gravitational · stevenGravy · May 5, 2023 · May 5, 2023 · May 5, 2023
diff --git a/docs/pages/deploy-a-cluster/helm-deployments/digitalocean.mdx b/docs/pages/deploy-a-cluster/helm-deployments/digitalocean.mdx
@@ -16,7 +16,7 @@ cluster to Teleport.
 ## Prerequisites
 
 - DigitalOcean account.
-- Your workstation configured with [kubectl](https://kubernetes.io/docs/tasks/tools/), [Helm](https://helm.sh/docs/intro/install/), [doctl](https://docs.digitalocean.com/reference/doctl/how-to/install/), and the Teleport [tsh](https://goteleport.com/docs/installation/) client.
+- Your workstation configured with [kubectl](https://kubernetes.io/docs/tasks/tools/), [Helm](https://helm.sh/docs/intro/install/), [doctl](https://docs.digitalocean.com/reference/doctl/how-to/install/), and the Teleport [tsh](../../installation.mdx) client.
 
 ## Step 1/4. Create a DigitalOcean Kubernetes cluster
 

diff --git a/docs/pages/machine-id/getting-started.mdx b/docs/pages/machine-id/getting-started.mdx
@@ -22,26 +22,6 @@ Here's an overview of what you will do:
 
 (!/docs/pages/includes/tctl.mdx!)
 
-<Admonition 
-type="note" 
-title="Machine ID and TLS Routing" 
-scopeOnly scope={["oss", "enterprise"]}
->
-
-TLS Routing support was added to Machine ID in [Teleport
-9.3](https://goteleport.com/docs/preview/upcoming-releases/#teleport-93). For
-earlier versions, the Teleport Proxy Server will need to be configured with a
-dedicated SSH listener.
-
-```yaml
-version: v1
-proxy_service:
-  enabled: "yes"
-  listen_addr: "0.0.0.0:3023"
-  ...
-```
-</Admonition>
-
 ## Step 1/4. Download and install Teleport (=teleport.version=)
 
