From 72b5af2260a5512f754ff28bccb3dc4bf51241b0 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulip.com>
Date: Wed, 9 Nov 2022 17:05:15 -0800
Subject: [PATCH] docs: Clarify the http_only parameter.

Previously, the http_only parameter could have been misread as
allowing clients to connect to a Zulip server over HTTP directly.

Fixes #23506.
---
 docs/production/deployment.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/docs/production/deployment.md b/docs/production/deployment.md
index 2585865020..fad5550534 100644
--- a/docs/production/deployment.md
+++ b/docs/production/deployment.md
@@ -302,13 +302,15 @@ public Internet.
 
 #### Configuring Zulip to allow HTTP
 
-Depending on your environment, you may want the reverse proxy to talk
-to the Zulip server over HTTP; this can be secure when the Zulip
-server is not directly exposed to the public Internet.
+Zulip requires clients to connect to Zulip servers over the secure
+HTTPS protocol; the insecure HTTP protocol is not supported. However,
+we do support using a reverse proxy that speaks HTTPS to clients and
+connects to the Zulip server over HTTP; this can be secure when the
+Zulip server is not directly exposed to the public Internet.
 
-After installing the Zulip server as
-[described above](#installer-options), you can configure Zulip to talk
-HTTP as follows:
+After installing the Zulip server as [described
+above](#installer-options), you can configure Zulip to accept HTTP
+requests from a reverse proxy as follows:
 
 1. Add the following block to `/etc/zulip/zulip.conf`: