From 3b370f13d6204b9b5e23bf466c3db1e6228a7f0c Mon Sep 17 00:00:00 2001
From: honza <vrobel.jan@seznam.cz>
Date: Wed, 22 Apr 2026 16:46:10 +0200
Subject: [PATCH] Fix geoserver links - remark

---
 CHANGELOG.md        | 16 ++++++++--------
 doc/data-storage.md | 16 ++++++++--------
 doc/endpoints.md    |  8 ++++----
 doc/env-settings.md | 10 +++++-----
 doc/rest.md         |  4 ++--
 doc/security.md     |  2 +-
 6 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 51b0258d7..6b052de89 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -265,7 +265,7 @@
   LAYMAN_CLIENT_VERSION=v1.17.0
   ```
 - Stop using environment variable `LAYMAN_GS_PROXY_BASE_URL`, it has no effect to Layman anymore.
-  - GeoServer's [Proxy Base URL](https://docs.geoserver.org/2.21.x/en/user/configuration/globalsettings.html) is now automatically set by Layman on each start. Value is automatically derived from environment variables [`LAYMAN_CLIENT_PUBLIC_URL`](doc/env-settings.md#layman_client_public_url) (protocol) and [`LAYMAN_PROXY_SERVER_NAME`](doc/env-settings.md#layman_proxy_server_name) (domain and port). URL path is always `/geoserver/`.
+- GeoServer's [Proxy Base URL](https://docs-archive.geoserver.org/2.21.x/en/user/configuration/globalsettings.html) is now automatically set by Layman on each start. Value is automatically derived from environment variables [`LAYMAN_CLIENT_PUBLIC_URL`](doc/env-settings.md#layman_client_public_url) (protocol) and [`LAYMAN_PROXY_SERVER_NAME`](doc/env-settings.md#layman_proxy_server_name) (domain and port). URL path is always `/geoserver/`.
 - Stop using environment variable `LAYMAN_GS_PATH`, it has no effect to Layman anymore.
   - GeoServer's URL path must be always `/geoserver/` (that is true for GeoServer shipped with Layman).
 ### Migrations and checks
@@ -288,7 +288,7 @@
 - [#868](https://github.com/LayerManager/layman/issues/868) Responses to [GET Workspace Layer Metadata Comparison](doc/rest.md#get-workspace-layer-metadata-comparison) and [GET Workspace Map Metadata Comparison](doc/rest.md#get-workspace-map-metadata-comparison) do not respect [HTTP X-Forwarded headers](doc/client-proxy.md#x-forwarded-http-headers) of the request intentionally, in order to keep URLs in canonical form.
 - [#868](https://github.com/LayerManager/layman/issues/868) Relations between map and [internal layers](doc/models.md#internal-map-layer) are updated in `map_layer` table when calling [POST Workspace Maps](doc/rest.md#post-workspace-maps), [PATCH Workspace Map](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#patch-workspace-map), [DELETE Workspace Map](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#delete-workspace-map), and [DELETE Workspace Maps](doc/rest.md#delete-workspace-maps).
 - [#901](https://github.com/LayerManager/layman/issues/901) Endpoints [POST](doc/rest.md#post-workspace-maps) and [PATCH](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#patch-workspace-map) accept map compositions in version `3.x.x`.
-- [#927](https://github.com/LayerManager/layman/issues/927) SLD styles are internally published to GeoServer with [`raw`](https://docs.geoserver.org/2.21.x/en/user/rest/api/styles.html#raw) parameter set to `True`.
+- [#927](https://github.com/LayerManager/layman/issues/927) SLD styles are internally published to GeoServer with [`raw`](https://docs-archive.geoserver.org/2.21.x/en/user/rest/api/styles.html#raw) parameter set to `True`.
 - [#880](https://github.com/LayerManager/layman/issues/880) Use Docker Compose v2 (`docker compose`) in Makefile without `compatibility` flag and remove `Makefile_docker-compose_v1` file. Docker containers are named according to Docker Compose v2 and may have different name after upgrade.
 - [#765](https://github.com/LayerManager/layman/issues/765) Stop saving OAuth2 claims in filesystem, use prime DB schema only.
 - [#893](https://github.com/LayerManager/layman/issues/893) It is possible to specify logging level by new environment variable [LAYMAN_LOGLEVEL](doc/env-settings.md#LAYMAN_LOGLEVEL). Default level is `INFO`.
@@ -375,7 +375,7 @@
 - [#847](https://github.com/LayerManager/layman/issues/847) Fix publishing external table layers with `@` character or other dangerous characters in the username or in the password.
 - [#833](https://github.com/LayerManager/layman/issues/833) Make Timgen WMS requests more robust (handle WMS errors, delayed retry, add timestamp to each request).
