9 files changed, 30 insertions, 41 deletions

diff --git a/website/BUILD b/website/BUILD
index d6afd5f44..c97b2560b 100644
--- a/website/BUILD
+++ b/website/BUILD
@@ -138,7 +138,6 @@ docs(
         "//g3doc:community",
         "//g3doc:index",
         "//g3doc:roadmap",
-        "//g3doc/architecture_guide:index",
         "//g3doc/architecture_guide:performance",
         "//g3doc/architecture_guide:platforms",
         "//g3doc/architecture_guide:resources",
diff --git a/website/_includes/footer.html b/website/_includes/footer.html
index 5d9267f35..9cc8176f7 100644
--- a/website/_includes/footer.html
+++ b/website/_includes/footer.html
@@ -2,9 +2,9 @@
   {% include footer-links.html %}
 </footer>
 
+<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.1/js/all.min.js" integrity="sha256-Z1Nvg/+y2+vRFhFgFij7Lv0r77yG3hOvWz2wI0SfTa0=" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha256-U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/d3/4.13.0/d3.min.js" integrity="sha256-hYXbQJK4qdJiAeDVjjQ9G0D6A0xLnDQ4eJI9dkm7Fpk=" crossorigin="anonymous"></script>
 
 {% if site.analytics %}
diff --git a/website/_layouts/docs.html b/website/_layouts/docs.html
index e11492915..549305089 100644
--- a/website/_layouts/docs.html
+++ b/website/_layouts/docs.html
@@ -47,11 +47,13 @@ categories:
       <h1>{{ page.title }}</h1>
       {% if page.editpath %}
         <p>
-        <a href="https://github.com/google/gvisor/edit/master/content/{{page.editpath}}" target="_blank"><i class="fa fa-edit fa-fw"></i> Edit this page</a>
+        <a href="https://github.com/google/gvisor/edit/master/{{page.editpath}}" target="_blank"><i class="fa fa-edit fa-fw"></i> Edit this page</a>
         <a href="https://github.com/google/gvisor/issues/new?title={{page.title | url_encode}}" target="_blank"><i class="fab fa-github fa-fw"></i> Create issue</a>
         </p>
       {% endif %}
+      <div class="docs-content">
       {{ content }}
+      </div>
     </div>
   </div>
 </div>
diff --git a/website/_sass/front.scss b/website/_sass/front.scss
index 44a7e3473..0e4208f3c 100644
--- a/website/_sass/front.scss
+++ b/website/_sass/front.scss
@@ -4,12 +4,14 @@
   background-repeat: no-repeat;
   background-size: cover;
   background-blend-mode: darken;
-  background-color: rgba(0, 0, 0, 0.1);
+  background-color: rgba(0, 0, 0, 0.3);
 
   p {
     color: #fff;
     margin-top: 0;
     margin-bottom: 0;
     font-weight: 300;
+    font-size: 24px;
+    line-height: 30px;
   }
 }
diff --git a/website/_sass/style.scss b/website/_sass/style.scss
index 520ea469a..4deb945d4 100644
--- a/website/_sass/style.scss
+++ b/website/_sass/style.scss
@@ -142,3 +142,13 @@ table th {
   margin-top: 10px;
   margin-bottom: 20px;
 }
+
+.docs-content * img {
+  display: block;
+  margin: 20px auto;
+}
+
+.blog-content * img {
+  display: block;
+  margin: 20px auto;
+}
diff --git a/website/blog/2019-11-18-security-basics.md b/website/blog/2019-11-18-security-basics.md
index ed6d97ffe..fbdd511dd 100644
--- a/website/blog/2019-11-18-security-basics.md
+++ b/website/blog/2019-11-18-security-basics.md
@@ -56,15 +56,9 @@ in combination: redundant walls, scattered draw bridges, small bottle-neck
 entrances, moats, etc.
 
 A simplified version of the design is below
-([more detailed version](/docs/architecture_guide/))[^2]:
+([more detailed version](/docs/))[^2]:
 
---------------------------------------------------------------------------------
-
-![Figure 1](/assets/images/2019-11-18-security-basics-figure1.png)
-
-Figure 1: Simplified design of gVisor.
-
---------------------------------------------------------------------------------
+![Figure 1](/assets/images/2019-11-18-security-basics-figure1.png "Simplified design of gVisor.")
 
 In order to discuss design principles, the following components are important to
 know:
@@ -134,13 +128,7 @@ minimum level of permission is required for it to perform its function.
 Specifically, the closer you are to the untrusted application, the less
 privilege you have.
 
---------------------------------------------------------------------------------
-
-![Figure 2](/assets/images/2019-11-18-security-basics-figure2.png)
-
-Figure 2: runsc components and their privileges.
-
---------------------------------------------------------------------------------
+![Figure 2](/assets/images/2019-11-18-security-basics-figure2.png "runsc components and their privileges.")
 
