diff --git a/website/pages/docs/connect/proxies/built-in.mdx b/website/pages/docs/connect/proxies/built-in.mdx
index c5cfc0c412..d8f52da55d 100644
--- a/website/pages/docs/connect/proxies/built-in.mdx
+++ b/website/pages/docs/connect/proxies/built-in.mdx
@@ -53,34 +53,29 @@ for the built-in proxy.
All fields are optional with a sane default.
--
- `bind_address` - The address the proxy will bind it's
+- `bind_address` - The address the proxy will bind it's
_public_ mTLS listener to. It defaults to the same address the agent binds to.
--
- `bind_port` - The port the proxy will bind it's _public_
+- `bind_port` - The port the proxy will bind it's _public_
mTLS listener to. If not provided, the agent will attempt to assign one from its
[configured proxy port range](/docs/agent/options#proxy_min_port) if available.
By default the range is [20000, 20255] and the port is selected at random from
that range.
--
- `tcp_check_address` - The address the agent will
+- `tcp_check_address` - The address the agent will
run a [TCP health check](/docs/agent/checks) against. By default this is the same
- as the proxy's [bind address](#bind_address) except if the bind*address is `0.0.0.0`
+ as the proxy's [bind address](#bind_address) except if the bind address is `0.0.0.0`
or `[::]` in which case this defaults to `127.0.0.1` and assumes the agent can
dial the proxy over loopback. For more complex configurations where agent and proxy
communicate over a bridge for example, this configuration can be used to specify
- a different \_address* (but not port) for the agent to use for health checks if
+ a different *address* (but not port) for the agent to use for health checks if
it can't talk to the proxy over localhost or it's publicly advertised port. The
check always uses the same port that the proxy is bound to.
--
- `disable_tcp_check` - If true, this disables a
+- `disable_tcp_check` - If true, this disables a
TCP check being setup for the proxy. Default is false.
--
- `local_service_address` - The `[address]:port`
+- `local_service_address`- The `[address]:port`
that the proxy should use to connect to the local application instance. By default
it assumes `127.0.0.1` as the address and takes the port from the service definition's
`port` field. Note that allowing the application to listen on any non-loopback
@@ -89,18 +84,15 @@ All fields are optional with a sane default.
known-private IP is available for example when using internal networking between
containers.
--
- `local_connect_timeout_ms` - The number
+- `local_connect_timeout_ms` - The number
of milliseconds the proxy will wait to establish a connection to the _local application_
before giving up. Defaults to `1000` or 1 second.
--
- `handshake_timeout_ms` - The number of milliseconds
+- `handshake_timeout_ms` - The number of milliseconds
the proxy will wait for _incoming_ mTLS connections to complete the TLS handshake.
Defaults to `10000` or 10 seconds.
--
- `upstreams` - **Deprecated** Upstreams are now specified
+- `upstreams`- **Deprecated** Upstreams are now specified
in the `connect.proxy` definition. Upstreams specified in the opaque config map
here will continue to work for compatibility but it's strongly recommended that
you move to using the higher level [upstream configuration](/docs/connect/registration/service-registration#upstream-configuration-reference).
@@ -109,7 +101,6 @@ All fields are optional with a sane default.
All fields are optional with a sane default.
--
- `connect_timeout_ms` - The number of milliseconds
+- `connect_timeout_ms` - The number of milliseconds
the proxy will wait to establish a TLS connection to the discovered upstream instance
before giving up. Defaults to `10000` or 10 seconds.