 - [#877](https://github.com/LayerManager/layman/issues/877) Use Docker Compose v2 (`docker compose`) in Makefile. As of now, all containers are named in the same way as previously. Old Makefile using Docker Compose v1 (`docker-compose`) is archived as `Makefile_docker-compose_v1`. It will be removed in the next minor release.
-- [#815](https://github.com/LayerManager/layman/issues/815) Propagate [`LAYMAN_PROXY_SERVER_NAME`](doc/env-settings.md#LAYMAN_PROXY_SERVER_NAME) value to GeoServer environment variable [GEOSERVER_CSRF_WHITELIST](https://docs.geoserver.org/latest/en/user/security/webadmin/csrf.html).
+- [#815](https://github.com/LayerManager/layman/issues/815) Propagate [`LAYMAN_PROXY_SERVER_NAME`](doc/env-settings.md#LAYMAN_PROXY_SERVER_NAME) value to GeoServer environment variable [GEOSERVER_CSRF_WHITELIST](https://docs-archive.geoserver.org/latest/en/user/security/webadmin/csrf.html).
 - [#765](https://github.com/LayerManager/layman/issues/765) Remove Liferay from dev stack, use [Wagtail CRX](https://docs.coderedcorp.com/wagtail-crx/) + [Django OAuth Toolkit](https://django-oauth-toolkit.readthedocs.io/en/latest/) as new OAuth2 provider (authorization server).
 - Upgrade Python dependencies
   - flask 2.2.2 -> 2.3.2
@@ -902,7 +902,7 @@ make timgen-build
    - Sample SRS list for Czech Republic: `4326,3857,5514,102067,32633,32634`
    - Sample SRS list for Latvia: `4326,3857,3059`
 
-  During startup, Layman passes definitions of each EPSG to GeoServer, either from its internal sources, or from [epsg.io](https://epsg.io/). If download from epsg.io fails, warning `Not able to download EPSG definition from epsg.io` appears in log. In such case, you can [set EPSG definition manually](https://docs.geoserver.org/2.21.x/en/user/configuration/crshandling/customcrs.html) and restart GeoServer.
+  During startup, Layman passes definitions of each EPSG to GeoServer, either from its internal sources, or from [epsg.io](https://epsg.io/). If download from epsg.io fails, warning `Not able to download EPSG definition from epsg.io` appears in log. In such case, you can [set EPSG definition manually](https://docs-archive.geoserver.org/2.21.x/en/user/configuration/crshandling/customcrs.html) and restart GeoServer.
 
   If you want to be sure that GeoServer understands each of your SRS that you passed into LAYMAN_OUTPUT_SRS_LIST, visit GeoServer's admin GUI, page Services > WMS or WFS, and click on Submit. If you see no error message, everything is OK.
   
@@ -922,7 +922,7 @@ Data manipulations that automatically run at first start of Layman:
 ## v1.8.1
  2021-01-06
 ### Upgrade notes
-- The fix of [#200](https://github.com/LayerManager/layman/issues/200) affects only newly posted or patched layers. To fix access rights on existing layers, you can either wait for 1.9 release (2021-01-15), or manually add ROLE_AUTHENTICATED for every [layer security rule](https://docs.geoserver.org/2.21.x/en/user/security/layer.html) which already contains ROLE_ANONYMOUS.
+- The fix of [#200](https://github.com/LayerManager/layman/issues/200) affects only newly posted or patched layers. To fix access rights on existing layers, you can either wait for 1.9 release (2021-01-15), or manually add ROLE_AUTHENTICATED for every [layer security rule](https://docs-archive.geoserver.org/2.21.x/en/user/security/layer.html) which already contains ROLE_ANONYMOUS.
 ### Changes
 - [#200](https://github.com/LayerManager/layman/issues/200) Access rights EVERYONE is correctly propagated to GeoServer also for authenticated users. Only newly posted or patched layers are affected by the fix.
 - One of [OAuth2 HTTP headers](doc/oauth2/index.md#request-layman-rest-api), `AuthorizationIssUrl`, is optional if and only if there is only one OAuth2 authorization server registered at Layman. The header was mandatory before 1.8.1 in any case.
@@ -955,7 +955,7 @@ Data manipulations that automatically run at first start of Layman:
 - [#28](https://github.com/LayerManager/layman/issues/28) At first start of Layman, access rights of existing publications are set in following way:
     - [everyone can read and only owner of the workspace can edit](doc/security.md#Authorization) publications in [personal workspaces](doc/models.md#personal-workspace)
     - [anyone can read or edit](doc/security.md#Authorization) publications in [public workspaces](doc/models.md#public-workspace).
-    - Security rules on GeoServer on [workspace level (workspace.*.r/w)](https://docs.geoserver.org/2.21.x/en/user/security/layer.html) are deleted and replaced with security rules on [layer level (workspace.layername.r/w)](https://docs.geoserver.org/2.21.x/en/user/security/layer.html) according to rules on Layman side.