 In this step, you will be downloading and installing Teleport binaries onto the
@@ -93,7 +73,7 @@ auditor no-login-6566121f-b602-47f1-a118-c9c618ee5aec             session:list,r
 editor                                                            user:list,create,read,update,delete,...
 ```
 
-Machine ID can join with a token or the [IAM Method](https://goteleport.com/docs/setup/guides/joining-nodes-aws) on AWS.
+Machine ID can join with a token or the [IAM Method](../management/join-services-to-your-cluster/aws-iam.mdx) on AWS.
 
 Assuming that you are using the default `access` role, ensure that you use the 
 `--logins` flag when adding your bot to specify the SSH logins that you wish to 
@@ -333,4 +313,4 @@ use-case, for example:
 - [Machine ID with Jenkins](./guides/jenkins.mdx)
 - [Machine ID with Databases](./guides/databases.mdx)
 
-[More information about `TELEPORT_ANONYMOUS_TELEMETRY`.](./reference/telemetry.mdx)
+[More information about `TELEPORT_ANONYMOUS_TELEMETRY`.](./reference/telemetry.mdx)
diff --git a/docs/pages/machine-id/guides/github-actions.mdx b/docs/pages/machine-id/guides/github-actions.mdx
@@ -28,7 +28,7 @@ Actions runners as well as GitHub Enterprise Server.
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 - (!docs/pages/includes/tctl.mdx!)
-- A node that is a part of the Teleport cluster with [Server Access](https://goteleport.com/docs/server-access/introduction/).
+- A node that is a part of the Teleport cluster with [Server Access](../../server-access/introduction.mdx).
 - Your user should have the privileges to create token resources.
 - A GitHub repository with GitHub Actions enabled. This guide uses the example `gravitational/example`
 repo, however this value should be replaced with your own unique repo.

diff --git a/docs/pages/machine-id/guides/host-certificate.mdx b/docs/pages/machine-id/guides/host-certificate.mdx
@@ -6,7 +6,7 @@ description: Issuing Host Certificates with Machine ID for OpenSSH servers.
 Host certificates are generally created on Teleport for access to OpenSSH servers that can not otherwise join a Teleport cluster.
 While long-lived certificates may be applied for this purpose, short-lived and regularly rotated host certificates generated
 through Teleport help to provide a number of security benefits over their long-lived counterparts. Regular certificate rotation reduces risk by ensuring that any potentially stolen
-certificates are usable for a shorter period of time. Additionally, when coupled with Teleport's [RBAC](https://goteleport.com/docs/access-controls/guides/role-templates/)
+certificates are usable for a shorter period of time. Additionally, when coupled with Teleport's [RBAC](../../access-controls/guides/role-templates.mdx)
 support and host certificate **Principals** and **Predicates**, you can apply limitations to both the process of creating host certificates,
 as well as the host certificates themselves.
 
@@ -402,6 +402,6 @@ to connect to OpenSSH with Teleport, see the following documentation:
 - [Using Teleport With OpenSSH](../../server-access/guides/openssh.mdx)
 - [Using SSH Host Certificates](https://goteleport.com/blog/how-to-ssh-properly/)
 - [Machine ID Configuration Reference](../reference/configuration.mdx)
-- [Joining Nodes using the IAM method](https://goteleport.com/docs/setup/guides/joining-nodes-aws)
+- [Joining Nodes using the IAM method](../../management/join-services-to-your-cluster/aws-ec2.mdx)
 
 [More information about `TELEPORT_ANONYMOUS_TELEMETRY`.](../reference/telemetry.mdx)
diff --git a/docs/pages/management/export-audit-events/datadog.mdx b/docs/pages/management/export-audit-events/datadog.mdx
@@ -352,7 +352,7 @@ Teleport Cluster, ensure that:
 ## Next steps
 
 - Read more about
-[impersonation](https://goteleport.com/docs/access-controls/guides/impersonation/)
+[impersonation](../../access-controls/guides/impersonation.mdx)
 here.
 - While this guide uses the `tctl auth sign` command to issue credentials for the
 Teleport Event Handler, production clusters should use Machine ID for safer,

diff --git a/docs/pages/management/export-audit-events/fluentd.mdx b/docs/pages/management/export-audit-events/fluentd.mdx
@@ -366,7 +366,7 @@ Teleport Cluster, ensure that:
 ## Next Steps
 
 Read more about
-[impersonation](https://goteleport.com/docs/access-controls/guides/impersonation/)
+[impersonation](../../access-controls/guides/impersonation.mdx)
 here.
 
 While this guide uses the `tctl auth sign` command to issue credentials for the

diff --git a/docs/pages/reference/cli.mdx b/docs/pages/reference/cli.mdx
@@ -54,7 +54,7 @@ For more information on subcommands when working with the `teleport` cli, use th
 The `teleport start` command includes a large number of optional configuration flags.
 
 While configuration flags for `teleport start` can be used to set parameters for Teleport's configuration,
-we recommend using a [configuration file](https://goteleport.com/docs/reference/config/) in production.
+we recommend using a [configuration file](./config.mdx) in production.
 
 #### Flags
 
@@ -2200,7 +2200,7 @@ The following flags are specific to Google Workspace:
 | `--google-acc-uri` | URI of your service account credentials file. Example: `file:///var/lib/teleport/gworkspace-creds.json`.|
 | `--google-acc`      | String containing Google service account credentials.                                                  |
 | `--google-admin`   | Email of a Google admin to impersonate.                                                                |
-| `--google-legacy`  | Flag to select groups with direct membership filtered by domain (legacy behavior). <br/>Disabled by default. [More info](https://goteleport.com/docs/enterprise/sso/google-workspace/#how-teleport-uses-google-workspace-apis) |
+| `--google-legacy`  | Flag to select groups with direct membership filtered by domain (legacy behavior). <br/>Disabled by default. [More info](../access-controls/sso/google-workspace.mdx#how-teleport-uses-google-workspace-apis) |
 | `--google-id`      | Shorthand for setting the `--id` flag to `<GOOGLE_WORKSPACE_CLIENT_ID>.apps.googleusercontent.com`     |
 
 #### Global flags

diff --git a/docs/pages/server-access/guides/azure-discovery.mdx b/docs/pages/server-access/guides/azure-discovery.mdx
@@ -295,7 +295,7 @@ The `installer` resource has the following templating options:
 - `{{ .PublicProxyAddr }}`: the public address of the Teleport Proxy Service to
 connect to.
 - `{{ .RepoChannel }}`: Optional package repository (apt/yum) channel name.
-Has format `<channel>/<version>` e.g. stable/v12. See [installation](https://goteleport.com/docs/installation/#linux) for more details.
+Has format `<channel>/<version>` e.g. stable/v(=teleport.major_version=). See [installation](../../installation.mdx#linux) for more details.
 
 These can be used as follows:
 

diff --git a/docs/pages/server-access/guides/ec2-discovery.mdx b/docs/pages/server-access/guides/ec2-discovery.mdx
@@ -339,7 +339,7 @@ The `installer` resource has the following templating options:
 - `{{ .PublicProxyAddr }}`: the public address of the Teleport Proxy Service to
 connect to.
 - `{{ .RepoChannel }}`: Optional package repository (apt/yum) channel name.
-Has format `<channel>/<version>` e.g. stable/v12. See [installation](https://goteleport.com/docs/installation/#linux) for more details.
+Has format `<channel>/<version>` e.g. stable/v(=teleport.major_version=). See [installation](../../installation.mdx#linux) for more details.
 
 These can be used as follows: