From 279a1f2ab281f3437a25c1ed4558ae72074212f3 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Fri, 5 Sep 2025 15:19:10 +0200
Subject: [PATCH 01/33] Update docker-compose.all-in-one.yml (#1181)

---
 dockerfiles/docker-compose.all-in-one.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index 5266de441..4d5405d6a 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -1,5 +1,3 @@
-version: "3"
-
 services:
   aliasvault:
     image: ghcr.io/aliasvault/aliasvault:latest

From 21e0ad501763a19e1edabd12d85fb3f6c2dc2fcc Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Fri, 5 Sep 2025 16:35:02 +0200
Subject: [PATCH 02/33] Update all-in-one image to run in HTTP 80 mode (#1181)

---
 dockerfiles/all-in-one/Dockerfile             |  14 +--
 dockerfiles/all-in-one/README.md              |   2 -
 dockerfiles/all-in-one/config/nginx.conf      | 112 ++++++++++++++++++
 dockerfiles/all-in-one/s6-scripts/init/script |  31 -----
 dockerfiles/all-in-one/s6-scripts/nginx/run   |  18 +--
 dockerfiles/docker-compose.all-in-one.yml     |   2 -
 6 files changed, 117 insertions(+), 62 deletions(-)
 create mode 100644 dockerfiles/all-in-one/config/nginx.conf

diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index fd5b28cca..473f394b2 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -109,11 +109,8 @@ RUN apt-get update && \
         /app/taskrunner \
         /app/installcli \
         /database \
-        /certificates/ssl \
         /logs/postgres \
-        /etc/nginx/ssl \
         /var/run/postgresql \
-        /var/www/certbot \
         /etc/s6-overlay/s6-rc.d/user/contents.d
 
 # Copy built applications and all configuration files from builder stage
@@ -122,7 +119,7 @@ COPY --from=dotnet-builder /app /app
 # Copy configuration files and scripts directly to their destinations
 COPY dockerfiles/all-in-one/reset-admin-password.sh /usr/local/bin/reset-admin-password.sh
 COPY apps/server/AliasVault.Client/nginx.conf /app/client/nginx.conf
-COPY apps/server/nginx.conf /etc/nginx/nginx.conf
+COPY dockerfiles/all-in-one/config/nginx.conf /etc/nginx/nginx.conf
 COPY apps/server/status.html /usr/share/nginx/html/status.html
 COPY dockerfiles/all-in-one/s6-scripts /etc/s6-overlay/s6-rc.d/
 
@@ -131,9 +128,6 @@ RUN cp -r /app/installcli /usr/local/bin/aliasvault-cli && \
     chmod +x /usr/local/bin/aliasvault-cli/AliasVault.InstallCli \
              /usr/local/bin/reset-admin-password.sh && \
     ln -s /usr/local/bin/aliasvault-cli/AliasVault.InstallCli /usr/local/bin/aliasvault-cli.sh && \
-    sed -i 's/server client:3000/server localhost:3000/g; \
-            s/server api:3001/server localhost:3001/g; \
-            s/server admin:3002/server localhost:3002/g' /etc/nginx/nginx.conf && \
     find /etc/s6-overlay/s6-rc.d -type f \( -name "run" -o -name "up" -o -name "script" \) -exec chmod +x {} \; && \
     cd /etc/s6-overlay/s6-rc.d/user/contents.d && \
     touch init postgres api client admin smtp taskrunner nginx notification && \
@@ -153,8 +147,8 @@ ENV ALIASVAULT_VERBOSITY=0 \
     S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
     S6_VERBOSITY=0
 
-EXPOSE 80 443 25 587
-VOLUME ["/database", "/certificates", "/logs", "/secrets"]
+EXPOSE 80 25 587
+VOLUME ["/database", "/logs", "/secrets"]
 HEALTHCHECK --interval=30s --timeout=10s --start-period=90s --retries=3 \
-    CMD curl -f -k https://localhost/api || exit 1
+    CMD curl -f http://localhost/api || exit 1
 ENTRYPOINT ["/init"]
\ No newline at end of file
diff --git a/dockerfiles/all-in-one/README.md b/dockerfiles/all-in-one/README.md
index a22b570d0..778bf858e 100644
--- a/dockerfiles/all-in-one/README.md
+++ b/dockerfiles/all-in-one/README.md
@@ -18,9 +18,7 @@ docker build -f dockerfiles/all-in-one/Dockerfile -t aliasvault-allinone:local .
 docker run -d \
   --name aliasvault \
   -p 80:80 \
-  -p 443:443 \
   -v ./database:/database \
-  -v ./certificates:/certificates \
   -v ./logs:/logs \
   -v ./secrets:/secrets \
   aliasvault-allinone:local
diff --git a/dockerfiles/all-in-one/config/nginx.conf b/dockerfiles/all-in-one/config/nginx.conf
new file mode 100644
index 000000000..e469e51b3
--- /dev/null
+++ b/dockerfiles/all-in-one/config/nginx.conf
@@ -0,0 +1,112 @@
+# This is the main Nginx configuration file for the AliasVault all-in-one container.
+# which exposes all AliasVault services via a single port 80.
+events {
+    worker_connections 1024;
+}
+
+http {
+    client_max_body_size 25M;
+
+    upstream client {
+        server localhost:3000 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream api {
+        server localhost:3001 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream admin {
+        server localhost:3002 max_fails=1 fail_timeout=5s;
+    }
+
+    # Preserve any existing X-Forwarded-* headers, this is relevant if AliasVault
+    # is running behind another reverse proxy.
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Enable gzip compression, which reduces the amount of data that needs to be transferred
+    # to speed up WASM load times.
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    server {
+        listen 80;
+        server_name _;
+
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
+        # Root for static files
+        root /usr/share/nginx/html;
+
+        # Error page handler location (internal use only)
+        location = /status.html {
+            internal;
+            try_files /status.html =404;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+            add_header Pragma "no-cache";
+            add_header Expires "0";
+        }
+
+        # Admin interface
+        location /admin {
+            proxy_pass http://admin;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Prefix /admin/;
+
+            # Add WebSocket support for Blazor server
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 86400;
+
+            # Show status page if admin is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # API endpoints
+        location /api {
+            proxy_pass http://api;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if api is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # Client app (root path)
+        location / {
+            proxy_pass http://client;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if client is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+    }
+}
\ No newline at end of file
diff --git a/dockerfiles/all-in-one/s6-scripts/init/script b/dockerfiles/all-in-one/s6-scripts/init/script
index f4204bfac..3160295c1 100644
--- a/dockerfiles/all-in-one/s6-scripts/init/script
+++ b/dockerfiles/all-in-one/s6-scripts/init/script
@@ -154,37 +154,6 @@ else
     chmod 700 /database/postgres
 fi
 
-# Future: Database migrations could go here
-# log 1 "[init] Checking for database migrations..."
-# if [ -f /app/migrations/pending ]; then
-#     log 1 "[init] → Running database migrations..."
-#     # Run migration logic here
-# fi
-
-# Generate SSL certificates if needed
-if [ ! -f /certificates/ssl/cert.pem ] || [ ! -f /certificates/ssl/key.pem ]; then
-    log 0 ""
-    log 0 "[init] Generating SSL certificates..."
-    mkdir -p /certificates/ssl
-    if [ "$VERBOSITY" -ge 2 ]; then
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-            -keyout /certificates/ssl/key.pem \
-            -out /certificates/ssl/cert.pem \
-            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}"
-    else
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-            -keyout /certificates/ssl/key.pem \
-            -out /certificates/ssl/cert.pem \
-            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}" \
-            >/dev/null 2>&1
-    fi
-    chmod 600 /certificates/ssl/key.pem
-    chmod 644 /certificates/ssl/cert.pem
-    log 0 "[init] Self-signed SSL certificates generated"
-else
-    log 0 "[init] ✅ Self-signed SSL certificates already exist"
-fi
-
 echo ""
 echo "[init] Waiting for all services to be ready... this can take a short while..."
 echo ""
diff --git a/dockerfiles/all-in-one/s6-scripts/nginx/run b/dockerfiles/all-in-one/s6-scripts/nginx/run
index 761d645d2..5198bb4f7 100644
--- a/dockerfiles/all-in-one/s6-scripts/nginx/run
+++ b/dockerfiles/all-in-one/s6-scripts/nginx/run
@@ -3,23 +3,7 @@
 # Get verbosity level (0=minimal, 1=normal, 2=verbose)
 VERBOSITY="${ALIASVAULT_VERBOSITY:-0}"
 
-# Copy certificates to nginx directory (they were created during init)
-mkdir -p /etc/nginx/ssl
-cp /certificates/ssl/* /etc/nginx/ssl/ 2>/dev/null || true
-
-# Create SSL configuration file
-cat > /etc/nginx/ssl.conf << "SSLEOF"
-ssl_certificate /etc/nginx/ssl/cert.pem;
-ssl_certificate_key /etc/nginx/ssl/key.pem;
-ssl_session_timeout 1d;
-ssl_session_cache shared:MozTLS:10m;
-ssl_session_tickets off;
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
-ssl_prefer_server_ciphers off;
-SSLEOF
-
-echo "Starting Nginx reverse proxy..."
+echo "Starting Nginx reverse proxy (HTTP-only mode)..."
 
 # Set nginx error log level based on verbosity
 if [ "$VERBOSITY" -ge 2 ]; then
diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index 4d5405d6a..dacda95c9 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -6,13 +6,11 @@ services:
 
     ports:
       - "80:80"
-      - "443:443"
       - "25:25"
       - "587:587"
 
     volumes:
       - ./database:/database
-      - ./certificates:/certificates
       - ./logs:/logs
       - ./secrets:/secrets
 

From d629ffb6e54d9f2bbd598ea77b5823ea63cbc33e Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Fri, 5 Sep 2025 17:49:37 +0200
Subject: [PATCH 03/33] Update all-in-one build to prevent lock contention
 (#1181)

---
 dockerfiles/all-in-one/Dockerfile | 43 +++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index 473f394b2..ff6845906 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -18,24 +18,39 @@ COPY shared/ ./shared/
 
 # Install required .NET workloads and restore packages once for the entire solution
 WORKDIR /src/apps/server
+
+# Install workloads and restore packages once for the entire solution
 RUN dotnet workload install wasm-tools && \
     dotnet restore aliasvault.sln
 
-# Build all applications
+# Build each application in separate layers to avoid lock contention
+
+# Build API
 RUN dotnet publish AliasVault.Api/AliasVault.Api.csproj \
-        -c Release -o /app/api --no-restore && \
-    dotnet publish AliasVault.Client/AliasVault.Client.csproj \
-        -c Release -o /app/client --no-restore && \
-    dotnet publish AliasVault.Admin/AliasVault.Admin.csproj \
-        -c Release -o /app/admin --no-restore && \
-    dotnet publish Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj \
-        -c Release -o /app/smtp --no-restore && \
-    dotnet publish Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj \
-        -c Release -o /app/taskrunner --no-restore && \
-    dotnet publish Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj \
-        -c Release -o /app/installcli --no-restore && \
-    # Clean up .NET debug files and unnecessary files
-    find /app -name "*.pdb" -delete && \
+        -c Release -o /app/api --no-restore
+
+# Build Client (contains WASM which can be slow)
+RUN dotnet publish AliasVault.Client/AliasVault.Client.csproj \
+        -c Release -o /app/client --no-restore
+
+# Build Admin
+RUN dotnet publish AliasVault.Admin/AliasVault.Admin.csproj \
+        -c Release -o /app/admin --no-restore
+
+# Build SMTP Service
+RUN dotnet publish Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj \
+        -c Release -o /app/smtp --no-restore
+
+# Build Task Runner
+RUN dotnet publish Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj \
+        -c Release -o /app/taskrunner --no-restore
+
+# Build Install CLI
+RUN dotnet publish Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj \
+        -c Release -o /app/installcli --no-restore
+
+# Clean up .NET debug files and unnecessary files
+RUN find /app -name "*.pdb" -delete && \
     find /app -name "*.xml" -not -name "*.deps.json" -delete && \
     find /app -name "*.Development.json" -delete && \
     find /app -name "web.config" -delete

From 8655f15731e52f626dda82117296f5751600a523 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Fri, 5 Sep 2025 18:37:46 +0200
Subject: [PATCH 04/33] Support both HTTP and HTTPS in all in one docker image
 (#1181)

---
 .../Main/Layout/Footer.razor                  |   53 +-
 .../Resources/Layout/Footer.en.resx           |    8 +
 .../wwwroot/css/tailwind.css                  | 3665 ++++++++++++++++-
 dockerfiles/all-in-one/Dockerfile             |    2 +-
 dockerfiles/all-in-one/config/nginx.conf      |   75 +
 dockerfiles/all-in-one/s6-scripts/init/script |   25 +
 dockerfiles/all-in-one/s6-scripts/nginx/run   |   18 +-
 7 files changed, 3841 insertions(+), 5 deletions(-)

diff --git a/apps/server/AliasVault.Client/Main/Layout/Footer.razor b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
index d9f925eb4..a26688ffc 100644
--- a/apps/server/AliasVault.Client/Main/Layout/Footer.razor
+++ b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
@@ -4,11 +4,35 @@
 @using Microsoft.Extensions.Localization
 @implements IDisposable
 
-<footer class="relative -z-10 lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "")">
+@if (_isHttpWarning)
+{
+    <div class="fixed bottom-0 left-0 right-0 z-50 bg-orange-500 text-white px-4 py-3">
+        <div class="container mx-auto">
+            <div class="flex items-center justify-between">
+                <div class="flex items-center space-x-3">
+                    <svg class="w-5 h-5 text-white" fill="currentColor" viewBox="0 0 20 20">
+                        <path fill-rule="evenodd" d="M8.257 3.099c.765-1.36 2.722-1.36 3.486 0l5.58 9.92c.75 1.334-.213 2.98-1.742 2.98H4.42c-1.53 0-2.493-1.646-1.743-2.98l5.58-9.92zM11 13a1 1 0 11-2 0 1 1 0 012 0zm-1-8a1 1 0 00-1 1v3a1 1 0 002 0V6a1 1 0 00-1-1z" clip-rule="evenodd"></path>
+                    </svg>
+                    <div>
+                        <p class="font-medium">@Localizer["HttpsWarningTitle"]</p>
+                        <p class="text-sm">@Localizer["HttpsWarningMessage"]</p>
+                    </div>
+                </div>
+                <button @onclick="DismissHttpWarning" class="text-white hover:text-gray-200 ml-4">
+                    <svg class="w-5 h-5" fill="currentColor" viewBox="0 0 20 20">
+                        <path fill-rule="evenodd" d="M4.293 4.293a1 1 0 011.414 0L10 8.586l4.293-4.293a1 1 0 111.414 1.414L11.414 10l4.293 4.293a1 1 0 01-1.414 1.414L10 11.414l-4.293 4.293a1 1 0 01-1.414-1.414L8.586 10 4.293 5.707a1 1 0 010-1.414z" clip-rule="evenodd"></path>
+                    </svg>
+                </button>
+            </div>
+        </div>
+    </div>
+}
+
+<footer class="relative -z-10 lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "") @(_isHttpWarning ? "mb-20" : "")">
     <div class="container mx-auto px-4 py-4">
         <div class="flex flex-col lg:flex-row justify-between items-center">
             <p class="text-sm text-center text-gray-500 mb-4 lg:mb-0">
-                © 2024 <span>@AppInfo.ApplicationName v@(AppInfo.GetFullVersion())</span>. @Localizer["CopyrightText"]
+                © @(DateTime.Now.Year) <span>@AppInfo.ApplicationName v@(AppInfo.GetFullVersion())</span>. @Localizer["CopyrightText"]
             </p>
             <div class="hidden lg:block text-center text-gray-400 text-sm">@_randomQuote</div>
             <ul class="flex flex-wrap items-center justify-center">
@@ -38,11 +62,14 @@
     ];
 
     private string _randomQuote = string.Empty;
+    private bool _isHttpWarning = false;
+    private bool _httpWarningDismissed = false;
 
     /// <inheritdoc />
     public void Dispose()
     {
         NavigationManager.LocationChanged -= RefreshQuote;
+        NavigationManager.LocationChanged -= CheckHttpProtocol;
     }
 
     /// <inheritdoc />
@@ -52,6 +79,8 @@
         {
             _randomQuote = Quotes[Random.Shared.Next(Quotes.Length)];
             NavigationManager.LocationChanged += RefreshQuote;
+            NavigationManager.LocationChanged += CheckHttpProtocol;
+            CheckHttpProtocol(null, null);
         }
     }
 