+    - Security rules on GeoServer on [workspace level (workspace.*.r/w)](https://docs-archive.geoserver.org/2.21.x/en/user/security/layer.html) are deleted and replaced with security rules on [layer level (workspace.layername.r/w)](https://docs-archive.geoserver.org/2.21.x/en/user/security/layer.html) according to rules on Layman side.
 - [#28](https://github.com/LayerManager/layman/issues/28) Only publications with [read access](doc/security.md#publication-access-rights) for EVERYONE are published to Micka as public.
 - [#28](https://github.com/LayerManager/layman/issues/28) New REST endpoint [GET Users](doc/rest.md#get-users) with list of all users registered in Layman. This new endpoint was added to Test Client into tab "Others".
 - [#28](https://github.com/LayerManager/layman/issues/28) [WMS endpoint](doc/endpoints.md#web-map-service) accepts same [authentication](doc/security.md#authentication) credentials (e.g. [OAuth2 headers](doc/oauth2/index.md#request-layman-rest-api)) as Layman REST API endpoints. It's implemented using Layman's WFS proxy. This proxy authenticates the user and send user identification to GeoServer.
@@ -1006,7 +1006,7 @@ There is a critical bug in this release, posting new layer breaks Layman: https:
 - [#95](https://github.com/LayerManager/layman/issues/95) When calling WFS Transaction, Layman will automatically create missing attributes in DB before redirecting request to GeoServer. Each missing attribute is created as `VARCHAR(1024)`. Works for WFS-T 1.0, 1.1 and 2.0, actions Insert, Update and Replace. If creating attribute fails for any reason, warning is logged and request is redirected nevertheless.
 - [#96](https://github.com/LayerManager/layman/issues/96) New REST API endpoint [GET Workspace Layer Style](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#get-workspace-layer-style) is created, which returns Layer default SLD. New attribute ```sld.url``` is added to [GET Workspace Layer endpoint](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#get-workspace-layer), where URL of Layer default SLD can be obtained. It points to above mentioned [GET Workspace Layer Style](https://github.com/LayerManager/layman/blob/v2.1.0/doc/rest.md#get-workspace-layer-style).
 - [#101](https://github.com/LayerManager/layman/issues/101) Test Client has new page for WFS proxy and is capable to send authenticated queries.
-- [#65](https://github.com/LayerManager/layman/issues/65) Layman automatically setup [HTTP authentication attribute](https://docs.geoserver.org/2.21.x/en/user/security/tutorials/httpheaderproxy/index.html) and chain filter at startup. Secret value of this attribute can be changed in [LAYMAN_GS_AUTHN_HTTP_HEADER_ATTRIBUTE](doc/env-settings.md#LAYMAN_GS_AUTHN_HTTP_HEADER_ATTRIBUTE) and is used by Layman's WFS proxy.
+- [#65](https://github.com/LayerManager/layman/issues/65) Layman automatically setup [HTTP authentication attribute](https://docs-archive.geoserver.org/2.21.x/en/user/security/tutorials/httpheaderproxy/index.html) and chain filter at startup. Secret value of this attribute can be changed in [LAYMAN_GS_AUTHN_HTTP_HEADER_ATTRIBUTE](doc/env-settings.md#LAYMAN_GS_AUTHN_HTTP_HEADER_ATTRIBUTE) and is used by Layman's WFS proxy.
 
 ## v1.6.1
 2020-08-19
@@ -1025,7 +1025,7 @@ There is a critical bug in this release, posting new layer breaks Layman: https:
 - [#74](https://github.com/LayerManager/layman/issues/74) Layman user and role at GeoServer defined by [LAYMAN_GS_USER](doc/env-settings.md#LAYMAN_GS_USER) and [LAYMAN_GS_ROLE](doc/env-settings.md#LAYMAN_GS_ROLE) are now created automatically on Layman's startup if an only if new environment variable [GEOSERVER_ADMIN_PASSWORD](doc/env-settings.md#GEOSERVER_ADMIN_PASSWORD) is provided. There is no need to set [GEOSERVER_ADMIN_PASSWORD](doc/env-settings.md#GEOSERVER_ADMIN_PASSWORD) for other reason than automatically creating Layman user and Layman role.
    - No change is required. If you are migrating existing instance, Layman user and role are already created, so you don't need to set [GEOSERVER_ADMIN_PASSWORD](doc/env-settings.md#GEOSERVER_ADMIN_PASSWORD). If this is your first Layman release, [GEOSERVER_ADMIN_PASSWORD](doc/env-settings.md#GEOSERVER_ADMIN_PASSWORD) is set in `.env` files starting with this version, so Layman user and role at GeoServer will be automatically created on startup.
    - No need to run command `make geoserver-reset-default-datadir` from now on. This command was removed from make options.
