diff --git a/README.md b/README.md
index 2365c79..5171b6d 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
 
 * Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e").
 
-        for example - docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged -e DEBUG=1 kylemanna/openvpn
+        docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged -e DEBUG=1 kylemanna/openvpn
 
 ## How Does It Work?
 
@@ -109,13 +109,13 @@ packets, etc).
   simplicity.  It's highly recommended to secure the CA key with some
   passphrase to protect against a filesystem compromise.  A more secure system
   would put the EasyRSA PKI CA on an offline system (can use the same Docker
-  image and the script [`ovpn_copy_server_files`](/docs/clients.md) to accomplish this).
+  image and the script [`ovpn_copy_server_files`](/docs/paranoid.md) to accomplish this).
 * It would be impossible for an adversary to sign bad or forged certificates
   without first cracking the key's passphase should the adversary have root
   access to the filesystem.
 * The EasyRSA `build-client-full` command will generate and leave keys on the
   server, again possible to compromise and steal the keys.  The keys generated
-  need to signed by the CA which the user hopefully configured with a passphrase
+  need to be signed by the CA which the user hopefully configured with a passphrase
   as described above.
 * Assuming the rest of the Docker container's filesystem is secure, TLS + PKI
   security should prevent any malicious host from using the VPN.
diff --git a/docs/backup.md b/docs/backup.md
index 6d9418c..e7729c8 100644
--- a/docs/backup.md
+++ b/docs/backup.md
@@ -2,9 +2,9 @@
 
 ## Security
 
-The resulting archive from this back-up contains all credential to impersonate the server at a minimum.  If the client's private keys are generated using the EasyRSA utility then it also contains the client certificates that could be used to impersonate said clients.  Most importantly, if the certificate authority key is in this archive (as it is given the quick start directions), then a adversary could generate certificates at will.
+The resulting archive from this backup contains all credential to impersonate the server at a minimum.  If the client's private keys are generated using the EasyRSA utility then it also contains the client certificates that could be used to impersonate said clients.  Most importantly, if the certificate authority key is in this archive (as it is given the quick start directions), then a adversary could generate certificates at will.
 
-I'd recommend encrypting the archive with something strong (e.g. gpg or openssl + AES).  For the paranoid keep backup offline.  For the truly paranoid users, never keep any keys (i.e. client and certificate authority) in the docker container to begin with :).
+I'd recommend encrypting the archive with something strong (e.g. gpg or openssl + AES).  For the paranoid keep backup offline.  For the [truly paranoid users](/docs/paranoid.md), never keep any keys (i.e. client and certificate authority) in the docker container to begin with :).
 
 
 **TL;DR Protect the resulting archive file.  Ensure there is very limited access to it.**
diff --git a/docs/clients.md b/docs/clients.md
index e5538f3..228916e 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -15,12 +15,11 @@ If you have more than a few clients, you will want to generate and update your c
 
 Execute the following to generate the configuration for all clients:
 
-    docker run --rm -it -v /tmp/openvpn:/etc/openvpn kylemanna/openvpn ovpn_getclient_all
+    docker run --rm -it --volumes-from $OVPN_DATA --volume /tmp/openvpn_clients:/etc/openvpn/clients kylemanna/openvpn ovpn_getclient_all
 
 After doing so, you will find the following files in each of the `$cn` directories:
 
     ca.crt
-    dh.pem
     $cn-combined.ovpn # Combined configuration file format. If your client recognices this file then only this file is needed.
     $cn.ovpn          # Separated configuration. This configuration file requires the other files ca.crt dh.pem $cn.crt $cn.key ta.key
     $cn.crt
@@ -34,4 +33,4 @@ Revoke `client1`'s certificate and generate the certificate revocation list (CRL
     docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa revoke client1
     docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn easyrsa gen-crl
 
-The OpenVPN server will read this change everytime a client connects (no need to restart server) and deny clients access using revoked certificates.
+The OpenVPN server will read this change every time a client connects (no need to restart server) and deny clients access using revoked certificates.
diff --git a/docs/docker.md b/docs/docker.md
index a969e44..b7bede5 100644
--- a/docs/docker.md
+++ b/docs/docker.md
@@ -11,7 +11,7 @@ It is recommended to use platforms that support systemd as future versions of th
 
 ### Step 1 — Set Up Docker
 
-Docker is moving fast and Debian / Ubuntu's long term support (LTS) policy doesn't keep up. To work around this we'll install a PPA that will get us the latest version of Docker.
+Docker is moving fast and Debian / Ubuntu's long term support (LTS) policy doesn't keep up. To work around this we'll install a PPA that will get us the latest version of Docker. For Debian Jessie users, just install docker.io from jessie-backports.
 
 Ensure dependencies are installed:
 
diff --git a/docs/paranoid.md b/docs/paranoid.md
index dcab29d..14b144c 100644
--- a/docs/paranoid.md
+++ b/docs/paranoid.md
@@ -3,7 +3,7 @@
 ## Keep the CA root key save
 As mentioned in the [backup section](/docs/backup.md), there are good reasons to not generate the CA and/or leave it on the server. This document describes how you can generate the CA and all your certificates on a secure machine and then copy only the needed files (which never includes the CA root key obviously ;) ) to the server(s) and clients.
 
-Execute the following commands. Note that you might want to change the volume `/tmp/openvpn` to persistent storage or use a data docker container for this.
+Execute the following commands. Note that you might want to change the volume `$PWD` or use a data docker container for this.
 
     docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
     docker run --rm -t -i -v $PWD:/etc/openvpn kylemanna/openvpn ovpn_initpki
diff --git a/docs/static-ips.md b/docs/static-ips.md
index 38fcbc2..f96dd54 100644
--- a/docs/static-ips.md
+++ b/docs/static-ips.md
@@ -1,6 +1,6 @@
 # Static IP Addresses
 
-The docker image is setup for static client configuration on the 192.168.254.0/24 subnet.  To use it follow the Quick Start section below.  Note that the IP addresses octects need to be picked special, see [OpenVPN Documentation](https://openvpn.net/index.php/open-source/documentation/howto.html#policy) for more details.
+The docker image is setup for static client configuration on the 192.168.254.0/24 subnet.  To use it follow the Quick Start section below.  Note that the IP addresses octets need to be picked special, see [OpenVPN Documentation](https://openvpn.net/index.php/open-source/documentation/howto.html#policy) for more details.
 
 ## Quick Start