@@ -63,4 +92,24 @@
         _randomQuote = Quotes[Random.Shared.Next(Quotes.Length)];
         StateHasChanged();
     }
+
+    /// <summary>
+    /// Checks if the current URL is using HTTP and shows warning if needed.
+    /// </summary>
+    private void CheckHttpProtocol(object? sender, LocationChangedEventArgs? e)
+    {
+        var uri = new Uri(NavigationManager.Uri);
+        _isHttpWarning = !_httpWarningDismissed && uri.Scheme == "http";
+        StateHasChanged();
+    }
+
+    /// <summary>
+    /// Dismisses the HTTP warning.
+    /// </summary>
+    private void DismissHttpWarning()
+    {
+        _httpWarningDismissed = true;
+        _isHttpWarning = false;
+        StateHasChanged();
+    }
 }
diff --git a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
index bc0918479..15dfbb1d4 100644
--- a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
+++ b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
@@ -78,4 +78,12 @@
     <value>Tip: Use the g+l (go lock) keyboard shortcut to lock the vault.</value>
     <comment>Tip about keyboard shortcut for locking vault</comment>
   </data>
+  <data name="HttpsWarningTitle" xml:space="preserve">
+    <value>HTTPS Required</value>
+    <comment>Title for HTTPS warning banner</comment>
+  </data>
+  <data name="HttpsWarningMessage" xml:space="preserve">
+    <value>The AliasVault web app requires HTTPS for using browser crypto operations. Registering/logging in won't work over HTTP. Please switch to HTTPS and use a valid SSL certificate.</value>
+    <comment>Message explaining why HTTPS is required</comment>
+  </data>
 </root>
\ No newline at end of file
diff --git a/apps/server/AliasVault.Client/wwwroot/css/tailwind.css b/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
index 1f80f2afe..79adb97aa 100644
--- a/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
+++ b/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
@@ -1 +1,3664 @@
-/*! tailwindcss v3.4.3 | MIT License | https://tailwindcss.com*/*,:after,:before{box-sizing:border-box;border:0 solid #e5e7eb}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:Inter,ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-feature-settings:normal;font-variation-settings:normal;-webkit-tap-highlight-color:transparent}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-variation-settings:normal;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:initial}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}button,input,optgroup,select,textarea{font-family:inherit;font-feature-settings:inherit;font-variation-settings:inherit;font-size:100%;font-weight:inherit;line-height:inherit;letter-spacing:inherit;color:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:initial;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:initial}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{opacity:1;color:#9ca3af}input::placeholder,textarea::placeholder{opacity:1;color:#9ca3af}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}*,::backdrop,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:#3b82f680;--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }.container{width:100%}@media (min-width:640px){.container{max-width:640px}}@media (min-width:768px){.container{max-width:768px}}@media (min-width:1024px){.container{max-width:1024px}}@media (min-width:1280px){.container{max-width:1280px}}@media (min-width:1536px){.container{max-width:1536px}}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border-width:0}.visible{visibility:visible}.invisible{visibility:hidden}.static{position:static}.fixed{position:fixed}.absolute{position:absolute}.relative{position:relative}.inset-0{inset:0}.inset-y-0{top:0;bottom:0}.inset-y-1{top:.25rem;bottom:.25rem}.bottom-0{bottom:0}.left-0{left:0}.right-0{right:0}.right-1{right:.25rem}.right-10{right:2.5rem}.right-4{right:1rem}.top-0{top:0}.top-20{top:5rem}.top-4{top:1rem}.top-\[40px\]{top:40px}.-z-10{z-index:-10}.z-10{z-index:10}.z-30{z-index:30}.z-50{z-index:50}.z-\[1000\]{z-index:1000}.col-span-1{grid-column:span 1/span 1}.col-span-6{grid-column:span 6/span 6}.col-span-full{grid-column:1/-1}.float-left{float:left}.\!m-0{margin:0!important}.m-2{margin:.5rem}.mx-4{margin-left:1rem;margin-right:1rem}.mx-auto{margin-left:auto;margin-right:auto}.my-4{margin-top:1rem;margin-bottom:1rem}.my-6{margin-top:1.5rem;margin-bottom:1.5rem}.-ml-1{margin-left:-.25rem}.-mt-1{margin-top:-.25rem}.mb-1{margin-bottom:.25rem}.mb-2{margin-bottom:.5rem}.mb-3{margin-bottom:.75rem}.mb-4{margin-bottom:1rem}.mb-5{margin-bottom:1.25rem}.mb-6{margin-bottom:1.5rem}.mb-8{margin-bottom:2rem}.ml-1{margin-left:.25rem}.ml-2{margin-left:.5rem}.ml-3{margin-left:.75rem}.ml-auto{margin-left:auto}.mr-0{margin-right:0}.mr-2{margin-right:.5rem}.mr-2\.5{margin-right:.625rem}.mr-3{margin-right:.75rem}.mr-4{margin-right:1rem}.ms-0{margin-inline-start:0}.ms-1{margin-inline-start:.25rem}.ms-2{margin-inline-start:.5rem}.ms-auto{margin-inline-start:auto}.mt-1{margin-top:.25rem}.mt-10{margin-top:2.5rem}.mt-12{margin-top:3rem}.mt-16{margin-top:4rem}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.mt-4{margin-top:1rem}.mt-6{margin-top:1.5rem}.mt-8{margin-top:2rem}.block{display:block}.inline-block{display:inline-block}.inline{display:inline}.flex{display:flex}.inline-flex{display:inline-flex}.table{display:table}.grid{display:grid}.hidden{display:none}.h-1{height:.25rem}.h-10{height:2.5rem}.h-12{height:3rem}.h-16{height:4rem}.h-2{height:.5rem}.h-2\.5{height:.625rem}.h-20{height:5rem}.h-3{height:.75rem}.h-4{height:1rem}.h-5{height:1.25rem}.h-6{height:1.5rem}.h-64{height:16rem}.h-8{height:2rem}.h-80{height:20rem}.h-9{height:2.25rem}.h-\[calc\(100vh-300px\)\]{height:calc(100vh - 300px)}.h-full{height:100%}.h-px{height:1px}.max-h-32{max-height:8rem}.max-h-\[90vh\]{max-height:90vh}.min-h-\[250px\]{min-height:250px}.min-h-\[600px\]{min-height:600px}.min-h-screen{min-height:100vh}.w-1{width:.25rem}.w-1\.5{width:.375rem}.w-1\/2{width:50%}.w-1\/3{width:33.333333%}.w-1\/4{width:25%}.w-10{width:2.5rem}.w-12{width:3rem}.w-16{width:4rem}.w-2{width:.5rem}.w-20{width:5rem}.w-24{width:6rem}.w-28{width:7rem}.w-3{width:.75rem}.w-3\/4{width:75%}.w-4{width:1rem}.w-40{width:10rem}.w-48{width:12rem}.w-5{width:1.25rem}.w-6{width:1.5rem}.w-64{width:16rem}.w-8{width:2rem}.w-96{width:24rem}.w-full{width:100%}.w-screen{width:100vw}.min-w-0{min-width:0}.min-w-\[220px\]{min-width:220px}.min-w-full{min-width:100%}.max-w-2xl{max-width:42rem}.max-w-7xl{max-width:80rem}.max-w-lg{max-width:32rem}.max-w-md{max-width:28rem}.max-w-screen-2xl{max-width:1536px}.max-w-screen-xl{max-width:1280px}.max-w-xl{max-width:36rem}.flex-1{flex:1 1 0%}.flex-shrink-0{flex-shrink:0}.flex-grow{flex-grow:1}.origin-top-right{transform-origin:top right}.rotate-180{--tw-rotate:180deg}.rotate-180,.transform{transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}@keyframes pulse{50%{opacity:.5}}.animate-pulse{animation:pulse 2s cubic-bezier(.4,0,.6,1) infinite}@keyframes spin{to{transform:rotate(1turn)}}.animate-spin{animation:spin 1s linear infinite}@keyframes spin-ccw{0%{transform:rotate(0deg)}to{transform:rotate(-1turn)}}.animate-spin-ccw{animation:spin-ccw 1s linear infinite}.cursor-not-allowed{cursor:not-allowed}.cursor-pointer{cursor:pointer}.list-inside{list-style-position:inside}.list-decimal{list-style-type:decimal}.list-disc{list-style-type:disc}.list-none{list-style-type:none}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.grid-cols-6{grid-template-columns:repeat(6,minmax(0,1fr))}.grid-cols-7{grid-template-columns:repeat(7,minmax(0,1fr))}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.content-start{align-content:flex-start}.items-start{align-items:flex-start}.items-end{align-items:flex-end}.items-center{align-items:center}.justify-start{justify-content:flex-start}.justify-end{justify-content:flex-end}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.gap-1{gap:.25rem}.gap-2{gap:.5rem}.gap-3{gap:.75rem}.gap-4{gap:1rem}.gap-6{gap:1.5rem}.space-x-1>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(.25rem*var(--tw-space-x-reverse));margin-left:calc(.25rem*(1 - var(--tw-space-x-reverse)))}.space-x-2>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(.5rem*var(--tw-space-x-reverse));margin-left:calc(.5rem*(1 - var(--tw-space-x-reverse)))}.space-x-3>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(.75rem*var(--tw-space-x-reverse));margin-left:calc(.75rem*(1 - var(--tw-space-x-reverse)))}.space-x-4>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(1rem*var(--tw-space-x-reverse));margin-left:calc(1rem*(1 - var(--tw-space-x-reverse)))}.space-x-6>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(1.5rem*var(--tw-space-x-reverse));margin-left:calc(1.5rem*(1 - var(--tw-space-x-reverse)))}.space-y-1>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(.25rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.25rem*var(--tw-space-y-reverse))}.space-y-2>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(.5rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.5rem*var(--tw-space-y-reverse))}.space-y-3>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(.75rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.75rem*var(--tw-space-y-reverse))}.space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(1rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1rem*var(--tw-space-y-reverse))}.space-y-6>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-top:calc(1.5rem*(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1.5rem*var(--tw-space-y-reverse))}.divide-y>:not([hidden])~:not([hidden]){--tw-divide-y-reverse:0;border-top-width:calc(1px*(1 - var(--tw-divide-y-reverse)));border-bottom-width:calc(1px*var(--tw-divide-y-reverse))}.divide-gray-100>:not([hidden])~:not([hidden]){--tw-divide-opacity:1;border-color:rgb(243 244 246/var(--tw-divide-opacity))}.divide-gray-200>:not([hidden])~:not([hidden]){--tw-divide-opacity:1;border-color:rgb(229 231 235/var(--tw-divide-opacity))}.self-center{align-self:center}.overflow-auto{overflow:auto}.overflow-hidden{overflow:hidden}.overflow-x-auto{overflow-x:auto}.overflow-y-auto{overflow-y:auto}.overscroll-y-auto{overscroll-behavior-y:auto}.truncate{overflow:hidden;text-overflow:ellipsis}.truncate,.whitespace-nowrap{white-space:nowrap}.whitespace-pre-line{white-space:pre-line}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.rounded{border-radius:.25rem}.rounded-2xl{border-radius:1rem}.rounded-full{border-radius:9999px}.rounded-lg{border-radius:.5rem}.rounded-md{border-radius:.375rem}.rounded-b-lg{border-bottom-right-radius:.5rem}.rounded-b-lg,.rounded-l-lg{border-bottom-left-radius:.5rem}.rounded-l-lg{border-top-left-radius:.5rem}.rounded-r-lg{border-top-right-radius:.5rem;border-bottom-right-radius:.5rem}.border{border-width:1px}.border-0{border-width:0}.border-2{border-width:2px}.border-b{border-bottom-width:1px}.border-b-2{border-bottom-width:2px}.border-l{border-left-width:1px}.border-l-0{border-left-width:0}.border-l-4{border-left-width:4px}.border-r-0{border-right-width:0}.border-t{border-top-width:1px}.border-t-2{border-top-width:2px}.border-amber-400{--tw-border-opacity:1;border-color:rgb(251 191 36/var(--tw-border-opacity))}.border-blue-700{--tw-border-opacity:1;border-color:rgb(29 78 216/var(--tw-border-opacity))}.border-gray-100{--tw-border-opacity:1;border-color:rgb(243 244 246/var(--tw-border-opacity))}.border-gray-200{--tw-border-opacity:1;border-color:rgb(229 231 235/var(--tw-border-opacity))}.border-gray-300{--tw-border-opacity:1;border-color:rgb(209 213 219/var(--tw-border-opacity))}.border-green-500{--tw-border-opacity:1;border-color:rgb(34 197 94/var(--tw-border-opacity))}.border-orange-200{--tw-border-opacity:1;border-color:rgb(254 215 170/var(--tw-border-opacity))}.border-primary-100{--tw-border-opacity:1;border-color:rgb(253 222 133/var(--tw-border-opacity))}.border-primary-200{--tw-border-opacity:1;border-color:rgb(251 203 116/var(--tw-border-opacity))}.border-primary-300{--tw-border-opacity:1;border-color:rgb(248 185 99/var(--tw-border-opacity))}.border-primary-500{--tw-border-opacity:1;border-color:rgb(244 149 65/var(--tw-border-opacity))}.border-primary-600{--tw-border-opacity:1;border-color:rgb(214 131 56/var(--tw-border-opacity))}.border-red-500{--tw-border-opacity:1;border-color:rgb(239 68 68/var(--tw-border-opacity))}.border-yellow-200{--tw-border-opacity:1;border-color:rgb(254 240 138/var(--tw-border-opacity))}.bg-amber-100{--tw-bg-opacity:1;background-color:rgb(254 243 199/var(--tw-bg-opacity))}.bg-amber-400{--tw-bg-opacity:1;background-color:rgb(251 191 36/var(--tw-bg-opacity))}.bg-amber-50{--tw-bg-opacity:1;background-color:rgb(255 251 235/var(--tw-bg-opacity))}.bg-blue-100{--tw-bg-opacity:1;background-color:rgb(219 234 254/var(--tw-bg-opacity))}.bg-blue-50{--tw-bg-opacity:1;background-color:rgb(239 246 255/var(--tw-bg-opacity))}.bg-blue-500{--tw-bg-opacity:1;background-color:rgb(59 130 246/var(--tw-bg-opacity))}.bg-blue-600{--tw-bg-opacity:1;background-color:rgb(37 99 235/var(--tw-bg-opacity))}.bg-blue-700{--tw-bg-opacity:1;background-color:rgb(29 78 216/var(--tw-bg-opacity))}.bg-gray-100{--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.bg-gray-200{--tw-bg-opacity:1;background-color:rgb(229 231 235/var(--tw-bg-opacity))}.bg-gray-300{--tw-bg-opacity:1;background-color:rgb(209 213 219/var(--tw-bg-opacity))}.bg-gray-400{--tw-bg-opacity:1;background-color:rgb(156 163 175/var(--tw-bg-opacity))}.bg-gray-50{--tw-bg-opacity:1;background-color:rgb(249 250 251/var(--tw-bg-opacity))}.bg-gray-500{--tw-bg-opacity:1;background-color:rgb(107 114 128/var(--tw-bg-opacity))}.bg-gray-600{--tw-bg-opacity:1;background-color:rgb(75 85 99/var(--tw-bg-opacity))}.bg-gray-700{--tw-bg-opacity:1;background-color:rgb(55 65 81/var(--tw-bg-opacity))}.bg-green-100{--tw-bg-opacity:1;background-color:rgb(220 252 231/var(--tw-bg-opacity))}.bg-green-50{--tw-bg-opacity:1;background-color:rgb(240 253 244/var(--tw-bg-opacity))}.bg-green-600{--tw-bg-opacity:1;background-color:rgb(22 163 74/var(--tw-bg-opacity))}.bg-green-700{--tw-bg-opacity:1;background-color:rgb(21 128 61/var(--tw-bg-opacity))}.bg-indigo-50{--tw-bg-opacity:1;background-color:rgb(238 242 255/var(--tw-bg-opacity))}.bg-orange-50{--tw-bg-opacity:1;background-color:rgb(255 247 237/var(--tw-bg-opacity))}.bg-orange-500{--tw-bg-opacity:1;background-color:rgb(249 115 22/var(--tw-bg-opacity))}.bg-primary-100{--tw-bg-opacity:1;background-color:rgb(253 222 133/var(--tw-bg-opacity))}.bg-primary-300{--tw-bg-opacity:1;background-color:rgb(248 185 99/var(--tw-bg-opacity))}.bg-primary-50{--tw-bg-opacity:1;background-color:rgb(255 224 150/var(--tw-bg-opacity))}.bg-primary-500{--tw-bg-opacity:1;background-color:rgb(244 149 65/var(--tw-bg-opacity))}.bg-primary-600{--tw-bg-opacity:1;background-color:rgb(214 131 56/var(--tw-bg-opacity))}.bg-primary-700{--tw-bg-opacity:1;background-color:rgb(184 112 47/var(--tw-bg-opacity))}.bg-red-100{--tw-bg-opacity:1;background-color:rgb(254 226 226/var(--tw-bg-opacity))}.bg-red-50{--tw-bg-opacity:1;background-color:rgb(254 242 242/var(--tw-bg-opacity))}.bg-red-500{--tw-bg-opacity:1;background-color:rgb(239 68 68/var(--tw-bg-opacity))}.bg-red-600{--tw-bg-opacity:1;background-color:rgb(220 38 38/var(--tw-bg-opacity))}.bg-red-700{--tw-bg-opacity:1;background-color:rgb(185 28 28/var(--tw-bg-opacity))}.bg-transparent{background-color:initial}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.bg-yellow-50{--tw-bg-opacity:1;background-color:rgb(254 252 232/var(--tw-bg-opacity))}.bg-yellow-500{--tw-bg-opacity:1;background-color:rgb(234 179 8/var(--tw-bg-opacity))}.bg-opacity-50{--tw-bg-opacity:0.5}.bg-opacity-75{--tw-bg-opacity:0.75}.bg-gradient-to-r{background-image:linear-gradient(to right,var(--tw-gradient-stops))}.from-primary-500{--tw-gradient-from:#f49541 var(--tw-gradient-from-position);--tw-gradient-to:#f4954100 var(--tw-gradient-to-position);--tw-gradient-stops:var(--tw-gradient-from),var(--tw-gradient-to)}.to-primary-600{--tw-gradient-to:#d68338 var(--tw-gradient-to-position)}.fill-primary-600{fill:#d68338}.object-contain{-o-object-fit:contain;object-fit:contain}.\!p-0{padding:0!important}.p-2{padding:.5rem}.p-2\.5{padding:.625rem}.p-3{padding:.75rem}.p-4{padding:1rem}.p-5{padding:1.25rem}.p-6{padding:1.5rem}.p-8{padding:2rem}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.px-4{padding-left:1rem;padding-right:1rem}.px-5{padding-left:1.25rem;padding-right:1.25rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.px-7{padding-left:1.75rem;padding-right:1.75rem}.py-0{padding-top:0;padding-bottom:0}.py-0\.5{padding-top:.125rem;padding-bottom:.125rem}.py-1{padding-top:.25rem;padding-bottom:.25rem}.py-2{padding-top:.5rem;padding-bottom:.5rem}.py-2\.5{padding-top:.625rem;padding-bottom:.625rem}.py-3{padding-top:.75rem;padding-bottom:.75rem}.py-4{padding-top:1rem;padding-bottom:1rem}.py-6{padding-top:1.5rem;padding-bottom:1.5rem}.pb-28{padding-bottom:7rem}.pb-8{padding-bottom:2rem}.pe-3{padding-inline-end:.75rem}.pl-2{padding-left:.5rem}.pr-10{padding-right:2.5rem}.pr-16{padding-right:4rem}.pr-20{padding-right:5rem}.pr-3{padding-right:.75rem}.ps-3{padding-inline-start:.75rem}.pt-16{padding-top:4rem}.pt-2{padding-top:.5rem}.pt-4{padding-top:1rem}.pt-6{padding-top:1.5rem}.pt-8{padding-top:2rem}.text-left{text-align:left}.text-center{text-align:center}.text-start{text-align:start}.align-top{vertical-align:top}.align-middle{vertical-align:middle}.font-mono{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}.text-2xl{font-size:1.5rem;line-height:2rem}.text-3xl{font-size:1.875rem;line-height:2.25rem}.text-4xl{font-size:2.25rem;line-height:2.5rem}.text-5xl{font-size:3rem;line-height:1}.text-\[10px\]{font-size:10px}.text-base{font-size:1rem;line-height:1.5rem}.text-lg{font-size:1.125rem;line-height:1.75rem}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xl{font-size:1.25rem;line-height:1.75rem}.text-xs{font-size:.75rem;line-height:1rem}.font-bold{font-weight:700}.font-light{font-weight:300}.font-medium{font-weight:500}.font-normal{font-weight:400}.font-semibold{font-weight:600}.uppercase{text-transform:uppercase}.italic{font-style:italic}.leading-6{line-height:1.5rem}.leading-9{line-height:2.25rem}.tracking-wider{letter-spacing:.05em}.text-amber-600{--tw-text-opacity:1;color:rgb(217 119 6/var(--tw-text-opacity))}.text-amber-700{--tw-text-opacity:1;color:rgb(180 83 9/var(--tw-text-opacity))}.text-blue-500{--tw-text-opacity:1;color:rgb(59 130 246/var(--tw-text-opacity))}.text-blue-600{--tw-text-opacity:1;color:rgb(37 99 235/var(--tw-text-opacity))}.text-blue-700{--tw-text-opacity:1;color:rgb(29 78 216/var(--tw-text-opacity))}.text-blue-800{--tw-text-opacity:1;color:rgb(30 64 175/var(--tw-text-opacity))}.text-gray-200{--tw-text-opacity:1;color:rgb(229 231 235/var(--tw-text-opacity))}.text-gray-300{--tw-text-opacity:1;color:rgb(209 213 219/var(--tw-text-opacity))}.text-gray-400{--tw-text-opacity:1;color:rgb(156 163 175/var(--tw-text-opacity))}.text-gray-500{--tw-text-opacity:1;color:rgb(107 114 128/var(--tw-text-opacity))}.text-gray-600{--tw-text-opacity:1;color:rgb(75 85 99/var(--tw-text-opacity))}.text-gray-700{--tw-text-opacity:1;color:rgb(55 65 81/var(--tw-text-opacity))}.text-gray-800{--tw-text-opacity:1;color:rgb(31 41 55/var(--tw-text-opacity))}.text-gray-900{--tw-text-opacity:1;color:rgb(17 24 39/var(--tw-text-opacity))}.text-green-500{--tw-text-opacity:1;color:rgb(34 197 94/var(--tw-text-opacity))}.text-green-600{--tw-text-opacity:1;color:rgb(22 163 74/var(--tw-text-opacity))}.text-green-800{--tw-text-opacity:1;color:rgb(22 101 52/var(--tw-text-opacity))}.text-indigo-600{--tw-text-opacity:1;color:rgb(79 70 229/var(--tw-text-opacity))}.text-indigo-700{--tw-text-opacity:1;color:rgb(67 56 202/var(--tw-text-opacity))}.text-orange-800{--tw-text-opacity:1;color:rgb(154 52 18/var(--tw-text-opacity))}.text-primary-500{--tw-text-opacity:1;color:rgb(244 149 65/var(--tw-text-opacity))}.text-primary-600{--tw-text-opacity:1;color:rgb(214 131 56/var(--tw-text-opacity))}.text-primary-700{--tw-text-opacity:1;color:rgb(184 112 47/var(--tw-text-opacity))}.text-primary-800{--tw-text-opacity:1;color:rgb(154 93 38/var(--tw-text-opacity))}.text-red-500{--tw-text-opacity:1;color:rgb(239 68 68/var(--tw-text-opacity))}.text-red-600{--tw-text-opacity:1;color:rgb(220 38 38/var(--tw-text-opacity))}.text-red-700{--tw-text-opacity:1;color:rgb(185 28 28/var(--tw-text-opacity))}.text-red-800{--tw-text-opacity:1;color:rgb(153 27 27/var(--tw-text-opacity))}.text-white{--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.text-yellow-600{--tw-text-opacity:1;color:rgb(202 138 4/var(--tw-text-opacity))}.text-yellow-800{--tw-text-opacity:1;color:rgb(133 77 14/var(--tw-text-opacity))}.underline{text-decoration-line:underline}.opacity-0{opacity:0}.opacity-100{opacity:1}.opacity-25{opacity:.25}.opacity-50{opacity:.5}.opacity-75{opacity:.75}.shadow{--tw-shadow:0 1px 3px 0 #0000001a,0 1px 2px -1px #0000001a;--tw-shadow-colored:0 1px 3px 0 var(--tw-shadow-color),0 1px 2px -1px var(--tw-shadow-color)}.shadow,.shadow-lg{box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.shadow-lg{--tw-shadow:0 10px 15px -3px #0000001a,0 4px 6px -4px #0000001a;--tw-shadow-colored:0 10px 15px -3px var(--tw-shadow-color),0 4px 6px -4px var(--tw-shadow-color)}.shadow-sm{--tw-shadow:0 1px 2px 0 #0000000d;--tw-shadow-colored:0 1px 2px 0 var(--tw-shadow-color)}.shadow-sm,.shadow-xl{box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.shadow-xl{--tw-shadow:0 20px 25px -5px #0000001a,0 8px 10px -6px #0000001a;--tw-shadow-colored:0 20px 25px -5px var(--tw-shadow-color),0 8px 10px -6px var(--tw-shadow-color)}.outline-0{outline-width:0}.ring-1{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow,0 0 #0000)}.ring-black{--tw-ring-opacity:1;--tw-ring-color:rgb(0 0 0/var(--tw-ring-opacity))}.ring-opacity-5{--tw-ring-opacity:0.05}.filter{filter:var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow)}.transition{transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-backdrop-filter;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.transition-all{transition-property:all;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.transition-colors{transition-property:color,background-color,border-color,text-decoration-color,fill,stroke;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.transition-opacity{transition-property:opacity;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.transition-transform{transition-property:transform;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.duration-100{transition-duration:.1s}.duration-150{transition-duration:.15s}.duration-200{transition-duration:.2s}.duration-300{transition-duration:.3s}.ease-in-out{transition-timing-function:cubic-bezier(.4,0,.2,1)}.ease-linear{transition-timing-function:linear}.file\:mr-4::file-selector-button{margin-right:1rem}.file\:rounded-lg::file-selector-button{border-radius:.5rem}.file\:border-0::file-selector-button{border-width:0}.file\:bg-primary-50::file-selector-button{--tw-bg-opacity:1;background-color:rgb(255 224 150/var(--tw-bg-opacity))}.file\:px-4::file-selector-button{padding-left:1rem;padding-right:1rem}.file\:py-2::file-selector-button{padding-top:.5rem;padding-bottom:.5rem}.file\:text-sm::file-selector-button{font-size:.875rem;line-height:1.25rem}.file\:font-semibold::file-selector-button{font-weight:600}.file\:text-primary-700::file-selector-button{--tw-text-opacity:1;color:rgb(184 112 47/var(--tw-text-opacity))}.hover\:scale-105:hover{--tw-scale-x:1.05;--tw-scale-y:1.05;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.hover\:bg-blue-600:hover{--tw-bg-opacity:1;background-color:rgb(37 99 235/var(--tw-bg-opacity))}.hover\:bg-blue-700:hover{--tw-bg-opacity:1;background-color:rgb(29 78 216/var(--tw-bg-opacity))}.hover\:bg-blue-800:hover{--tw-bg-opacity:1;background-color:rgb(30 64 175/var(--tw-bg-opacity))}.hover\:bg-gray-100:hover{--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.hover\:bg-gray-200:hover{--tw-bg-opacity:1;background-color:rgb(229 231 235/var(--tw-bg-opacity))}.hover\:bg-gray-300:hover{--tw-bg-opacity:1;background-color:rgb(209 213 219/var(--tw-bg-opacity))}.hover\:bg-gray-400:hover{--tw-bg-opacity:1;background-color:rgb(156 163 175/var(--tw-bg-opacity))}.hover\:bg-gray-50:hover{--tw-bg-opacity:1;background-color:rgb(249 250 251/var(--tw-bg-opacity))}.hover\:bg-gray-800:hover{--tw-bg-opacity:1;background-color:rgb(31 41 55/var(--tw-bg-opacity))}.hover\:bg-green-700:hover{--tw-bg-opacity:1;background-color:rgb(21 128 61/var(--tw-bg-opacity))}.hover\:bg-green-800:hover{--tw-bg-opacity:1;background-color:rgb(22 101 52/var(--tw-bg-opacity))}.hover\:bg-primary-100:hover{--tw-bg-opacity:1;background-color:rgb(253 222 133/var(--tw-bg-opacity))}.hover\:bg-primary-200:hover{--tw-bg-opacity:1;background-color:rgb(251 203 116/var(--tw-bg-opacity))}.hover\:bg-primary-600:hover{--tw-bg-opacity:1;background-color:rgb(214 131 56/var(--tw-bg-opacity))}.hover\:bg-primary-700:hover{--tw-bg-opacity:1;background-color:rgb(184 112 47/var(--tw-bg-opacity))}.hover\:bg-primary-800:hover{--tw-bg-opacity:1;background-color:rgb(154 93 38/var(--tw-bg-opacity))}.hover\:bg-red-600:hover{--tw-bg-opacity:1;background-color:rgb(220 38 38/var(--tw-bg-opacity))}.hover\:bg-red-700:hover{--tw-bg-opacity:1;background-color:rgb(185 28 28/var(--tw-bg-opacity))}.hover\:bg-red-800:hover{--tw-bg-opacity:1;background-color:rgb(153 27 27/var(--tw-bg-opacity))}.hover\:from-primary-600:hover{--tw-gradient-from:#d68338 var(--tw-gradient-from-position);--tw-gradient-to:#d6833800 var(--tw-gradient-to-position);--tw-gradient-stops:var(--tw-gradient-from),var(--tw-gradient-to)}.hover\:to-primary-700:hover{--tw-gradient-to:#b8702f var(--tw-gradient-to-position)}.hover\:text-amber-800:hover{--tw-text-opacity:1;color:rgb(146 64 14/var(--tw-text-opacity))}.hover\:text-blue-700:hover{--tw-text-opacity:1;color:rgb(29 78 216/var(--tw-text-opacity))}.hover\:text-blue-800:hover{--tw-text-opacity:1;color:rgb(30 64 175/var(--tw-text-opacity))}.hover\:text-gray-500:hover{--tw-text-opacity:1;color:rgb(107 114 128/var(--tw-text-opacity))}.hover\:text-gray-700:hover{--tw-text-opacity:1;color:rgb(55 65 81/var(--tw-text-opacity))}.hover\:text-gray-800:hover{--tw-text-opacity:1;color:rgb(31 41 55/var(--tw-text-opacity))}.hover\:text-gray-900:hover{--tw-text-opacity:1;color:rgb(17 24 39/var(--tw-text-opacity))}.hover\:text-primary-600:hover{--tw-text-opacity:1;color:rgb(214 131 56/var(--tw-text-opacity))}.hover\:text-primary-700:hover{--tw-text-opacity:1;color:rgb(184 112 47/var(--tw-text-opacity))}.hover\:text-red-200:hover{--tw-text-opacity:1;color:rgb(254 202 202/var(--tw-text-opacity))}.hover\:text-red-700:hover{--tw-text-opacity:1;color:rgb(185 28 28/var(--tw-text-opacity))}.hover\:text-red-800:hover{--tw-text-opacity:1;color:rgb(153 27 27/var(--tw-text-opacity))}.hover\:text-white:hover{--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.hover\:underline:hover{text-decoration-line:underline}.hover\:file\:bg-primary-100::file-selector-button:hover{--tw-bg-opacity:1;background-color:rgb(253 222 133/var(--tw-bg-opacity))}.focus\:border-blue-500:focus{--tw-border-opacity:1;border-color:rgb(59 130 246/var(--tw-border-opacity))}.focus\:border-primary-500:focus{--tw-border-opacity:1;border-color:rgb(244 149 65/var(--tw-border-opacity))}.focus\:border-primary-600:focus{--tw-border-opacity:1;border-color:rgb(214 131 56/var(--tw-border-opacity))}.focus\:outline-none:focus{outline:2px solid #0000;outline-offset:2px}.focus\:ring-2:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\:ring-2:focus,.focus\:ring-4:focus{box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow,0 0 #0000)}.focus\:ring-4:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(4px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\:ring-blue-300:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(147 197 253/var(--tw-ring-opacity))}.focus\:ring-blue-500:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(59 130 246/var(--tw-ring-opacity))}.focus\:ring-gray-100:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(243 244 246/var(--tw-ring-opacity))}.focus\:ring-gray-300:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(209 213 219/var(--tw-ring-opacity))}.focus\:ring-gray-400:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(156 163 175/var(--tw-ring-opacity))}.focus\:ring-gray-500:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(107 114 128/var(--tw-ring-opacity))}.focus\:ring-green-300:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(134 239 172/var(--tw-ring-opacity))}.focus\:ring-indigo-500:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(99 102 241/var(--tw-ring-opacity))}.focus\:ring-primary-200:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(251 203 116/var(--tw-ring-opacity))}.focus\:ring-primary-300:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(248 185 99/var(--tw-ring-opacity))}.focus\:ring-primary-500:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(244 149 65/var(--tw-ring-opacity))}.focus\:ring-primary-600:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(214 131 56/var(--tw-ring-opacity))}.focus\:ring-red-300:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(252 165 165/var(--tw-ring-opacity))}.focus\:ring-red-500:focus{--tw-ring-opacity:1;--tw-ring-color:rgb(239 68 68/var(--tw-ring-opacity))}.focus\:ring-offset-2:focus{--tw-ring-offset-width:2px}.active\:scale-95:active{--tw-scale-x:.95;--tw-scale-y:.95;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.disabled\:cursor-not-allowed:disabled{cursor:not-allowed}.disabled\:opacity-50:disabled{opacity:.5}.dark\:divide-gray-600:is(.dark *)>:not([hidden])~:not([hidden]){--tw-divide-opacity:1;border-color:rgb(75 85 99/var(--tw-divide-opacity))}.dark\:divide-gray-700:is(.dark *)>:not([hidden])~:not([hidden]){--tw-divide-opacity:1;border-color:rgb(55 65 81/var(--tw-divide-opacity))}.dark\:border:is(.dark *){border-width:1px}.dark\:border-amber-500\/50:is(.dark *){border-color:#f59e0b80}.dark\:border-blue-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(59 130 246/var(--tw-border-opacity))}.dark\:border-gray-400:is(.dark *){--tw-border-opacity:1;border-color:rgb(156 163 175/var(--tw-border-opacity))}.dark\:border-gray-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(107 114 128/var(--tw-border-opacity))}.dark\:border-gray-600:is(.dark *){--tw-border-opacity:1;border-color:rgb(75 85 99/var(--tw-border-opacity))}.dark\:border-gray-700:is(.dark *){--tw-border-opacity:1;border-color:rgb(55 65 81/var(--tw-border-opacity))}.dark\:border-green-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(34 197 94/var(--tw-border-opacity))}.dark\:border-orange-700:is(.dark *){--tw-border-opacity:1;border-color:rgb(194 65 12/var(--tw-border-opacity))}.dark\:border-primary-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(244 149 65/var(--tw-border-opacity))}.dark\:border-primary-700:is(.dark *){--tw-border-opacity:1;border-color:rgb(184 112 47/var(--tw-border-opacity))}.dark\:border-primary-800:is(.dark *){--tw-border-opacity:1;border-color:rgb(154 93 38/var(--tw-border-opacity))}.dark\:border-red-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(239 68 68/var(--tw-border-opacity))}.dark\:border-red-800:is(.dark *){--tw-border-opacity:1;border-color:rgb(153 27 27/var(--tw-border-opacity))}.dark\:border-yellow-500:is(.dark *){--tw-border-opacity:1;border-color:rgb(234 179 8/var(--tw-border-opacity))}.dark\:border-yellow-800:is(.dark *){--tw-border-opacity:1;border-color:rgb(133 77 14/var(--tw-border-opacity))}.dark\:bg-amber-800\/30:is(.dark *){background-color:#92400e4d}.dark\:bg-blue-400:is(.dark *){--tw-bg-opacity:1;background-color:rgb(96 165 250/var(--tw-bg-opacity))}.dark\:bg-blue-600:is(.dark *){--tw-bg-opacity:1;background-color:rgb(37 99 235/var(--tw-bg-opacity))}.dark\:bg-blue-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(30 64 175/var(--tw-bg-opacity))}.dark\:bg-blue-800\/30:is(.dark *){background-color:#1e40af4d}.dark\:bg-blue-900:is(.dark *){--tw-bg-opacity:1;background-color:rgb(30 58 138/var(--tw-bg-opacity))}.dark\:bg-gray-500:is(.dark *){--tw-bg-opacity:1;background-color:rgb(107 114 128/var(--tw-bg-opacity))}.dark\:bg-gray-600:is(.dark *){--tw-bg-opacity:1;background-color:rgb(75 85 99/var(--tw-bg-opacity))}.dark\:bg-gray-700:is(.dark *){--tw-bg-opacity:1;background-color:rgb(55 65 81/var(--tw-bg-opacity))}.dark\:bg-gray-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(31 41 55/var(--tw-bg-opacity))}.dark\:bg-gray-900:is(.dark *){--tw-bg-opacity:1;background-color:rgb(17 24 39/var(--tw-bg-opacity))}.dark\:bg-green-600:is(.dark *){--tw-bg-opacity:1;background-color:rgb(22 163 74/var(--tw-bg-opacity))}.dark\:bg-green-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(22 101 52/var(--tw-bg-opacity))}.dark\:bg-indigo-900:is(.dark *){--tw-bg-opacity:1;background-color:rgb(49 46 129/var(--tw-bg-opacity))}.dark\:bg-orange-400:is(.dark *){--tw-bg-opacity:1;background-color:rgb(251 146 60/var(--tw-bg-opacity))}.dark\:bg-orange-900\/30:is(.dark *){background-color:#7c2d124d}.dark\:bg-primary-500:is(.dark *){--tw-bg-opacity:1;background-color:rgb(244 149 65/var(--tw-bg-opacity))}.dark\:bg-primary-600:is(.dark *){--tw-bg-opacity:1;background-color:rgb(214 131 56/var(--tw-bg-opacity))}.dark\:bg-primary-700:is(.dark *){--tw-bg-opacity:1;background-color:rgb(184 112 47/var(--tw-bg-opacity))}.dark\:bg-primary-900:is(.dark *){--tw-bg-opacity:1;background-color:rgb(123 74 30/var(--tw-bg-opacity))}.dark\:bg-primary-900\/20:is(.dark *){background-color:#7b4a1e33}.dark\:bg-primary-900\/30:is(.dark *){background-color:#7b4a1e4d}.dark\:bg-red-200:is(.dark *){--tw-bg-opacity:1;background-color:rgb(254 202 202/var(--tw-bg-opacity))}.dark\:bg-red-600:is(.dark *){--tw-bg-opacity:1;background-color:rgb(220 38 38/var(--tw-bg-opacity))}.dark\:bg-red-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(153 27 27/var(--tw-bg-opacity))}.dark\:bg-red-900:is(.dark *){--tw-bg-opacity:1;background-color:rgb(127 29 29/var(--tw-bg-opacity))}.dark\:bg-red-900\/20:is(.dark *){background-color:#7f1d1d33}.dark\:bg-yellow-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(133 77 14/var(--tw-bg-opacity))}.dark\:bg-yellow-900\/20:is(.dark *){background-color:#713f1233}.dark\:bg-opacity-80:is(.dark *){--tw-bg-opacity:0.8}.dark\:from-primary-400:is(.dark *){--tw-gradient-from:#f6a752 var(--tw-gradient-from-position);--tw-gradient-to:#f6a75200 var(--tw-gradient-to-position);--tw-gradient-stops:var(--tw-gradient-from),var(--tw-gradient-to)}.dark\:to-primary-500:is(.dark *){--tw-gradient-to:#f49541 var(--tw-gradient-to-position)}.dark\:text-amber-300:is(.dark *){--tw-text-opacity:1;color:rgb(252 211 77/var(--tw-text-opacity))}.dark\:text-amber-400:is(.dark *){--tw-text-opacity:1;color:rgb(251 191 36/var(--tw-text-opacity))}.dark\:text-blue-300:is(.dark *){--tw-text-opacity:1;color:rgb(147 197 253/var(--tw-text-opacity))}.dark\:text-blue-400:is(.dark *){--tw-text-opacity:1;color:rgb(96 165 250/var(--tw-text-opacity))}.dark\:text-blue-500:is(.dark *){--tw-text-opacity:1;color:rgb(59 130 246/var(--tw-text-opacity))}.dark\:text-gray-100:is(.dark *){--tw-text-opacity:1;color:rgb(243 244 246/var(--tw-text-opacity))}.dark\:text-gray-200:is(.dark *){--tw-text-opacity:1;color:rgb(229 231 235/var(--tw-text-opacity))}.dark\:text-gray-300:is(.dark *){--tw-text-opacity:1;color:rgb(209 213 219/var(--tw-text-opacity))}.dark\:text-gray-400:is(.dark *){--tw-text-opacity:1;color:rgb(156 163 175/var(--tw-text-opacity))}.dark\:text-gray-500:is(.dark *){--tw-text-opacity:1;color:rgb(107 114 128/var(--tw-text-opacity))}.dark\:text-gray-600:is(.dark *){--tw-text-opacity:1;color:rgb(75 85 99/var(--tw-text-opacity))}.dark\:text-green-400:is(.dark *){--tw-text-opacity:1;color:rgb(74 222 128/var(--tw-text-opacity))}.dark\:text-indigo-300:is(.dark *){--tw-text-opacity:1;color:rgb(165 180 252/var(--tw-text-opacity))}.dark\:text-indigo-400:is(.dark *){--tw-text-opacity:1;color:rgb(129 140 248/var(--tw-text-opacity))}.dark\:text-orange-200:is(.dark *){--tw-text-opacity:1;color:rgb(254 215 170/var(--tw-text-opacity))}.dark\:text-primary-200:is(.dark *){--tw-text-opacity:1;color:rgb(251 203 116/var(--tw-text-opacity))}.dark\:text-primary-400:is(.dark *){--tw-text-opacity:1;color:rgb(246 167 82/var(--tw-text-opacity))}.dark\:text-primary-500:is(.dark *){--tw-text-opacity:1;color:rgb(244 149 65/var(--tw-text-opacity))}.dark\:text-red-200:is(.dark *){--tw-text-opacity:1;color:rgb(254 202 202/var(--tw-text-opacity))}.dark\:text-red-400:is(.dark *){--tw-text-opacity:1;color:rgb(248 113 113/var(--tw-text-opacity))}.dark\:text-red-500:is(.dark *){--tw-text-opacity:1;color:rgb(239 68 68/var(--tw-text-opacity))}.dark\:text-red-800:is(.dark *){--tw-text-opacity:1;color:rgb(153 27 27/var(--tw-text-opacity))}.dark\:text-white:is(.dark *){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.dark\:text-yellow-200:is(.dark *){--tw-text-opacity:1;color:rgb(254 240 138/var(--tw-text-opacity))}.dark\:text-yellow-400:is(.dark *){--tw-text-opacity:1;color:rgb(250 204 21/var(--tw-text-opacity))}.dark\:placeholder-gray-400:is(.dark *)::-moz-placeholder{--tw-placeholder-opacity:1;color:rgb(156 163 175/var(--tw-placeholder-opacity))}.dark\:placeholder-gray-400:is(.dark *)::placeholder{--tw-placeholder-opacity:1;color:rgb(156 163 175/var(--tw-placeholder-opacity))}.dark\:ring-offset-gray-800:is(.dark *){--tw-ring-offset-color:#1f2937}.dark\:file\:bg-primary-900\/40:is(.dark *)::file-selector-button{background-color:#7b4a1e66}.dark\:file\:text-primary-300:is(.dark *)::file-selector-button{--tw-text-opacity:1;color:rgb(248 185 99/var(--tw-text-opacity))}.dark\:hover\:bg-blue-500:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(59 130 246/var(--tw-bg-opacity))}.dark\:hover\:bg-blue-600:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(37 99 235/var(--tw-bg-opacity))}.dark\:hover\:bg-blue-700:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(29 78 216/var(--tw-bg-opacity))}.dark\:hover\:bg-gray-500:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(107 114 128/var(--tw-bg-opacity))}.dark\:hover\:bg-gray-600:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(75 85 99/var(--tw-bg-opacity))}.dark\:hover\:bg-gray-700:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(55 65 81/var(--tw-bg-opacity))}.dark\:hover\:bg-gray-800:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(31 41 55/var(--tw-bg-opacity))}.dark\:hover\:bg-green-700:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(21 128 61/var(--tw-bg-opacity))}.dark\:hover\:bg-primary-600:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(214 131 56/var(--tw-bg-opacity))}.dark\:hover\:bg-primary-700:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(184 112 47/var(--tw-bg-opacity))}.dark\:hover\:bg-primary-900\/30:hover:is(.dark *){background-color:#7b4a1e4d}.dark\:hover\:bg-red-700:hover:is(.dark *){--tw-bg-opacity:1;background-color:rgb(185 28 28/var(--tw-bg-opacity))}.dark\:hover\:from-primary-500:hover:is(.dark *){--tw-gradient-from:#f49541 var(--tw-gradient-from-position);--tw-gradient-to:#f4954100 var(--tw-gradient-to-position);--tw-gradient-stops:var(--tw-gradient-from),var(--tw-gradient-to)}.dark\:hover\:to-primary-600:hover:is(.dark *){--tw-gradient-to:#d68338 var(--tw-gradient-to-position)}.dark\:hover\:text-amber-200:hover:is(.dark *){--tw-text-opacity:1;color:rgb(253 230 138/var(--tw-text-opacity))}.dark\:hover\:text-blue-200:hover:is(.dark *){--tw-text-opacity:1;color:rgb(191 219 254/var(--tw-text-opacity))}.dark\:hover\:text-blue-400:hover:is(.dark *){--tw-text-opacity:1;color:rgb(96 165 250/var(--tw-text-opacity))}.dark\:hover\:text-gray-100:hover:is(.dark *){--tw-text-opacity:1;color:rgb(243 244 246/var(--tw-text-opacity))}.dark\:hover\:text-gray-200:hover:is(.dark *){--tw-text-opacity:1;color:rgb(229 231 235/var(--tw-text-opacity))}.dark\:hover\:text-gray-300:hover:is(.dark *){--tw-text-opacity:1;color:rgb(209 213 219/var(--tw-text-opacity))}.dark\:hover\:text-primary-300:hover:is(.dark *){--tw-text-opacity:1;color:rgb(248 185 99/var(--tw-text-opacity))}.dark\:hover\:text-primary-400:hover:is(.dark *){--tw-text-opacity:1;color:rgb(246 167 82/var(--tw-text-opacity))}.dark\:hover\:text-primary-500:hover:is(.dark *){--tw-text-opacity:1;color:rgb(244 149 65/var(--tw-text-opacity))}.dark\:hover\:text-red-300:hover:is(.dark *){--tw-text-opacity:1;color:rgb(252 165 165/var(--tw-text-opacity))}.dark\:hover\:text-red-400:hover:is(.dark *){--tw-text-opacity:1;color:rgb(248 113 113/var(--tw-text-opacity))}.dark\:hover\:text-white:hover:is(.dark *){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.dark\:hover\:file\:bg-primary-800\/60:is(.dark *)::file-selector-button:hover{background-color:#9a5d2699}.dark\:focus\:border-blue-500:focus:is(.dark *){--tw-border-opacity:1;border-color:rgb(59 130 246/var(--tw-border-opacity))}.dark\:focus\:border-primary-500:focus:is(.dark *){--tw-border-opacity:1;border-color:rgb(244 149 65/var(--tw-border-opacity))}.dark\:focus\:ring-blue-400:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(96 165 250/var(--tw-ring-opacity))}.dark\:focus\:ring-blue-500:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(59 130 246/var(--tw-ring-opacity))}.dark\:focus\:ring-blue-600:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(37 99 235/var(--tw-ring-opacity))}.dark\:focus\:ring-blue-800:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(30 64 175/var(--tw-ring-opacity))}.dark\:focus\:ring-gray-600:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(75 85 99/var(--tw-ring-opacity))}.dark\:focus\:ring-gray-700:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(55 65 81/var(--tw-ring-opacity))}.dark\:focus\:ring-gray-800:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(31 41 55/var(--tw-ring-opacity))}.dark\:focus\:ring-green-800:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(22 101 52/var(--tw-ring-opacity))}.dark\:focus\:ring-primary-500:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(244 149 65/var(--tw-ring-opacity))}.dark\:focus\:ring-primary-600:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(214 131 56/var(--tw-ring-opacity))}.dark\:focus\:ring-primary-800:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(154 93 38/var(--tw-ring-opacity))}.dark\:focus\:ring-primary-900:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(123 74 30/var(--tw-ring-opacity))}.dark\:focus\:ring-red-800:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(153 27 27/var(--tw-ring-opacity))}.dark\:focus\:ring-red-900:focus:is(.dark *){--tw-ring-opacity:1;--tw-ring-color:rgb(127 29 29/var(--tw-ring-opacity))}.dark\:focus\:ring-offset-gray-800:focus:is(.dark *){--tw-ring-offset-color:#1f2937}@media (min-width:640px){.sm\:-top-2{top:-.5rem}.sm\:left-auto{left:auto}.sm\:col-span-3{grid-column:span 3/span 3}.sm\:mb-0{margin-bottom:0}.sm\:ml-1{margin-left:.25rem}.sm\:mr-4{margin-right:1rem}.sm\:inline-block{display:inline-block}.sm\:inline{display:inline}.sm\:flex{display:flex}.sm\:hidden{display:none}.sm\:w-auto{width:auto}.sm\:w-full{width:100%}.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.sm\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.sm\:flex-row{flex-direction:row}.sm\:items-center{align-items:center}.sm\:justify-between{justify-content:space-between}.sm\:rounded-lg{border-radius:.5rem}.sm\:p-6{padding:1.5rem}.sm\:p-8{padding:2rem}.sm\:text-2xl{font-size:1.5rem;line-height:2rem}.sm\:text-sm{font-size:.875rem;line-height:1.25rem}.sm\:shadow-xl{--tw-shadow:0 20px 25px -5px #0000001a,0 8px 10px -6px #0000001a;--tw-shadow-colored:0 20px 25px -5px var(--tw-shadow-color),0 8px 10px -6px var(--tw-shadow-color);box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}}@media (min-width:768px){.md\:top-\[39px\]{top:39px}.md\:col-span-1{grid-column:span 1/span 1}.md\:col-span-2{grid-column:span 2/span 2}.md\:ml-2{margin-left:.5rem}.md\:inline{display:inline}.md\:flex{display:flex}.md\:hidden{display:none}.md\:h-screen{height:100vh}.md\:w-64{width:16rem}.md\:min-w-\[32rem\]{min-width:32rem}.md\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.md\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.md\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.md\:grid-cols-5{grid-template-columns:repeat(5,minmax(0,1fr))}.md\:gap-4{gap:1rem}.md\:space-x-2>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(.5rem*var(--tw-space-x-reverse));margin-left:calc(.5rem*(1 - var(--tw-space-x-reverse)))}}@media (min-width:1024px){.lg\:fixed{position:fixed}.lg\:relative{position:relative}.lg\:order-1{order:1}.lg\:order-2{order:2}.lg\:col-span-1{grid-column:span 1/span 1}.lg\:col-span-2{grid-column:span 2/span 2}.lg\:mb-0{margin-bottom:0}.lg\:mb-16{margin-bottom:4rem}.lg\:mr-8{margin-right:2rem}.lg\:ms-4{margin-inline-start:1rem}.lg\:mt-0{margin-top:0}.lg\:mt-16{margin-top:4rem}.lg\:mt-8{margin-top:2rem}.lg\:block{display:block}.lg\:flex{display:flex}.lg\:hidden{display:none}.lg\:min-h-screen{min-height:100vh}.lg\:w-1\/2{width:50%}.lg\:w-auto{width:auto}.lg\:max-w-4xl{max-width:56rem}.lg\:max-w-xl{max-width:36rem}.lg\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.lg\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.lg\:flex-row{flex-direction:row}.lg\:items-center{align-items:center}.lg\:justify-center{justify-content:center}.lg\:gap-4{gap:1rem}.lg\:overflow-hidden{overflow:hidden}.lg\:rounded-lg{border-radius:.5rem}.lg\:border-0{border-width:0}.lg\:bg-transparent{background-color:initial}.lg\:bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.lg\:px-8{padding-left:2rem;padding-right:2rem}.lg\:py-12{padding-top:3rem;padding-bottom:3rem}.lg\:pb-4{padding-bottom:1rem}.lg\:pt-6{padding-top:1.5rem}.lg\:shadow-none{--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000}.lg\:shadow-none,.lg\:shadow-xl{box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.lg\:shadow-xl{--tw-shadow:0 20px 25px -5px #0000001a,0 8px 10px -6px #0000001a;--tw-shadow-colored:0 20px 25px -5px var(--tw-shadow-color),0 8px 10px -6px var(--tw-shadow-color)}.lg\:dark\:bg-gray-800:is(.dark *){--tw-bg-opacity:1;background-color:rgb(31 41 55/var(--tw-bg-opacity))}.lg\:dark\:bg-transparent:is(.dark *){background-color:initial}}@media (min-width:1280px){.xl\:mb-2{margin-bottom:.5rem}.xl\:mb-4{margin-bottom:1rem}.xl\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.xl\:grid-cols-6{grid-template-columns:repeat(6,minmax(0,1fr))}.xl\:gap-4{gap:1rem}.xl\:space-x-8>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-right:calc(2rem*var(--tw-space-x-reverse));margin-left:calc(2rem*(1 - var(--tw-space-x-reverse)))}}@media (min-width:1536px){.\32xl\:col-span-2{grid-column:span 2/span 2}.\32xl\:mb-0{margin-bottom:0}}
\ No newline at end of file
+/*
+! tailwindcss v3.4.3 | MIT License | https://tailwindcss.com
+*/
+
+/*
+1. Prevent padding and border from affecting element width. (https://github.com/mozdevs/cssremedy/issues/4)
+2. Allow adding a border to an element by just adding a border-width. (https://github.com/tailwindcss/tailwindcss/pull/116)
+*/
+
+*,
+::before,
+::after {
+  box-sizing: border-box;
+  /* 1 */
+  border-width: 0;
+  /* 2 */
+  border-style: solid;
+  /* 2 */
+  border-color: #e5e7eb;
+  /* 2 */
+}
+
+::before,
+::after {
+  --tw-content: '';
+}
+
+/*
+1. Use a consistent sensible line-height in all browsers.
+2. Prevent adjustments of font size after orientation changes in iOS.
+3. Use a more readable tab size.
+4. Use the user's configured `sans` font-family by default.
+5. Use the user's configured `sans` font-feature-settings by default.
+6. Use the user's configured `sans` font-variation-settings by default.
+7. Disable tap highlights on iOS
+*/
+
+html,
+:host {
+  line-height: 1.5;
+  /* 1 */
+  -webkit-text-size-adjust: 100%;
+  /* 2 */
+  -moz-tab-size: 4;
+  /* 3 */
+  -o-tab-size: 4;
+     tab-size: 4;
+  /* 3 */
+  font-family: Inter, ui-sans-serif, system-ui, -apple-system, system-ui, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+  /* 4 */
+  font-feature-settings: normal;
+  /* 5 */
+  font-variation-settings: normal;
+  /* 6 */
+  -webkit-tap-highlight-color: transparent;
+  /* 7 */
+}
+
+/*
+1. Remove the margin in all browsers.
+2. Inherit line-height from `html` so users can set them as a class directly on the `html` element.
+*/
+
+body {
+  margin: 0;
+  /* 1 */
+  line-height: inherit;
+  /* 2 */
+}
+
+/*
+1. Add the correct height in Firefox.
+2. Correct the inheritance of border color in Firefox. (https://bugzilla.mozilla.org/show_bug.cgi?id=190655)
+3. Ensure horizontal rules are visible by default.
+*/
+
+hr {
+  height: 0;
+  /* 1 */
+  color: inherit;
+  /* 2 */
+  border-top-width: 1px;
+  /* 3 */
+}
+
+/*
+Add the correct text decoration in Chrome, Edge, and Safari.
+*/
+
+abbr:where([title]) {
+  -webkit-text-decoration: underline dotted;
+          text-decoration: underline dotted;
+}
+
+/*
+Remove the default font size and weight for headings.
+*/
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+  font-size: inherit;
+  font-weight: inherit;
+}
+
+/*
+Reset links to optimize for opt-in styling instead of opt-out.
+*/
+
+a {
+  color: inherit;
+  text-decoration: inherit;
+}
+
+/*
+Add the correct font weight in Edge and Safari.
+*/
+
+b,
+strong {
+  font-weight: bolder;
+}
+
+/*
+1. Use the user's configured `mono` font-family by default.
+2. Use the user's configured `mono` font-feature-settings by default.
+3. Use the user's configured `mono` font-variation-settings by default.
+4. Correct the odd `em` font sizing in all browsers.
+*/
+
+code,
+kbd,
+samp,
+pre {
+  font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, Liberation Mono, Courier New, monospace;
+  /* 1 */
+  font-feature-settings: normal;
+  /* 2 */
+  font-variation-settings: normal;
+  /* 3 */
+  font-size: 1em;
+  /* 4 */
+}
+
+/*
+Add the correct font size in all browsers.
+*/
+
+small {
+  font-size: 80%;
+}
+
+/*
+Prevent `sub` and `sup` elements from affecting the line height in all browsers.
+*/
+
+sub,
+sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+sub {
+  bottom: -0.25em;
+}
+
+sup {
+  top: -0.5em;
+}
+
+/*
+1. Remove text indentation from table contents in Chrome and Safari. (https://bugs.chromium.org/p/chromium/issues/detail?id=999088, https://bugs.webkit.org/show_bug.cgi?id=201297)
+2. Correct table border color inheritance in all Chrome and Safari. (https://bugs.chromium.org/p/chromium/issues/detail?id=935729, https://bugs.webkit.org/show_bug.cgi?id=195016)
+3. Remove gaps between table borders by default.
+*/
+
+table {
+  text-indent: 0;
+  /* 1 */
+  border-color: inherit;
+  /* 2 */
+  border-collapse: collapse;
+  /* 3 */
+}
+
+/*
+1. Change the font styles in all browsers.
+2. Remove the margin in Firefox and Safari.
+3. Remove default padding in all browsers.
+*/
+
+button,
+input,
+optgroup,
+select,
+textarea {
+  font-family: inherit;
+  /* 1 */
+  font-feature-settings: inherit;
+  /* 1 */
+  font-variation-settings: inherit;
+  /* 1 */
+  font-size: 100%;
+  /* 1 */
+  font-weight: inherit;
+  /* 1 */
+  line-height: inherit;
+  /* 1 */
+  letter-spacing: inherit;
+  /* 1 */
+  color: inherit;
+  /* 1 */
+  margin: 0;
+  /* 2 */
+  padding: 0;
+  /* 3 */
+}
+
+/*
+Remove the inheritance of text transform in Edge and Firefox.
+*/
+
+button,
+select {
+  text-transform: none;
+}
+
+/*
+1. Correct the inability to style clickable types in iOS and Safari.
+2. Remove default button styles.
+*/
+
+button,
+input:where([type='button']),
+input:where([type='reset']),
+input:where([type='submit']) {
+  -webkit-appearance: button;
+  /* 1 */
+  background-color: transparent;
+  /* 2 */
+  background-image: none;
+  /* 2 */
+}
+
+/*
+Use the modern Firefox focus style for all focusable elements.
+*/
+
+:-moz-focusring {
+  outline: auto;
+}
+
+/*
+Remove the additional `:invalid` styles in Firefox. (https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/forms.css#L728-L737)
+*/
+
+:-moz-ui-invalid {
+  box-shadow: none;
+}
+
+/*
+Add the correct vertical alignment in Chrome and Firefox.
+*/
+
+progress {
+  vertical-align: baseline;
+}
+
+/*
+Correct the cursor style of increment and decrement buttons in Safari.
+*/
+
+::-webkit-inner-spin-button,
+::-webkit-outer-spin-button {
+  height: auto;
+}
+
+/*
+1. Correct the odd appearance in Chrome and Safari.
+2. Correct the outline style in Safari.
+*/
+
+[type='search'] {
+  -webkit-appearance: textfield;
+  /* 1 */
+  outline-offset: -2px;
+  /* 2 */
+}
+
+/*
+Remove the inner padding in Chrome and Safari on macOS.
+*/
+
+::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+/*
+1. Correct the inability to style clickable types in iOS and Safari.
+2. Change font properties to `inherit` in Safari.
+*/
+
+::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  /* 1 */
+  font: inherit;
+  /* 2 */
+}
+
+/*
+Add the correct display in Chrome and Safari.
+*/
+
+summary {
+  display: list-item;
+}
+
+/*
+Removes the default spacing and border for appropriate elements.
+*/
+
+blockquote,
+dl,
+dd,
+h1,
+h2,
+h3,
+h4,
+h5,
+h6,
+hr,
+figure,
+p,
+pre {
+  margin: 0;
+}
+
+fieldset {
+  margin: 0;
+  padding: 0;
+}
+
+legend {
+  padding: 0;
+}
+
+ol,
+ul,
+menu {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+}
+
+/*
+Reset default styling for dialogs.
+*/
+
+dialog {
+  padding: 0;
+}
+
+/*
+Prevent resizing textareas horizontally by default.
+*/
+
+textarea {
+  resize: vertical;
+}
+
+/*
+1. Reset the default placeholder opacity in Firefox. (https://github.com/tailwindlabs/tailwindcss/issues/3300)
+2. Set the default placeholder color to the user's configured gray 400 color.
+*/
+
+input::-moz-placeholder, textarea::-moz-placeholder {
+  opacity: 1;
+  /* 1 */
+  color: #9ca3af;
+  /* 2 */
+}
+
+input::placeholder,
+textarea::placeholder {
+  opacity: 1;
+  /* 1 */
+  color: #9ca3af;
+  /* 2 */
+}
+
+/*
+Set the default cursor for buttons.
+*/
+
+button,
+[role="button"] {
+  cursor: pointer;
+}
+
+/*
+Make sure disabled buttons don't get the pointer cursor.
+*/
+
+:disabled {
+  cursor: default;
+}
+
+/*
+1. Make replaced elements `display: block` by default. (https://github.com/mozdevs/cssremedy/issues/14)
+2. Add `vertical-align: middle` to align replaced elements more sensibly by default. (https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210)
+   This can trigger a poorly considered lint error in some tools but is included by design.
+*/
+
+img,
+svg,
+video,
+canvas,
+audio,
+iframe,
+embed,
+object {
+  display: block;
+  /* 1 */
+  vertical-align: middle;
+  /* 2 */
+}
+
+/*
+Constrain images and videos to the parent width and preserve their intrinsic aspect ratio. (https://github.com/mozdevs/cssremedy/issues/14)
+*/
+
+img,
+video {
+  max-width: 100%;
+  height: auto;
+}
+
+/* Make elements with the HTML hidden attribute stay hidden by default */
+
+[hidden] {
+  display: none;
+}
+
+*, ::before, ::after {
+  --tw-border-spacing-x: 0;
+  --tw-border-spacing-y: 0;
+  --tw-translate-x: 0;
+  --tw-translate-y: 0;
+  --tw-rotate: 0;
+  --tw-skew-x: 0;
+  --tw-skew-y: 0;
+  --tw-scale-x: 1;
+  --tw-scale-y: 1;
+  --tw-pan-x:  ;
+  --tw-pan-y:  ;
+  --tw-pinch-zoom:  ;
+  --tw-scroll-snap-strictness: proximity;
+  --tw-gradient-from-position:  ;
+  --tw-gradient-via-position:  ;
+  --tw-gradient-to-position:  ;
+  --tw-ordinal:  ;
+  --tw-slashed-zero:  ;
+  --tw-numeric-figure:  ;
+  --tw-numeric-spacing:  ;
+  --tw-numeric-fraction:  ;
+  --tw-ring-inset:  ;
+  --tw-ring-offset-width: 0px;
+  --tw-ring-offset-color: #fff;
+  --tw-ring-color: rgb(59 130 246 / 0.5);
+  --tw-ring-offset-shadow: 0 0 #0000;
+  --tw-ring-shadow: 0 0 #0000;
+  --tw-shadow: 0 0 #0000;
+  --tw-shadow-colored: 0 0 #0000;
+  --tw-blur:  ;
+  --tw-brightness:  ;
+  --tw-contrast:  ;
+  --tw-grayscale:  ;
+  --tw-hue-rotate:  ;
+  --tw-invert:  ;
+  --tw-saturate:  ;
+  --tw-sepia:  ;
+  --tw-drop-shadow:  ;
+  --tw-backdrop-blur:  ;
+  --tw-backdrop-brightness:  ;
+  --tw-backdrop-contrast:  ;
+  --tw-backdrop-grayscale:  ;
+  --tw-backdrop-hue-rotate:  ;
+  --tw-backdrop-invert:  ;
+  --tw-backdrop-opacity:  ;
+  --tw-backdrop-saturate:  ;
+  --tw-backdrop-sepia:  ;
+  --tw-contain-size:  ;
+  --tw-contain-layout:  ;
+  --tw-contain-paint:  ;
+  --tw-contain-style:  ;
+}
+
+::backdrop {
+  --tw-border-spacing-x: 0;
+  --tw-border-spacing-y: 0;
+  --tw-translate-x: 0;
+  --tw-translate-y: 0;
+  --tw-rotate: 0;
+  --tw-skew-x: 0;
+  --tw-skew-y: 0;
+  --tw-scale-x: 1;
+  --tw-scale-y: 1;
+  --tw-pan-x:  ;
+  --tw-pan-y:  ;
+  --tw-pinch-zoom:  ;
+  --tw-scroll-snap-strictness: proximity;
+  --tw-gradient-from-position:  ;
+  --tw-gradient-via-position:  ;
+  --tw-gradient-to-position:  ;
+  --tw-ordinal:  ;
+  --tw-slashed-zero:  ;
+  --tw-numeric-figure:  ;
+  --tw-numeric-spacing:  ;
+  --tw-numeric-fraction:  ;
+  --tw-ring-inset:  ;
+  --tw-ring-offset-width: 0px;
+  --tw-ring-offset-color: #fff;
+  --tw-ring-color: rgb(59 130 246 / 0.5);
+  --tw-ring-offset-shadow: 0 0 #0000;
+  --tw-ring-shadow: 0 0 #0000;
+  --tw-shadow: 0 0 #0000;
+  --tw-shadow-colored: 0 0 #0000;
+  --tw-blur:  ;
+  --tw-brightness:  ;
+  --tw-contrast:  ;
+  --tw-grayscale:  ;
+  --tw-hue-rotate:  ;
+  --tw-invert:  ;
+  --tw-saturate:  ;
+  --tw-sepia:  ;
+  --tw-drop-shadow:  ;
+  --tw-backdrop-blur:  ;
+  --tw-backdrop-brightness:  ;
+  --tw-backdrop-contrast:  ;
+  --tw-backdrop-grayscale:  ;
+  --tw-backdrop-hue-rotate:  ;
+  --tw-backdrop-invert:  ;
+  --tw-backdrop-opacity:  ;
+  --tw-backdrop-saturate:  ;
+  --tw-backdrop-sepia:  ;
+  --tw-contain-size:  ;
+  --tw-contain-layout:  ;
+  --tw-contain-paint:  ;
+  --tw-contain-style:  ;
+}
+
+.container {
+  width: 100%;
+}
+
+@media (min-width: 640px) {
+  .container {
+    max-width: 640px;
+  }
+}
+
+@media (min-width: 768px) {
+  .container {
+    max-width: 768px;
+  }
+}
+
+@media (min-width: 1024px) {
+  .container {
+    max-width: 1024px;
+  }
+}
+
+@media (min-width: 1280px) {
+  .container {
+    max-width: 1280px;
+  }
+}
+
+@media (min-width: 1536px) {
+  .container {
+    max-width: 1536px;
+  }
+}
+
+.sr-only {
+  position: absolute;
+  width: 1px;
+  height: 1px;
+  padding: 0;
+  margin: -1px;
+  overflow: hidden;
+  clip: rect(0, 0, 0, 0);
+  white-space: nowrap;
+  border-width: 0;
+}
+
+.visible {
+  visibility: visible;
+}
+
+.invisible {
+  visibility: hidden;
+}
+
+.static {
+  position: static;
+}
+
+.fixed {
+  position: fixed;
+}
+
+.absolute {
+  position: absolute;
+}
+
+.relative {
+  position: relative;
+}
+
+.inset-0 {
+  inset: 0px;
+}
+
+.inset-y-0 {
+  top: 0px;
+  bottom: 0px;
+}
+
+.inset-y-1 {
+  top: 0.25rem;
+  bottom: 0.25rem;
+}
+
+.bottom-0 {
+  bottom: 0px;
+}
+
+.left-0 {
+  left: 0px;
+}
+
+.right-0 {
+  right: 0px;
+}
+
+.right-1 {
+  right: 0.25rem;
+}
+
+.right-10 {
+  right: 2.5rem;
+}
+
+.right-4 {
+  right: 1rem;
+}
+
+.top-0 {
+  top: 0px;
+}
+
+.top-20 {
+  top: 5rem;
+}
+
+.top-4 {
+  top: 1rem;
+}
+
+.top-\[40px\] {
+  top: 40px;
+}
+
+.-z-10 {
+  z-index: -10;
+}
+
+.z-10 {
+  z-index: 10;
+}
+
+.z-30 {
+  z-index: 30;
+}
+
+.z-50 {
+  z-index: 50;
+}
+
+.z-\[1000\] {
+  z-index: 1000;
+}
+
+.col-span-1 {
+  grid-column: span 1 / span 1;
+}
+
+.col-span-6 {
+  grid-column: span 6 / span 6;
+}
+
+.col-span-full {
+  grid-column: 1 / -1;
+}
+
+.float-left {
+  float: left;
+}
+
+.\!m-0 {
+  margin: 0px !important;
+}
+
+.m-2 {
+  margin: 0.5rem;
+}
+
+.mx-4 {
+  margin-left: 1rem;
+  margin-right: 1rem;
+}
+
+.mx-auto {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.my-4 {
+  margin-top: 1rem;
+  margin-bottom: 1rem;
+}
+
+.my-6 {
+  margin-top: 1.5rem;
+  margin-bottom: 1.5rem;
+}
+
+.-ml-1 {
+  margin-left: -0.25rem;
+}
+
+.-mt-1 {
+  margin-top: -0.25rem;
+}
+
+.mb-1 {
+  margin-bottom: 0.25rem;
+}
+
+.mb-2 {
+  margin-bottom: 0.5rem;
+}
+
+.mb-3 {
+  margin-bottom: 0.75rem;
+}
+
+.mb-4 {
+  margin-bottom: 1rem;
+}
+
+.mb-5 {
+  margin-bottom: 1.25rem;
+}
+
+.mb-6 {
+  margin-bottom: 1.5rem;
+}
+
+.mb-8 {
+  margin-bottom: 2rem;
+}
+
+.ml-1 {
+  margin-left: 0.25rem;
+}
+
+.ml-2 {
+  margin-left: 0.5rem;
+}
+
+.ml-3 {
+  margin-left: 0.75rem;
+}
+
+.ml-auto {
+  margin-left: auto;
+}
+
+.mr-0 {
+  margin-right: 0px;
+}
+
+.mr-2 {
+  margin-right: 0.5rem;
+}
+
+.mr-2\.5 {
+  margin-right: 0.625rem;
+}
+
+.mr-3 {
+  margin-right: 0.75rem;
+}
+
+.mr-4 {
+  margin-right: 1rem;
+}
+
+.ms-0 {
+  margin-inline-start: 0px;
+}
+
+.ms-1 {
+  margin-inline-start: 0.25rem;
+}
+
+.ms-2 {
+  margin-inline-start: 0.5rem;
+}
+
+.ms-auto {
+  margin-inline-start: auto;
+}
+
+.mt-1 {
+  margin-top: 0.25rem;
+}
+
+.mt-10 {
+  margin-top: 2.5rem;
+}
+
+.mt-12 {
+  margin-top: 3rem;
+}
+
+.mt-16 {
+  margin-top: 4rem;
+}
+
+.mt-2 {
+  margin-top: 0.5rem;
+}
+
+.mt-3 {
+  margin-top: 0.75rem;
+}
+
+.mt-4 {
+  margin-top: 1rem;
+}
+
+.mt-6 {
+  margin-top: 1.5rem;
+}
+
+.mt-8 {
+  margin-top: 2rem;
+}
+
+.mb-20 {
+  margin-bottom: 5rem;
+}
+
+.ml-4 {
+  margin-left: 1rem;
+}
+
+.block {
+  display: block;
+}
+
+.inline-block {
+  display: inline-block;
+}
+
+.inline {
+  display: inline;
+}
+
+.flex {
+  display: flex;
+}
+
+.inline-flex {
+  display: inline-flex;
+}
+
+.table {
+  display: table;
+}
+
+.grid {
+  display: grid;
+}
+
+.hidden {
+  display: none;
+}
+
+.h-1 {
+  height: 0.25rem;
+}
+
+.h-10 {
+  height: 2.5rem;
+}
+
+.h-12 {
+  height: 3rem;
+}
+
+.h-16 {
+  height: 4rem;
+}
+
+.h-2 {
+  height: 0.5rem;
+}
+
+.h-2\.5 {
+  height: 0.625rem;
+}
+
+.h-20 {
+  height: 5rem;
+}
+
+.h-3 {
+  height: 0.75rem;
+}
+
+.h-4 {
+  height: 1rem;
+}
+
+.h-5 {
+  height: 1.25rem;
+}
+
+.h-6 {
+  height: 1.5rem;
+}
+
+.h-64 {
+  height: 16rem;
+}
+
+.h-8 {
+  height: 2rem;
+}
+
+.h-80 {
+  height: 20rem;
+}
+
+.h-9 {
+  height: 2.25rem;
+}
+
+.h-\[calc\(100vh-300px\)\] {
+  height: calc(100vh - 300px);
+}
+
+.h-full {
+  height: 100%;
+}
+
+.h-px {
+  height: 1px;
+}
+
+.max-h-32 {
+  max-height: 8rem;
+}
+
+.max-h-\[90vh\] {
+  max-height: 90vh;
+}
+
+.min-h-\[250px\] {
+  min-height: 250px;
+}
+
+.min-h-\[600px\] {
+  min-height: 600px;
+}
+
+.min-h-screen {
+  min-height: 100vh;
+}
+
+.w-1 {
+  width: 0.25rem;
+}
+
+.w-1\.5 {
+  width: 0.375rem;
+}
+
+.w-1\/2 {
+  width: 50%;
+}
+
+.w-1\/3 {
+  width: 33.333333%;
+}
+
+.w-1\/4 {
+  width: 25%;
+}
+
+.w-10 {
+  width: 2.5rem;
+}
+
+.w-12 {
+  width: 3rem;
+}
+
+.w-16 {
+  width: 4rem;
+}
+
+.w-2 {
+  width: 0.5rem;
+}
+
+.w-20 {
+  width: 5rem;
+}
+
+.w-24 {
+  width: 6rem;
+}
+
+.w-28 {
+  width: 7rem;
+}
+
+.w-3 {
+  width: 0.75rem;
+}
+
+.w-3\/4 {
+  width: 75%;
+}
+
+.w-4 {
+  width: 1rem;
+}
+
+.w-40 {
+  width: 10rem;
+}
+
+.w-48 {
+  width: 12rem;
+}
+
+.w-5 {
+  width: 1.25rem;
+}
+
+.w-6 {
+  width: 1.5rem;
+}
+
+.w-64 {
+  width: 16rem;
+}
+
+.w-8 {
+  width: 2rem;
+}
+
+.w-96 {
+  width: 24rem;
+}
+
+.w-full {
+  width: 100%;
+}
+
+.w-screen {
+  width: 100vw;
+}
+
+.min-w-0 {
+  min-width: 0px;
+}
+
+.min-w-\[220px\] {
+  min-width: 220px;
+}
+
+.min-w-full {
+  min-width: 100%;
+}
+
+.max-w-2xl {
+  max-width: 42rem;
+}
+
+.max-w-7xl {
+  max-width: 80rem;
+}
+
+.max-w-lg {
+  max-width: 32rem;
+}
+
+.max-w-md {
+  max-width: 28rem;
+}
+
+.max-w-screen-2xl {
+  max-width: 1536px;
+}
+
+.max-w-screen-xl {
+  max-width: 1280px;
+}
+
+.max-w-xl {
+  max-width: 36rem;
+}
+
+.flex-1 {
+  flex: 1 1 0%;
+}
+
+.flex-shrink-0 {
+  flex-shrink: 0;
+}
+
+.flex-grow {
+  flex-grow: 1;
+}
+
+.origin-top-right {
+  transform-origin: top right;
+}
+
+.rotate-180 {
+  --tw-rotate: 180deg;
+  transform: translate(var(--tw-translate-x), var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));
+}
+
+.transform {
+  transform: translate(var(--tw-translate-x), var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));
+}
+
+@keyframes pulse {
+  50% {
+    opacity: .5;
+  }
+}
+
+.animate-pulse {
+  animation: pulse 2s cubic-bezier(0.4, 0, 0.6, 1) infinite;
+}
+
+@keyframes spin {
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+.animate-spin {
+  animation: spin 1s linear infinite;
+}
+
+@keyframes spin-ccw {
+  from {
+    transform: rotate(0deg);
+  }
+
+  to {
+    transform: rotate(-360deg);
+  }
+}
+
+.animate-spin-ccw {
+  animation: spin-ccw 1s linear infinite;
+}
+
+.cursor-not-allowed {
+  cursor: not-allowed;
+}
+
+.cursor-pointer {
+  cursor: pointer;
+}
+
+.list-inside {
+  list-style-position: inside;
+}
+
+.list-decimal {
+  list-style-type: decimal;
+}
+
+.list-disc {
+  list-style-type: disc;
+}
+
+.list-none {
+  list-style-type: none;
+}
+
+.grid-cols-1 {
+  grid-template-columns: repeat(1, minmax(0, 1fr));
+}
+
+.grid-cols-2 {
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+
+.grid-cols-4 {
+  grid-template-columns: repeat(4, minmax(0, 1fr));
+}
+
+.grid-cols-6 {
+  grid-template-columns: repeat(6, minmax(0, 1fr));
+}
+
+.grid-cols-7 {
+  grid-template-columns: repeat(7, minmax(0, 1fr));
+}
+
+.flex-col {
+  flex-direction: column;
+}
+
+.flex-wrap {
+  flex-wrap: wrap;
+}
+
+.content-start {
+  align-content: flex-start;
+}
+
+.items-start {
+  align-items: flex-start;
+}
+
+.items-end {
+  align-items: flex-end;
+}
+
+.items-center {
+  align-items: center;
+}
+
+.justify-start {
+  justify-content: flex-start;
+}
+
+.justify-end {
+  justify-content: flex-end;
+}
+
+.justify-center {
+  justify-content: center;
+}
+
+.justify-between {
+  justify-content: space-between;
+}
+
+.gap-1 {
+  gap: 0.25rem;
+}
+
+.gap-2 {
+  gap: 0.5rem;
+}
+
+.gap-3 {
+  gap: 0.75rem;
+}
+
+.gap-4 {
+  gap: 1rem;
+}
+
+.gap-6 {
+  gap: 1.5rem;
+}
+
+.space-x-1 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-x-reverse: 0;
+  margin-right: calc(0.25rem * var(--tw-space-x-reverse));
+  margin-left: calc(0.25rem * calc(1 - var(--tw-space-x-reverse)));
+}
+
+.space-x-2 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-x-reverse: 0;
+  margin-right: calc(0.5rem * var(--tw-space-x-reverse));
+  margin-left: calc(0.5rem * calc(1 - var(--tw-space-x-reverse)));
+}
+
+.space-x-3 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-x-reverse: 0;
+  margin-right: calc(0.75rem * var(--tw-space-x-reverse));
+  margin-left: calc(0.75rem * calc(1 - var(--tw-space-x-reverse)));
+}
+
+.space-x-4 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-x-reverse: 0;
+  margin-right: calc(1rem * var(--tw-space-x-reverse));
+  margin-left: calc(1rem * calc(1 - var(--tw-space-x-reverse)));
+}
+
+.space-x-6 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-x-reverse: 0;
+  margin-right: calc(1.5rem * var(--tw-space-x-reverse));
+  margin-left: calc(1.5rem * calc(1 - var(--tw-space-x-reverse)));
+}
+
+.space-y-1 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-y-reverse: 0;
+  margin-top: calc(0.25rem * calc(1 - var(--tw-space-y-reverse)));
+  margin-bottom: calc(0.25rem * var(--tw-space-y-reverse));
+}
+
+.space-y-2 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-y-reverse: 0;
+  margin-top: calc(0.5rem * calc(1 - var(--tw-space-y-reverse)));
+  margin-bottom: calc(0.5rem * var(--tw-space-y-reverse));
+}
+
+.space-y-3 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-y-reverse: 0;
+  margin-top: calc(0.75rem * calc(1 - var(--tw-space-y-reverse)));
+  margin-bottom: calc(0.75rem * var(--tw-space-y-reverse));
+}
+
+.space-y-4 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-y-reverse: 0;
+  margin-top: calc(1rem * calc(1 - var(--tw-space-y-reverse)));
+  margin-bottom: calc(1rem * var(--tw-space-y-reverse));
+}
+
+.space-y-6 > :not([hidden]) ~ :not([hidden]) {
+  --tw-space-y-reverse: 0;
+  margin-top: calc(1.5rem * calc(1 - var(--tw-space-y-reverse)));
+  margin-bottom: calc(1.5rem * var(--tw-space-y-reverse));
+}
+
+.divide-y > :not([hidden]) ~ :not([hidden]) {
+  --tw-divide-y-reverse: 0;
+  border-top-width: calc(1px * calc(1 - var(--tw-divide-y-reverse)));
+  border-bottom-width: calc(1px * var(--tw-divide-y-reverse));
+}
+
+.divide-gray-100 > :not([hidden]) ~ :not([hidden]) {
+  --tw-divide-opacity: 1;
+  border-color: rgb(243 244 246 / var(--tw-divide-opacity));
+}
+
+.divide-gray-200 > :not([hidden]) ~ :not([hidden]) {
+  --tw-divide-opacity: 1;
+  border-color: rgb(229 231 235 / var(--tw-divide-opacity));
+}
+
+.self-center {
+  align-self: center;
+}
+
+.overflow-auto {
+  overflow: auto;
+}
+
+.overflow-hidden {
+  overflow: hidden;
+}
+
+.overflow-x-auto {
+  overflow-x: auto;
+}
+
+.overflow-y-auto {
+  overflow-y: auto;
+}
+
+.overscroll-y-auto {
+  overscroll-behavior-y: auto;
+}
+
+.truncate {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.whitespace-nowrap {
+  white-space: nowrap;
+}
+
+.whitespace-pre-line {
+  white-space: pre-line;
+}
+
+.break-words {
+  overflow-wrap: break-word;
+}
+
+.break-all {
+  word-break: break-all;
+}
+
+.rounded {
+  border-radius: 0.25rem;
+}
+
+.rounded-2xl {
+  border-radius: 1rem;
+}
+
+.rounded-full {
+  border-radius: 9999px;
+}
+
+.rounded-lg {
+  border-radius: 0.5rem;
+}
+
+.rounded-md {
+  border-radius: 0.375rem;
+}
+
+.rounded-b-lg {
+  border-bottom-right-radius: 0.5rem;
+  border-bottom-left-radius: 0.5rem;
+}
+
+.rounded-l-lg {
+  border-top-left-radius: 0.5rem;
+  border-bottom-left-radius: 0.5rem;
+}
+
+.rounded-r-lg {
+  border-top-right-radius: 0.5rem;
+  border-bottom-right-radius: 0.5rem;
+}
+
+.border {
+  border-width: 1px;
+}
+
+.border-0 {
+  border-width: 0px;
+}
+
+.border-2 {
+  border-width: 2px;
+}
+
+.border-b {
+  border-bottom-width: 1px;
+}
+
+.border-b-2 {
+  border-bottom-width: 2px;
+}
+
+.border-l {
+  border-left-width: 1px;
+}
+
+.border-l-0 {
+  border-left-width: 0px;
+}
+
+.border-l-4 {
+  border-left-width: 4px;
+}
+
+.border-r-0 {
+  border-right-width: 0px;
+}
+
+.border-t {
+  border-top-width: 1px;
+}
+
+.border-t-2 {
+  border-top-width: 2px;
+}
+
+.border-amber-400 {
+  --tw-border-opacity: 1;
+  border-color: rgb(251 191 36 / var(--tw-border-opacity));
+}
+
+.border-blue-700 {
+  --tw-border-opacity: 1;
+  border-color: rgb(29 78 216 / var(--tw-border-opacity));
+}
+
+.border-gray-100 {
+  --tw-border-opacity: 1;
+  border-color: rgb(243 244 246 / var(--tw-border-opacity));
+}
+
+.border-gray-200 {
+  --tw-border-opacity: 1;
+  border-color: rgb(229 231 235 / var(--tw-border-opacity));
+}
+
+.border-gray-300 {
+  --tw-border-opacity: 1;
+  border-color: rgb(209 213 219 / var(--tw-border-opacity));
+}
+
+.border-green-500 {
+  --tw-border-opacity: 1;
+  border-color: rgb(34 197 94 / var(--tw-border-opacity));
+}
+
+.border-orange-200 {
+  --tw-border-opacity: 1;
+  border-color: rgb(254 215 170 / var(--tw-border-opacity));
+}
+
+.border-primary-100 {
+  --tw-border-opacity: 1;
+  border-color: rgb(253 222 133 / var(--tw-border-opacity));
+}
+
+.border-primary-200 {
+  --tw-border-opacity: 1;
+  border-color: rgb(251 203 116 / var(--tw-border-opacity));
+}
+
+.border-primary-300 {
+  --tw-border-opacity: 1;
+  border-color: rgb(248 185 99 / var(--tw-border-opacity));
+}
+
+.border-primary-500 {
+  --tw-border-opacity: 1;
+  border-color: rgb(244 149 65 / var(--tw-border-opacity));
+}
+
+.border-primary-600 {
+  --tw-border-opacity: 1;
+  border-color: rgb(214 131 56 / var(--tw-border-opacity));
+}
+
+.border-red-500 {
+  --tw-border-opacity: 1;
+  border-color: rgb(239 68 68 / var(--tw-border-opacity));
+}
+
+.border-yellow-200 {
+  --tw-border-opacity: 1;
+  border-color: rgb(254 240 138 / var(--tw-border-opacity));
+}
+
+.bg-amber-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 243 199 / var(--tw-bg-opacity));
+}
+
+.bg-amber-400 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(251 191 36 / var(--tw-bg-opacity));
+}
+
+.bg-amber-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 251 235 / var(--tw-bg-opacity));
+}
+
+.bg-blue-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(219 234 254 / var(--tw-bg-opacity));
+}
+
+.bg-blue-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(239 246 255 / var(--tw-bg-opacity));
+}
+
+.bg-blue-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(59 130 246 / var(--tw-bg-opacity));
+}
+
+.bg-blue-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(37 99 235 / var(--tw-bg-opacity));
+}
+
+.bg-blue-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(29 78 216 / var(--tw-bg-opacity));
+}
+
+.bg-gray-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(243 244 246 / var(--tw-bg-opacity));
+}
+
+.bg-gray-200 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(229 231 235 / var(--tw-bg-opacity));
+}
+
+.bg-gray-300 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(209 213 219 / var(--tw-bg-opacity));
+}
+
+.bg-gray-400 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(156 163 175 / var(--tw-bg-opacity));
+}
+
+.bg-gray-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(249 250 251 / var(--tw-bg-opacity));
+}
+
+.bg-gray-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(107 114 128 / var(--tw-bg-opacity));
+}
+
+.bg-gray-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(75 85 99 / var(--tw-bg-opacity));
+}
+
+.bg-gray-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(55 65 81 / var(--tw-bg-opacity));
+}
+
+.bg-green-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(220 252 231 / var(--tw-bg-opacity));
+}
+
+.bg-green-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(240 253 244 / var(--tw-bg-opacity));
+}
+
+.bg-green-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(22 163 74 / var(--tw-bg-opacity));
+}
+
+.bg-green-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(21 128 61 / var(--tw-bg-opacity));
+}
+
+.bg-indigo-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(238 242 255 / var(--tw-bg-opacity));
+}
+
+.bg-orange-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 247 237 / var(--tw-bg-opacity));
+}
+
+.bg-orange-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(249 115 22 / var(--tw-bg-opacity));
+}
+
+.bg-primary-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(253 222 133 / var(--tw-bg-opacity));
+}
+
+.bg-primary-300 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(248 185 99 / var(--tw-bg-opacity));
+}
+
+.bg-primary-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 224 150 / var(--tw-bg-opacity));
+}
+
+.bg-primary-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(244 149 65 / var(--tw-bg-opacity));
+}
+
+.bg-primary-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(214 131 56 / var(--tw-bg-opacity));
+}
+
+.bg-primary-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(184 112 47 / var(--tw-bg-opacity));
+}
+
+.bg-red-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 226 226 / var(--tw-bg-opacity));
+}
+
+.bg-red-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 242 242 / var(--tw-bg-opacity));
+}
+
+.bg-red-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(239 68 68 / var(--tw-bg-opacity));
+}
+
+.bg-red-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(220 38 38 / var(--tw-bg-opacity));
+}
+
+.bg-red-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(185 28 28 / var(--tw-bg-opacity));
+}
+
+.bg-transparent {
+  background-color: transparent;
+}
+
+.bg-white {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 255 255 / var(--tw-bg-opacity));
+}
+
+.bg-yellow-50 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 252 232 / var(--tw-bg-opacity));
+}
+
+.bg-yellow-500 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(234 179 8 / var(--tw-bg-opacity));
+}
+
+.bg-opacity-50 {
+  --tw-bg-opacity: 0.5;
+}
+
+.bg-opacity-75 {
+  --tw-bg-opacity: 0.75;
+}
+
+.bg-gradient-to-r {
+  background-image: linear-gradient(to right, var(--tw-gradient-stops));
+}
+
+.from-primary-500 {
+  --tw-gradient-from: #f49541 var(--tw-gradient-from-position);
+  --tw-gradient-to: rgb(244 149 65 / 0) var(--tw-gradient-to-position);
+  --tw-gradient-stops: var(--tw-gradient-from), var(--tw-gradient-to);
+}
+
+.to-primary-600 {
+  --tw-gradient-to: #d68338 var(--tw-gradient-to-position);
+}
+
+.fill-primary-600 {
+  fill: #d68338;
+}
+
+.object-contain {
+  -o-object-fit: contain;
+     object-fit: contain;
+}
+
+.\!p-0 {
+  padding: 0px !important;
+}
+
+.p-2 {
+  padding: 0.5rem;
+}
+
+.p-2\.5 {
+  padding: 0.625rem;
+}
+
+.p-3 {
+  padding: 0.75rem;
+}
+
+.p-4 {
+  padding: 1rem;
+}
+
+.p-5 {
+  padding: 1.25rem;
+}
+
+.p-6 {
+  padding: 1.5rem;
+}
+
+.p-8 {
+  padding: 2rem;
+}
+
+.px-2 {
+  padding-left: 0.5rem;
+  padding-right: 0.5rem;
+}
+
+.px-3 {
+  padding-left: 0.75rem;
+  padding-right: 0.75rem;
+}
+
+.px-4 {
+  padding-left: 1rem;
+  padding-right: 1rem;
+}
+
+.px-5 {
+  padding-left: 1.25rem;
+  padding-right: 1.25rem;
+}
+
+.px-6 {
+  padding-left: 1.5rem;
+  padding-right: 1.5rem;
+}
+
+.px-7 {
+  padding-left: 1.75rem;
+  padding-right: 1.75rem;
+}
+
+.py-0 {
+  padding-top: 0px;
+  padding-bottom: 0px;
+}
+
+.py-0\.5 {
+  padding-top: 0.125rem;
+  padding-bottom: 0.125rem;
+}
+
+.py-1 {
+  padding-top: 0.25rem;
+  padding-bottom: 0.25rem;
+}
+
+.py-2 {
+  padding-top: 0.5rem;
+  padding-bottom: 0.5rem;
+}
+
+.py-2\.5 {
+  padding-top: 0.625rem;
+  padding-bottom: 0.625rem;
+}
+
+.py-3 {
+  padding-top: 0.75rem;
+  padding-bottom: 0.75rem;
+}
+
+.py-4 {
+  padding-top: 1rem;
+  padding-bottom: 1rem;
+}
+
+.py-6 {
+  padding-top: 1.5rem;
+  padding-bottom: 1.5rem;
+}
+
+.pb-28 {
+  padding-bottom: 7rem;
+}
+
+.pb-8 {
+  padding-bottom: 2rem;
+}
+
+.pe-3 {
+  padding-inline-end: 0.75rem;
+}
+
+.pl-2 {
+  padding-left: 0.5rem;
+}
+
+.pr-10 {
+  padding-right: 2.5rem;
+}
+
+.pr-16 {
+  padding-right: 4rem;
+}
+
+.pr-20 {
+  padding-right: 5rem;
+}
+
+.pr-3 {
+  padding-right: 0.75rem;
+}
+
+.ps-3 {
+  padding-inline-start: 0.75rem;
+}
+
+.pt-16 {
+  padding-top: 4rem;
+}
+
+.pt-2 {
+  padding-top: 0.5rem;
+}
+
+.pt-4 {
+  padding-top: 1rem;
+}
+
+.pt-6 {
+  padding-top: 1.5rem;
+}
+
+.pt-8 {
+  padding-top: 2rem;
+}
+
+.text-left {
+  text-align: left;
+}
+
+.text-center {
+  text-align: center;
+}
+
+.text-start {
+  text-align: start;
+}
+
+.align-top {
+  vertical-align: top;
+}
+
+.align-middle {
+  vertical-align: middle;
+}
+
+.font-mono {
+  font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, Liberation Mono, Courier New, monospace;
+}
+
+.text-2xl {
+  font-size: 1.5rem;
+  line-height: 2rem;
+}
+
+.text-3xl {
+  font-size: 1.875rem;
+  line-height: 2.25rem;
+}
+
+.text-4xl {
+  font-size: 2.25rem;
+  line-height: 2.5rem;
+}
+
+.text-5xl {
+  font-size: 3rem;
+  line-height: 1;
+}
+
+.text-\[10px\] {
+  font-size: 10px;
+}
+
+.text-base {
+  font-size: 1rem;
+  line-height: 1.5rem;
+}
+
+.text-lg {
+  font-size: 1.125rem;
+  line-height: 1.75rem;
+}
+
+.text-sm {
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+}
+
+.text-xl {
+  font-size: 1.25rem;
+  line-height: 1.75rem;
+}
+
+.text-xs {
+  font-size: 0.75rem;
+  line-height: 1rem;
+}
+
+.font-bold {
+  font-weight: 700;
+}
+
+.font-light {
+  font-weight: 300;
+}
+
+.font-medium {
+  font-weight: 500;
+}
+
+.font-normal {
+  font-weight: 400;
+}
+
+.font-semibold {
+  font-weight: 600;
+}
+
+.uppercase {
+  text-transform: uppercase;
+}
+
+.italic {
+  font-style: italic;
+}
+
+.leading-6 {
+  line-height: 1.5rem;
+}
+
+.leading-9 {
+  line-height: 2.25rem;
+}
+
+.tracking-wider {
+  letter-spacing: 0.05em;
+}
+
+.text-amber-600 {
+  --tw-text-opacity: 1;
+  color: rgb(217 119 6 / var(--tw-text-opacity));
+}
+
+.text-amber-700 {
+  --tw-text-opacity: 1;
+  color: rgb(180 83 9 / var(--tw-text-opacity));
+}
+
+.text-blue-500 {
+  --tw-text-opacity: 1;
+  color: rgb(59 130 246 / var(--tw-text-opacity));
+}
+
+.text-blue-600 {
+  --tw-text-opacity: 1;
+  color: rgb(37 99 235 / var(--tw-text-opacity));
+}
+
+.text-blue-700 {
+  --tw-text-opacity: 1;
+  color: rgb(29 78 216 / var(--tw-text-opacity));
+}
+
+.text-blue-800 {
+  --tw-text-opacity: 1;
+  color: rgb(30 64 175 / var(--tw-text-opacity));
+}
+
+.text-gray-200 {
+  --tw-text-opacity: 1;
+  color: rgb(229 231 235 / var(--tw-text-opacity));
+}
+
+.text-gray-300 {
+  --tw-text-opacity: 1;
+  color: rgb(209 213 219 / var(--tw-text-opacity));
+}
+
+.text-gray-400 {
+  --tw-text-opacity: 1;
+  color: rgb(156 163 175 / var(--tw-text-opacity));
+}
+
+.text-gray-500 {
+  --tw-text-opacity: 1;
+  color: rgb(107 114 128 / var(--tw-text-opacity));
+}
+
+.text-gray-600 {
+  --tw-text-opacity: 1;
+  color: rgb(75 85 99 / var(--tw-text-opacity));
+}
+
+.text-gray-700 {
+  --tw-text-opacity: 1;
+  color: rgb(55 65 81 / var(--tw-text-opacity));
+}
+
+.text-gray-800 {
+  --tw-text-opacity: 1;
+  color: rgb(31 41 55 / var(--tw-text-opacity));
+}
+
+.text-gray-900 {
+  --tw-text-opacity: 1;
+  color: rgb(17 24 39 / var(--tw-text-opacity));
+}
+
+.text-green-500 {
+  --tw-text-opacity: 1;
+  color: rgb(34 197 94 / var(--tw-text-opacity));
+}
+
+.text-green-600 {
+  --tw-text-opacity: 1;
+  color: rgb(22 163 74 / var(--tw-text-opacity));
+}
+
+.text-green-800 {
+  --tw-text-opacity: 1;
+  color: rgb(22 101 52 / var(--tw-text-opacity));
+}
+
+.text-indigo-600 {
+  --tw-text-opacity: 1;
+  color: rgb(79 70 229 / var(--tw-text-opacity));
+}
+
+.text-indigo-700 {
+  --tw-text-opacity: 1;
+  color: rgb(67 56 202 / var(--tw-text-opacity));
+}
+
+.text-orange-800 {
+  --tw-text-opacity: 1;
+  color: rgb(154 52 18 / var(--tw-text-opacity));
+}
+
+.text-primary-500 {
+  --tw-text-opacity: 1;
+  color: rgb(244 149 65 / var(--tw-text-opacity));
+}
+
+.text-primary-600 {
+  --tw-text-opacity: 1;
+  color: rgb(214 131 56 / var(--tw-text-opacity));
+}
+
+.text-primary-700 {
+  --tw-text-opacity: 1;
+  color: rgb(184 112 47 / var(--tw-text-opacity));
+}
+
+.text-primary-800 {
+  --tw-text-opacity: 1;
+  color: rgb(154 93 38 / var(--tw-text-opacity));
+}
+
+.text-red-500 {
+  --tw-text-opacity: 1;
+  color: rgb(239 68 68 / var(--tw-text-opacity));
+}
+
+.text-red-600 {
+  --tw-text-opacity: 1;
+  color: rgb(220 38 38 / var(--tw-text-opacity));
+}
+
+.text-red-700 {
+  --tw-text-opacity: 1;
+  color: rgb(185 28 28 / var(--tw-text-opacity));
+}
+
+.text-red-800 {
+  --tw-text-opacity: 1;
+  color: rgb(153 27 27 / var(--tw-text-opacity));
+}
+
+.text-white {
+  --tw-text-opacity: 1;
+  color: rgb(255 255 255 / var(--tw-text-opacity));
+}
+
+.text-yellow-600 {
+  --tw-text-opacity: 1;
+  color: rgb(202 138 4 / var(--tw-text-opacity));
+}
+
+.text-yellow-800 {
+  --tw-text-opacity: 1;
+  color: rgb(133 77 14 / var(--tw-text-opacity));
+}
+
+.underline {
+  text-decoration-line: underline;
+}
+
+.opacity-0 {
+  opacity: 0;
+}
+
+.opacity-100 {
+  opacity: 1;
+}
+
+.opacity-25 {
+  opacity: 0.25;
+}
+
+.opacity-50 {
+  opacity: 0.5;
+}
+
+.opacity-75 {
+  opacity: 0.75;
+}
+
+.shadow {
+  --tw-shadow: 0 1px 3px 0 rgb(0 0 0 / 0.1), 0 1px 2px -1px rgb(0 0 0 / 0.1);
+  --tw-shadow-colored: 0 1px 3px 0 var(--tw-shadow-color), 0 1px 2px -1px var(--tw-shadow-color);
+  box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+}
+
+.shadow-lg {
+  --tw-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
+  --tw-shadow-colored: 0 10px 15px -3px var(--tw-shadow-color), 0 4px 6px -4px var(--tw-shadow-color);
+  box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+}
+
+.shadow-sm {
+  --tw-shadow: 0 1px 2px 0 rgb(0 0 0 / 0.05);
+  --tw-shadow-colored: 0 1px 2px 0 var(--tw-shadow-color);
+  box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+}
+
+.shadow-xl {
+  --tw-shadow: 0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1);
+  --tw-shadow-colored: 0 20px 25px -5px var(--tw-shadow-color), 0 8px 10px -6px var(--tw-shadow-color);
+  box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+}
+
+.outline-0 {
+  outline-width: 0px;
+}
+
+.ring-1 {
+  --tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);
+  --tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color);
+  box-shadow: var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow, 0 0 #0000);
+}
+
+.ring-black {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(0 0 0 / var(--tw-ring-opacity));
+}
+
+.ring-opacity-5 {
+  --tw-ring-opacity: 0.05;
+}
+
+.filter {
+  filter: var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow);
+}
+
+.transition {
+  transition-property: color, background-color, border-color, text-decoration-color, fill, stroke, opacity, box-shadow, transform, filter, -webkit-backdrop-filter;
+  transition-property: color, background-color, border-color, text-decoration-color, fill, stroke, opacity, box-shadow, transform, filter, backdrop-filter;
+  transition-property: color, background-color, border-color, text-decoration-color, fill, stroke, opacity, box-shadow, transform, filter, backdrop-filter, -webkit-backdrop-filter;
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+  transition-duration: 150ms;
+}
+
+.transition-all {
+  transition-property: all;
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+  transition-duration: 150ms;
+}
+
+.transition-colors {
+  transition-property: color, background-color, border-color, text-decoration-color, fill, stroke;
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+  transition-duration: 150ms;
+}
+
+.transition-opacity {
+  transition-property: opacity;
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+  transition-duration: 150ms;
+}
+
+.transition-transform {
+  transition-property: transform;
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+  transition-duration: 150ms;
+}
+
+.duration-100 {
+  transition-duration: 100ms;
+}
+
+.duration-150 {
+  transition-duration: 150ms;
+}
+
+.duration-200 {
+  transition-duration: 200ms;
+}
+
+.duration-300 {
+  transition-duration: 300ms;
+}
+
+.ease-in-out {
+  transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+}
+
+.ease-linear {
+  transition-timing-function: linear;
+}
+
+.file\:mr-4::file-selector-button {
+  margin-right: 1rem;
+}
+
+.file\:rounded-lg::file-selector-button {
+  border-radius: 0.5rem;
+}
+
+.file\:border-0::file-selector-button {
+  border-width: 0px;
+}
+
+.file\:bg-primary-50::file-selector-button {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 224 150 / var(--tw-bg-opacity));
+}
+
+.file\:px-4::file-selector-button {
+  padding-left: 1rem;
+  padding-right: 1rem;
+}
+
+.file\:py-2::file-selector-button {
+  padding-top: 0.5rem;
+  padding-bottom: 0.5rem;
+}
+
+.file\:text-sm::file-selector-button {
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+}
+
+.file\:font-semibold::file-selector-button {
+  font-weight: 600;
+}
+
+.file\:text-primary-700::file-selector-button {
+  --tw-text-opacity: 1;
+  color: rgb(184 112 47 / var(--tw-text-opacity));
+}
+
+.hover\:scale-105:hover {
+  --tw-scale-x: 1.05;
+  --tw-scale-y: 1.05;
+  transform: translate(var(--tw-translate-x), var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));
+}
+
+.hover\:bg-blue-600:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(37 99 235 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-blue-700:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(29 78 216 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-blue-800:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(30 64 175 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-100:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(243 244 246 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-200:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(229 231 235 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-300:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(209 213 219 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-400:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(156 163 175 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-50:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(249 250 251 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-gray-800:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(31 41 55 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-green-700:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(21 128 61 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-green-800:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(22 101 52 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-primary-100:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(253 222 133 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-primary-200:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(251 203 116 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-primary-600:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(214 131 56 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-primary-700:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(184 112 47 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-primary-800:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(154 93 38 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-red-600:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(220 38 38 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-red-700:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(185 28 28 / var(--tw-bg-opacity));
+}
+
+.hover\:bg-red-800:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(153 27 27 / var(--tw-bg-opacity));
+}
+
+.hover\:from-primary-600:hover {
+  --tw-gradient-from: #d68338 var(--tw-gradient-from-position);
+  --tw-gradient-to: rgb(214 131 56 / 0) var(--tw-gradient-to-position);
+  --tw-gradient-stops: var(--tw-gradient-from), var(--tw-gradient-to);
+}
+
+.hover\:to-primary-700:hover {
+  --tw-gradient-to: #b8702f var(--tw-gradient-to-position);
+}
+
+.hover\:text-amber-800:hover {
+  --tw-text-opacity: 1;
+  color: rgb(146 64 14 / var(--tw-text-opacity));
+}
+
+.hover\:text-blue-700:hover {
+  --tw-text-opacity: 1;
+  color: rgb(29 78 216 / var(--tw-text-opacity));
+}
+
+.hover\:text-blue-800:hover {
+  --tw-text-opacity: 1;
+  color: rgb(30 64 175 / var(--tw-text-opacity));
+}
+
+.hover\:text-gray-500:hover {
+  --tw-text-opacity: 1;
+  color: rgb(107 114 128 / var(--tw-text-opacity));
+}
+
+.hover\:text-gray-700:hover {
+  --tw-text-opacity: 1;
+  color: rgb(55 65 81 / var(--tw-text-opacity));
+}
+
+.hover\:text-gray-800:hover {
+  --tw-text-opacity: 1;
+  color: rgb(31 41 55 / var(--tw-text-opacity));
+}
+
+.hover\:text-gray-900:hover {
+  --tw-text-opacity: 1;
+  color: rgb(17 24 39 / var(--tw-text-opacity));
+}
+
+.hover\:text-primary-600:hover {
+  --tw-text-opacity: 1;
+  color: rgb(214 131 56 / var(--tw-text-opacity));
+}
+
+.hover\:text-primary-700:hover {
+  --tw-text-opacity: 1;
+  color: rgb(184 112 47 / var(--tw-text-opacity));
+}
+
+.hover\:text-red-200:hover {
+  --tw-text-opacity: 1;
+  color: rgb(254 202 202 / var(--tw-text-opacity));
+}
+
+.hover\:text-red-700:hover {
+  --tw-text-opacity: 1;
+  color: rgb(185 28 28 / var(--tw-text-opacity));
+}
+
+.hover\:text-red-800:hover {
+  --tw-text-opacity: 1;
+  color: rgb(153 27 27 / var(--tw-text-opacity));
+}
+
+.hover\:text-white:hover {
+  --tw-text-opacity: 1;
+  color: rgb(255 255 255 / var(--tw-text-opacity));
+}
+
+.hover\:text-gray-200:hover {
+  --tw-text-opacity: 1;
+  color: rgb(229 231 235 / var(--tw-text-opacity));
+}
+
+.hover\:underline:hover {
+  text-decoration-line: underline;
+}
+
+.hover\:file\:bg-primary-100::file-selector-button:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(253 222 133 / var(--tw-bg-opacity));
+}
+
+.focus\:border-blue-500:focus {
+  --tw-border-opacity: 1;
+  border-color: rgb(59 130 246 / var(--tw-border-opacity));
+}
+
+.focus\:border-primary-500:focus {
+  --tw-border-opacity: 1;
+  border-color: rgb(244 149 65 / var(--tw-border-opacity));
+}
+
+.focus\:border-primary-600:focus {
+  --tw-border-opacity: 1;
+  border-color: rgb(214 131 56 / var(--tw-border-opacity));
+}
+
+.focus\:outline-none:focus {
+  outline: 2px solid transparent;
+  outline-offset: 2px;
+}
+
+.focus\:ring-2:focus {
+  --tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);
+  --tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);
+  box-shadow: var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow, 0 0 #0000);
+}
+
+.focus\:ring-4:focus {
+  --tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);
+  --tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(4px + var(--tw-ring-offset-width)) var(--tw-ring-color);
+  box-shadow: var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow, 0 0 #0000);
+}
+
+.focus\:ring-blue-300:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(147 197 253 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-blue-500:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(59 130 246 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-gray-100:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(243 244 246 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-gray-300:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(209 213 219 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-gray-400:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(156 163 175 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-gray-500:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(107 114 128 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-green-300:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(134 239 172 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-indigo-500:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(99 102 241 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-primary-200:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(251 203 116 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-primary-300:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(248 185 99 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-primary-500:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(244 149 65 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-primary-600:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(214 131 56 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-red-300:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(252 165 165 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-red-500:focus {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(239 68 68 / var(--tw-ring-opacity));
+}
+
+.focus\:ring-offset-2:focus {
+  --tw-ring-offset-width: 2px;
+}
+
+.active\:scale-95:active {
+  --tw-scale-x: .95;
+  --tw-scale-y: .95;
+  transform: translate(var(--tw-translate-x), var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));
+}
+
+.disabled\:cursor-not-allowed:disabled {
+  cursor: not-allowed;
+}
+
+.disabled\:opacity-50:disabled {
+  opacity: 0.5;
+}
+
+.dark\:divide-gray-600:is(.dark *) > :not([hidden]) ~ :not([hidden]) {
+  --tw-divide-opacity: 1;
+  border-color: rgb(75 85 99 / var(--tw-divide-opacity));
+}
+
+.dark\:divide-gray-700:is(.dark *) > :not([hidden]) ~ :not([hidden]) {
+  --tw-divide-opacity: 1;
+  border-color: rgb(55 65 81 / var(--tw-divide-opacity));
+}
+
+.dark\:border:is(.dark *) {
+  border-width: 1px;
+}
+
+.dark\:border-amber-500\/50:is(.dark *) {
+  border-color: rgb(245 158 11 / 0.5);
+}
+
+.dark\:border-blue-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(59 130 246 / var(--tw-border-opacity));
+}
+
+.dark\:border-gray-400:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(156 163 175 / var(--tw-border-opacity));
+}
+
+.dark\:border-gray-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(107 114 128 / var(--tw-border-opacity));
+}
+
+.dark\:border-gray-600:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(75 85 99 / var(--tw-border-opacity));
+}
+
+.dark\:border-gray-700:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(55 65 81 / var(--tw-border-opacity));
+}
+
+.dark\:border-green-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(34 197 94 / var(--tw-border-opacity));
+}
+
+.dark\:border-orange-700:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(194 65 12 / var(--tw-border-opacity));
+}
+
+.dark\:border-primary-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(244 149 65 / var(--tw-border-opacity));
+}
+
+.dark\:border-primary-700:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(184 112 47 / var(--tw-border-opacity));
+}
+
+.dark\:border-primary-800:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(154 93 38 / var(--tw-border-opacity));
+}
+
+.dark\:border-red-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(239 68 68 / var(--tw-border-opacity));
+}
+
+.dark\:border-red-800:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(153 27 27 / var(--tw-border-opacity));
+}
+
+.dark\:border-yellow-500:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(234 179 8 / var(--tw-border-opacity));
+}
+
+.dark\:border-yellow-800:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(133 77 14 / var(--tw-border-opacity));
+}
+
+.dark\:bg-amber-800\/30:is(.dark *) {
+  background-color: rgb(146 64 14 / 0.3);
+}
+
+.dark\:bg-blue-400:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(96 165 250 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-blue-600:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(37 99 235 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-blue-800:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(30 64 175 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-blue-800\/30:is(.dark *) {
+  background-color: rgb(30 64 175 / 0.3);
+}
+
+.dark\:bg-blue-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(30 58 138 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-gray-500:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(107 114 128 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-gray-600:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(75 85 99 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-gray-700:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(55 65 81 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-gray-800:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(31 41 55 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-gray-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(17 24 39 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-green-600:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(22 163 74 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-green-800:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(22 101 52 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-indigo-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(49 46 129 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-orange-400:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(251 146 60 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-orange-900\/30:is(.dark *) {
+  background-color: rgb(124 45 18 / 0.3);
+}
+
+.dark\:bg-primary-500:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(244 149 65 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-primary-600:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(214 131 56 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-primary-700:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(184 112 47 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-primary-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(123 74 30 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-primary-900\/20:is(.dark *) {
+  background-color: rgb(123 74 30 / 0.2);
+}
+
+.dark\:bg-primary-900\/30:is(.dark *) {
+  background-color: rgb(123 74 30 / 0.3);
+}
+
+.dark\:bg-red-200:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 202 202 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-red-600:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(220 38 38 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-red-800:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(153 27 27 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-red-900:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(127 29 29 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-red-900\/20:is(.dark *) {
+  background-color: rgb(127 29 29 / 0.2);
+}
+
+.dark\:bg-yellow-800:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(133 77 14 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-yellow-900\/20:is(.dark *) {
+  background-color: rgb(113 63 18 / 0.2);
+}
+
+.dark\:bg-opacity-80:is(.dark *) {
+  --tw-bg-opacity: 0.8;
+}
+
+.dark\:from-primary-400:is(.dark *) {
+  --tw-gradient-from: #f6a752 var(--tw-gradient-from-position);
+  --tw-gradient-to: rgb(246 167 82 / 0) var(--tw-gradient-to-position);
+  --tw-gradient-stops: var(--tw-gradient-from), var(--tw-gradient-to);
+}
+
+.dark\:to-primary-500:is(.dark *) {
+  --tw-gradient-to: #f49541 var(--tw-gradient-to-position);
+}
+
+.dark\:text-amber-300:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(252 211 77 / var(--tw-text-opacity));
+}
+
+.dark\:text-amber-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(251 191 36 / var(--tw-text-opacity));
+}
+
+.dark\:text-blue-300:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(147 197 253 / var(--tw-text-opacity));
+}
+
+.dark\:text-blue-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(96 165 250 / var(--tw-text-opacity));
+}
+
+.dark\:text-blue-500:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(59 130 246 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-100:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(243 244 246 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-200:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(229 231 235 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-300:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(209 213 219 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(156 163 175 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-500:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(107 114 128 / var(--tw-text-opacity));
+}
+
+.dark\:text-gray-600:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(75 85 99 / var(--tw-text-opacity));
+}
+
+.dark\:text-green-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(74 222 128 / var(--tw-text-opacity));
+}
+
+.dark\:text-indigo-300:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(165 180 252 / var(--tw-text-opacity));
+}
+
+.dark\:text-indigo-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(129 140 248 / var(--tw-text-opacity));
+}
+
+.dark\:text-orange-200:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(254 215 170 / var(--tw-text-opacity));
+}
+
+.dark\:text-primary-200:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(251 203 116 / var(--tw-text-opacity));
+}
+
+.dark\:text-primary-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(246 167 82 / var(--tw-text-opacity));
+}
+
+.dark\:text-primary-500:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(244 149 65 / var(--tw-text-opacity));
+}
+
+.dark\:text-red-200:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(254 202 202 / var(--tw-text-opacity));
+}
+
+.dark\:text-red-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(248 113 113 / var(--tw-text-opacity));
+}
+
+.dark\:text-red-500:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(239 68 68 / var(--tw-text-opacity));
+}
+
+.dark\:text-red-800:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(153 27 27 / var(--tw-text-opacity));
+}
+
+.dark\:text-white:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(255 255 255 / var(--tw-text-opacity));
+}
+
+.dark\:text-yellow-200:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(254 240 138 / var(--tw-text-opacity));
+}
+
+.dark\:text-yellow-400:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(250 204 21 / var(--tw-text-opacity));
+}
+
+.dark\:placeholder-gray-400:is(.dark *)::-moz-placeholder {
+  --tw-placeholder-opacity: 1;
+  color: rgb(156 163 175 / var(--tw-placeholder-opacity));
+}
+
+.dark\:placeholder-gray-400:is(.dark *)::placeholder {
+  --tw-placeholder-opacity: 1;
+  color: rgb(156 163 175 / var(--tw-placeholder-opacity));
+}
+
+.dark\:ring-offset-gray-800:is(.dark *) {
+  --tw-ring-offset-color: #1f2937;
+}
+
+.dark\:file\:bg-primary-900\/40:is(.dark *)::file-selector-button {
+  background-color: rgb(123 74 30 / 0.4);
+}
+
+.dark\:file\:text-primary-300:is(.dark *)::file-selector-button {
+  --tw-text-opacity: 1;
+  color: rgb(248 185 99 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:bg-blue-500:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(59 130 246 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-blue-600:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(37 99 235 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-blue-700:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(29 78 216 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-gray-500:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(107 114 128 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-gray-600:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(75 85 99 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-gray-700:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(55 65 81 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-gray-800:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(31 41 55 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-green-700:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(21 128 61 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-primary-600:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(214 131 56 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-primary-700:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(184 112 47 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:bg-primary-900\/30:hover:is(.dark *) {
+  background-color: rgb(123 74 30 / 0.3);
+}
+
+.dark\:hover\:bg-red-700:hover:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(185 28 28 / var(--tw-bg-opacity));
+}
+
+.dark\:hover\:from-primary-500:hover:is(.dark *) {
+  --tw-gradient-from: #f49541 var(--tw-gradient-from-position);
+  --tw-gradient-to: rgb(244 149 65 / 0) var(--tw-gradient-to-position);
+  --tw-gradient-stops: var(--tw-gradient-from), var(--tw-gradient-to);
+}
+
+.dark\:hover\:to-primary-600:hover:is(.dark *) {
+  --tw-gradient-to: #d68338 var(--tw-gradient-to-position);
+}
+
+.dark\:hover\:text-amber-200:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(253 230 138 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-blue-200:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(191 219 254 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-blue-400:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(96 165 250 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-gray-100:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(243 244 246 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-gray-200:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(229 231 235 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-gray-300:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(209 213 219 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-primary-300:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(248 185 99 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-primary-400:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(246 167 82 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-primary-500:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(244 149 65 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-red-300:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(252 165 165 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-red-400:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(248 113 113 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:text-white:hover:is(.dark *) {
+  --tw-text-opacity: 1;
+  color: rgb(255 255 255 / var(--tw-text-opacity));
+}
+
+.dark\:hover\:file\:bg-primary-800\/60:is(.dark *)::file-selector-button:hover {
+  background-color: rgb(154 93 38 / 0.6);
+}
+
+.dark\:focus\:border-blue-500:focus:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(59 130 246 / var(--tw-border-opacity));
+}
+
+.dark\:focus\:border-primary-500:focus:is(.dark *) {
+  --tw-border-opacity: 1;
+  border-color: rgb(244 149 65 / var(--tw-border-opacity));
+}
+
+.dark\:focus\:ring-blue-400:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(96 165 250 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-blue-500:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(59 130 246 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-blue-600:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(37 99 235 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-blue-800:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(30 64 175 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-gray-600:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(75 85 99 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-gray-700:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(55 65 81 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-gray-800:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(31 41 55 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-green-800:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(22 101 52 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-primary-500:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(244 149 65 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-primary-600:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(214 131 56 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-primary-800:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(154 93 38 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-primary-900:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(123 74 30 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-red-800:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(153 27 27 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-red-900:focus:is(.dark *) {
+  --tw-ring-opacity: 1;
+  --tw-ring-color: rgb(127 29 29 / var(--tw-ring-opacity));
+}
+
+.dark\:focus\:ring-offset-gray-800:focus:is(.dark *) {
+  --tw-ring-offset-color: #1f2937;
+}
+
+@media (min-width: 640px) {
+  .sm\:-top-2 {
+    top: -0.5rem;
+  }
+
+  .sm\:left-auto {
+    left: auto;
+  }
+
+  .sm\:col-span-3 {
+    grid-column: span 3 / span 3;
+  }
+
+  .sm\:mb-0 {
+    margin-bottom: 0px;
+  }
+
+  .sm\:ml-1 {
+    margin-left: 0.25rem;
+  }
+
+  .sm\:mr-4 {
+    margin-right: 1rem;
+  }
+
+  .sm\:inline-block {
+    display: inline-block;
+  }
+
+  .sm\:flex {
+    display: flex;
+  }
+
+  .sm\:w-auto {
+    width: auto;
+  }
+
+  .sm\:w-full {
+    width: 100%;
+  }
+
+  .sm\:grid-cols-2 {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .sm\:grid-cols-3 {
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+  }
+
+  .sm\:flex-row {
+    flex-direction: row;
+  }
+
+  .sm\:items-center {
+    align-items: center;
+  }
+
+  .sm\:justify-between {
+    justify-content: space-between;
+  }
+
+  .sm\:rounded-lg {
+    border-radius: 0.5rem;
+  }
+
+  .sm\:p-6 {
+    padding: 1.5rem;
+  }
+
+  .sm\:p-8 {
+    padding: 2rem;
+  }
+
+  .sm\:text-2xl {
+    font-size: 1.5rem;
+    line-height: 2rem;
+  }
+
+  .sm\:text-sm {
+    font-size: 0.875rem;
+    line-height: 1.25rem;
+  }
+
+  .sm\:shadow-xl {
+    --tw-shadow: 0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1);
+    --tw-shadow-colored: 0 20px 25px -5px var(--tw-shadow-color), 0 8px 10px -6px var(--tw-shadow-color);
+    box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+  }
+}
+
+@media (min-width: 768px) {
+  .md\:top-\[39px\] {
+    top: 39px;
+  }
+
+  .md\:col-span-1 {
+    grid-column: span 1 / span 1;
+  }
+
+  .md\:col-span-2 {
+    grid-column: span 2 / span 2;
+  }
+
+  .md\:ml-2 {
+    margin-left: 0.5rem;
+  }
+
+  .md\:block {
+    display: block;
+  }
+
+  .md\:inline {
+    display: inline;
+  }
+
+  .md\:hidden {
+    display: none;
+  }
+
+  .md\:h-screen {
+    height: 100vh;
+  }
+
+  .md\:w-64 {
+    width: 16rem;
+  }
+
+  .md\:min-w-\[32rem\] {
+    min-width: 32rem;
+  }
+
+  .md\:grid-cols-2 {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .md\:grid-cols-3 {
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+  }
+
+  .md\:grid-cols-4 {
+    grid-template-columns: repeat(4, minmax(0, 1fr));
+  }
+
+  .md\:grid-cols-5 {
+    grid-template-columns: repeat(5, minmax(0, 1fr));
+  }
+
+  .md\:gap-4 {
+    gap: 1rem;
+  }
+
+  .md\:space-x-2 > :not([hidden]) ~ :not([hidden]) {
+    --tw-space-x-reverse: 0;
+    margin-right: calc(0.5rem * var(--tw-space-x-reverse));
+    margin-left: calc(0.5rem * calc(1 - var(--tw-space-x-reverse)));
+  }
+}
+
+@media (min-width: 1024px) {
+  .lg\:fixed {
+    position: fixed;
+  }
+
+  .lg\:relative {
+    position: relative;
+  }
+
+  .lg\:order-1 {
+    order: 1;
+  }
+
+  .lg\:order-2 {
+    order: 2;
+  }
+
+  .lg\:col-span-1 {
+    grid-column: span 1 / span 1;
+  }
+
+  .lg\:col-span-2 {
+    grid-column: span 2 / span 2;
+  }
+
+  .lg\:mb-0 {
+    margin-bottom: 0px;
+  }
+
+  .lg\:mb-16 {
+    margin-bottom: 4rem;
+  }
+
+  .lg\:mr-8 {
+    margin-right: 2rem;
+  }
+
+  .lg\:ms-4 {
+    margin-inline-start: 1rem;
+  }
+
+  .lg\:mt-0 {
+    margin-top: 0px;
+  }
+
+  .lg\:mt-16 {
+    margin-top: 4rem;
+  }
+
+  .lg\:mt-8 {
+    margin-top: 2rem;
+  }
+
+  .lg\:block {
+    display: block;
+  }
+
+  .lg\:flex {
+    display: flex;
+  }
+
+  .lg\:hidden {
+    display: none;
+  }
+
+  .lg\:min-h-screen {
+    min-height: 100vh;
+  }
+
+  .lg\:w-1\/2 {
+    width: 50%;
+  }
+
+  .lg\:w-auto {
+    width: auto;
+  }
+
+  .lg\:max-w-4xl {
+    max-width: 56rem;
+  }
+
+  .lg\:max-w-xl {
+    max-width: 36rem;
+  }
+
+  .lg\:grid-cols-2 {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .lg\:grid-cols-3 {
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+  }
+
+  .lg\:flex-row {
+    flex-direction: row;
+  }
+
+  .lg\:items-center {
+    align-items: center;
+  }
+
+  .lg\:justify-center {
+    justify-content: center;
+  }
+
+  .lg\:gap-4 {
+    gap: 1rem;
+  }
+
+  .lg\:overflow-hidden {
+    overflow: hidden;
+  }
+
+  .lg\:rounded-lg {
+    border-radius: 0.5rem;
+  }
+
+  .lg\:border-0 {
+    border-width: 0px;
+  }
+
+  .lg\:bg-transparent {
+    background-color: transparent;
+  }
+
+  .lg\:bg-white {
+    --tw-bg-opacity: 1;
+    background-color: rgb(255 255 255 / var(--tw-bg-opacity));
+  }
+
+  .lg\:px-8 {
+    padding-left: 2rem;
+    padding-right: 2rem;
+  }
+
+  .lg\:py-12 {
+    padding-top: 3rem;
+    padding-bottom: 3rem;
+  }
+
+  .lg\:pb-4 {
+    padding-bottom: 1rem;
+  }
+
+  .lg\:pt-6 {
+    padding-top: 1.5rem;
+  }
+
+  .lg\:shadow-none {
+    --tw-shadow: 0 0 #0000;
+    --tw-shadow-colored: 0 0 #0000;
+    box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+  }
+
+  .lg\:shadow-xl {
+    --tw-shadow: 0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1);
+    --tw-shadow-colored: 0 20px 25px -5px var(--tw-shadow-color), 0 8px 10px -6px var(--tw-shadow-color);
+    box-shadow: var(--tw-ring-offset-shadow, 0 0 #0000), var(--tw-ring-shadow, 0 0 #0000), var(--tw-shadow);
+  }
+
+  .lg\:dark\:bg-gray-800:is(.dark *) {
+    --tw-bg-opacity: 1;
+    background-color: rgb(31 41 55 / var(--tw-bg-opacity));
+  }
+
+  .lg\:dark\:bg-transparent:is(.dark *) {
+    background-color: transparent;
+  }
+}
+
+@media (min-width: 1280px) {
+  .xl\:mb-2 {
+    margin-bottom: 0.5rem;
+  }
+
+  .xl\:mb-4 {
+    margin-bottom: 1rem;
+  }
+
+  .xl\:grid-cols-3 {
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+  }
+
+  .xl\:grid-cols-6 {
+    grid-template-columns: repeat(6, minmax(0, 1fr));
+  }
+
+  .xl\:gap-4 {
+    gap: 1rem;
+  }
+
+  .xl\:space-x-8 > :not([hidden]) ~ :not([hidden]) {
+    --tw-space-x-reverse: 0;
+    margin-right: calc(2rem * var(--tw-space-x-reverse));
+    margin-left: calc(2rem * calc(1 - var(--tw-space-x-reverse)));
+  }
+}
+
+@media (min-width: 1536px) {
+  .\32xl\:col-span-2 {
+    grid-column: span 2 / span 2;
+  }
+
+  .\32xl\:mb-0 {
+    margin-bottom: 0px;
+  }
+}
diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index ff6845906..d106f611d 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -162,7 +162,7 @@ ENV ALIASVAULT_VERBOSITY=0 \
     S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
     S6_VERBOSITY=0
 