-- [#62](https://github.com/LayerManager/layman/issues/62) GeoServer [Proxy Base URL](https://docs.geoserver.org/2.21.x/en/user/configuration/globalsettings.html) is now automatically set on Layman's startup according to [LAYMAN_GS_PROXY_BASE_URL](https://github.com/LayerManager/layman/blob/v1.21.1/doc/env-settings.md#LAYMAN_GS_PROXY_BASE_URL). If you do not set the variable, value is calculated as [LAYMAN_CLIENT_PUBLIC_URL](doc/env-settings.md#LAYMAN_CLIENT_PUBLIC_URL)+[LAYMAN_GS_PATH](https://github.com/LayerManager/layman/blob/v1.21.1/doc/env-settings.md#LAYMAN_GS_PATH). If you set it to empty string, no change of Proxy Base URL will be done on GeoServer side.
+- [#62](https://github.com/LayerManager/layman/issues/62) GeoServer [Proxy Base URL](https://docs-archive.geoserver.org/2.21.x/en/user/configuration/globalsettings.html) is now automatically set on Layman's startup according to [LAYMAN_GS_PROXY_BASE_URL](https://github.com/LayerManager/layman/blob/v1.21.1/doc/env-settings.md#LAYMAN_GS_PROXY_BASE_URL). If you do not set the variable, value is calculated as [LAYMAN_CLIENT_PUBLIC_URL](doc/env-settings.md#LAYMAN_CLIENT_PUBLIC_URL)+[LAYMAN_GS_PATH](https://github.com/LayerManager/layman/blob/v1.21.1/doc/env-settings.md#LAYMAN_GS_PATH). If you set it to empty string, no change of Proxy Base URL will be done on GeoServer side.
 - [#83](https://github.com/LayerManager/layman/issues/89) All layers are created as `GEOMETRY` type, so any other type can be added (for example polygons can be added to points).
 - [#73](https://github.com/LayerManager/layman/issues/73) Layman users are automatically created on GeoServer (either at start up of Layman or when reserved) with separate role and workspace. Username is the same as in Layman, name of role is `"USER_"+username`, name of workspace is the same as username. Read and write permissions for workspace are set according to Layman's authorization (as of now read-everyone-write-everyone or read-everyone-write-owner).
 - New environment variables [LAYMAN_GS_USER_GROUP_SERVICE](doc/env-settings.md#LAYMAN_GS_USER_GROUP_SERVICE) and [LAYMAN_GS_ROLE_SERVICE](https://github.com/LayerManager/layman/blob/v1.22.0/doc/env-settings.md#LAYMAN_GS_ROLE_SERVICE) enable to control which user/group and role services are used at GeoServer. Not setting these variables means to use default services. 
diff --git a/doc/data-storage.md b/doc/data-storage.md
index 053bee9aa..6c7cba639 100644
--- a/doc/data-storage.md
+++ b/doc/data-storage.md
@@ -109,20 +109,20 @@ Data changes made directly in vector data DB tables (both internal and external)
 PostgreSQL is used as persistent data store, so data survives Layman restart.
 
 ### GeoServer
-There are only two **[workspaces](https://docs.geoserver.org/2.26.x/en/user/data/webadmin/workspaces.html)** in GeoServer for all Layman layers. First workspace is meant for [WFS](endpoints.md#web-feature-service) and has the name `layman`. Second workspace is meant for [WMS](endpoints.md#web-map-service) and is named `layman_wms`.
+There are only two **[workspaces](https://docs-archive.geoserver.org/2.26.x/en/user/data/webadmin/workspaces.html)** in GeoServer for all Layman layers. First workspace is meant for [WFS](endpoints.md#web-feature-service) and has the name `layman`. Second workspace is meant for [WMS](endpoints.md#web-map-service) and is named `layman_wms`.
 
-**[User](https://docs.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html)** is created for every [user](models.md#user) who reserved [username](models.md#username). Username on GeoServer is the same as username on Layman.
+**[User](https://docs-archive.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html)** is created for every [user](models.md#user) who reserved [username](models.md#username). Username on GeoServer is the same as username on Layman.
 
-One **[PostgreSQL datastore](https://docs.geoserver.org/2.26.x/en/user/data/app-schema/data-stores.html#postgis)** named `postgresql` is created in each GeoServer workspace.
+One **[PostgreSQL datastore](https://docs-archive.geoserver.org/2.26.x/en/user/data/app-schema/data-stores.html#postgis)** named `postgresql` is created in each GeoServer workspace.
 
-For each vector layer from external PostGIS table, **[PostgreSQL datastore](https://docs.geoserver.org/2.26.x/en/user/data/app-schema/data-stores.html#postgis)** is created. Name of the data store is `external_db_<uuid>`.
+For each vector layer from external PostGIS table, **[PostgreSQL datastore](https://docs-archive.geoserver.org/2.26.x/en/user/data/app-schema/data-stores.html#postgis)** is created. Name of the data store is `external_db_<uuid>`.
