diff --git a/README b/README
index d315a8e..c92a93b 100644
--- a/README
+++ b/README
@@ -9,7 +9,7 @@ You will need Go 1.13 or later (type `go version`).  Then do:
 On Windows, do
 
     set CGO_ENABLED=0
-    go build -ldflags='-s -w'
+    go build -ldflags="-s -w"
 
 
 ## Set the server administrator credentials
@@ -69,13 +69,14 @@ should also allow UDP traffic to the TURN port, and UDP traffic to
 ephemeral (high-numbered) ports (or whatever is configured using the
 `-udp-range` option).
 
-If your server is behind NAT, then the NAT must forward, at the very
-least, port 8443 to your server.  Ideally, you should configure an
-external TURN server (see *ICE Servers* below) on a host that is not
-behind NAT.  If that is not possible, then you should forward port 1194 in
-addition to port 8443, and you should add the option `-turn 203.0.113.1:1194`
-to Galène's command line, where `203.0.113.1` is your NAT's external
-(global) IPv4 address.
+If your server is behind NAT (which is not recommended), then the NAT must
+forward, at the very least, port 8443 to your server.  Ideally, you should
+configure an external TURN server (see *ICE Servers* below) on a host that
+is not behind NAT.  If that is not possible, then you must use a NAT that
+supports hairpinning, you must forward port 1194 in addition to port 8443,
+and you will need to add add the option `-turn 203.0.113.1:1194` to
+Galène's command line, where `203.0.113.1` is your NAT's external (global)
+IPv4 address.
 
 
 ## Cross-compile for your server
@@ -95,7 +96,7 @@ For a BeagleBone or a Raspberry Pi 2 or later:
 
     CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -ldflags='-s -w'
 
-For a 64-bit ARM board (Olimex Olinuxino-A64, Pine64, etc.):
+For a 64-bit ARM board (Olimex Olinuxino-A64, Pine64, etc.) or server:
 
     CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags='-s -w'
 
@@ -116,7 +117,7 @@ a certificate, install it in the files `data/cert.pem` and `data/key.pem`:
 
     ssh galene@server.example.org
     sudo cp /etc/letsencrypt/live/server.example.org/fullchain.pem data/cert.pem
-    sudo cp /etc/letsencrypt/live/server.example.org/key.pem data/key.pem
+    sudo cp /etc/letsencrypt/live/server.example.org/privkey.pem data/key.pem
     sudo chown galene:galene data/*.pem
     sudo chmod go-rw data/key.pem
     
@@ -332,7 +333,7 @@ If you prefer to use coturn's `use-auth-secret` option, then the
 
     [
         {
-            "Urls": [
+            "urls": [
                 "turn:turn.example.com:443",
                 "turn:turn.example.com:443?transport=tcp"
             ],