-EXPOSE 80 25 587
+EXPOSE 80 443 25 587
 VOLUME ["/database", "/logs", "/secrets"]
 HEALTHCHECK --interval=30s --timeout=10s --start-period=90s --retries=3 \
     CMD curl -f http://localhost/api || exit 1
diff --git a/dockerfiles/all-in-one/config/nginx.conf b/dockerfiles/all-in-one/config/nginx.conf
index e469e51b3..bd7e5f719 100644
--- a/dockerfiles/all-in-one/config/nginx.conf
+++ b/dockerfiles/all-in-one/config/nginx.conf
@@ -109,4 +109,79 @@ http {
             error_page 502 503 504 =503 /status.html;
         }
     }
+
+    # HTTPS server
+    server {
+        listen 443 ssl;
+        server_name _;
+
+        # Include the appropriate SSL certificate configuration generated
+        # by the entrypoint script.
+        include /etc/nginx/ssl.conf;
+
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
+        # Root for static files
+        root /usr/share/nginx/html;
+
+        # Error page handler location (internal use only)
+        location = /status.html {
+            internal;
+            try_files /status.html =404;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+            add_header Pragma "no-cache";
+            add_header Expires "0";
+        }
+
+        # Admin interface
+        location /admin {
+            proxy_pass http://admin;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Prefix /admin/;
+
+            # Add WebSocket support for Blazor server
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 86400;
+
+            # Show status page if admin is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # API endpoints
+        location /api {
+            proxy_pass http://api;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if api is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # Client app (root path)
+        location / {
+            proxy_pass http://client;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if client is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+    }
 }
\ No newline at end of file
diff --git a/dockerfiles/all-in-one/s6-scripts/init/script b/dockerfiles/all-in-one/s6-scripts/init/script
index 3160295c1..6e028ffaf 100644
--- a/dockerfiles/all-in-one/s6-scripts/init/script
+++ b/dockerfiles/all-in-one/s6-scripts/init/script
@@ -154,6 +154,31 @@ else
     chmod 700 /database/postgres
 fi
 