 
-For each vector layer with SLD style, **[Feature Type](https://docs.geoserver.org/2.26.x/en/user/rest/api/featuretypes.html)** and **[Layer](https://docs.geoserver.org/2.26.x/en/user/data/webadmin/layers.html)** are registered in both workspaces (WMS and WFS), and **[Style](https://docs.geoserver.org/2.26.x/en/user/styling/webadmin/index.html)** is created in WMS workspace. Feature Type and Layer are named as `l_<uuid>`, Style is named `<uuid>`. Feature type points to appropriate PostgreSQL table through PostgreSQL datastore. Style contains visualization file.
+For each vector layer with SLD style, **[Feature Type](https://docs-archive.geoserver.org/2.26.x/en/user/rest/api/featuretypes.html)** and **[Layer](https://docs-archive.geoserver.org/2.26.x/en/user/data/webadmin/layers.html)** are registered in both workspaces (WMS and WFS), and **[Style](https://docs-archive.geoserver.org/2.26.x/en/user/styling/webadmin/index.html)** is created in WMS workspace. Feature Type and Layer are named as `l_<uuid>`, Style is named `<uuid>`. Feature type points to appropriate PostgreSQL table through PostgreSQL datastore. Style contains visualization file.
 
-For each vector layer with QML style, **[Feature Type](https://docs.geoserver.org/2.26.x/en/user/rest/api/featuretypes.html)** is registered in WFS workspace, **[Cascading WMS Store](https://docs.geoserver.org/2.26.x/en/user/data/cascaded/wms.html)** and **[Cascading WMS Layer](https://docs.geoserver.org/2.26.x/en/api/#1.0.0/wmslayers.yaml)** are created in WMS workspace. Names of Feature Type and Cascading WMS Layer are `l_<uuid>`, name of Cascading WMS Store is `qgis_<uuid>`. Feature type points to appropriate PostgreSQL table through PostgreSQL datastore. Cascading WMS Store and Layer cascades to the layer's WMS instance at QGIS server (pointing to QGS file of the layer).
+For each vector layer with QML style, **[Feature Type](https://docs-archive.geoserver.org/2.26.x/en/user/rest/api/featuretypes.html)** is registered in WFS workspace, **[Cascading WMS Store](https://docs-archive.geoserver.org/2.26.x/en/user/data/cascaded/wms.html)** and **[Cascading WMS Layer](https://docs-archive.geoserver.org/2.26.x/en/api/1.0.0/wmslayers.yaml)** are created in WMS workspace. Names of Feature Type and Cascading WMS Layer are `l_<uuid>`, name of Cascading WMS Store is `qgis_<uuid>`. Feature type points to appropriate PostgreSQL table through PostgreSQL datastore. Cascading WMS Store and Layer cascades to the layer's WMS instance at QGIS server (pointing to QGS file of the layer).
 
-For each raster layer, **[Coverage Store](https://docs.geoserver.org/2.26.x/en/user/rest/api/coveragestores.html)**, **[Coverage](https://docs.geoserver.org/2.26.x/en/user/rest/api/coverages.html)**, and **[Style](https://docs.geoserver.org/2.26.x/en/user/styling/webadmin/index.html)** are created in WMS workspace. If layer is [timeseries](models.md#timeseries), Coverage Store is [ImageMosaic](https://docs.geoserver.org/2.26.x/en/user/data/raster/imagemosaic/index.html), otherwise it is [GeoTIFF](https://docs.geoserver.org/2.26.x/en/user/data/raster/geotiff.html). Names of Coverage is `l_<uuid>`, Style name is `<uuid>` name of Coverage Store is `geotiff_<uuid>` or `image_mosaic_<uuid>` depending on its type. Coverage Store and Coverage points to appropriate normalized raster GeoTIFF file(s). Style contains visualization file.
+For each raster layer, **[Coverage Store](https://docs-archive.geoserver.org/2.26.x/en/user/rest/api/coveragestores.html)**, **[Coverage](https://docs-archive.geoserver.org/2.26.x/en/user/rest/api/coverages.html)**, and **[Style](https://docs-archive.geoserver.org/2.26.x/en/user/styling/webadmin/index.html)** are created in WMS workspace. If layer is [timeseries](models.md#timeseries), Coverage Store is [ImageMosaic](https://docs-archive.geoserver.org/2.26.x/en/user/data/raster/imagemosaic/index.html), otherwise it is [GeoTIFF](https://docs-archive.geoserver.org/2.26.x/en/user/data/raster/geotiff.html). Names of Coverage is `l_<uuid>`, Style name is `<uuid>` name of Coverage Store is `geotiff_<uuid>` or `image_mosaic_<uuid>` depending on its type. Coverage Store and Coverage points to appropriate normalized raster GeoTIFF file(s). Style contains visualization file.