 This is evident in how runsc (the drop in gVisor binary for Docker/Kubernetes)
 constructs the sandbox. The Sentry has the least privilege possible (it can't
@@ -222,15 +210,7 @@ the host Linux syscalls. In other words, with gVisor, applications get the vast
 majority (and growing) functionality of Linux containers for only 68 possible
 syscalls to the Host OS. 350 syscalls to 68 is attack surface reduction.
 
---------------------------------------------------------------------------------
-
-![Figure 3](/assets/images/2019-11-18-security-basics-figure3.png)
-
-Figure 3: Reduction of Attack Surface of the Syscall Table. Note that the
-Senty's Syscall Emulation Layer keeps the Containerized Process from ever
-calling the Host OS.
-
---------------------------------------------------------------------------------
+![Figure 3](/assets/images/2019-11-18-security-basics-figure3.png "Reduction of Attack Surface of the Syscall Table. Note that the Senty's Syscall Emulation Layer keeps the Containerized Process from ever calling the Host OS.")
 
 ## Secure-by-default
 
diff --git a/website/blog/2020-04-02-networking-security.md b/website/blog/2020-04-02-networking-security.md
index 78f0a6714..5a5e38fd7 100644
--- a/website/blog/2020-04-02-networking-security.md
+++ b/website/blog/2020-04-02-networking-security.md
@@ -69,13 +69,7 @@ a similar syscall). Moreover, because packets typically come from off-host (e.g.
 the internet), the Host OS's packet processing code has received a lot of
 scrutiny, hopefully resulting in a high degree of hardening.
 
---------------------------------------------------------------------------------
-
-![Figure 1](/assets/images/2020-04-02-networking-security-figure1.png)
-
-Figure 1: Netstack and gVisor
-
---------------------------------------------------------------------------------
+![Figure 1](/assets/images/2020-04-02-networking-security-figure1.png "Network and gVisor.")
 
 ## Writing a network stack
 
diff --git a/website/cmd/syscalldocs/main.go b/website/cmd/syscalldocs/main.go
index 62d293a05..327537214 100644
--- a/website/cmd/syscalldocs/main.go
+++ b/website/cmd/syscalldocs/main.go
@@ -46,7 +46,7 @@ type SyscallDoc struct {
 }
 
 var mdTemplate = template.Must(template.New("out").Parse(`---
-title: {{.OS}}/{{.Arch}}
+title: {{.Title}}
 description: Syscall Compatibility Reference Documentation for {{.OS}}/{{.Arch}}
 layout: docs
 category: Compatibility
@@ -134,6 +134,7 @@ func main() {
 
 			weight += 10
 			data := struct {
+				Title        string
 				OS           string
 				Arch         string
 				Weight       int
@@ -149,7 +150,8 @@ func main() {
 					URLs    []string
 				}
 			}{
-				OS:           strings.Title(osName),
+				Title:        strings.Title(osName) + "/" + archName,
+				OS:           osName,
 				Arch:         archName,
 				Weight:       weight,
 				Total:        0,
diff --git a/website/index.md b/website/index.md
index 34d3ee23d..84f877d49 100644
--- a/website/index.md
+++ b/website/index.md
@@ -3,10 +3,10 @@
     <div class="row">
       <div class="col-md-3"></div>
       <div class="col-md-6">
-        <p>gVisor is an <b>application kernel</b> and <b>container runtime</b> providing defense-in-depth for containers <em>anywhere</em>.</p>
+        <p>gVisor is an <b>application kernel</b> for <b>containers</b> that provides efficient defense-in-depth anywhere.</p>
         <p style="margin-top: 20px;">
+          <a class="btn" href="/docs/user_guide/quick_start/docker/">Quick start&nbsp;<i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
           <a class="btn" href="/docs/">Learn More&nbsp;<i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
-          <a class="btn btn-inverse" href="https://github.com/google/gvisor">GitHub&nbsp;<i class="fab fa-github ml-2"></i></a>
         </p>
       </div>
       <div class="col-md-3"></div>
@@ -19,8 +19,8 @@
 <div class="row">
   <div class="col-md-4">
     <h4 id="seamless-security">Container-native Security <i class="fas fa-lock"></i></h4>
-    <p>By providing each container with its own userspace kernel, gVisor limits
-    the attack surface of the host. This protection does not limit
+    <p>By providing each container with its own application kernel, gVisor
+    limits the attack surface of the host. This protection does not limit
     functionality: gVisor runs unmodified binaries and integrates with container
     orchestration systems, such as Docker and Kubernetes, and supports features
     such as volumes and sidecars.</p>