+# Generate SSL certificates if needed
+if [ ! -f /certificates/ssl/cert.pem ] || [ ! -f /certificates/ssl/key.pem ]; then
+    log 0 ""
+    log 0 "[init] Generating SSL certificates..."
+    mkdir -p /certificates/ssl
+    if [ "$VERBOSITY" -ge 2 ]; then
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+            -keyout /certificates/ssl/key.pem \
+            -out /certificates/ssl/cert.pem \
+            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}"
+    else
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+            -keyout /certificates/ssl/key.pem \
+            -out /certificates/ssl/cert.pem \
+            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}" \
+            >/dev/null 2>&1
+    fi
+    chmod 600 /certificates/ssl/key.pem
+    chmod 644 /certificates/ssl/cert.pem
+    log 0 "[init] Self-signed SSL certificates generated"
+else
+    log 0 "[init] ✅ Self-signed SSL certificates already exist"
+fi
+
+
 echo ""
 echo "[init] Waiting for all services to be ready... this can take a short while..."
 echo ""
diff --git a/dockerfiles/all-in-one/s6-scripts/nginx/run b/dockerfiles/all-in-one/s6-scripts/nginx/run
index 5198bb4f7..761d645d2 100644
--- a/dockerfiles/all-in-one/s6-scripts/nginx/run
+++ b/dockerfiles/all-in-one/s6-scripts/nginx/run
@@ -3,7 +3,23 @@
 # Get verbosity level (0=minimal, 1=normal, 2=verbose)
 VERBOSITY="${ALIASVAULT_VERBOSITY:-0}"
 