 
-Two **[access rules](https://docs.geoserver.org/2.26.x/en/user/security/layer.html)** are created for each layer in each GeoServer workspace (WFS and WMS), one for [read access right](security.md#publication-access-rights), one for [write access right](security.md#publication-access-rights). Every username from Layman's access right is represented by user's role name (i.e. `USER_<upper-cased username>`). Role `EVERYONE` is represented as `ROLE_ANONYMOUS` and `ROLE_AUTHENTICATED` on GeoServer.
+Two **[access rules](https://docs-archive.geoserver.org/2.26.x/en/user/security/layer.html)** are created for each layer in each GeoServer workspace (WFS and WMS), one for [read access right](security.md#publication-access-rights), one for [write access right](security.md#publication-access-rights). Every username from Layman's access right is represented by user's role name (i.e. `USER_<upper-cased username>`). Role `EVERYONE` is represented as `ROLE_ANONYMOUS` and `ROLE_AUTHENTICATED` on GeoServer.
 
 GeoServer is used as persistent data store, so data survives Layman restart.
diff --git a/doc/endpoints.md b/doc/endpoints.md
index aeac0f2fe..4f612679d 100644
--- a/doc/endpoints.md
+++ b/doc/endpoints.md
@@ -1,8 +1,8 @@
 # Endpoints
-To use [headers for GeoServer's Proxy URL](https://docs.geoserver.org/2.26.x/en/user/configuration/globalsettings.html#use-headers-for-proxy-url) see [client proxy documentation](client-proxy.md).
+To use [headers for GeoServer's Proxy URL](https://docs-archive.geoserver.org/2.26.x/en/user/configuration/globalsettings.html#use-headers-for-proxy-url) see [client proxy documentation](client-proxy.md).
 
 ## Web Map Service
-[Web Map Service (WMS)](https://www.ogc.org/standards/wms/) endpoint is implemented using combination of Layman's authentication proxy, Layman's WMS proxy, and [GeoServer](https://docs.geoserver.org/2.26.x/en/user/services/wms/reference.html).
+[Web Map Service (WMS)](https://www.ogc.org/standards/wms/) endpoint is implemented using combination of Layman's authentication proxy, Layman's WMS proxy, and [GeoServer](https://docs-archive.geoserver.org/2.26.x/en/user/services/wms/reference.html).
 
 The authentication proxy understands same [authentication credentials](security.md#authentication) as Layman REST API (e.g. OAuth2 credentials) and passes the request to GeoServer with credentials understandable by GeoServer.
 
@@ -12,10 +12,10 @@ The WMS proxy parses request and adapts it in case of WMS GetMap requests:
 WMS respects [publication access rights](security.md#publication-access-rights). If user asks for layer he has not read access to by GetMap or GetFeatureInfo request, GeoServer returns standard ServiceExceptionReport (code LayerNotDefined).
 
 ### GetLegendGraphic
-GetLegendGraphic query is answered directly by GeoServer for layers with SLD style and can be parametrized according to [GeoServer documentation](https://docs.geoserver.org/latest/en/user/services/wms/get_legend_graphic/index.html). For layers with QML style is such query redirected by GeoServer to QGIS server and can be parametrized according to [QGIS documentation](https://docs.qgis.org/3.40/en/docs/server_manual/services/wms.html#getlegendgraphic). 
+GetLegendGraphic query is answered directly by GeoServer for layers with SLD style and can be parametrized according to [GeoServer documentation](https://docs-archive.geoserver.org/latest/en/user/services/wms/get_legend_graphic/index.html). For layers with QML style is such query redirected by GeoServer to QGIS server and can be parametrized according to [QGIS documentation](https://docs.qgis.org/3.40/en/docs/server_manual/services/wms.html#getlegendgraphic). 
 
 ## Web Feature Service
-[Web Feature Service (WFS)](https://www.ogc.org/standards/wfs/) endpoint is implemented using combination of Layman's authentication proxy, Layman's WFS proxy, and [GeoServer](https://docs.geoserver.org/2.26.x/en/user/services/wfs/reference.html).
+[Web Feature Service (WFS)](https://www.ogc.org/standards/wfs/) endpoint is implemented using combination of Layman's authentication proxy, Layman's WFS proxy, and [GeoServer](https://docs-archive.geoserver.org/2.26.x/en/user/services/wfs/reference.html).
 
 The authentication proxy behaves in the same way as in case of [WMS](#web-map-service).
