docs(config): add admonitions for more details

Author: alukach

docs/user-guide/configuration.md

@@ -52,6 +52,10 @@ The application is configurable via environment variables.
     - **Required:** No, defaults to `true`
     - **Example:** `false`, `1`, `True`
 
+    > [!TIP]
+    > **Default behavior (`true`):** The proxy overrides the [`Host` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Host) in incoming requests to match the upstream STAC API's origin. This ensures the upstream API constructs `link` elements correctly based on the [`Forwarded` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Forwarded).
+    >
+    > **When to disable (`false`):** Set to `false` if your upstream STAC API doesn't make use of proxy headers. In this case, the original `Host` header is preserved, allowing the upstream API to generate `link` elements based on the proxy's URL instead.
 
 ### `ROOT_PATH`
 
@@ -90,6 +94,9 @@ The application is configurable via environment variables.
     - **Required:** No
     - **Example:** `https://auth.example.audience.1.net,https://auth.example.audience.2.net`
 
+    > [!NOTE]
+    > A comma-separated list of the intended recipient(s) of the JWT. At least one audience value must match the `aud` (audience) claim present in the incoming JWT. If unset, the API will not impose a check on the `aud` claim
+
 ### `DEFAULT_PUBLIC`
 
 : Default access policy for endpoints