-echo "Starting Nginx reverse proxy (HTTP-only mode)..."
+# Copy certificates to nginx directory (they were created during init)
+mkdir -p /etc/nginx/ssl
+cp /certificates/ssl/* /etc/nginx/ssl/ 2>/dev/null || true
+
+# Create SSL configuration file
+cat > /etc/nginx/ssl.conf << "SSLEOF"
+ssl_certificate /etc/nginx/ssl/cert.pem;
+ssl_certificate_key /etc/nginx/ssl/key.pem;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozTLS:10m;
+ssl_session_tickets off;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+SSLEOF
+
+echo "Starting Nginx reverse proxy..."
 
 # Set nginx error log level based on verbosity
 if [ "$VERBOSITY" -ge 2 ]; then

From f09cfecb132304adc3cc8bec7229474b3a72d69f Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Fri, 5 Sep 2025 20:21:49 +0200
Subject: [PATCH 05/33] Add HTTP warning for non-localhost hostnames (#1181)

---
 apps/server/AliasVault.Client/Main/Layout/Footer.razor      | 6 +++++-
 .../AliasVault.Client/Resources/Layout/Footer.en.resx       | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/server/AliasVault.Client/Main/Layout/Footer.razor b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
index a26688ffc..d535e624c 100644
--- a/apps/server/AliasVault.Client/Main/Layout/Footer.razor
+++ b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
@@ -95,11 +95,15 @@
 
     /// <summary>
     /// Checks if the current URL is using HTTP and shows warning if needed.
+    /// Only shows warning for non-localhost hostnames since browsers allow crypto operations on localhost via HTTP.
     /// </summary>
     private void CheckHttpProtocol(object? sender, LocationChangedEventArgs? e)
     {
         var uri = new Uri(NavigationManager.Uri);
-        _isHttpWarning = !_httpWarningDismissed && uri.Scheme == "http";
+        var isLocalhost = uri.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase) || 
+                         uri.Host.Equals("127.0.0.1", StringComparison.OrdinalIgnoreCase) ||
+                         uri.Host.Equals("::1", StringComparison.OrdinalIgnoreCase);
+        _isHttpWarning = !_httpWarningDismissed && uri.Scheme == "http" && !isLocalhost;
         StateHasChanged();
     }
 
diff --git a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
index 15dfbb1d4..7619df498 100644
--- a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
+++ b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
@@ -83,7 +83,7 @@
     <comment>Title for HTTPS warning banner</comment>
   </data>
   <data name="HttpsWarningMessage" xml:space="preserve">
-    <value>The AliasVault web app requires HTTPS for using browser crypto operations. Registering/logging in won't work over HTTP. Please switch to HTTPS and use a valid SSL certificate.</value>
+    <value>Browsers only allow secure crypto operations via HTTPS, except for localhost. Login/registration won't work over HTTP with the current hostname. Please switch to HTTPS.</value>
     <comment>Message explaining why HTTPS is required</comment>
   </data>
 </root>
\ No newline at end of file

From 77d49c52f0d6cf947e06877912ee79cf4f81e8c1 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sat, 6 Sep 2025 10:33:54 +0200
Subject: [PATCH 06/33] Self-host docs refactor (#1181)

---
 docs/index.md                                 |   2 +-
 docs/installation/docker/index.md             | 172 ++++++++++++++++++
 docs/installation/index.md                    |  62 ++++++-
 .../advanced/build-from-source.md             |   0
 .../{ => install.sh}/advanced/database.md     |   0
 .../{ => install.sh}/advanced/index.md        |   4 +-
 .../advanced/reverse-proxy-configuration.md   |   0
 .../{ => install.sh/advanced}/start-stop.md   |   2 +-
 .../{ => install.sh/advanced}/uninstall.md    |   2 +-
 .../{install.md => install.sh/index.md}       |  10 +-
 .../{ => install.sh}/troubleshooting.md       |   2 +-
 .../{ => install.sh}/update/index.md          |   2 +-
 .../{ => install.sh}/update/v0.22.0.md        |   1 -
 .../{advanced => }/manual-setup.md            |   4 +-
 14 files changed, 245 insertions(+), 18 deletions(-)
 create mode 100644 docs/installation/docker/index.md
 rename docs/installation/{ => install.sh}/advanced/build-from-source.md (100%)
 rename docs/installation/{ => install.sh}/advanced/database.md (100%)
 rename docs/installation/{ => install.sh}/advanced/index.md (93%)
 rename docs/installation/{ => install.sh}/advanced/reverse-proxy-configuration.md (100%)
 rename docs/installation/{ => install.sh/advanced}/start-stop.md (95%)
 rename docs/installation/{ => install.sh/advanced}/uninstall.md (95%)
 rename docs/installation/{install.md => install.sh/index.md} (97%)
 rename docs/installation/{ => install.sh}/troubleshooting.md (99%)
 rename docs/installation/{ => install.sh}/update/index.md (98%)
 rename docs/installation/{ => install.sh}/update/v0.22.0.md (98%)
 rename docs/installation/{advanced => }/manual-setup.md (99%)

diff --git a/docs/index.md b/docs/index.md
index df6170473..1095c4b6d 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -13,7 +13,7 @@ A self-hostable, end-to-end encrypted password manager with a built-in alias gen
 
 {: .fs-6 .fw-300 }
 
-[Server Installation](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[Self-host installation](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 [View on GitHub](https://github.com/aliasvault/aliasvault){: .btn .fs-5 .mb-4 .mb-md-0 }
 
 ---
diff --git a/docs/installation/docker/index.md b/docs/installation/docker/index.md
new file mode 100644
index 000000000..4089a5458
--- /dev/null
+++ b/docs/installation/docker/index.md
@@ -0,0 +1,172 @@
+---
+layout: default
+title: All-In-One Docker Image
+parent: Self-hosting
+nav_order: 2
+---
+
+# Self-host via All-In-One Docker image
+Instead of using the `install.sh` script with multi-docker container setup, AliasVault is also available as a standalone all-in-one container that uses `s6-overlay` to combine all AliasVault's services into one image for convenience. This setup is suitable for home and internal use.
+
+**Prerequisites:**
+
+This guide assumes you already have the following:
+- Docker (20.10+) and Docker Compose (2.0+) installed on your system
+  - See instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
+- You have existing SSL proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
+- Knowledge of working with direct Docker commands
+- Knowledge of .yml and .env files
+
+## 1. Basic installation
+1. Create a new folder where you want to store AliasVault's data and configuration folders.
+
+```bash
+mkdir aliasvault
+cd aliasvault
+```
+
+2. Create a new `docker-compose.yml` file with the following contents. Note: this will auto-create the directories specified in `volumes:` in the current folder.
+
+```yaml
+services:
+  aliasvault:
+    image: ghcr.io/aliasvault/aliasvault:latest
+    container_name: aliasvault
+    restart: unless-stopped
+
+    ports:
+      - "80:80"
+      - "443:443"
+      - "25:25"
+      - "587:587"
+
+    volumes:
+      - ./database:/database
+      - ./logs:/logs
+      - ./secrets:/secrets
+
+    environment:
+      PUBLIC_REGISTRATION_ENABLED: "true"
+      IP_LOGGING_ENABLED: "true"
+      SUPPORT_EMAIL: ""
+      PRIVATE_EMAIL_DOMAINS: ""
+```
+
+3. Run `docker-compose up -d` to start the container.
+
+4. After the container has started, AliasVault will be accessible at:
+  - Client: http://localhost/ or https://localhost/
+  - Admin: http://localhost/admin or https://localhost/admin
+  - API: http://localhost/api or https://localhost/api
+
+---
+
+## 2. SSL configuration
+HTTPS is required to use AliasVault for using:
+- Web app via non-localhost URLs (because of browser crypto restrictions)
+- Mobile apps require the API URL to have a valid SSL certificate, otherwise the app refuses to connect
+
+Configure your existing SSL infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL certificate. E.g. `https://aliasvault.yourdomain.com`.
+
+---
+
+## 3. Email Server Setup
+
+AliasVault includes a built-in email server that allows you to generate email aliases on-the-fly for every website you use, and receive the emails straight in AliasVault.
+
+{: .note }
+If you skip this step, AliasVault will default to use public email domains offered by SpamOK. While this still works for creating aliases, it has privacy limitations. For complete privacy and control, we recommend setting up your own domain.
+[Learn more about the differences between private and public email domains](../misc/private-vs-public-email.md).
+
+---
+
+### Requirements
+- A **public IPv4 address** with ports 25 and 587 pointing to your AliasVault server
+- Open ports **25** and **587** on your server firewall for email SMTP traffic (NOTE: some residential IP's block this, check with your ISP).
+
+#### Verifying Port Access
+
+While the AliasVault docker containers are running, use `telnet` to confirm your public IP allows access to the ports:
+
+```bash
+# Test standard SMTP port
+telnet <your-server-public-ip> 25
+
+# Test secure SMTP port
+telnet <your-server-public-ip> 587
+```
+
+### Choose your configuration: primary domain vs subdomain
+
+AliasVault can be configured under:
+
+- **A primary (top-level) domain**
+  Example: `your-aliasvault.net`. This allows you to receive email on `%alias%@your-aliasvault.net`.
+
+- **A subdomain of your existing domain**
+  Example: `aliasvault.example.net`. This allows you to receive email on `%alias%@aliasvault.example.net`. Email sent to your main domain remains unaffected and will continue arriving in your usual inbox.
+
+---
+
+#### a) Setup using a primary domain
+
+##### DNS Configuration
+
+Configure the following DNS records **on your primary domain** (e.g. `your-aliasvault.net`):
+
+| Name | Type | Priority | Content                   | TTL |
+|------|------|----------|---------------------------|-----|
+| mail | A    |          | `<your-server-public-ip>` | 3600 |
+| @    | MX   | 10       | `mail.your-aliasvault.net`| 3600 |
+
+> Replace `<your-server-public-ip>` with your actual server IP.
+
+##### Example
+
+- `mail.your-aliasvault.net` points to your server IP.
+- Email to `@your-aliasvault.net` will be handled by your AliasVault server.
+
+---
+
+#### b) Setup using a subdomain
+
+##### DNS Configuration
+
+Configure the following DNS records **on your subdomain setup** (for example, `aliasvault.example.com`):
+
+| Name                     | Type | Priority | Content                       | TTL |
+|---------------------------|------|----------|-------------------------------|-----|
+| mail.aliasvault           | A    |          | `<your-server-public-ip>`     | 3600 |
+| aliasvault    | MX   | 10       | `mail.aliasvault.example.com` | 3600 |
+
+> 🔹 Explanation:
+> - `mail.aliasvault` creates a DNS A record for `mail.aliasvault.example.com` pointing to your server IP.
+> - The MX record on `aliasvault.example` tells senders to send their mail addressed to `%@aliasvault.example.com` to `mail.aliasvault.example.com`.
+
+> Replace `<your-server-public-ip>` with your actual server’s IP address.
+
+##### Example
+
+- `mail.aliasvault.example.com` points to your server IP.
+- Emails to `user@aliasvault.example.com` will be handled by your AliasVault server.
+
+This keeps the email configuration of your primary domain (`example.com`) completely separate, so you can keep receiving email on your normal email addresses and have unique AliasVault addresses too.
+
+---
+
+### Configuring AliasVault
+After setting up your DNS, you have to configure AliasVault to let it know which email domains it should support. Update the `docker-compose.yml` file:
+
+```bash
+[..]
+
+    environment:
+      PRIVATE_EMAIL_DOMAINS: "yourdomain1.com,yourdomain2.com"
+```
+
+After updating the docker-compose.yml file, issue a `docker compose restart`. Afterwards, when you login to the AliasVault web app, you should now be able to create an alias with your domain and be able to receive email on it.
+
+{: .note }
+Important: DNS propagation can take up to 24-48 hours. During this time, email delivery might be inconsistent.
+
+If you encounter any issues, feel free to join the [Discord chat](https://discord.gg/DsaXMTEtpF) to get help from other users and maintainers.
\ No newline at end of file
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 26a5575f7..49b299be0 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -1,8 +1,64 @@
 ---
 layout: default
-title: Server Installation
+title: Self-hosting
 nav_order: 2
 ---
 
-# Server Installation
-The following guide will walk you through the steps to install AliasVault on your own server. Minimum experience with Docker and Linux is required.
+# Self-hosting
+
+AliasVault can be self-hosted on your own servers in two ways.
+Both options use Docker, but the workflows differ in flexibility and convenience.
+Choose the one that best matches your environment:
+
+[Option 1: install.sh](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[Option 2: All-In-One Docker Image](https://github.com/aliasvault/aliasvault){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 }
+
+---
+
+## Option 1: `install.sh` (Managed Multi-Container Stack)
+
+> **Best for:**
+> - Proxmox CT/VM
+> - DigitalOcean Droplet
+> - Hetzner VPS
+> - AWS / Azure VM
+> - Any other host that is directly accessible from the internet and/or has ports 80/443 forwarded to it, **without existing SSL termination**
+
+This option installs the **full AliasVault stack** (client, API, Postgres, task runner, SMTP, admin, reverse proxy) as multiple Docker containers in the background.
+
+The `install.sh` script provides:
+- **Pulling of all required Docker images** and configures Docker Compose automatically
+- **Built-in reverse proxy with Let's Encrypt SSL**
+- **Easy updates and migrations** via a custom CLI
+- **Start/stop/uninstall commands** for convenience
+- Allows to build Docker containers from source (optional)
+- Opinionated defaults for a secure, production-ready setup
+
+{: .note }
+ℹ️ This method is more suitable for **less experienced Linux users**. It still requires some basic knowledge, but the script provides guidance and automates many steps.
+👉 Use this option if you want a **managed experience** with automatic SSL and CLI tools.
+
+[Installation guide →](install-vm.md)
+
+---
+
+## Option 2: All-in-One Docker Image
+
+> **Best for:**
+> - Home servers (Synology, Unraid, Raspberry Pi, local Docker)
+> - Advanced users with their own SSL termination (Traefik, Nginx, HAProxy, Caddy, etc.)
+> - Environments where AliasVault runs **behind an existing reverse proxy**
+
+This option runs AliasVault as a **single bundled container** (client, API, Postgres, task runner, SMTP, etc. included).
+Unlike `install.sh`, it does **not provide**:
+- SSL termination (you must handle HTTPS separately)
+- A CLI for updates, migrations, or configuration
+
+Instead, everything is managed via **standard Docker commands**:
+- Updates are done manually with `docker pull`
+- In some cases, future updates may require **manual migration steps** (these will be documented)
+- Certain admin actions (e.g. resetting a password) require **manual container access via SSH**
+
+👉 Use this option if you **already manage SSL**, have an existing host where you are running other Docker apps already, and/or prefer to run AliasVault inside your own reverse proxy setup.
+
+[Docker guide →](install-docker.md)
diff --git a/docs/installation/advanced/build-from-source.md b/docs/installation/install.sh/advanced/build-from-source.md
similarity index 100%
rename from docs/installation/advanced/build-from-source.md
rename to docs/installation/install.sh/advanced/build-from-source.md
diff --git a/docs/installation/advanced/database.md b/docs/installation/install.sh/advanced/database.md
similarity index 100%
rename from docs/installation/advanced/database.md
rename to docs/installation/install.sh/advanced/database.md
diff --git a/docs/installation/advanced/index.md b/docs/installation/install.sh/advanced/index.md
similarity index 93%
rename from docs/installation/advanced/index.md
rename to docs/installation/install.sh/advanced/index.md
index 99bc98940..bd27e1b60 100644
--- a/docs/installation/advanced/index.md
+++ b/docs/installation/install.sh/advanced/index.md
@@ -1,8 +1,8 @@
 ---
 layout: default
 title: Advanced
-parent: Server Installation
-nav_order: 2
+parent: Install.sh
+nav_order: 4
 ---
 
 # Advanced Installation
diff --git a/docs/installation/advanced/reverse-proxy-configuration.md b/docs/installation/install.sh/advanced/reverse-proxy-configuration.md
similarity index 100%
rename from docs/installation/advanced/reverse-proxy-configuration.md
rename to docs/installation/install.sh/advanced/reverse-proxy-configuration.md
diff --git a/docs/installation/start-stop.md b/docs/installation/install.sh/advanced/start-stop.md
similarity index 95%
rename from docs/installation/start-stop.md
rename to docs/installation/install.sh/advanced/start-stop.md
index 2ffcbf8e2..2d7c1a30b 100644
--- a/docs/installation/start-stop.md
+++ b/docs/installation/install.sh/advanced/start-stop.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Start/stop
-parent: Server Installation
+parent: Advanced
 nav_order: 2
 ---
 
diff --git a/docs/installation/uninstall.md b/docs/installation/install.sh/advanced/uninstall.md
similarity index 95%
rename from docs/installation/uninstall.md
rename to docs/installation/install.sh/advanced/uninstall.md
index 4c3efbf4d..0b4d82cb8 100644
--- a/docs/installation/uninstall.md
+++ b/docs/installation/install.sh/advanced/uninstall.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Uninstall
-parent: Server Installation
+parent: Advanced
 nav_order: 4
 ---
 
diff --git a/docs/installation/install.md b/docs/installation/install.sh/index.md
similarity index 97%
rename from docs/installation/install.md
rename to docs/installation/install.sh/index.md
index 91c92259f..6526f2b2c 100644
--- a/docs/installation/install.md
+++ b/docs/installation/install.sh/index.md
@@ -1,12 +1,12 @@
 ---
 layout: default
-title: Basic Install
-parent: Server Installation
+title: Install.sh
+parent: Self-hosting
 nav_order: 1
 ---
 
-# Basic Install
-The following guide will walk you through the steps to install AliasVault on your own server. Minimum experience with Docker and Linux is required.
+# Self-host via install.sh
+The following guide will walk you through the steps to install AliasVault on your own server using `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
 
 {: .toc }
 * TOC
@@ -74,7 +74,7 @@ and then in the prompt choose option 2.
 
 ## 3. Email Server Setup
 
-AliasVault includes a built-in email server that allows you to generate email aliases on-the-fly for every website you use, and receive the and read the emails straight in AliasVault.
+AliasVault includes a built-in email server that allows you to generate email aliases on-the-fly for every website you use, and receive + read the emails straight in AliasVault.
 
 > **Note:**
 > If you skip this step, AliasVault will default to use public email domains offered by SpamOK. While this still works for creating aliases, it has privacy limitations. For complete privacy and control, we recommend setting up your own domain.
diff --git a/docs/installation/troubleshooting.md b/docs/installation/install.sh/troubleshooting.md
similarity index 99%
rename from docs/installation/troubleshooting.md
rename to docs/installation/install.sh/troubleshooting.md
index 569988658..96a7a45af 100644
--- a/docs/installation/troubleshooting.md
+++ b/docs/installation/install.sh/troubleshooting.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Troubleshooting
-parent: Server Installation
+parent: Install.sh
 nav_order: 5
 ---
 
diff --git a/docs/installation/update/index.md b/docs/installation/install.sh/update/index.md
similarity index 98%
rename from docs/installation/update/index.md
rename to docs/installation/install.sh/update/index.md
index 3d69a14f4..f7d8b9c3a 100644
--- a/docs/installation/update/index.md
+++ b/docs/installation/install.sh/update/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Update
-parent: Server Installation
+parent: Install.sh
 nav_order: 3
 ---
 
diff --git a/docs/installation/update/v0.22.0.md b/docs/installation/install.sh/update/v0.22.0.md
similarity index 98%
rename from docs/installation/update/v0.22.0.md
rename to docs/installation/install.sh/update/v0.22.0.md
index 1fbf405e8..ad2efbf8b 100644
--- a/docs/installation/update/v0.22.0.md
+++ b/docs/installation/install.sh/update/v0.22.0.md
@@ -2,7 +2,6 @@
 layout: default
 title: Update to v0.22.0
 parent: Update
-grand_parent: Server Installation
 nav_order: 1
 ---
 
diff --git a/docs/installation/advanced/manual-setup.md b/docs/installation/manual-setup.md
similarity index 99%
rename from docs/installation/advanced/manual-setup.md
rename to docs/installation/manual-setup.md
index d8445368f..35399eecc 100644
--- a/docs/installation/advanced/manual-setup.md
+++ b/docs/installation/manual-setup.md
@@ -1,8 +1,8 @@
 ---
 layout: default
 title: Manual Setup
-parent: Advanced
-nav_order: 1
+parent: Self-hosting
+nav_order: 6
 ---
 
 # Manual Setup

From 4ff937feec9dca2af9eeda8bd15581049f0bb7a7 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sat, 6 Sep 2025 15:02:51 +0200
Subject: [PATCH 07/33] Update doc headings (#1181)

---
 docs/installation/docker/index.md     |  4 ++--
 docs/installation/index.md            | 28 +++++++++------------------
 docs/installation/install.sh/index.md |  4 ++--
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/docs/installation/docker/index.md b/docs/installation/docker/index.md
index 4089a5458..a1f941826 100644
--- a/docs/installation/docker/index.md
+++ b/docs/installation/docker/index.md
@@ -1,12 +1,12 @@
 ---
 layout: default
-title: All-In-One Docker Image
+title: Manual Setup (single container)
 parent: Self-hosting
 nav_order: 2
 ---
 
 # Self-host via All-In-One Docker image
-Instead of using the `install.sh` script with multi-docker container setup, AliasVault is also available as a standalone all-in-one container that uses `s6-overlay` to combine all AliasVault's services into one image for convenience. This setup is suitable for home and internal use.
+The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses `s6-overlay` to combine all AliasVault's services into one image for convenience. The only downside compared to the `install.sh` installer is that this version does NOT come with SSL support, so you'll have to make the container available through your own SSL proxy.
 
 **Prerequisites:**
 
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 49b299be0..c82bdd4fb 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -6,11 +6,9 @@ nav_order: 2
 
 # Self-hosting
 
-AliasVault can be self-hosted on your own servers in two ways.
-Both options use Docker, but the workflows differ in flexibility and convenience.
-Choose the one that best matches your environment:
+AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself:
 
-[Option 1: install.sh](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[Option 1: Install.sh](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 [Option 2: All-In-One Docker Image](https://github.com/aliasvault/aliasvault){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 }
 
 ---
@@ -18,26 +16,19 @@ Choose the one that best matches your environment:
 ## Option 1: `install.sh` (Managed Multi-Container Stack)
 
 > **Best for:**
-> - Proxmox CT/VM
-> - DigitalOcean Droplet
-> - Hetzner VPS
-> - AWS / Azure VM
+> - VM or LXC (Proxmox, DigitalOcean Droplet, VPS, AWS/Azure VM)
 > - Any other host that is directly accessible from the internet and/or has ports 80/443 forwarded to it, **without existing SSL termination**
 
 This option installs the **full AliasVault stack** (client, API, Postgres, task runner, SMTP, admin, reverse proxy) as multiple Docker containers in the background.
 