 
diff --git a/doc/env-settings.md b/doc/env-settings.md
index bb7f3b7a7..e351aa600 100644
--- a/doc/env-settings.md
+++ b/doc/env-settings.md
@@ -46,7 +46,7 @@ Only subset of these codes is allowed: `3857,4326,5514,32633,32634,3034,3035,305
 ### LAYMAN_OUTPUT_SRS_LIST
 List of [EPSG codes](https://en.wikipedia.org/wiki/EPSG_Geodetic_Parameter_Dataset) that will be supported as output spatial reference systems in both WMS and WFS. Value consists of integer codes separated by comma (`,`). If the list does not contain codes from [LAYMAN_INPUT_SRS_LIST](#LAYMAN_INPUT_SRS_LIST), they are appended by Layman automatically. For examples of SRS list, see [LAYMAN_INPUT_SRS_LIST](#LAYMAN_INPUT_SRS_LIST).
 
-During startup, Layman passes definitions of each EPSG to GeoServer, either from its internal sources, or from [epsg.io](https://epsg.io/). If download from epsg.io fails, warning `Not able to download EPSG definition from epsg.io` appears in log. In such case, you can [set EPSG definition manually](https://docs.geoserver.org/2.26.x/en/user/configuration/crshandling/customcrs.html) and restart GeoServer.
+During startup, Layman passes definitions of each EPSG to GeoServer, either from its internal sources, or from [epsg.io](https://epsg.io/). If download from epsg.io fails, warning `Not able to download EPSG definition from epsg.io` appears in log. In such case, you can [set EPSG definition manually](https://docs-archive.geoserver.org/2.26.x/en/user/configuration/crshandling/customcrs.html) and restart GeoServer.
 
 If you want to be sure that GeoServer understands each of your SRS that you passed into LAYMAN_OUTPUT_SRS_LIST, visit GeoServer's admin GUI, page Services > WMS or WFS, and click on Submit. If you see no error message, everything is OK.
 
@@ -163,19 +163,19 @@ Internal URL host of GeoServer instance.
 Internal URL port of GeoServer instance.
 
 ### LAYMAN_GS_USER
-Name of [GeoServer user](https://docs.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html#add-user) that Layman uses for authentication and communication with GeoServer. The LAYMAN_GS_USER must be another user than default `admin` user. The LAYMAN_GS_USER user must have at least the [LAYMAN_GS_ROLE](#LAYMAN_GS_ROLE) and default [`ADMIN`](https://docs.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#mapping-roles-to-system-roles) role (defined by `adminRoleName`). The user and his required roles will be created automatically on Layman's startup if [GEOSERVER_ADMIN_PASSWORD](#GEOSERVER_ADMIN_PASSWORD) is provided.
+Name of [GeoServer user](https://docs-archive.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html#add-user) that Layman uses for authentication and communication with GeoServer. The LAYMAN_GS_USER must be another user than default `admin` user. The LAYMAN_GS_USER user must have at least the [LAYMAN_GS_ROLE](#LAYMAN_GS_ROLE) and default [`ADMIN`](https://docs-archive.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#mapping-roles-to-system-roles) role (defined by `adminRoleName`). The user and his required roles will be created automatically on Layman's startup if [GEOSERVER_ADMIN_PASSWORD](#GEOSERVER_ADMIN_PASSWORD) is provided.
 
 ### LAYMAN_GS_PASSWORD
 Password of [LAYMAN_GS_USER](#LAYMAN_GS_USER).
 
 ### LAYMAN_GS_ROLE
-Name of [GeoServer role](https://docs.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html#edit-role-service) of [LAYMAN_GS_USER](#LAYMAN_GS_USER). The role is used to create explicit [access rule](https://docs.geoserver.org/2.26.x/en/user/security/layer.html) for all layers published by Layman. The LAYMAN_GS_ROLE must be another role than default [`ADMIN`](https://docs.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#mapping-roles-to-system-roles) role (defined by `adminRoleName`)! The role will be created automatically if [GEOSERVER_ADMIN_PASSWORD](#GEOSERVER_ADMIN_PASSWORD) is provided.
+Name of [GeoServer role](https://docs-archive.geoserver.org/2.26.x/en/user/security/webadmin/ugr.html#edit-role-service) of [LAYMAN_GS_USER](#LAYMAN_GS_USER). The role is used to create explicit [access rule](https://docs-archive.geoserver.org/2.26.x/en/user/security/layer.html) for all layers published by Layman. The LAYMAN_GS_ROLE must be another role than default [`ADMIN`](https://docs-archive.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#mapping-roles-to-system-roles) role (defined by `adminRoleName`)! The role will be created automatically if [GEOSERVER_ADMIN_PASSWORD](#GEOSERVER_ADMIN_PASSWORD) is provided.
  
 ### LAYMAN_GS_USER_GROUP_SERVICE
-Name of [user/group service](https://docs.geoserver.org/2.26.x/en/user/security/usergrouprole/usergroupservices.html) used for managing users at GeoServer. If not set (default), the service named `default` is chosen. Usually it's [XML user/group service](https://docs.geoserver.org/2.26.x/en/user/security/usergrouprole/usergroupservices.html#xml-user-group-service).
