some formatting improvements in README and addtions to explain how to disable optional services

README.md

@@ -33,9 +33,9 @@ Monitoring, alerting, log-collection and analysis, DNS and Let's Encrypt certifi
  - Backend: runs the application services that the reverse proxy talks to, it runs, among other things, the LEAP web API, the gateway selection service, and the infrastructure that provides monitoring and alerting.  
  - Gateway/s: These run openvpn and act as **VPN gateways, which ideally require two publicly addressable IP addresses, one for ingress and one for egress.**
  - Bridge: runs an [obfsvpn](https://0xacab.org/leap/obfsvpn) service, can run on the same machine as the gateway.
-   To remove optional services, delete the import lines from config/services.common.yml and the corresponding tags from host.yml.
- - Introducer(optional): runs as an obfsification proxy between client and reverse-proxy, used for reaching API from censored networks. (advised to run on port 443 to make it resemble with https)   
-    For disabling this service : remove "services.introducer.yml" from config/services.common.yml and remove `[introducer]` tag on hosts.yml
+   To remove optional services, comment out import lines from [config/services.common.yml](config/services.common.yml) and remove the corresponding tags from host.yml.
+ - Introducer(optional): runs as an obfuscation proxy between client and reverse-proxy, used for reaching API from censored networks. (advised to run on port 443 to make it resemble with https)
+    For disabling this service: comment out `services.introducer.yml` from [config/services.common.yml](config/services.common.yml) and remove `[introducer]` tag on hosts.yml
 
 
 ## How to provision a new provider?
@@ -136,15 +136,20 @@ You can control whether direct openvpn access is permitted for each gateway host
 Enabling this flag will mandate that users to use censorship-circumvention methods by default.    
 It's important to note that direct connections to openvpn can be easily detected by intermediaries
 
-You can tag any gateway hosts with below listed tag for scheduling respective obfuscation on gateway nodes
-supported `group_names`:
- - bridge : for running traditional bridge
- - bridge-kcp : for running kcp
- - bridge-quic : for running quic
- - introducer : for running introducer (introducer always runs on port 443, with no extra configuration needed)
+##### Configure bridges
+
+You can tag any gateway hosts with below listed tag for scheduling respective obfuscation on gateway nodes.
+Supported `group_names` are:
+ - `bridge` : for running obfs4 bridge
+ - `bridge-kcp` : for running obfs4+kcp
+ - `bridge-quic` : for running quic
+ - `bridge-hop`: for running obfs4 in hopping mode
+ - `bridge-hop-kcp`: for running obfs4+kcp in hopping mode
+ - `bridge-hop-quic`: for running quic in hopping mode
+ - `introducer` : for running introducer (introducer always runs on port 443, with no extra configuration needed)
 
 For gateway hosts, use the variables below to run each app on specific ports. If not specified, the apps will use the default ports listed.
-```
+```yaml
     ports:
       # for openvpn : the first port in the list will be used as the primary port for running openvpn service,
       # with NAT rules forwarding traffic from other listed ports to this primary port.
@@ -152,23 +157,26 @@ For gateway hosts, use the variables below to run each app on specific ports. If
       bridge: 443
       bridge-kcp: 4431
       bridge-quic: 4432
-      bridge-hop: Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
-        port-seed: 1  (OBFSVPN_SEED)
-        port-min: 49152 (OBFSVPN_MIN_HOP_PORT)
-        port-max: 65535 (OBFSVPN_MAX_HOP_PORT)
-        port-count: 100  (OBFSVPN_PORT_COUNT)
-      bridge-hop-kcp: Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
-        port-seed: 2  (OBFSVPN_SEED)
-        port-min: 49152 (OBFSVPN_MIN_HOP_PORT)
-        port-max: 65535 (OBFSVPN_MAX_HOP_PORT)
-        port-count: 100  (OBFSVPN_PORT_COUNT)
-      bridge-hop-kcp: Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
-        port-seed: 3  (OBFSVPN_SEED)
-        port-min: 49152 (OBFSVPN_MIN_HOP_PORT)
-        port-max: 65535 (OBFSVPN_MAX_HOP_PORT)
-        port-count: 100  (OBFSVPN_PORT_COUNT)
+      bridge-hop: # Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
+        port-seed: 1  # (OBFSVPN_SEED)
+        port-min: 49152 # (OBFSVPN_MIN_HOP_PORT)
+        port-max: 65535 # (OBFSVPN_MAX_HOP_PORT)
+        port-count: 100  # (OBFSVPN_PORT_COUNT)
+      bridge-hop-kcp: #Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
+        port-seed: 2  # (OBFSVPN_SEED)
+        port-min: 49152 # (OBFSVPN_MIN_HOP_PORT)
+        port-max: 65535 # (OBFSVPN_MAX_HOP_PORT)
+        port-count: 100  # (OBFSVPN_PORT_COUNT)
+      bridge-hop-quic: # Ref: https://0xacab.org/leap/obfsvpn#obfsvpn-server
+        port-seed: 3  # (OBFSVPN_SEED)
+        port-min: 49152 # (OBFSVPN_MIN_HOP_PORT)
+        port-max: 65535 # (OBFSVPN_MAX_HOP_PORT)
+        port-count: 100  # (OBFSVPN_PORT_COUNT)
 ```
-_NOTE:_ If you use IPv6 addresses uncomment and adapt the gateway example given in the section `gateway2`.
+Finally, make sure the optional obfuscation services you want to use are not commented out in [config/services.common.yml](config/services.common.yml). Conversely, place a `#` in front of the lines of the optional services that you do not need.
+
+##### IPv6
+If you use IPv6 addresses uncomment and adapt the gateway example given in the section `gateway2`.
 
 #### 3.2. Configure _config.yml_ :)
 Edit _group_vars/all/config.yml_ and set your `domain_public` to the service domain name that you delegated (eg. `float.example.com`). The `domain` can be set to `infra.example.com` as this is the internally managed domain. 

config/services.common.yml

@@ -2,7 +2,7 @@
 include:
   - ../float/services.yml.default
   - "services.bitmask.yml"
-# optional services
+# optional services, comment out those you don't use
   - "services.bridge.yml"
   - "services.bridge.kcp.yml"
   - "services.bridge.quic.yml"