Add TLS proxy walk-through to the quick start

doc/quick-start-guide.md

@@ -123,6 +123,24 @@ You can also look at the logs for multiple services at once:
 $ bin/logs -f filestore docstore web clsi
 ```
 
+## TLS Proxy
+
+The Overleaf Toolkit includes optional configuration to run an NGINX proxy, which presents Server Pro over HTTPS. Initial configuration can be generated by running
+```
+bin/init --tls
+```
+This creates minimal NGINX config in `config/nginx/nginx.conf` and a sample TLS certificate and private key in `config/nginx/certs/overleaf_certificate.pem` and `config/nginx/certs/overleaf_key.pem` respectively. If you already have a signed TLS certificate for use with Server Pro, replace the sample key and certificate with your key and certificate.
+
+To create your own TLS certificate, you will need to generate a Certificate Signing Request (CSR) e.g.:
+```
+ openssl req -new\
+ -subj "/C=GB/ST=Wessex/L=Christminster/O=University of Christminster/OU=Bodmin College/CN=overleaf.bodmin.cm.ac.uk"\ 
+ -addext "subjectAltName = DNS:latex.bodmin.cm.ac.uk"\ 
+ -key config/nginx/certs/overleaf_key.pem -out config/nginx/certs/overleaf-bodmin.csr -nodes
+ ```
+ Change the `subj` value to suit your organisation. The optional `addext` option can be used to add additional domain names to your certificate. Send the `config/nginx/certs/overleaf-bodmin.csr` CSR file to your Certificate Authority (CA) for signing in the usual way. Replace the sample `config/nginx/certs/overleaf_certificate.pem` certificate with the signed certificate that your CA returns to you.
+
+ Further information about the TLS proxy can be found in the [docs](tls-proxy.md).
 
 
 ## Consulting the Doctor