock-hard-ssl.conf)
 
 ## Contact Points
 

README.md

@@ -8,7 +8,7 @@
 
 If you want an instant A+ score on Qualys [SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=lewisgoddard.me.uk) and A score on [SecurityHeaders.io](https://securityheaders.io/?q=lewisgoddard.me.uk&followRedirects=on), then this is what you'll need to do. You won't need any familiarity with [Certbot](https://github.com/certbot/certbot), [Let's Encrypt](https://letsencrypt.org/), the ACME spec, or SSL in general, just basic Nginx configuration.
 
-**1. Install Certbot and Clone Bubbly**
+## 1. Install Certbot and Clone Bubbly
 
 We'll start off by cloning the project into the home folder with git.
 
@@ -18,7 +18,7 @@ sudo apt install git certbot &&
 git clone https://github.com/eustasy/Bubbly
 ```
 
-**2. Generate Statics**
+## 2. Generate Statics
 
 Generate the static keys once per server.
 
@@ -30,15 +30,15 @@ As it will warn, this might take a while.
 
 Have a seat.
 
-**3. Copy config blocks**
+## 3. Copy config blocks
 
 When you've gone and made something in the 15 minutes that could well take, or you've just set up a new SSH session, copy the Nginx configuration over to the Nginx area.
 
 ```bash
 ~/Bubbly/bubbly_copy-configs.sh
 ```
 
-**4. Configure & Enable Verification**
+## 4. Configure & Enable Verification
 
 Copy the verification site template and replace the instances of `example.com` in the file with your actual domain name.
 
@@ -56,8 +56,7 @@ sudo nginx -t && sudo service nginx reload
 
 Alternatively, you can simply add `include location/bubbly_well-known-passthrough.conf;` to an existing site you want to continue working while we upgrade.
 
-
-**5. Fetch Certificates**
+## 5. Fetch Certificates
 
 Fetch your certificates like this:
 
@@ -69,7 +68,7 @@ It will ask for the root password, and an email address, so hang around, it shou
 
 Certbot will set up a systemd timer that runs `certbot renew` automatically twice a day. The `--deploy-hook` passed by the script is stored in `/etc/letsencrypt/renewal/example.com.conf`, so Nginx will be reloaded automatically after each successful renewal — no cron job or manual renewal needed.
 
-**6. Start using the Certificates**
+## 6. Start using the Certificates
 
 Copy the live site template alongside the verify config you already have. You'll need to more carefully review the `[OPTION]`s in this file, as you'll also need to change the certificate location to match the domain name you requested. Consider taking a look at the `[OPTION]`s and `[WARNING]`s in other linked config files.