+Name of [user/group service](https://docs-archive.geoserver.org/2.26.x/en/user/security/usergrouprole/usergroupservices.html) used for managing users at GeoServer. If not set (default), the service named `default` is chosen. Usually it's [XML user/group service](https://docs-archive.geoserver.org/2.26.x/en/user/security/usergrouprole/usergroupservices.html#xml-user-group-service).
 
 ### LAYMAN_GS_AUTHN_HTTP_HEADER_ATTRIBUTE
-Secret value of [GeoServer HTTP authentication request header attribute](https://docs.geoserver.org/2.26.x/en/user/security/tutorials/httpheaderproxy/index.html) used for WFS proxy. Only combination of lowercase characters and numbers must be used for the value. If you change an existing value, you have to change it also in GeoServer GUI manually.
+Secret value of [GeoServer HTTP authentication request header attribute](https://docs-archive.geoserver.org/2.26.x/en/user/security/tutorials/httpheaderproxy/index.html) used for WFS proxy. Only combination of lowercase characters and numbers must be used for the value. If you change an existing value, you have to change it also in GeoServer GUI manually.
 
 ### LAYMAN_GS_NORMALIZED_RASTER_DIRECTORY
 Filesystem directory name where normalized raster files are stored. The directory will be created inside GeoServer data directory.
diff --git a/doc/rest.md b/doc/rest.md
index 5ea842e90..0424096eb 100644
--- a/doc/rest.md
+++ b/doc/rest.md
@@ -198,7 +198,7 @@ Body parameters:
    - by default it is read/guessed from input file
 - *style*, style file
    - by default either default SLD style of GeoServer, or customized SLD created by Layman is used
-     - default customized SLD file is created only for grayscale raster input files with or without alpha band to stabilize contrast in WMS; [ColorMap with type `ramp`](https://docs.geoserver.org/2.26.x/en/user/styling/sld/reference/rastersymbolizer.html#colormap) is used
+     - default customized SLD file is created only for grayscale raster input files with or without alpha band to stabilize contrast in WMS; [ColorMap with type `ramp`](https://docs-archive.geoserver.org/2.26.x/en/user/styling/sld/reference/rastersymbolizer.html#colormap) is used
    - SLD or QML style file (recognized by the root element of XML: `StyledLayerDescriptor` or `qgis`)
      - QML style for raster data file is not supported
      - It's possible to encode also external images in QML styles and use them in the style. To do so, each image needs to be encoded in Base64 encoding inside QML file. You can achieve it by selecting "Embed File" option in QGIS Layer Symbology window, see e.g. QGIS issues [2815](https://github.com/qgis/QGIS-Documentation/issues/2815) or [4563](https://github.com/qgis/QGIS-Documentation/pull/4563).
@@ -452,7 +452,7 @@ PNG image.
 ### URL
 `/rest/layers/<uuid>/style`
 ### GET Layer Style
-Get default style of the layer in XML format. For layers with SLD style, request is redirected to GeoServer [/rest/workspaces/{workspace}/styles/{style}](https://docs.geoserver.org/2.26.x/en/api/#1.0.0/styles.yaml) and response is in version 1.0.0. For layers with QML style, response is created in Layman. Anybody can call GET, nobody can call any other method. 
+Get default style of the layer in XML format. For layers with SLD style, request is redirected to GeoServer [/rest/workspaces/{workspace}/styles/{style}](https://docs-archive.geoserver.org/2.26.x/en/api/1.0.0/styles.yaml) and response is in version 1.0.0. For layers with QML style, response is created in Layman. Anybody can call GET, nobody can call any other method.
 
 #### Request
 No action parameters.
diff --git a/doc/security.md b/doc/security.md
index 883412e78..fb88c47f0 100644
--- a/doc/security.md
+++ b/doc/security.md
@@ -84,7 +84,7 @@ Every user listed in [GRANT_DELETE_OTHER_USER](env-settings.md#grant_delete_othe
 ### Role Service
 Despite of [usernames](models.md#username), [role names](models.md#role) are not controlled by Layman, but by **role service**.
 
-Role service can be any PostgreSQL DB schema containing table (or view, or materialized view) structure described in [GeoServer documentation](https://docs.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#jdbc-role-service). Furthermore, Layman has special requirements to records in the tables. There are two types of records: [admin records](#admin-role-service-records) and [business records](#business-role-service-records). No other records are allowed.
+Role service can be any PostgreSQL DB schema containing table (or view, or materialized view) structure described in [GeoServer documentation](https://docs-archive.geoserver.org/2.26.x/en/user/security/usergrouprole/roleservices.html#jdbc-role-service). Furthermore, Layman has special requirements to records in the tables. There are two types of records: [admin records](#admin-role-service-records) and [business records](#business-role-service-records). No other records are allowed.
 
 Role service is used by both Layman and GeoServer when [access rights](#publication-access-rights) are evaluated.