Apply suggestions from code review

Co-authored-by: Dmitri Popov <[email protected]>

src/bci_build/package/stunnel/README.md.j2

@@ -5,18 +5,18 @@
 
 ## Description
 
-Stunnel is an open-source multi-platform application used to provide a universal
+Stunnel is an open-source multi-platform application that provides a universal
 TLS/SSL tunneling service.
 
 
-## How to use this Image
+## How to use this image
 
-The Stunnel Container Image launches `stunnel` by default using a minimal
-configuration file that only sets:
+By default, the Stunnel container image launches `stunnel` using a minimal
+configuration file that specifies the following:
 - run in foreground
 - load further configuration files from `/etc/stunnel/conf.d`
 
-Custom configuration files should be placed into the directory
+Custom configuration files must be placed into the directory
 `/etc/stunnel/conf.d`.
 
 The container entry point configures TLS/SSL automatically by setting the key
@@ -25,25 +25,25 @@ and certificate to the values of the environment variables `STUNNEL_KEY` and
 entrypoint defaults to `/etc/stunnel/stunnel.key` for `STUNNEL_KEY` and
 `/etc/stunnel/stunnel.pem` for `STUNNEL_CERT`.
 
-The entrypoint can setup a single service via environment variables so that the
+The entrypoint can set up a single service via environment variables, so that the
 user doesn't have to write and mount their own configuration file. This can be
-setup via the environment variables `STUNNEL_SERVICE_NAME`, `STUNNEL_ACCEPT` and
+specified via the environment variables `STUNNEL_SERVICE_NAME`, `STUNNEL_ACCEPT` and
 `STUNNEL_CONNECT`:
 
 - `STUNNEL_SERVICE_NAME`: name or otherwise unique identifier of the service
   (used for documentation purpose only)
 
-- `STUNNEL_ACCEPT`: address on which new connections should be accepted, can be
-  either a hostname + port number or just a port number (then localhost is
-  assumed as the host)
+- `STUNNEL_ACCEPT`: address on which new connections should be accepted. It can be
+  either a hostname and a port number or just a port number (in which case, localhost is
+  assumed to be the host)
 
-- `STUNNEL_CONNECT`: address on which the un-encrypted service is listening and
-  to which stunnel connects, can be either a hostname + port number or just a
-  port number (then localhost is assumed as the host)
+- `STUNNEL_CONNECT`: address on which the unencrypted service is listening and
+  to which stunnel connects. It can be either a hostname and port number or just a
+  port number (in which case, localhost is assumed to be the host)
 
 
-For example to create an SSL endpoint for a webserver listening on port `8000`
-on localhost, execute:
+For example, to create an SSL endpoint for a webserver listening on port `8000`
+on localhost, run the following command:
 
 ```bash
 podman run --rm -d \
@@ -59,13 +59,11 @@ podman run --rm -d \
 
 ### Pitfalls
 
-The Stunnel Container Image is configured to launch `stunnel` as the `stunnel`
-user. Files mounted into a running container however belong to the `root` user
-by default. Set the file permissions of mounted files accordingly, so that
+The Stunnel container image is configured to launch `stunnel` as the `stunnel`
+user. But by default, files mounted into a running container belong to the `root` user. Set the file permissions of mounted files accordingly, so that
 non-owners and non-group members can read them.
 
-Stunnel's `inetd` mode is not supported in this Container Image, as it is very
-minimal and does not ship a package manager to install any relevant services.
+Stunnel's `inetd` mode is not supported in the container image, and it does not ship a package manager for installing any services.
 
 
 {% include 'licensing_and_eula.j2' %}