 The `install.sh` script provides:
-- **Pulling of all required Docker images** and configures Docker Compose automatically
+- **Automatic configuration of docker-compose.yml with multiple containers**
 - **Built-in reverse proxy with Let's Encrypt SSL**
 - **Easy updates and migrations** via a custom CLI
 - **Start/stop/uninstall commands** for convenience
 - Allows to build Docker containers from source (optional)
 - Opinionated defaults for a secure, production-ready setup
 
-{: .note }
-ℹ️ This method is more suitable for **less experienced Linux users**. It still requires some basic knowledge, but the script provides guidance and automates many steps.
-👉 Use this option if you want a **managed experience** with automatic SSL and CLI tools.
-
 [Installation guide →](install-vm.md)
 
 ---
@@ -45,20 +36,19 @@ The `install.sh` script provides:
 ## Option 2: All-in-One Docker Image
 
 > **Best for:**
-> - Home servers (Synology, Unraid, Raspberry Pi, local Docker)
+> - Home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
 > - Advanced users with their own SSL termination (Traefik, Nginx, HAProxy, Caddy, etc.)
 > - Environments where AliasVault runs **behind an existing reverse proxy**
 
 This option runs AliasVault as a **single bundled container** (client, API, Postgres, task runner, SMTP, etc. included).
-Unlike `install.sh`, it does **not provide**:
-- SSL termination (you must handle HTTPS separately)
-- A CLI for updates, migrations, or configuration
 
-Instead, everything is managed via **standard Docker commands**:
+Everything is managed via **standard Docker commands**:
 - Updates are done manually with `docker pull`
 - In some cases, future updates may require **manual migration steps** (these will be documented)
 - Certain admin actions (e.g. resetting a password) require **manual container access via SSH**
+- SSL termination not included (you must handle HTTPS yourself separately)
 
-👉 Use this option if you **already manage SSL**, have an existing host where you are running other Docker apps already, and/or prefer to run AliasVault inside your own reverse proxy setup.
+
+👉 Use this option if you **already manage SSL**, have an existing host where you are running other Docker apps already, and/or prefer to run AliasVault behind your own reverse proxy setup.
 
 [Docker guide →](install-docker.md)
diff --git a/docs/installation/install.sh/index.md b/docs/installation/install.sh/index.md
index 6526f2b2c..13802e019 100644
--- a/docs/installation/install.sh/index.md
+++ b/docs/installation/install.sh/index.md
@@ -1,12 +1,12 @@
 ---
 layout: default
-title: Install.sh
+title: Installer Script (managed)
 parent: Self-hosting
 nav_order: 1
 ---
 
 # Self-host via install.sh
-The following guide will walk you through the steps to install AliasVault on your own server using `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
+The following guide will walk you through the steps to install AliasVault on your own server using the AliasVault installer script: `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
 
 {: .toc }
 * TOC

From 1bcd0887826558bedafd07e278f0258d78c38f5d Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sat, 6 Sep 2025 20:50:49 +0200
Subject: [PATCH 08/33] Add advanced and troubleshooting steps per self-host
 method (#1181)

---
 .vscode/tasks.json                            |   2 +-
 docs/_config.yml                              |   3 +
 docs/_sass/color_schemes/aliasvault.scss      |   6 +
 docs/installation/index.md                    |  28 ++--
 .../install.sh/advanced/database.md           |  22 ---
 .../installation/install.sh/advanced/index.md |  14 --
 .../advanced/reverse-proxy-configuration.md   | 141 ------------------
 .../advanced/build-from-source.md             |   1 +
 .../installer/advanced/database.md            |  25 ++++
 docs/installation/installer/advanced/index.md |   9 ++
 .../advanced/lifecycle.md}                    |   7 +-
 .../installer/advanced/uninstall.md           |  20 +++
 .../{install.sh => installer}/index.md        |  35 ++---
 .../troubleshooting.md                        |   6 +-
 .../{install.sh => installer}/update/index.md |   2 +-
 .../update/v0.22.0.md                         |   0
 docs/installation/manual-setup.md             | 139 -----------------
 docs/installation/manual/advanced/database.md |  25 ++++
 docs/installation/manual/advanced/index.md    |   9 ++
 .../installation/manual/advanced/lifecycle.md |  30 ++++
 .../advanced/uninstall.md                     |   1 +
 docs/installation/{docker => manual}/index.md |  42 +++---
 docs/installation/manual/troubleshooting.md   |  82 ++++++++++
 23 files changed, 271 insertions(+), 378 deletions(-)
 delete mode 100644 docs/installation/install.sh/advanced/database.md
 delete mode 100644 docs/installation/install.sh/advanced/index.md
 delete mode 100644 docs/installation/install.sh/advanced/reverse-proxy-configuration.md
 rename docs/installation/{install.sh => installer}/advanced/build-from-source.md (95%)
 create mode 100644 docs/installation/installer/advanced/database.md
 create mode 100644 docs/installation/installer/advanced/index.md
 rename docs/installation/{install.sh/advanced/start-stop.md => installer/advanced/lifecycle.md} (76%)
 create mode 100644 docs/installation/installer/advanced/uninstall.md
 rename docs/installation/{install.sh => installer}/index.md (84%)
 rename docs/installation/{install.sh => installer}/troubleshooting.md (96%)
 rename docs/installation/{install.sh => installer}/update/index.md (97%)
 rename docs/installation/{install.sh => installer}/update/v0.22.0.md (100%)
 delete mode 100644 docs/installation/manual-setup.md
 create mode 100644 docs/installation/manual/advanced/database.md
 create mode 100644 docs/installation/manual/advanced/index.md
 create mode 100644 docs/installation/manual/advanced/lifecycle.md
 rename docs/installation/{install.sh => manual}/advanced/uninstall.md (92%)
 rename docs/installation/{docker => manual}/index.md (82%)
 create mode 100644 docs/installation/manual/troubleshooting.md

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
index 66d0259e0..89e6b2fa4 100644
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -199,7 +199,7 @@
         {
             "label": "Build and watch Docs",
             "type": "shell",
-            "command": "docker compose up",
+            "command": "docker compose build && docker compose up",
             "problemMatcher": [],
             "group": {
                 "kind": "build",
diff --git a/docs/_config.yml b/docs/_config.yml
index 1d25a0ea5..49a75843d 100644
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -38,3 +38,6 @@ callouts:
   note:
     title: Note
     color: purple
+  important:
+    title: Important
+    color: yellow
diff --git a/docs/_sass/color_schemes/aliasvault.scss b/docs/_sass/color_schemes/aliasvault.scss
index 2f8d0783f..2fe8b0cb0 100644
--- a/docs/_sass/color_schemes/aliasvault.scss
+++ b/docs/_sass/color_schemes/aliasvault.scss
@@ -38,5 +38,11 @@ $purple-100: #ffd5a8;
 $purple-200: #f49541;
 $purple-300: #d68338;
 
+// Orange Colors
+$orange-000: #f8b963;
+$orange-100: #ffd5a8;
+$orange-200: #f49541;
+$orange-300: #d68338;
+
 // Navigation additional
 $nav-button-color: #f49541;
diff --git a/docs/installation/index.md b/docs/installation/index.md
index c82bdd4fb..a311978d5 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -8,18 +8,18 @@ nav_order: 2
 
 AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself:
 
-[Option 1: Install.sh](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
-[Option 2: All-In-One Docker Image](https://github.com/aliasvault/aliasvault){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 }
-
 ---
 
-## Option 1: `install.sh` (Managed Multi-Container Stack)
+## Option 1: Installer Script (multi-container)
+
+[Install AliasVault via installer script (multi-container)](./installer){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 
 > **Best for:**
 > - VM or LXC (Proxmox, DigitalOcean Droplet, VPS, AWS/Azure VM)
-> - Any other host that is directly accessible from the internet and/or has ports 80/443 forwarded to it, **without existing SSL termination**
+> - Any other host that is directly accessible from the internet and/or has ports 80/443 forwarded to it
+> - When you don't have any SSL termination proxy of your own (yet)
 
-This option installs the **full AliasVault stack** (client, API, Postgres, task runner, SMTP, admin, reverse proxy) as multiple Docker containers in the background.
+This option installs the full AliasVault stack **consisting of multiple Docker containers** (client, api, ppostgres, task runner, smtp, admin, reverse proxy) in the background.
 
 The `install.sh` script provides:
 - **Automatic configuration of docker-compose.yml with multiple containers**
@@ -29,18 +29,18 @@ The `install.sh` script provides:
 - Allows to build Docker containers from source (optional)
 - Opinionated defaults for a secure, production-ready setup
 
-[Installation guide →](install-vm.md)
-
 ---
 
-## Option 2: All-in-One Docker Image
+## Option 2: Manual Setup (single container)
+
+[Install AliasVault via manual setup (single container)](./manual){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 }
+
 
 > **Best for:**
-> - Home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
-> - Advanced users with their own SSL termination (Traefik, Nginx, HAProxy, Caddy, etc.)
-> - Environments where AliasVault runs **behind an existing reverse proxy**
+> - Single home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
+> - Advanced users with existing shared SSL infrastructure (Traefik, Nginx, HAProxy, Caddy, etc.)
 
-This option runs AliasVault as a **single bundled container** (client, API, Postgres, task runner, SMTP, etc. included).
+This option runs AliasVault as a **single bundled Docker container** (client, API, Postgres, task runner, SMTP, etc. included).
 
 Everything is managed via **standard Docker commands**:
 - Updates are done manually with `docker pull`
@@ -50,5 +50,3 @@ Everything is managed via **standard Docker commands**:
 
 
 👉 Use this option if you **already manage SSL**, have an existing host where you are running other Docker apps already, and/or prefer to run AliasVault behind your own reverse proxy setup.
-
-[Docker guide →](install-docker.md)
diff --git a/docs/installation/install.sh/advanced/database.md b/docs/installation/install.sh/advanced/database.md
deleted file mode 100644
index 8f4c2b7b6..000000000
--- a/docs/installation/install.sh/advanced/database.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-layout: default
-title: Database Backup
-parent: Advanced
-nav_order: 4
----
-
-# Database Backup
-
-In order to backup the database, you can use the `install.sh` script. This script will stop all services, export the database to a file, and then restart the services.
-
-```bash
-./install.sh db-backup > backup.sql.gz
-```
-
-# Database Restore
-
-To restore the database, you can use the `install.sh` script. This script will stop all services, drop the database, import the database from a file, and then restart the services.
-
-```bash
-./install.sh db-restore < backup.sql.gz
-```
diff --git a/docs/installation/install.sh/advanced/index.md b/docs/installation/install.sh/advanced/index.md
deleted file mode 100644
index bd27e1b60..000000000
--- a/docs/installation/install.sh/advanced/index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-layout: default
-title: Advanced
-parent: Install.sh
-nav_order: 4
----
-
-# Advanced Installation
-The following guides provide more advanced installation options for AliasVault. These options are not required for the basic installation, but may be useful for advanced users.
-
-- [Manual Setup](manual-setup.md) - Step-by-step manual installation without the install script
-- [Reverse Proxy Configuration](reverse-proxy-configuration.md) - Configure AliasVault with your existing reverse proxy
-- [Build from Source](build-from-source.md) - Build AliasVault from source code
-- [Database Configuration](database.md) - Advanced database configuration options
diff --git a/docs/installation/install.sh/advanced/reverse-proxy-configuration.md b/docs/installation/install.sh/advanced/reverse-proxy-configuration.md
deleted file mode 100644
index 570a5e380..000000000
--- a/docs/installation/install.sh/advanced/reverse-proxy-configuration.md
+++ /dev/null
@@ -1,141 +0,0 @@
----
-layout: default
-title: Reverse Proxy Configuration
-parent: Advanced
-nav_order: 2
----
-
-# Reverse Proxy Configuration
-This guide is intended for users who already have a self-hosted reverse proxy setup (such as nginx, Apache, or Cloudflare Tunnel) and want to expose AliasVault through it. In this case, the recommended approach is to forward a single hostname (e.g., `aliasvault.example.com`) to the internal reverse proxy container that AliasVault provides.
-
-If you do **not** already have an existing reverse proxy, you can simply rely on the built-in reverse proxy that comes with AliasVault, as it's fully capable of handling all routing, SSL termination, and WebSocket support out of the box.
-
-
-## Overview
-AliasVault includes its own internal reverse proxy (nginx) that handles routing between its three core services:
-- **Client Application** (`/`) – The main user interface
-- **API Server** (`/api`) – REST API endpoints
-- **Admin Panel** (`/admin`) – Administrative interface
-
-When using an external reverse proxy, you **must** forward requests to the `reverse-proxy` container. Do **not** route traffic directly to the individual services.
-
-## Why AliasVault Uses Its Own Reverse Proxy
-AliasVault’s internal reverse proxy ensures proper routing and configuration of all services under one domain:
-
-1. **Unified Hostname** – All services operate under the same domain (e.g., `aliasvault.example.com`)
-2. **Path-Based Routing** – Correct dispatch of `/`, `/api`, and `/admin` requests
-3. **Security Headers** – Consistent headers across services
-4. **SSL Termination** – Central SSL/TLS handling
-5. **WebSocket Support** – Required for the Blazor-based admin interface
-
-## Internal Nginx Configuration Structure
-AliasVault's reverse proxy follows a path-based routing configuration like this:
-
-```nginx
-# Upstream services
-upstream client {
-    server client:3000;
-}
-upstream api {
-    server api:3001;
-}
-upstream admin {
-    server admin:3002;
-}
-
-server {
-    listen 443 ssl;
-    server_name _;
-
-    location /admin {
-        proxy_pass http://admin;
-        # WebSocket support and headers
-    }
-
-    location /api {
-        proxy_pass http://api;
-    }
-
-    location / {
-        proxy_pass http://client;
-    }
-}
-```
-
-## Simplest Setup (Recommended)
-Forward all traffic from your external reverse proxy to the AliasVault internal reverse proxy container. This avoids manual path-based routing.
-
-### Example: External Nginx Reverse Proxy
-
-```nginx
-server {
-    listen 80;
-    server_name aliasvault.example.com;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    server_name aliasvault.example.com;
-
-    ssl_certificate /path/to/your/certificate.crt;
-    ssl_certificate_key /path/to/your/private.key;
-
-    location / {
-        proxy_pass https://aliasvault-internal:443;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}
-```
-
-## Port Configuration
-AliasVault’s internal reverse proxy defaults to port `443`. If this port is already in use, you can change it in the `.env` file inside your AliasVault folder:
-
-```
-HTTP_PORT=80
-HTTPS_PORT=443
-```
-
-Make sure your external proxy points to the correct port.
-
-## Common Issues and Solutions
-
-### HTTP 502 Bad Gateway
-
-**Cause**: External proxy routing to wrong container.
-**Fix**: Ensure it routes to `reverse-proxy` container, not `client`, `api`, or `admin`.
-
-### WebSocket Errors
-
-**Cause**: WebSocket headers not forwarded.
-**Fix**: Make sure `Upgrade` and `Connection` headers are preserved.
-
-### SSL/TLS Verification (e.g., Cloudflare Tunnel)
-
-**Cause**: TLS verification fails.
-**Fix**: Enable “No TLS Verify” in your Cloudflare Tunnel configuration.
-
-### Partial Routing Failures
-
-**Cause**: External proxy modifies paths.
-**Fix**: Do not strip or rewrite paths. Proxy should pass `/`, `/api`, `/admin` as-is.
-
-## Testing
-After setup, verify:
-
-- `https://your-domain.com/` loads the client app
-- `https://your-domain.com/api` returns OK
-- `https://your-domain.com/admin` loads the admin interface
-
-All services must be available under the **same** hostname.
-
-## Security Considerations
-- Always use HTTPS in production
-- Preserve headers like `X-Real-IP`, `X-Forwarded-For`
-- Consider adding rate limiting or IP restrictions on your external proxy
-- Keep certificates and secrets secure
-
-For advanced scenarios or troubleshooting, refer to the main [troubleshooting guide](../troubleshooting.md).
diff --git a/docs/installation/install.sh/advanced/build-from-source.md b/docs/installation/installer/advanced/build-from-source.md
similarity index 95%
rename from docs/installation/install.sh/advanced/build-from-source.md
rename to docs/installation/installer/advanced/build-from-source.md
index 4a832d7d3..a35eb09f5 100644
--- a/docs/installation/install.sh/advanced/build-from-source.md
+++ b/docs/installation/installer/advanced/build-from-source.md
@@ -2,6 +2,7 @@
 layout: default
 title: Build from Source
 parent: Advanced
+grand_parent: Installer Script (multi-container)
 nav_order: 3
 ---
 
diff --git a/docs/installation/installer/advanced/database.md b/docs/installation/installer/advanced/database.md
new file mode 100644
index 000000000..1cd0c67fa
--- /dev/null
+++ b/docs/installation/installer/advanced/database.md
@@ -0,0 +1,25 @@
+---
+layout: default
+title: Database Operations
+parent: Advanced
+grand_parent: Installer Script (multi-container)
+nav_order: 4
+---
+
+# Database Operations
+This page explains how to import/export on the AliasVault server database via the `./install.sh` script.
+
+## Database Export
+In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the `install.sh` script. This script will stop all services, export the database to a file, and then restart the services.
+
+```bash
+./install.sh db-backup > backup.sql.gz
+```
+
+## Database Import
+
+To restore a previously exported database, you can use the `install.sh` script. This script will stop all services, drop the database, import the database from a file, and then restart the services.
+
+```bash
+./install.sh db-restore < backup.sql.gz
+```
diff --git a/docs/installation/installer/advanced/index.md b/docs/installation/installer/advanced/index.md
new file mode 100644
index 000000000..14aacec44
--- /dev/null
+++ b/docs/installation/installer/advanced/index.md
@@ -0,0 +1,9 @@
+---
+layout: default
+title: Advanced
+parent: Installer Script (multi-container)
+nav_order: 4
+---
+
+# Advanced Installation
+The following guides provide more advanced installation options for AliasVault. These options are not required for the basic installation, but may be useful for advanced users.
diff --git a/docs/installation/install.sh/advanced/start-stop.md b/docs/installation/installer/advanced/lifecycle.md
similarity index 76%
rename from docs/installation/install.sh/advanced/start-stop.md
rename to docs/installation/installer/advanced/lifecycle.md
index 2d7c1a30b..abea31f63 100644
--- a/docs/installation/install.sh/advanced/start-stop.md
+++ b/docs/installation/installer/advanced/lifecycle.md
@@ -1,12 +1,13 @@
 ---
 layout: default
-title: Start/stop
+title: Stop/start
 parent: Advanced
+grand_parent: Installer Script (multi-container)
 nav_order: 2
 ---
 
-# Starting and stopping AliasVault
-You can start and stop AliasVault easily by using the install script.
+# Stopping and starting AliasVault
+You can stop and start AliasVault easily by using the install script.
 
 ## Stop
 To stop AliasVault, run the install script with the `stop` option. This will stop all running AliasVault containers.
diff --git a/docs/installation/installer/advanced/uninstall.md b/docs/installation/installer/advanced/uninstall.md
new file mode 100644
index 000000000..665361129
--- /dev/null
+++ b/docs/installation/installer/advanced/uninstall.md
@@ -0,0 +1,20 @@
+---
+layout: default
+title: Uninstall
+parent: Advanced
+grand_parent: Installer Script (multi-container)
+nav_order: 4
+---
+
+# Uninstall
+
+To uninstall AliasVault, run the install script with the `uninstall` option. This will stop and remove the AliasVault containers, remove the Docker images, and delete the .env file.
+
+{: .note }
+This will not delete any data stored in the database. If you wish to delete all data, you should manually delete the `database` directory and the other directories created by AliasVault.
+
+### Steps
+1. Run the install script with the `uninstall` option
+```bash
+./install.sh uninstall
+```
diff --git a/docs/installation/install.sh/index.md b/docs/installation/installer/index.md
similarity index 84%
rename from docs/installation/install.sh/index.md
rename to docs/installation/installer/index.md
index 13802e019..8449663ef 100644
--- a/docs/installation/install.sh/index.md
+++ b/docs/installation/installer/index.md
@@ -1,28 +1,26 @@
 ---
 layout: default
-title: Installer Script (managed)
+title: Installer Script (multi-container)
 parent: Self-hosting
 nav_order: 1
 ---
 
-# Self-host via install.sh
+# Self-host using installer script (multi-container)
 The following guide will walk you through the steps to install AliasVault on your own server using the AliasVault installer script: `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
 
-{: .toc }
-* TOC
-{:toc}
+{: .important-title }
+> Requirements:
+> - 64-bit Linux VM with root access (Ubuntu or RHEL-based recommended)
+> - Minimum: 1 vCPU, 1GB RAM, 16GB disk
+> - Docker (CE ≥ 20.10) and Docker Compose (≥ 2.0)
+> → Installation guide: [Docker Docs](https://docs.docker.com/engine/install/)
+> - Able to forward ports 80, 443 (with optional 25/587 for private email domains)
 
 ---
 
 ## 1. Basic Installation
 To get AliasVault up and running quickly, run the install script to pull pre-built Docker images. The install script will also configure the .env file and start the AliasVault containers. You can get up and running in less than 5 minutes.
 
-### Hardware requirements
-- 64-bit Linux VM with root access (Ubuntu or RHEL-based recommended)
-- Minimum: 1 vCPU, 1GB RAM, 16GB disk
-- Docker (CE ≥ 20.10) and Docker Compose (≥ 2.0)
-  → Installation guide: [Docker Docs](https://docs.docker.com/engine/install/)
-
 ### Installation steps
 1. Download the install script to a directory of your choice. All AliasVault files and directories will be created in this directory.
 ```bash
@@ -50,9 +48,9 @@ chmod +x install.sh
 ---
 
 ## 2. SSL configuration
-The default installation will create a self-signed SSL certificate and configure Nginx to use it.
+The default installation will create a self-signed SSL certificate and configure Nginx to use it. This is sufficient for local deployments using only the web-app, however the mobile apps (iOS and Android) require a valid (external) SSL certificate to be able to connect.
 
-You can however also use Let's Encrypt to generate valid SSL certificates and configure Nginx to use it. In order to make this work you will need the following:
+To generate a valid external SSL certificate for AliasVault, you can use Let's Encrypt via a built-in helper tool. In order to make this work you will need the following:
 
 - A public IPv4 address assigned to your server
 - Port 80 and 443 on your server must be open and accessible from the internet
@@ -76,19 +74,18 @@ and then in the prompt choose option 2.
 
 AliasVault includes a built-in email server that allows you to generate email aliases on-the-fly for every website you use, and receive + read the emails straight in AliasVault.
 
-> **Note:**
-> If you skip this step, AliasVault will default to use public email domains offered by SpamOK. While this still works for creating aliases, it has privacy limitations. For complete privacy and control, we recommend setting up your own domain.
-> [Learn more about the differences between private and public email domains](../misc/private-vs-public-email.md).
+{: .note }
+If you skip this step, AliasVault will default to use public email domains offered by SpamOK. While this still works for creating aliases, it has privacy limitations. For complete privacy and control, we recommend setting up your own domain. [Learn more about the differences between private and public email domains](../misc/private-vs-public-email.md).
 
 ---
 
 ### Requirements
-- A **public IPv4 address** with ports 25 and 587 pointing to your AliasVault server
-- Open ports **25** and **587** on your server firewall for email SMTP traffic.
+- A **public IPv4 address** with ports 25 and 587 forwarded to your AliasVault server
+- Open ports **25** and **587** on your server firewall for email SMTP traffic (*NOTE: some residential IP's block this, check with your ISP*).
 
 #### Verifying Port Access
 
-While the AliasVault docker containers are running, use `telnet` to confirm your public IP allows access to the ports:
+While the AliasVault docker container is running, use `telnet` to confirm your public IP allows access to the ports:
 
 ```bash
 # Test standard SMTP port
diff --git a/docs/installation/install.sh/troubleshooting.md b/docs/installation/installer/troubleshooting.md
similarity index 96%
rename from docs/installation/install.sh/troubleshooting.md
rename to docs/installation/installer/troubleshooting.md
index 96a7a45af..91699af0d 100644
--- a/docs/installation/install.sh/troubleshooting.md
+++ b/docs/installation/installer/troubleshooting.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Troubleshooting
-parent: Install.sh
+parent: Installer Script (multi-container)
 nav_order: 5
 ---
 
@@ -42,10 +42,10 @@ docker compose restart [container-name-here]
 ---
 
 ## Check AliasVault Text Logs
-All AliasVault services log information and errors to text files. These files are located in the `logs` directory. You can check the logs of a specific container by running the following command:
+All AliasVault services log information and errors to text files. These files are located in the `logs` directory. You can check the logs of a specific service by running the following command:
 
 ```bash
-cat logs/[container-name-here].log
+cat logs/[service-name-here].txt
 ```
 
 ---
diff --git a/docs/installation/install.sh/update/index.md b/docs/installation/installer/update/index.md
similarity index 97%
rename from docs/installation/install.sh/update/index.md
rename to docs/installation/installer/update/index.md
index f7d8b9c3a..655de6ff8 100644
--- a/docs/installation/install.sh/update/index.md
+++ b/docs/installation/installer/update/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Update
-parent: Install.sh
+parent: Installer Script (multi-container)
 nav_order: 3
 ---
 
diff --git a/docs/installation/install.sh/update/v0.22.0.md b/docs/installation/installer/update/v0.22.0.md
similarity index 100%
rename from docs/installation/install.sh/update/v0.22.0.md
rename to docs/installation/installer/update/v0.22.0.md
diff --git a/docs/installation/manual-setup.md b/docs/installation/manual-setup.md
deleted file mode 100644
index 35399eecc..000000000
--- a/docs/installation/manual-setup.md
+++ /dev/null
@@ -1,139 +0,0 @@
----
-layout: default
-title: Manual Setup
-parent: Self-hosting
-nav_order: 6
----
-
-# Manual Setup
-
-If you prefer to manually set up AliasVault instead of using the `install.sh` script, this README provides step-by-step instructions.
-
-**Prerequisities:**
-- Docker (20.10+) and Docker Compose (2.0+) installed on your system
-  - See instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
-- Knowledge of working with direct Docker commands
-- Knowledge of .env files
-- OpenSSL for generating random passwords
-
----
-
-{: .toc }
-* TOC
-{:toc}
-
----
-
-
-## Steps
-Follow these steps to manually install AliasVault on your own server.
-
-1. **Clone the git repository**
-   ```bash
-   # Clone repository
-   git clone https://github.com/aliasvault/aliasvault.git
-
-   # Navigate to the AliasVault directory
-   cd aliasvault
-   ```
-
-2. **Create required directories**
-
-   Create the following directories in your project root:
-   ```bash
-   # Create required directories
-   mkdir -p certificates/ssl database/postgres
-   ```
-
-3. **Create .env file**
-
-   ```bash
-   # Copy the .env.example file to create a new .env file
-   cp .env.example .env
-   ```
-
-4. **Set all required settings in .env**
-
-   Open the .env file in your favorite text editor and fill in all required variables
-   by following the instructions inside the file.
-
-   ```bash
-   # Open the .env file with your favorite editor, e.g. nano.
-   nano .env
-   ```
-
-5. **Start the docker containers**
-
-   After you are done configuring your .env file, you can start the Docker Compose stack:
-   ```bash
-   # Start the docker compose stack
-   docker compose up -d
-   ```
-
-6. **Access AliasVault**
-
-    AliasVault should now be running. You can access it at:
-
-    - Admin Panel: https://localhost/admin
-        - Username: admin
-        - Password: [Use the password you set in the .env file]
-
-    - Client Website: https://localhost/
-        - Create your own account from here
-
-   > Note: if you changed the default ports from 80/443 to something else in the .env file, use those ports to access AliasVault here.
-
-7. **Configuring private email domains**
-
-   By default, the AliasVault private email domains feature is disabled. If you wish to enable this to use your own private domains to create email aliases with, please read the `Email Server Setup` section in the main installation guide [Basic Install](../install.md#3-email-server-setup).
-
-   For more information, read the article explaining the differences between AliasVault's [private and public domains](../../misc/private-vs-public-email.md).
-
-
-## Important Notes
-
-- Make sure to save both the admin password and PostgreSQL password in a secure location.
-- Always keep your .env file secure and do not share it, as it contains sensitive information.
-- The PostgreSQL data is persisted in the `database/postgres` directory.
-- The docker-compose.yml file uses the `:latest` tag for containers by default. This means it always uses the latest available AliasVault version. In order to update AliasVault to a newer version at a later time, you can pull new containers when they are available with this command:
-```
-docker compose pull && docker compose down && docker compose up -d
-```
-
-## Using a Custom Reverse Proxy (e.g. Cloudflare Tunnel)
-
-AliasVault includes its own internal reverse proxy (nginx) container that routes traffic to other containers. By default, the built-in nginx container (`reverse-proxy`) makes AliasVault's services available at:
-
-- **Client**: `http://localhost/`
-- **API**: `http://localhost/api`
-- **Admin**: `http://localhost/admin`
-
-If you want to use your own reverse proxy setup (e.g. with a Cloudflare Tunnel), you **must** ensure the following:
-
-- Your custom proxy/tunnel **points to the AliasVault `reverse-proxy` container**, **not** directly to the client, API, or admin containers.
-- The forwarding protocol must be **HTTPS**, since the `reverse-proxy` container listens on port `443` for secure connections.
-
-> ⚠️ Failing to route through the reverse-proxy container correctly will break the app. Errors such as HTTP 502 often indicate a misconfigured reverse proxy.
-
-If you're using **Cloudflare Tunnel**, you will likely encounter TLS verification issues. In that case, go to the Cloudflare dashboard and enable the **"No TLS Verify"** option for your tunnel configuration. This tells Cloudflare to skip certificate validation when connecting to the internal reverse-proxy over HTTPS.
-
-
-## Troubleshooting
-If you encounter any miscellaneous issues during the setup:
-
-1. Check the Docker logs:
-   ```bash
-   docker compose logs
-   ```
-2. Ensure all required ports (80, 443, 25, 587 and 5432) are available and not being used by other services.
-3. Verify that all variables in the .env file are set correctly.
-4. Check PostgreSQL container logs specifically:
-   ```bash
-   docker compose logs postgres
-   ```
-
-For more detailed troubleshooting information, please refer to the full [troubleshooting guide](../troubleshooting.md).
-
-## FAQ
-### Why does AliasVault use its own reverse proxy?
-AliasVault requires precise routing between its client, API, and admin interfaces. These are structured under `/`, `/api`, and `/admin`. A unified nginx reverse proxy ensures that all AliasVault's containers are accessible under the same hostname and path structure. If you use your own reverse proxy, you must replicate this logic exactly. See the [nginx.conf](https://raw.githubusercontent.com/aliasvault/aliasvault/refs/heads/main/apps/server/nginx.conf) configuration that's used by the official container for reference.
diff --git a/docs/installation/manual/advanced/database.md b/docs/installation/manual/advanced/database.md
new file mode 100644
index 000000000..d4f0dd357
--- /dev/null
+++ b/docs/installation/manual/advanced/database.md
@@ -0,0 +1,25 @@
+---
+layout: default
+title: Database Operations
+parent: Advanced
+grand_parent: Manual Setup (single container)
+nav_order: 4
+---
+
+# Database Operations
+This page explains how to import/export on the AliasVault server database via the `./install.sh` script.
+
+## Database Export
+In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the `install.sh` script. This script will stop all services, export the database to a file, and then restart the services.
+
+```bash
+./install.sh db-backup > backup.sql.gz
+```
+
+## Database Import
+
+To restore a previously exported database, you can use the `install.sh` script. This script will stop all services, drop the database, import the database from a file, and then restart the services.
+
+```bash
+./install.sh db-restore < backup.sql.gz
+```
diff --git a/docs/installation/manual/advanced/index.md b/docs/installation/manual/advanced/index.md
new file mode 100644
index 000000000..52cf4b3a4
--- /dev/null
+++ b/docs/installation/manual/advanced/index.md
@@ -0,0 +1,9 @@
+---
+layout: default
+title: Advanced
+parent: Manual Setup (single container)
+nav_order: 1
+---
+
+# Advanced Installation
+The following guides provide more advanced installation options for AliasVault. These options are not required for the basic installation, but may be useful for advanced users.
diff --git a/docs/installation/manual/advanced/lifecycle.md b/docs/installation/manual/advanced/lifecycle.md
new file mode 100644
index 000000000..18240feca
--- /dev/null
+++ b/docs/installation/manual/advanced/lifecycle.md
@@ -0,0 +1,30 @@
+---
+layout: default
+title: Stop/start
+parent: Advanced
+grand_parent: Manual Setup (single container)
+nav_order: 2
+---
+
+# Stopping and starting AliasVault
+You can stop and start AliasVault via the default docker compose commands.
+
+## Stop
+To stop AliasVault:
+```bash
+docker compose down
+```
+
+## Start
+To start AliasVault:
+
+```bash
+docker compose up -d
+```
+
+## Restart
+To restart AliasVault:
+
+```bash
+docker compose restart
+```
diff --git a/docs/installation/install.sh/advanced/uninstall.md b/docs/installation/manual/advanced/uninstall.md
similarity index 92%
rename from docs/installation/install.sh/advanced/uninstall.md
rename to docs/installation/manual/advanced/uninstall.md
index 0b4d82cb8..4487425ff 100644
--- a/docs/installation/install.sh/advanced/uninstall.md
+++ b/docs/installation/manual/advanced/uninstall.md
@@ -2,6 +2,7 @@
 layout: default
 title: Uninstall
 parent: Advanced
+grand_parent: Manual Setup (single container)
 nav_order: 4
 ---
 
diff --git a/docs/installation/docker/index.md b/docs/installation/manual/index.md
similarity index 82%
rename from docs/installation/docker/index.md
rename to docs/installation/manual/index.md
index a1f941826..8b137775c 100644
--- a/docs/installation/docker/index.md
+++ b/docs/installation/manual/index.md
@@ -5,27 +5,24 @@ parent: Self-hosting
 nav_order: 2
 ---
 
-# Self-host via All-In-One Docker image
+# Self-host using manual setup (single container)
 The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses `s6-overlay` to combine all AliasVault's services into one image for convenience. The only downside compared to the `install.sh` installer is that this version does NOT come with SSL support, so you'll have to make the container available through your own SSL proxy.
 
-**Prerequisites:**
-
-This guide assumes you already have the following:
-- Docker (20.10+) and Docker Compose (2.0+) installed on your system
-  - See instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
-- You have existing SSL proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
-- Knowledge of working with direct Docker commands
-- Knowledge of .yml and .env files
+{: .important-title }
+> Requirements:
+> - Docker (20.10+) and Docker Compose (2.0+) installed on your system
+>  - See instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
+> - You have existing SSL proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
+> - Knowledge of working with direct Docker commands
+> - Knowledge of .yml and .env files
 
 ## 1. Basic installation
 1. Create a new folder where you want to store AliasVault's data and configuration folders.
-
 ```bash
 mkdir aliasvault
 cd aliasvault
 ```
-
-2. Create a new `docker-compose.yml` file with the following contents. Note: this will auto-create the directories specified in `volumes:` in the current folder.
+2. Create a new `docker-compose.yml` file with the following contents. Note: the directories specified in `volumes:` will be auto-created in the current folder on container first start.
 
 ```yaml
 services:
@@ -51,20 +48,25 @@ services:
       SUPPORT_EMAIL: ""
       PRIVATE_EMAIL_DOMAINS: ""
 ```
-
 3. Run `docker-compose up -d` to start the container.
+4. After the container has started, AliasVault should now be running. You can access it at:
 
-4. After the container has started, AliasVault will be accessible at:
-  - Client: http://localhost/ or https://localhost/
-  - Admin: http://localhost/admin or https://localhost/admin
-  - API: http://localhost/api or https://localhost/api
+    - Admin Panel: http://localhost/admin
+        - **Username:** admin
+        - **Password:** [*Read instructions on page*]
+
+    - Client Website: http://localhost/
+        - Create your own account from here
+
+    - API: http://localhost/api
+        - Used for configuring the browser extension and mobile app to connect to your server
 
 ---
 
 ## 2. SSL configuration
 HTTPS is required to use AliasVault for using:
 - Web app via non-localhost URLs (because of browser crypto restrictions)
-- Mobile apps require the API URL to have a valid SSL certificate, otherwise the app refuses to connect
+- Mobile apps require the API URL to have a valid SSL certificate, otherwise the app refuses to connect via HTTPS
 
 Configure your existing SSL infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL certificate. E.g. `https://aliasvault.yourdomain.com`.
 
@@ -81,8 +83,8 @@ If you skip this step, AliasVault will default to use public email domains offer
 ---
 
 ### Requirements
-- A **public IPv4 address** with ports 25 and 587 pointing to your AliasVault server
-- Open ports **25** and **587** on your server firewall for email SMTP traffic (NOTE: some residential IP's block this, check with your ISP).
+- A **public IPv4 address** with ports 25 and 587 forwarded to your AliasVault server
+- Open ports **25** and **587** on your server firewall for email SMTP traffic (*NOTE: some residential IP's block this, check with your ISP*).
 
 #### Verifying Port Access
 
diff --git a/docs/installation/manual/troubleshooting.md b/docs/installation/manual/troubleshooting.md
new file mode 100644
index 000000000..ae40d65df
--- /dev/null
+++ b/docs/installation/manual/troubleshooting.md
@@ -0,0 +1,82 @@
+---
+layout: default
+title: Troubleshooting
+parent: Manual Setup (single container)
+nav_order: 2
+---
+
+# Troubleshooting
+
+This guide covers common issues and troubleshooting steps for AliasVault encountered during installation, updates or general maintenance.
+
+{: .toc }
+* TOC
+{:toc}
+
+---
+
+## Check Docker Container Status
+For any issues you might encounter, the first step is to check the Docker containers health. This will give you a quick insight into the status of the individual containers which will help you identify the root cause of the issue.
+
+1. Check the Docker container running status:
+```bash
+docker compose ps
+```
+
+2. Check the Docker container logs
+```
+docker compose logs
+```
+
+3. Try restarting the Docker container
+```bash
+docker compose restart
+```
+
+---
+
+## Check AliasVault Text Logs
+All AliasVault services log information and errors to text files. These files are located in the `logs` directory. You can check the logs of a specific service by running the following command:
+
+```bash
+cat logs/[service-name].txt
+```
+
+---
+
+## Common Issues
+Below are some common issues you might encounter and how to troubleshoot them.
+
+### 1. No emails being received
+If you are not receiving emails on your aliases, check the following:
+- Verify DNS records are correctly configured
+- Ensure ports 25 and 587 are accessible
+- Check your server's firewall settings
+- Verify that your ISP/hosting provider allows SMTP traffic and does not block port 25
+
+Refer to the [installation guide](./index.md) for more information on how to configure your DNS records and ports.
+
+
+### 2. Forgot AliasVault Admin Password
+If you have lost your admin password, you can reset it by running the install script with the `reset-admin-password` option. This will generate a new random password and update the .env file with it. After that it will restart the AliasVault containers to apply the changes.
+
+1. SSH into the aliasvault container:
+```bash
+docker compose exec -it aliasvault /bin/bash
+```
+2. Run the reset-admin-password.sh script:
+```bash
+./reset-admin-password.sh
+```
+3. Remember the password outputted by the step above. Then quit out of the SSH session (ctrl+C) and then restart the container:
+```bash
+docker compose restart
+```
+4. You can now login to the admin panel (/admin) with the new password.
+
+---
+
+## Other Issues
+If you encounter any other issues not mentioned here and need help, please join our Discord server or create an issue on the GitHub repository and we will be happy to help you out.
+
+Find all contact information on the contact page of our website: [https://aliasvault.net/contact](https://aliasvault.net/contact)
\ No newline at end of file

From a14066c43f8d80738f1bffc59c0e478f299c23c9 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sun, 7 Sep 2025 10:35:39 +0200
Subject: [PATCH 09/33] Add database and uninstall docs for manual setup
 (#1181)

---
 docs/installation/index.md                      | 16 ++++++++--------
 .../installer/advanced/uninstall.md             |  2 +-
 docs/installation/installer/index.md            | 12 ++++++------
 docs/installation/installer/troubleshooting.md  |  8 ++++----
 docs/installation/manual/advanced/database.md   | 17 ++++++++++++-----
 docs/installation/manual/advanced/uninstall.md  |  6 +++---
 docs/installation/manual/index.md               | 10 +++++-----
 docs/misc/dev/database-operations.md            |  5 ++---
 8 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/docs/installation/index.md b/docs/installation/index.md
index a311978d5..0af6c28ba 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -15,15 +15,15 @@ AliasVault can be self-hosted on your own servers using two different installati
 [Install AliasVault via installer script (multi-container)](./installer){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 
 > **Best for:**
-> - VM or LXC (Proxmox, DigitalOcean Droplet, VPS, AWS/Azure VM)
-> - Any other host that is directly accessible from the internet and/or has ports 80/443 forwarded to it
-> - When you don't have any SSL termination proxy of your own (yet)
+> - VM or LXC (e.g. Proxmox, DigitalOcean Droplet, VPS, AWS/Azure VM)
+> - When the host is directly accessible from the internet and/or has ports 80/443 forwarded to it
+> - When you don't have any TLS termination proxy of your own (yet)
 
 This option installs the full AliasVault stack **consisting of multiple Docker containers** (client, api, ppostgres, task runner, smtp, admin, reverse proxy) in the background.
 
 The `install.sh` script provides:
 - **Automatic configuration of docker-compose.yml with multiple containers**
-- **Built-in reverse proxy with Let's Encrypt SSL**
+- **Built-in reverse proxy with Let's Encrypt TLS certificates**
 - **Easy updates and migrations** via a custom CLI
 - **Start/stop/uninstall commands** for convenience
 - Allows to build Docker containers from source (optional)
@@ -37,8 +37,8 @@ The `install.sh` script provides:
 
 
 > **Best for:**
-> - Single home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
-> - Advanced users with existing shared SSL infrastructure (Traefik, Nginx, HAProxy, Caddy, etc.)
+> - Multi-purpose home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
+> - Users with existing shared TLS/SSL infrastructure (Traefik, Nginx, HAProxy, Caddy, etc.)
 
 This option runs AliasVault as a **single bundled Docker container** (client, API, Postgres, task runner, SMTP, etc. included).
 
@@ -46,7 +46,7 @@ Everything is managed via **standard Docker commands**:
 - Updates are done manually with `docker pull`
 - In some cases, future updates may require **manual migration steps** (these will be documented)
 - Certain admin actions (e.g. resetting a password) require **manual container access via SSH**
-- SSL termination not included (you must handle HTTPS yourself separately)
+- TLS/SSL termination not included (you must handle HTTPS yourself separately)
 
 
-👉 Use this option if you **already manage SSL**, have an existing host where you are running other Docker apps already, and/or prefer to run AliasVault behind your own reverse proxy setup.
+👉 Use this option if you **already manage TLS/SSL**, have an existing host where you are running other Docker apps already, and/or prefer to manage the AliasVault Docker container with existing management tools like Portainer.
diff --git a/docs/installation/installer/advanced/uninstall.md b/docs/installation/installer/advanced/uninstall.md
index 665361129..825593e6e 100644
--- a/docs/installation/installer/advanced/uninstall.md
+++ b/docs/installation/installer/advanced/uninstall.md
@@ -8,7 +8,7 @@ nav_order: 4
 
 # Uninstall
 
-To uninstall AliasVault, run the install script with the `uninstall` option. This will stop and remove the AliasVault containers, remove the Docker images, and delete the .env file.
+To uninstall AliasVault, run the install script with the `uninstall` option. This will stop and remove the AliasVault containers and remove any local AliasVault Docker images.
 
 {: .note }
 This will not delete any data stored in the database. If you wish to delete all data, you should manually delete the `database` directory and the other directories created by AliasVault.
diff --git a/docs/installation/installer/index.md b/docs/installation/installer/index.md
index 8449663ef..0342b66d3 100644
--- a/docs/installation/installer/index.md
+++ b/docs/installation/installer/index.md
@@ -19,7 +19,7 @@ The following guide will walk you through the steps to install AliasVault on you
 ---
 
 ## 1. Basic Installation
-To get AliasVault up and running quickly, run the install script to pull pre-built Docker images. The install script will also configure the .env file and start the AliasVault containers. You can get up and running in less than 5 minutes.
+To get AliasVault up and running quickly, run the install script to pull pre-built Docker images. The install script will also configure the .env file and start the AliasVault containers.
 
 ### Installation steps
 1. Download the install script to a directory of your choice. All AliasVault files and directories will be created in this directory.
@@ -47,10 +47,10 @@ chmod +x install.sh
 
 ---
 
-## 2. SSL configuration
-The default installation will create a self-signed SSL certificate and configure Nginx to use it. This is sufficient for local deployments using only the web-app, however the mobile apps (iOS and Android) require a valid (external) SSL certificate to be able to connect.
+## 2. TLS/SSL configuration
+The default installation will create a self-signed TLS/SSL certificate and configure Nginx to use it. This is sufficient for local deployments using only the web-app, however the mobile apps (iOS and Android) require a valid (external) SSL certificate to be able to connect.
 
-To generate a valid external SSL certificate for AliasVault, you can use Let's Encrypt via a built-in helper tool. In order to make this work you will need the following:
+To generate a valid external TLS/SSL certificate for AliasVault, you can use Let's Encrypt via a built-in helper tool. In order to make this work you will need the following:
 
 - A public IPv4 address assigned to your server
 - Port 80 and 443 on your server must be open and accessible from the internet
@@ -64,8 +64,8 @@ To generate a valid external SSL certificate for AliasVault, you can use Let's E
 ```
 2. Follow the prompts to configure Let's Encrypt.
 
-### Reverting to self-signed SSL
-If at any point you would like to revert to the self-signed SSL certificate, run the install script again with the `configure-ssl` option
+### Reverting to self-signed TLS/SSL
+If at any point you would like to revert to the self-signed TLS/SSL certificate, run the install script again with the `configure-ssl` option
 and then in the prompt choose option 2.
 
 ---
diff --git a/docs/installation/installer/troubleshooting.md b/docs/installation/installer/troubleshooting.md
index 91699af0d..b8ee1bf78 100644
--- a/docs/installation/installer/troubleshooting.md
+++ b/docs/installation/installer/troubleshooting.md
@@ -70,13 +70,13 @@ docker compose ps
 docker compose logs postgres
 ```
 
-### 2. SSL Certificate Issues
+### 2. TLS/SSL Certificate Issues
 
 **Symptoms:**
-- Browser shows SSL errors
+- Browser shows TLS/SSL errors
 
 **Steps:**
-1. Check the certbot container logs if SSL certificates are being correctly renewed:
+1. Check the certbot container logs if TLS/SSL certificates are being correctly renewed:
 ```bash
 docker compose logs certbot
 ```
@@ -86,7 +86,7 @@ docker compose logs certbot
 docker compose logs reverse-proxy
 ```
 
-3. In case the SSL certificates are being correctly renewed, but the browser still shows SSL errors, try to restart AliasVault manually in order to force the NGINX container to reload the SSL certificates:
+3. In case the SSL certificates are being correctly renewed, but the browser still shows TLS/SSL errors, try to restart AliasVault manually in order to force the NGINX container to reload the TLS/SSL certificates:
 ```bash
 ./install.sh restart
 ```
diff --git a/docs/installation/manual/advanced/database.md b/docs/installation/manual/advanced/database.md
index d4f0dd357..0ad71df8b 100644
--- a/docs/installation/manual/advanced/database.md
+++ b/docs/installation/manual/advanced/database.md
@@ -7,19 +7,26 @@ nav_order: 4
 ---
 
 # Database Operations
-This page explains how to import/export on the AliasVault server database via the `./install.sh` script.
+This page explains how to import/export on the AliasVault server database via Docker commands.
 
 ## Database Export
-In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the `install.sh` script. This script will stop all services, export the database to a file, and then restart the services.
+In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the following command. Run this command from the directory where your AliasVault `docker-compose.yml` is located.
 
 ```bash
-./install.sh db-backup > backup.sql.gz
+docker compose exec aliasvault pg_dump -U aliasvault aliasvault > backup.sql
 ```
 
 ## Database Import
 
-To restore a previously exported database, you can use the `install.sh` script. This script will stop all services, drop the database, import the database from a file, and then restart the services.
+To restore a previously exported database, you can use the following snippet. Run these commands from the directory where your AliasVault `docker-compose.yml` is located.
 
 ```bash
-./install.sh db-restore < backup.sql.gz
+# Drop database first (warning: this can't be undone!)
+docker compose exec -T aliasvault psql -U postgres -d postgres -c "DROP DATABASE IF EXISTS aliasvault WITH (FORCE);"
+
+# Create new empty database
+docker compose exec -T aliasvault psql -U postgres -d postgres -c "CREATE DATABASE aliasvault;"
+
+# Import backup
+docker compose exec -T aliasvault psql -U postgres aliasvault < backup.sql
 ```
diff --git a/docs/installation/manual/advanced/uninstall.md b/docs/installation/manual/advanced/uninstall.md
index 4487425ff..c01d69578 100644
--- a/docs/installation/manual/advanced/uninstall.md
+++ b/docs/installation/manual/advanced/uninstall.md
@@ -8,13 +8,13 @@ nav_order: 4
 
 # Uninstall
 
-To uninstall AliasVault, run the install script with the `uninstall` option. This will stop and remove the AliasVault containers, remove the Docker images, and delete the .env file.
+To uninstall AliasVault, run the following command. This will stop and remove the AliasVault containers and remove the Docker images.
 
 {: .note }
 This will not delete any data stored in the database. If you wish to delete all data, you should manually delete the `database` directory and the other directories created by AliasVault.
 
 ### Steps
-1. Run the install script with the `uninstall` option
+1. Run docker compose down and remove any local Docker images related to AliasVault.
 ```bash
-./install.sh uninstall
+docker compose down --rmi all
 ```
diff --git a/docs/installation/manual/index.md b/docs/installation/manual/index.md
index 8b137775c..680e7f66b 100644
--- a/docs/installation/manual/index.md
+++ b/docs/installation/manual/index.md
@@ -6,13 +6,13 @@ nav_order: 2
 ---
 
 # Self-host using manual setup (single container)
-The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses `s6-overlay` to combine all AliasVault's services into one image for convenience. The only downside compared to the `install.sh` installer is that this version does NOT come with SSL support, so you'll have to make the container available through your own SSL proxy.
+The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses `s6-overlay` to combine all AliasVault's services into one image for convenience. The only downside compared to the `install.sh` installer is that this version does NOT come with SSL/TLS support, so you'll have to make the container available through your own SSL/TLS proxy.
 
 {: .important-title }
 > Requirements:
 > - Docker (20.10+) and Docker Compose (2.0+) installed on your system
 >  - See instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
-> - You have existing SSL proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
+> - You have existing SSL/TLS proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
 > - Knowledge of working with direct Docker commands
 > - Knowledge of .yml and .env files
 
@@ -63,12 +63,12 @@ services:
 
 ---
 
-## 2. SSL configuration
+## 2. SSL/TLS configuration
 HTTPS is required to use AliasVault for using:
 - Web app via non-localhost URLs (because of browser crypto restrictions)
-- Mobile apps require the API URL to have a valid SSL certificate, otherwise the app refuses to connect via HTTPS
+- Mobile apps require the API URL to have a valid TLS certificate, otherwise the app refuses to connect via HTTPS
 
-Configure your existing SSL infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL certificate. E.g. `https://aliasvault.yourdomain.com`.
+Configure your existing TLS infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL/TLS certificate. E.g. `https://aliasvault.yourdomain.com`.
 
 ---
 
diff --git a/docs/misc/dev/database-operations.md b/docs/misc/dev/database-operations.md
index 2384e61ef..3cb2fb288 100644
--- a/docs/misc/dev/database-operations.md
+++ b/docs/misc/dev/database-operations.md
@@ -58,8 +58,7 @@ gunzip < aliasvault.sql.gz | docker compose exec -iT postgres psql -U aliasvault
 ```
 
 ### Change master password
-By default during initial installation the PostgreSQL master password is set to a random string that is
-stored in the `.env` file with the `POSTGRES_PASSWORD` variable.
+By default during initial installation the PostgreSQL master password is set to a random string that is stored in the `./secrets/postgres_password` secret file.
 
 If you wish to change the master password, you can do so by running the following command:
 
@@ -74,7 +73,7 @@ If you wish to change the master password, you can do so by running the followin
     ```
 4. Press Enter to confirm the changes.
 5. Exit the PostgreSQL shell by running `\q`.
-6. Manually update the `.env` file variable `POSTGRES_PASSWORD` with the new password.
+6. Manually update the `./secrets/postgres_password` secret file contents with the new password.
 7. Restart the AliasVault containers by running the following command:
     ```bash
     docker compose restart

From ee2fd9f9aee9f8956efca4740023bed482e0f41d Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sun, 7 Sep 2025 10:52:40 +0200
Subject: [PATCH 10/33] Add 404 and sitemap handler (#1181)

---
 docs/404.html               | 68 +++++++++++++++++++++++++++++++++++++
 docs/Gemfile                |  4 +++
 docs/Gemfile.lock           |  1 +
 docs/_config.yml            | 12 +++++++
 docs/_plugins/404_server.rb | 44 ++++++++++++++++++++++++
 5 files changed, 129 insertions(+)
 create mode 100644 docs/404.html
 create mode 100644 docs/_plugins/404_server.rb

diff --git a/docs/404.html b/docs/404.html
new file mode 100644
index 000000000..dfd401c61
--- /dev/null
+++ b/docs/404.html
@@ -0,0 +1,68 @@
+---
+layout: default
+title: 404 - Page not found
+permalink: /404.html
+nav_exclude: true
+search_exclude: true
+---
+
+<style>
+  .error-404 {
+    text-align: center;
+    padding: 4rem 2rem;
+  }
+  .error-404 h1 {
+    font-size: 6rem;
+    color: #f49541;
+    margin-bottom: 1rem;
+  }
+  .error-404 h2 {
+    font-size: 2rem;
+    margin-bottom: 1rem;
+    color: #f8f9fa;
+  }
+  .error-404 p {
+    font-size: 1.2rem;
+    margin-bottom: 2rem;
+    color: #d1d5db;
+  }
+  .error-404 .btn {
+    display: inline-block;
+    padding: 0.75rem 1.5rem;
+    background-color: #d68338;
+    color: white;
+    text-decoration: none;
+    border-radius: 4px;
+    transition: background-color 0.2s;
+  }
+  .error-404 .btn:hover {
+    background-color: #f49541;
+  }
+  .error-404 .links {
+    margin-top: 2rem;
+  }
+  .error-404 .links a {
+    margin: 0 1rem;
+    color: #f49541;
+    text-decoration: underline;
+  }
+  .error-404 .links a:hover {
+    color: #ffd5a8;
+  }
+</style>
+
+<div class="error-404">
+  <h1>404</h1>
+  <h2>Page Not Found</h2>
+  <p>The page you're looking for doesn't exist or may have been moved.</p>
+  <p>This could happen if the documentation structure has been reorganized or the page has been renamed.</p>
+  
+  <a href="{{ '/' | relative_url }}" class="btn">Go to Home</a>
+  
+  <div class="links">
+    <p>Or try these helpful links:</p>
+    <a href="{{ '/installation/' | relative_url }}">Installation Guide</a>
+    <a href="{{ '/browser-extension/' | relative_url }}">Browser Extension</a>
+    <a href="{{ '/mobile-app/' | relative_url }}">Mobile App</a>
+  </div>
+</div>
\ No newline at end of file
diff --git a/docs/Gemfile b/docs/Gemfile
index 50943fbdc..28b874301 100644
--- a/docs/Gemfile
+++ b/docs/Gemfile
@@ -6,3 +6,7 @@ gem "just-the-docs"
 # If you want to use GitHub Pages, remove the "gem "jekyll"" above and
 # uncomment the line below. To upgrade, run `bundle update github-pages`.
 gem "github-pages", group: :jekyll_plugins
+
+group :jekyll_plugins do
+  gem "jekyll-sitemap"
+end
diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index f68708513..a385a6e8f 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -284,6 +284,7 @@ PLATFORMS
 
 DEPENDENCIES
   github-pages
+  jekyll-sitemap
   just-the-docs
 
 BUNDLED WITH
diff --git a/docs/_config.yml b/docs/_config.yml
index 49a75843d..19d161758 100644
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -41,3 +41,15 @@ callouts:
   important:
     title: Important
     color: yellow
+
+# 404 page
+defaults:
+  - scope:
+      path: "404.html"
+    values:
+      sitemap: false
+
+# Sitemap settings
+url: "https://docs.aliasvault.net"
+plugins:
+  - jekyll-sitemap
diff --git a/docs/_plugins/404_server.rb b/docs/_plugins/404_server.rb
new file mode 100644
index 000000000..032522873
--- /dev/null
+++ b/docs/_plugins/404_server.rb
@@ -0,0 +1,44 @@
+require 'webrick'
+
+module Jekyll
+  class FourOhFourPage < StaticFile
+    def write(dest)
+      true
+    end
+  end
+
+  class FourOhFourGenerator < Generator
+    priority :low
+
+    def generate(site)
+      site.static_files << FourOhFourPage.new(site, site.dest, '/', '404.html')
+    end
+  end
+end
+
+# Override WEBrick to serve 404.html for missing files
+if defined?(WEBrick)
+  module WEBrick
+    class HTTPServlet::FileHandler
+      alias_method :do_GET_original, :do_GET
+
+      def do_GET(req, res)
+        do_GET_original(req, res)
+      rescue HTTPStatus::NotFound => ex
+        return_404_page(req, res)
+      rescue => ex
+        raise ex
+      end
+
+      def return_404_page(req, res)
+        path = File.join(@config[:DocumentRoot], '404.html')
+        if File.exist?(path)
+          res.body = File.read(path)
+          res['content-type'] = 'text/html'
+        else
+          raise HTTPStatus::NotFound
+        end
+      end
+    end
+  end
+end
\ No newline at end of file

From b603a177e2d95d7d8ae1e77ba4be75e90baf7ab3 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sun, 7 Sep 2025 11:39:21 +0200
Subject: [PATCH 11/33] Add update and troubleshooting docs (#1181)

---
 docs/index.md                                 |  4 +-
 docs/installation/installer/index.md          |  2 +-
 .../installation/installer/troubleshooting.md |  4 +-
 docs/installation/installer/update/index.md   |  2 +-
 docs/installation/installer/update/v0.22.0.md |  1 +
 docs/installation/manual/advanced/index.md    |  2 +-
 .../installation/manual/advanced/lifecycle.md |  2 +-
 docs/installation/manual/index.md             | 12 ++--
 docs/installation/manual/troubleshooting.md   |  6 +-
 docs/installation/manual/update/index.md      | 66 +++++++++++++++++++
 10 files changed, 84 insertions(+), 17 deletions(-)
 create mode 100644 docs/installation/manual/update/index.md

diff --git a/docs/index.md b/docs/index.md
index 1095c4b6d..ea8a26b9a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,7 +9,7 @@ permalink: /
 # AliasVault Documentation
 {: .fs-9 }
 
-A self-hostable, end-to-end encrypted password manager with a built-in alias generator and email server.
+A privacy-first password manager with built-in email aliasing. Fully encrypted and self-hostable.
 
 {: .fs-6 .fw-300 }
 
@@ -37,7 +37,7 @@ All data is end-to-end encrypted on the client. Your master password never leave
 Generate virtual email addresses for each identity. Emails sent to these addresses are instantly visible in the AliasVault app.
 
 ### Virtual Identities
-Create separate identities for different purposes, each with its own email aliases and credentials.
+Create separate identities for different purposes, each with its own email aliases.
 
 ---
 
diff --git a/docs/installation/installer/index.md b/docs/installation/installer/index.md
index 0342b66d3..241f3157e 100644
--- a/docs/installation/installer/index.md
+++ b/docs/installation/installer/index.md
@@ -43,7 +43,7 @@ chmod +x install.sh
   - Client: `https://localhost`
   - Admin: `https://localhost/admin`
 
-> Note: if you do not wish to run the `install.sh` wizard but want to use Docker commands directly, follow the [manual setup guide](advanced/manual-setup.md). We do however encourage the use of `install.sh` as it will guide you through all configuration steps and allow you to easily update your AliasVault server later.
+> Note: if you do not wish to run the `install.sh` wizard but prefer to use Docker commands directly, follow the [manual setup guide](../manual) instead.
 
 ---
 
diff --git a/docs/installation/installer/troubleshooting.md b/docs/installation/installer/troubleshooting.md
index b8ee1bf78..80ed7383f 100644
--- a/docs/installation/installer/troubleshooting.md
+++ b/docs/installation/installer/troubleshooting.md
@@ -98,7 +98,7 @@ If you are not receiving emails on your aliases, check the following:
 - Check your server's firewall settings
 - Verify that your ISP/hosting provider allows SMTP traffic
 
-Refer to the [installation guide](./install.md) for more information on how to configure your DNS records and ports.
+Refer to the [installation guide](./#3-email-server-setup) for more information on how to configure your DNS records and ports.
 
 
 ### 4. Forgot AliasVault Admin Password
@@ -113,4 +113,4 @@ If you have lost your admin password, you can reset it by running the install sc
 ## Other Issues
 If you encounter any other issues not mentioned here and need help, please join our Discord server or create an issue on the GitHub repository and we will be happy to help you out.
 
-Find all contact information on the contact page of our website: [https://aliasvault.net/contact](https://aliasvault.net/contact)
\ No newline at end of file
+Find all contact information on the contact page of our website: [https://www.aliasvault.net/contact](https://www.aliasvault.net/contact)
\ No newline at end of file
diff --git a/docs/installation/installer/update/index.md b/docs/installation/installer/update/index.md
index 655de6ff8..87ed6ee45 100644
--- a/docs/installation/installer/update/index.md
+++ b/docs/installation/installer/update/index.md
@@ -56,5 +56,5 @@ To install a specific version and skip the automatic version checks, run the ins
 ./install.sh install <version>
 
 # Example:
-./install.sh install 0.7.0
+./install.sh install 0.22.0
 ```
diff --git a/docs/installation/installer/update/v0.22.0.md b/docs/installation/installer/update/v0.22.0.md
index ad2efbf8b..5b2118e00 100644
--- a/docs/installation/installer/update/v0.22.0.md
+++ b/docs/installation/installer/update/v0.22.0.md
@@ -2,6 +2,7 @@
 layout: default
 title: Update to v0.22.0
 parent: Update
+grand_parent: Installer Script (multi-container)
 nav_order: 1
 ---
 
diff --git a/docs/installation/manual/advanced/index.md b/docs/installation/manual/advanced/index.md
index 52cf4b3a4..053f671a5 100644
--- a/docs/installation/manual/advanced/index.md
+++ b/docs/installation/manual/advanced/index.md
@@ -2,7 +2,7 @@
 layout: default
 title: Advanced
 parent: Manual Setup (single container)
-nav_order: 1
+nav_order: 2
 ---
 
 # Advanced Installation
diff --git a/docs/installation/manual/advanced/lifecycle.md b/docs/installation/manual/advanced/lifecycle.md
index 18240feca..41851e6aa 100644
--- a/docs/installation/manual/advanced/lifecycle.md
+++ b/docs/installation/manual/advanced/lifecycle.md
@@ -7,7 +7,7 @@ nav_order: 2
 ---
 
 # Stopping and starting AliasVault
-You can stop and start AliasVault via the default docker compose commands.
+You can stop and start AliasVault via the default docker compose commands. Run these commands from the directory where your AliasVault `docker-compose.yml` is located.
 
 ## Stop
 To stop AliasVault:
diff --git a/docs/installation/manual/index.md b/docs/installation/manual/index.md
index 680e7f66b..0f5889cba 100644
--- a/docs/installation/manual/index.md
+++ b/docs/installation/manual/index.md
@@ -64,11 +64,11 @@ services:
 ---
 
 ## 2. SSL/TLS configuration
-HTTPS is required to use AliasVault for using:
-- Web app via non-localhost URLs (because of browser crypto restrictions)
-- Mobile apps require the API URL to have a valid TLS certificate, otherwise the app refuses to connect via HTTPS
+To use AliasVault securely, HTTPS is required in the following situations:
+- When accessing the web app from any address other than `localhost` (due to browser security restrictions)
+- When using the mobile apps, which require the API URL to have a valid TLS certificate; otherwise, the app will not connect
 
-Configure your existing TLS infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL/TLS certificate. E.g. `https://aliasvault.yourdomain.com`.
+You must set up and configure your own TLS/SSL infrastructure (such as Traefik, Nginx, HAProxy, or Cloudflare Tunnel) to make the AliasVault container accessible over HTTPS with a valid SSL/TLS certificate. For example: `https://aliasvault.yourdomain.com`.
 
 ---
 
@@ -160,10 +160,10 @@ This keeps the email configuration of your primary domain (`example.com`) comple
 After setting up your DNS, you have to configure AliasVault to let it know which email domains it should support. Update the `docker-compose.yml` file:
 
 ```bash
-[..]
-
+# ...
     environment:
       PRIVATE_EMAIL_DOMAINS: "yourdomain1.com,yourdomain2.com"
+# ...
 ```
 
 After updating the docker-compose.yml file, issue a `docker compose restart`. Afterwards, when you login to the AliasVault web app, you should now be able to create an alias with your domain and be able to receive email on it.
diff --git a/docs/installation/manual/troubleshooting.md b/docs/installation/manual/troubleshooting.md
index ae40d65df..d94d90914 100644
--- a/docs/installation/manual/troubleshooting.md
+++ b/docs/installation/manual/troubleshooting.md
@@ -2,7 +2,7 @@
 layout: default
 title: Troubleshooting
 parent: Manual Setup (single container)
-nav_order: 2
+nav_order: 3
 ---
 
 # Troubleshooting
@@ -54,7 +54,7 @@ If you are not receiving emails on your aliases, check the following:
 - Check your server's firewall settings
 - Verify that your ISP/hosting provider allows SMTP traffic and does not block port 25
 
-Refer to the [installation guide](./index.md) for more information on how to configure your DNS records and ports.
+Refer to the [installation guide](./#3-email-server-setup) for more information on how to configure your DNS records and ports.
 
 
 ### 2. Forgot AliasVault Admin Password
@@ -79,4 +79,4 @@ docker compose restart
 ## Other Issues
 If you encounter any other issues not mentioned here and need help, please join our Discord server or create an issue on the GitHub repository and we will be happy to help you out.
 
-Find all contact information on the contact page of our website: [https://aliasvault.net/contact](https://aliasvault.net/contact)
\ No newline at end of file
+Find all contact information on the contact page of our website: [https://www.aliasvault.net/contact](https://www.aliasvault.net/contact)
\ No newline at end of file
diff --git a/docs/installation/manual/update/index.md b/docs/installation/manual/update/index.md
new file mode 100644
index 000000000..4e459b7a4
--- /dev/null
+++ b/docs/installation/manual/update/index.md
@@ -0,0 +1,66 @@
+---
+layout: default
+title: Update
+parent: Manual Setup (single container)
+nav_order: 1
+---
+
+# Updating AliasVault
+{: .no_toc }
+
+<details open markdown="block">
+  <summary>
+    Table of contents
+  </summary>
+  {: .text-delta }
+1. TOC
+{:toc}
+</details>
+
+## Before You Begin
+You can see the latest available version of AliasVault on [GitHub](https://github.com/aliasvault/aliasvault/releases).
+
+{: .warning }
+Before updating, it's recommended to backup your database and other important data. You can do this by making
+a copy of the `database` and `certificates` directories.
+
+## Standard Update Process
+For most version updates, you can use the standard update process. The container will automatically handle database migrations on startup:
+
+1. Navigate to your AliasVault directory:
+```bash
+cd /path/to/your/aliasvault
+```
+
+2. Pull the latest Docker image:
+```bash
+docker compose pull
+```
+
+3. Restart the container with the new image:
+```bash
+docker compose down && docker compose up -d
+```
+
+## Version-Specific Upgrade Guides
+While database migrations are automated, some releases may require manual file/config migration steps. Always check this page before updating to ensure you don't miss any required manual steps.
+
+> Currently there are no version-specific manual migration steps required for the single container setup. Check back here when updating to ensure you haven't missed any new requirements.
+
+## Additional Update Options
+
+### Installing a Specific Version
+If you need to install a specific version instead of the latest, you can do the following. Note: downgrading to a previous version is not officially supported and may lead to unexpected issues, as database schema changes may prevent older versions from working correctly.
+
+1. Edit your `docker-compose.yml` file
+2. Change the image tag from `:latest` to a specific version:
+```yaml
+# ...
+image: ghcr.io/aliasvault/aliasvault:0.23.0  # Replace with desired version
+# ... rest of configuration
+```
+3. Pull and restart:
+```bash
+docker compose pull
+docker compose down && docker compose up -d
+```

From 864a7630d58ebae92a93daba037ba0115cb4be13 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Sun, 7 Sep 2025 12:00:45 +0200
Subject: [PATCH 12/33] Tweak HTTPS required message, tweak crypto.js error
 handling (#1181)

---
 .../AliasVault.Client/Auth/Pages/Start.razor  | 32 +++++++++++
 .../Main/Layout/Footer.razor                  | 55 +------------------
 .../Resources/Layout/Footer.en.resx           |  8 ---
 .../Resources/Pages/Auth/Start.en.resx        |  8 +++
 .../wwwroot/css/tailwind.css                  | 37 ++++++++-----
 .../AliasVault.Client/wwwroot/js/crypto.js    | 35 ++++++++++++
 6 files changed, 100 insertions(+), 75 deletions(-)

diff --git a/apps/server/AliasVault.Client/Auth/Pages/Start.razor b/apps/server/AliasVault.Client/Auth/Pages/Start.razor
index 36af992cb..75b220d3b 100644
--- a/apps/server/AliasVault.Client/Auth/Pages/Start.razor
+++ b/apps/server/AliasVault.Client/Auth/Pages/Start.razor
@@ -30,6 +30,22 @@
                 <p class="text-lg text-gray-600 dark:text-gray-300 mb-8">
                     @Localizer["TaglineText"]
                 </p>
+                @if (_isHttpWarning)
+                {
+                    <div class="bg-orange-100 border-l-4 border-orange-500 text-orange-700 p-4 mb-6" role="alert">
+                        <div class="flex">
+                            <div class="py-1">
+                                <svg class="fill-current h-6 w-6 text-orange-500 mr-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
+                                    <path d="M2.93 17.07A10 10 0 1 1 17.07 2.93 10 10 0 0 1 2.93 17.07zm12.73-1.41A8 8 0 1 0 4.34 4.34a8 8 0 0 0 11.32 11.32zM9 11V9h2v6H9v-4zm0-6h2v2H9V5z"/>
+                                </svg>
+                            </div>
+                            <div>
+                                <p class="font-bold">@Localizer["HttpsWarningTitle"]</p>
+                                <p class="text-sm">@Localizer["HttpsWarningMessage"]</p>
+                            </div>
+                        </div>
+                    </div>
+                }
                 <div class="space-y-4">
                     @if (Config.PublicRegistrationEnabled)
                     {
@@ -50,6 +66,7 @@
 
 @code {
     private IStringLocalizer Localizer => LocalizerFactory.Create("Pages.Auth.Start", "AliasVault.Client");
+    private bool _isHttpWarning = false;
 
     /// <inheritdoc />
     protected override async Task OnInitializedAsync()
@@ -62,5 +79,20 @@
             // Already authenticated, redirect to home page.
             NavigationManager.NavigateTo("/");
         }
+
+        CheckHttpProtocol();
+    }
+
+    /// <summary>
+    /// Checks if the current URL is using HTTP and shows warning if needed.
+    /// Only shows warning for non-localhost hostnames since browsers allow crypto operations on localhost via HTTP.
+    /// </summary>
+    private void CheckHttpProtocol()
+    {
+        var uri = new Uri(NavigationManager.Uri);
+        var isLocalhost = uri.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase) ||
+                         uri.Host.Equals("127.0.0.1", StringComparison.OrdinalIgnoreCase) ||
+                         uri.Host.Equals("::1", StringComparison.OrdinalIgnoreCase);
+        _isHttpWarning = uri.Scheme == "http" && !isLocalhost;
     }
 }
diff --git a/apps/server/AliasVault.Client/Main/Layout/Footer.razor b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
index d535e624c..b6b719ab4 100644
--- a/apps/server/AliasVault.Client/Main/Layout/Footer.razor
+++ b/apps/server/AliasVault.Client/Main/Layout/Footer.razor
@@ -4,31 +4,7 @@
 @using Microsoft.Extensions.Localization
 @implements IDisposable
 
-@if (_isHttpWarning)
-{
-    <div class="fixed bottom-0 left-0 right-0 z-50 bg-orange-500 text-white px-4 py-3">
-        <div class="container mx-auto">
-            <div class="flex items-center justify-between">
-                <div class="flex items-center space-x-3">
-                    <svg class="w-5 h-5 text-white" fill="currentColor" viewBox="0 0 20 20">
-                        <path fill-rule="evenodd" d="M8.257 3.099c.765-1.36 2.722-1.36 3.486 0l5.58 9.92c.75 1.334-.213 2.98-1.742 2.98H4.42c-1.53 0-2.493-1.646-1.743-2.98l5.58-9.92zM11 13a1 1 0 11-2 0 1 1 0 012 0zm-1-8a1 1 0 00-1 1v3a1 1 0 002 0V6a1 1 0 00-1-1z" clip-rule="evenodd"></path>
-                    </svg>
-                    <div>
-                        <p class="font-medium">@Localizer["HttpsWarningTitle"]</p>
-                        <p class="text-sm">@Localizer["HttpsWarningMessage"]</p>
-                    </div>
-                </div>
-                <button @onclick="DismissHttpWarning" class="text-white hover:text-gray-200 ml-4">
-                    <svg class="w-5 h-5" fill="currentColor" viewBox="0 0 20 20">
-                        <path fill-rule="evenodd" d="M4.293 4.293a1 1 0 011.414 0L10 8.586l4.293-4.293a1 1 0 111.414 1.414L11.414 10l4.293 4.293a1 1 0 01-1.414 1.414L10 11.414l-4.293 4.293a1 1 0 01-1.414-1.414L8.586 10 4.293 5.707a1 1 0 010-1.414z" clip-rule="evenodd"></path>
-                    </svg>
-                </button>
-            </div>
-        </div>
-    </div>
-}
-
-<footer class="relative -z-10 lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "") @(_isHttpWarning ? "mb-20" : "")">
+<footer class="relative -z-10 lg:fixed bottom-0 left-0 right-0 dark:bg-gray-900 @(ShowBorder ? "border-t border-gray-200 dark:border-gray-700" : "")">
     <div class="container mx-auto px-4 py-4">
         <div class="flex flex-col lg:flex-row justify-between items-center">
             <p class="text-sm text-center text-gray-500 mb-4 lg:mb-0">
@@ -62,14 +38,11 @@
     ];
 
     private string _randomQuote = string.Empty;
-    private bool _isHttpWarning = false;
-    private bool _httpWarningDismissed = false;
 
     /// <inheritdoc />
     public void Dispose()
     {
         NavigationManager.LocationChanged -= RefreshQuote;
-        NavigationManager.LocationChanged -= CheckHttpProtocol;
     }
 
     /// <inheritdoc />
@@ -79,8 +52,6 @@
         {
             _randomQuote = Quotes[Random.Shared.Next(Quotes.Length)];
             NavigationManager.LocationChanged += RefreshQuote;
-            NavigationManager.LocationChanged += CheckHttpProtocol;
-            CheckHttpProtocol(null, null);
         }
     }
 
@@ -92,28 +63,4 @@
         _randomQuote = Quotes[Random.Shared.Next(Quotes.Length)];
         StateHasChanged();
     }
-
-    /// <summary>
-    /// Checks if the current URL is using HTTP and shows warning if needed.
-    /// Only shows warning for non-localhost hostnames since browsers allow crypto operations on localhost via HTTP.
-    /// </summary>
-    private void CheckHttpProtocol(object? sender, LocationChangedEventArgs? e)
-    {
-        var uri = new Uri(NavigationManager.Uri);
-        var isLocalhost = uri.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase) || 
-                         uri.Host.Equals("127.0.0.1", StringComparison.OrdinalIgnoreCase) ||
-                         uri.Host.Equals("::1", StringComparison.OrdinalIgnoreCase);
-        _isHttpWarning = !_httpWarningDismissed && uri.Scheme == "http" && !isLocalhost;
-        StateHasChanged();
-    }
-
-    /// <summary>
-    /// Dismisses the HTTP warning.
-    /// </summary>
-    private void DismissHttpWarning()
-    {
-        _httpWarningDismissed = true;
-        _isHttpWarning = false;
-        StateHasChanged();
-    }
 }
diff --git a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
index 7619df498..bc0918479 100644
--- a/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
+++ b/apps/server/AliasVault.Client/Resources/Layout/Footer.en.resx
@@ -78,12 +78,4 @@
     <value>Tip: Use the g+l (go lock) keyboard shortcut to lock the vault.</value>
     <comment>Tip about keyboard shortcut for locking vault</comment>
   </data>
-  <data name="HttpsWarningTitle" xml:space="preserve">
-    <value>HTTPS Required</value>
-    <comment>Title for HTTPS warning banner</comment>
-  </data>
-  <data name="HttpsWarningMessage" xml:space="preserve">
-    <value>Browsers only allow secure crypto operations via HTTPS, except for localhost. Login/registration won't work over HTTP with the current hostname. Please switch to HTTPS.</value>
-    <comment>Message explaining why HTTPS is required</comment>
-  </data>
 </root>
\ No newline at end of file
diff --git a/apps/server/AliasVault.Client/Resources/Pages/Auth/Start.en.resx b/apps/server/AliasVault.Client/Resources/Pages/Auth/Start.en.resx
index c73f047fc..7e188fe8f 100644
--- a/apps/server/AliasVault.Client/Resources/Pages/Auth/Start.en.resx
+++ b/apps/server/AliasVault.Client/Resources/Pages/Auth/Start.en.resx
@@ -74,4 +74,12 @@
     <value>Log in with existing account</value>
     <comment>Button text for logging in with existing account</comment>
   </data>
+  <data name="HttpsWarningTitle" xml:space="preserve">
+    <value>HTTPS Required</value>
+    <comment>Title for HTTPS warning banner</comment>
+  </data>
+  <data name="HttpsWarningMessage" xml:space="preserve">
+    <value>Browsers only allow secure crypto operations via HTTPS, except for localhost. Login/registration won't work over HTTP with the current hostname. Please switch to HTTPS.</value>
+    <comment>Message explaining why HTTPS is required</comment>
+  </data>
 </root>
\ No newline at end of file
diff --git a/apps/server/AliasVault.Client/wwwroot/css/tailwind.css b/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
index 79adb97aa..bf4057d68 100644
--- a/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
+++ b/apps/server/AliasVault.Client/wwwroot/css/tailwind.css
@@ -866,14 +866,6 @@ video {
   margin-top: 2rem;
 }
 
-.mb-20 {
-  margin-bottom: 5rem;
-}
-
-.ml-4 {
-  margin-left: 1rem;
-}
-
 .block {
   display: block;
 }
@@ -1533,6 +1525,11 @@ video {
   border-color: rgb(254 215 170 / var(--tw-border-opacity));
 }
 
+.border-orange-500 {
+  --tw-border-opacity: 1;
+  border-color: rgb(249 115 22 / var(--tw-border-opacity));
+}
+
 .border-primary-100 {
   --tw-border-opacity: 1;
   border-color: rgb(253 222 133 / var(--tw-border-opacity));
@@ -1673,6 +1670,11 @@ video {
   background-color: rgb(238 242 255 / var(--tw-bg-opacity));
 }
 
+.bg-orange-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 237 213 / var(--tw-bg-opacity));
+}
+
 .bg-orange-50 {
   --tw-bg-opacity: 1;
   background-color: rgb(255 247 237 / var(--tw-bg-opacity));
@@ -1779,6 +1781,10 @@ video {
   --tw-gradient-to: #d68338 var(--tw-gradient-to-position);
 }
 
+.fill-current {
+  fill: currentColor;
+}
+
 .fill-primary-600 {
   fill: #d68338;
 }
@@ -2154,6 +2160,16 @@ video {
   color: rgb(67 56 202 / var(--tw-text-opacity));
 }
 
+.text-orange-500 {
+  --tw-text-opacity: 1;
+  color: rgb(249 115 22 / var(--tw-text-opacity));
+}
+
+.text-orange-700 {
+  --tw-text-opacity: 1;
+  color: rgb(194 65 12 / var(--tw-text-opacity));
+}
+
 .text-orange-800 {
   --tw-text-opacity: 1;
   color: rgb(154 52 18 / var(--tw-text-opacity));
@@ -2558,11 +2574,6 @@ video {
   color: rgb(255 255 255 / var(--tw-text-opacity));
 }
 
-.hover\:text-gray-200:hover {
-  --tw-text-opacity: 1;
-  color: rgb(229 231 235 / var(--tw-text-opacity));
-}
-
 .hover\:underline:hover {
   text-decoration-line: underline;
 }
diff --git a/apps/server/AliasVault.Client/wwwroot/js/crypto.js b/apps/server/AliasVault.Client/wwwroot/js/crypto.js
index a834ce34a..7610ba8af 100644
--- a/apps/server/AliasVault.Client/wwwroot/js/crypto.js
+++ b/apps/server/AliasVault.Client/wwwroot/js/crypto.js
@@ -1,9 +1,34 @@
+/**
+ * Custom error class for crypto availability issues
+ */
+class CryptoNotAvailableError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CryptoNotAvailableError';
+        // Prevent stack trace from being captured
+        this.stack = '';
+    }
+}
+
+/**
+ * Check if crypto API is available and throw user-friendly error if not.
+ */
+function checkCryptoAvailable() {
+    if (!window.crypto || !window.crypto.subtle) {
+        const error = new CryptoNotAvailableError("Cryptographic operations are not available. Please ensure you are accessing AliasVault over HTTPS, as this is required for security features to work properly.");
+        console.error(error.message);
+        throw error;
+    }
+}
+
 /**
  * AES (symmetric) encryption and decryption functions.
  * @type {{encrypt: (function(*, *): Promise<string>), decrypt: (function(*, *): Promise<string>), decryptBytes: (function(*, *): Promise<Uint8Array>)}}
  */
 window.cryptoInterop = {
     encrypt: async function (plaintext, base64Key) {
+        checkCryptoAvailable();
+        
         const key = await window.crypto.subtle.importKey(
             "raw",
             Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
@@ -36,6 +61,8 @@ window.cryptoInterop = {
         );
     },
     decrypt: async function (base64Ciphertext, base64Key) {
+        checkCryptoAvailable();
+        
         const key = await window.crypto.subtle.importKey(
             "raw",
             Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
@@ -61,6 +88,8 @@ window.cryptoInterop = {
         return decoder.decode(decrypted);
     },
     decryptBytes: async function (base64Ciphertext, base64Key) {
+        checkCryptoAvailable();
+        
         const key = await window.crypto.subtle.importKey(
             "raw",
             Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
@@ -96,6 +125,8 @@ window.rsaInterop = {
      * @returns {Promise<{publicKey: string, privateKey: string}>} A promise that resolves to an object containing the public and private keys as JWK strings.
      */
     generateRsaKeyPair : async function() {
+        checkCryptoAvailable();
+        
         const keyPair = await window.crypto.subtle.generateKey(
             {
                 name: "RSA-OAEP",
@@ -122,6 +153,8 @@ window.rsaInterop = {
      * @returns {Promise<string>} A promise that resolves to the encrypted data as a base64-encoded string.
      */
     encryptWithPublicKey : async function(plaintext, publicKey) {
+        checkCryptoAvailable();
+        
         const publicKeyObj = await window.crypto.subtle.importKey(
             "jwk",
             JSON.parse(publicKey),
@@ -151,6 +184,8 @@ window.rsaInterop = {
      * @returns {Promise<Uint8Array>} A promise that resolves to the decrypted data as a Uint8Array.
      */
     decryptWithPrivateKey: async function(ciphertext, privateKey) {
+        checkCryptoAvailable();
+        
         try {
             // Parse the private key
             let parsedPrivateKey = JSON.parse(privateKey);

From 3122dc4807577daadc4f422b85a8bc1e95ef1b16 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 11:38:12 +0200
Subject: [PATCH 13/33] Update doc self-host titles (#1181)

---
 docs/index.md                        | 2 +-
 docs/installation/index.md           | 4 ++--
 docs/installation/installer/index.md | 2 +-
 docs/installation/manual/index.md    | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index ea8a26b9a..8379d7491 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -13,7 +13,7 @@ A privacy-first password manager with built-in email aliasing. Fully encrypted a
 
 {: .fs-6 .fw-300 }
 
-[Self-host installation](./installation/install){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[Self-host installation](./installation){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 [View on GitHub](https://github.com/aliasvault/aliasvault){: .btn .fs-5 .mb-4 .mb-md-0 }
 
 ---
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 0af6c28ba..f6df5396f 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -1,10 +1,10 @@
 ---
 layout: default
-title: Self-hosting
+title: Self-host Install
 nav_order: 2
 ---
 
-# Self-hosting
+# Self-host Install
 
 AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself:
 
diff --git a/docs/installation/installer/index.md b/docs/installation/installer/index.md
index 241f3157e..7ee78b0fe 100644
--- a/docs/installation/installer/index.md
+++ b/docs/installation/installer/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Installer Script (multi-container)
-parent: Self-hosting
+parent: Self-host Install
 nav_order: 1
 ---
 
diff --git a/docs/installation/manual/index.md b/docs/installation/manual/index.md
index 0f5889cba..ce8f8e8d1 100644
--- a/docs/installation/manual/index.md
+++ b/docs/installation/manual/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Manual Setup (single container)
-parent: Self-hosting
+parent: Self-host Install
 nav_order: 2
 ---
 

From b5207d97fb9c40822ecf2c40d9d260048492e2b8 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 14:03:54 +0200
Subject: [PATCH 14/33] Add comparison table to install method index page
 (#1181)

---
 docs/index.md              |   2 +-
 docs/installation/index.md | 128 ++++++++++++++++++++++++++++---------
 2 files changed, 98 insertions(+), 32 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 8379d7491..9fb7b6ccf 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -13,7 +13,7 @@ A privacy-first password manager with built-in email aliasing. Fully encrypted a
 
 {: .fs-6 .fw-300 }
 
-[Self-host installation](./installation){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
+[Self-host Install](./installation){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
 [View on GitHub](https://github.com/aliasvault/aliasvault){: .btn .fs-5 .mb-4 .mb-md-0 }
 
 ---
diff --git a/docs/installation/index.md b/docs/installation/index.md
index f6df5396f..60c663366 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -8,45 +8,111 @@ nav_order: 2
 
 AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself:
 
----
+|                          | **Option 1: Installer Script (multi-container)** | **Option 2: Manual Setup (single container)** |
+|--------------------------|---------------------------------------------------|-----------------------------------------------|
+| **Best for**             | ☁️ VPS/VM/Proxmox, cloud hosts, DigitalOcean, AWS/Azure | 🏠 NAS/Synology/Unraid, Raspberry Pi, home servers |
+| **Internet accessible**  | Direct internet access with ports 80/443         | Behind existing infrastructure                |
+| **TLS/SSL**              | Built-in reverse proxy + Let's Encrypt (automatic) | Bring your own (Traefik, Nginx, HAProxy, Caddy) |
+| **Containers**           | Multiple containers (client, api, postgres, task runner, smtp, admin, reverse proxy) | Single bundled container (all-in-one)         |
+| **Configuration**        | Automatic docker-compose.yml setup               | Standard Docker commands                      |
+| **Updates**              | `install.sh` assisted updates & migrations                | `docker pull` (manual); occasional manual migrations |
+| **Admin actions**        | `install.sh` helpers for admin password reset              | SSH into container for certain tasks (e.g. password reset) |
+| **Setup style**          | Managed, opinionated, production-ready defaults  | Fits into existing homelab/stack tools (Portainer compatible) |
+| **Build from source**    | Optional (supported)                             | Pre-built container only                      |
+| **Choose if…**           | You want auto SSL and a managed stack            | You already have TLS and prefer manual control |
+|                          | [**Self-host via Installer Script →**](./installer){: .btn .btn-primary } | [**Self-host via Manual Setup →**](./manual){: .btn .btn-primary } |
 
-## Option 1: Installer Script (multi-container)
-
-[Install AliasVault via installer script (multi-container)](./installer){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 .mr-2 }
-
-> **Best for:**
-> - VM or LXC (e.g. Proxmox, DigitalOcean Droplet, VPS, AWS/Azure VM)
-> - When the host is directly accessible from the internet and/or has ports 80/443 forwarded to it
-> - When you don't have any TLS termination proxy of your own (yet)
-
-This option installs the full AliasVault stack **consisting of multiple Docker containers** (client, api, ppostgres, task runner, smtp, admin, reverse proxy) in the background.
-
-The `install.sh` script provides:
-- **Automatic configuration of docker-compose.yml with multiple containers**
-- **Built-in reverse proxy with Let's Encrypt TLS certificates**
-- **Easy updates and migrations** via a custom CLI
-- **Start/stop/uninstall commands** for convenience
-- Allows to build Docker containers from source (optional)
-- Opinionated defaults for a secure, production-ready setup
 
 ---
 
-## Option 2: Manual Setup (single container)
+## Frequently Asked Questions
 
-[Install AliasVault via manual setup (single container)](./manual){: .btn .btn-primary .fs-5 .mb-4 .mb-md-0 }
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">Which installation method should I choose?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
 
+**Choose the Installer Script if:**
+- You have a dedicated VM or VPS for AliasVault
+- Your server is directly accessible from the internet
+- You want automatic SSL certificates via Let's Encrypt
+- You prefer a managed, production-ready setup with CLI helpers
 
-> **Best for:**
-> - Multi-purpose home servers / NAS (Synology, Unraid, Raspberry Pi, local Docker)
-> - Users with existing shared TLS/SSL infrastructure (Traefik, Nginx, HAProxy, Caddy, etc.)
+**Choose Manual Setup if:**
+- You're running a home server or NAS (Synology, Unraid, etc.)
+- You already have a reverse proxy handling SSL (Traefik, Nginx, Caddy)
+- You want to manage AliasVault alongside other Docker containers
+- You prefer using standard Docker commands and tools like Portainer
 
-This option runs AliasVault as a **single bundled Docker container** (client, API, Postgres, task runner, SMTP, etc. included).
+</div>
+</details>
 
-Everything is managed via **standard Docker commands**:
-- Updates are done manually with `docker pull`
-- In some cases, future updates may require **manual migration steps** (these will be documented)
-- Certain admin actions (e.g. resetting a password) require **manual container access via SSH**
-- TLS/SSL termination not included (you must handle HTTPS yourself separately)
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">What's the difference between multi-container and single container?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
 
+| **Multi-container (Installer Script)** | **Single container (Manual Setup)** |
+|----------------------------------------|-------------------------------------|
+| Separates services into individual containers | All services bundled in one container |
+| Easier to scale individual components | Simpler to manage with Docker commands |
+| Uses docker-compose for orchestration | Lower resource overhead |
+| Better for production deployments | Better for home labs and personal use |
 
-👉 Use this option if you **already manage TLS/SSL**, have an existing host where you are running other Docker apps already, and/or prefer to manage the AliasVault Docker container with existing management tools like Portainer.
+</div>
+</details>
+
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">Do I need to handle SSL/TLS certificates myself?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
+
+- **Installer Script**: No, it includes automatic Let's Encrypt certificates
+- **Manual Setup**: Yes, you need your own reverse proxy for HTTPS
+
+</div>
+</details>
+
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">How do updates work?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
+
+| Method | Update Process |
+|--------|---------------|
+| **Installer Script** | Run `./install.sh update` for automated updates and migrations |
+| **Manual Setup** | Use `docker pull` to get the latest image; manual migrations may be required |
+
+</div>
+</details>
+
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">Can I migrate between installation methods?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
+
+Yes! Both methods use the same bind mount directories (`/database`, `/certificates`, `/logs`, `/secrets`), making migration straightforward. Simply stop/uninstall via one method and follow the installation steps for the other - your data will be preserved.
+
+</div>
+</details>
+
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">What are the system requirements?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
+
+**Minimum requirements:**
+- 64-bit Linux OS (Ubuntu or RHEL-based recommended)
+- 1 vCPU, 1GB RAM, 16GB disk
+- Docker CE (≥ 20.10) and Docker Compose (≥ 2.0)
+
+**Network requirements:**
+- Ports 80 and 443 available
+- Optional: Ports 25 and 587 for private email domains
+
+</div>
+</details>
+
+<details style="margin-bottom: 10px;">
+<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">Can I build from source?</summary>
+<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
+
+- **Installer Script**: Yes, optional build from source is supported
+- **Manual Setup**: No, uses pre-built container images only
+
+</div>
+</details>

From 410e8458116ccacdef4156d68f1ae67e8a547775 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 15:09:44 +0200
Subject: [PATCH 15/33] Update self-host install titles (#1181)

---
 docs/installation/index.md                    |  4 +-
 .../installer/advanced/build-from-source.md   |  2 +-
 .../installer/advanced/database.md            |  2 +-
 docs/installation/installer/advanced/index.md |  2 +-
 .../installer/advanced/lifecycle.md           |  2 +-
 .../installer/advanced/uninstall.md           |  2 +-
 docs/installation/installer/index-bak.md      | 73 +++++++++++++++++++
 docs/installation/installer/index.md          |  4 +-
 .../installation/installer/troubleshooting.md |  2 +-
 docs/installation/installer/update/index.md   |  2 +-
 docs/installation/installer/update/v0.22.0.md |  2 +-
 docs/installation/manual/advanced/database.md |  2 +-
 docs/installation/manual/advanced/index.md    |  2 +-
 .../installation/manual/advanced/lifecycle.md |  2 +-
 .../installation/manual/advanced/uninstall.md |  2 +-
 docs/installation/manual/index.md             |  2 +-
 docs/installation/manual/troubleshooting.md   |  2 +-
 docs/installation/manual/update/index.md      |  2 +-
 18 files changed, 92 insertions(+), 19 deletions(-)
 create mode 100644 docs/installation/installer/index-bak.md

diff --git a/docs/installation/index.md b/docs/installation/index.md
index 60c663366..c99294c81 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -6,9 +6,9 @@ nav_order: 2
 
 # Self-host Install
 
-AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself:
+AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself. For ease of use, we recommend using the Installer Script (Option 1).
 
-|                          | **Option 1: Installer Script (multi-container)** | **Option 2: Manual Setup (single container)** |
+|                          | **Option 1: Install Script (multi-container)** | **Option 2: Manual Setup (single container)** |
 |--------------------------|---------------------------------------------------|-----------------------------------------------|
 | **Best for**             | ☁️ VPS/VM/Proxmox, cloud hosts, DigitalOcean, AWS/Azure | 🏠 NAS/Synology/Unraid, Raspberry Pi, home servers |
 | **Internet accessible**  | Direct internet access with ports 80/443         | Behind existing infrastructure                |
diff --git a/docs/installation/installer/advanced/build-from-source.md b/docs/installation/installer/advanced/build-from-source.md
index a35eb09f5..8c6112cc5 100644
--- a/docs/installation/installer/advanced/build-from-source.md
+++ b/docs/installation/installer/advanced/build-from-source.md
@@ -2,7 +2,7 @@
 layout: default
 title: Build from Source
 parent: Advanced
-grand_parent: Installer Script (multi-container)
+grand_parent: Install Script
 nav_order: 3
 ---
 
diff --git a/docs/installation/installer/advanced/database.md b/docs/installation/installer/advanced/database.md
index 1cd0c67fa..7d31dd49e 100644
--- a/docs/installation/installer/advanced/database.md
+++ b/docs/installation/installer/advanced/database.md
@@ -2,7 +2,7 @@
 layout: default
 title: Database Operations
 parent: Advanced
-grand_parent: Installer Script (multi-container)
+grand_parent: Install Script
 nav_order: 4
 ---
 
diff --git a/docs/installation/installer/advanced/index.md b/docs/installation/installer/advanced/index.md
index 14aacec44..ba60d6d14 100644
--- a/docs/installation/installer/advanced/index.md
+++ b/docs/installation/installer/advanced/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Advanced
-parent: Installer Script (multi-container)
+parent: Install Script
 nav_order: 4
 ---
 
diff --git a/docs/installation/installer/advanced/lifecycle.md b/docs/installation/installer/advanced/lifecycle.md
index abea31f63..7407b9caa 100644
--- a/docs/installation/installer/advanced/lifecycle.md
+++ b/docs/installation/installer/advanced/lifecycle.md
@@ -2,7 +2,7 @@
 layout: default
 title: Stop/start
 parent: Advanced
-grand_parent: Installer Script (multi-container)
+grand_parent: Install Script
 nav_order: 2
 ---
 
diff --git a/docs/installation/installer/advanced/uninstall.md b/docs/installation/installer/advanced/uninstall.md
index 825593e6e..53aefa50f 100644
--- a/docs/installation/installer/advanced/uninstall.md
+++ b/docs/installation/installer/advanced/uninstall.md
@@ -2,7 +2,7 @@
 layout: default
 title: Uninstall
 parent: Advanced
-grand_parent: Installer Script (multi-container)
+grand_parent: Install Script
 nav_order: 4
 ---
 
diff --git a/docs/installation/installer/index-bak.md b/docs/installation/installer/index-bak.md
new file mode 100644
index 000000000..068e54638
--- /dev/null
+++ b/docs/installation/installer/index-bak.md
@@ -0,0 +1,73 @@
+---
+layout: default
+title: Installer Script (multi-container)
+parent: Self-host Installs
+nav_order: 1
+has_children: true
+---
+
+# Installer Script (multi-container)
+
+The installer script provides a managed, production-ready deployment of AliasVault using multiple Docker containers. This method includes automatic SSL certificates, built-in reverse proxy, and CLI-based management tools.
+
+{: .important }
+> **Best for:** VPS, cloud hosting (AWS, Azure, DigitalOcean), dedicated servers with direct internet access
+
+1. **New Installation?** Start with the [Installation Guide](./installation)
+2. **Upgrading?** Check the [Update Guide](./update/)
+3. **Need Help?** Visit [Troubleshooting](./troubleshooting) or join our [Discord](https://discord.gg/DsaXMTEtpF)
+
+## 📚 Documentation
+
+<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 20px; margin: 20px 0;">
+
+<div style="background: #4a5568; border: 1px solid #d1d5da; border-radius: 8px; padding: 20px;">
+<h3 style="margin-top: 0;">🚀 Getting Started</h3>
+<p>Initial installation and configuration</p>
+<ul style="list-style: none; padding: 0;">
+<li>📖 <a href="./installation">Installation Guide</a></li>
+<li>🔒 <a href="./installation#tls-ssl-configuration">SSL/TLS Setup</a></li>
+<li>📧 <a href="./installation#email-server-setup">Email Configuration</a></li>
+<li>👤 <a href="./installation#configure-account-registration">Registration Settings</a></li>
+</ul>
+</div>
+
+<div style="background: #4a5568; border: 1px solid #d1d5da; border-radius: 8px; padding: 20px;">
+<h3 style="margin-top: 0;">🔄 Updates & Maintenance</h3>
+<p>Keep your instance up-to-date</p>
+<ul style="list-style: none; padding: 0;">
+<li>📖 <a href="./update/">Update Guide</a></li>
+<li>💾 <a href="./advanced/database">Database Backup</a></li>
+<li>🗑️ <a href="./advanced/uninstall">Uninstall Guide</a></li>
+</ul>
+</div>
+
+<div style="background: #4a5568; border: 1px solid #d1d5da; border-radius: 8px; padding: 20px;">
+<h3 style="margin-top: 0;">❓ Help & Support</h3>
+<p>Troubleshooting and assistance</p>
+<ul style="list-style: none; padding: 0;">
+<li>🐛 <a href="./troubleshooting">Troubleshooting Guide</a></li>
+<li>💬 <a href="https://discord.gg/DsaXMTEtpF">Discord Community</a></li>
+<li>📝 <a href="https://github.com/aliasvault/aliasvault/issues">Report Issues</a></li>
+</ul>
+</div>
+
+</div>
+
+---
+
+## Architecture Overview
+
+The installer script deploys AliasVault as a multi-container application:
+
+| Container | Purpose |
+|-----------|---------|
+| **reverse-proxy** | Nginx reverse proxy with SSL termination |
+| **client** | Web interface (Blazor WebAssembly) |
+| **api** | REST API backend |
+| **admin** | Admin portal |
+| **postgres** | PostgreSQL database |
+| **smtp** | Email server for aliases |
+| **task-runner** | Background jobs and maintenance |
+
+All containers are managed via `./install.sh` (which uses `docker compose` in the background) and configured through a centralized `.env` file.
diff --git a/docs/installation/installer/index.md b/docs/installation/installer/index.md
index 7ee78b0fe..c64cfbc3f 100644
--- a/docs/installation/installer/index.md
+++ b/docs/installation/installer/index.md
@@ -1,11 +1,11 @@
 ---
 layout: default
-title: Installer Script (multi-container)
+title: Install Script
 parent: Self-host Install
 nav_order: 1
 ---
 
-# Self-host using installer script (multi-container)
+# Self-host using install script (multi-container)
 The following guide will walk you through the steps to install AliasVault on your own server using the AliasVault installer script: `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
 
 {: .important-title }
diff --git a/docs/installation/installer/troubleshooting.md b/docs/installation/installer/troubleshooting.md
index 80ed7383f..d7cb33eab 100644
--- a/docs/installation/installer/troubleshooting.md
+++ b/docs/installation/installer/troubleshooting.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Troubleshooting
-parent: Installer Script (multi-container)
+parent: Install Script
 nav_order: 5
 ---
 
diff --git a/docs/installation/installer/update/index.md b/docs/installation/installer/update/index.md
index 87ed6ee45..7734b8f56 100644
--- a/docs/installation/installer/update/index.md
+++ b/docs/installation/installer/update/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Update
-parent: Installer Script (multi-container)
+parent: Install Script
 nav_order: 3
 ---
 
diff --git a/docs/installation/installer/update/v0.22.0.md b/docs/installation/installer/update/v0.22.0.md
index 5b2118e00..1794103f2 100644
--- a/docs/installation/installer/update/v0.22.0.md
+++ b/docs/installation/installer/update/v0.22.0.md
@@ -2,7 +2,7 @@
 layout: default
 title: Update to v0.22.0
 parent: Update
-grand_parent: Installer Script (multi-container)
+grand_parent: Install Script
 nav_order: 1
 ---
 
diff --git a/docs/installation/manual/advanced/database.md b/docs/installation/manual/advanced/database.md
index 0ad71df8b..a0463244e 100644
--- a/docs/installation/manual/advanced/database.md
+++ b/docs/installation/manual/advanced/database.md
@@ -2,7 +2,7 @@
 layout: default
 title: Database Operations
 parent: Advanced
-grand_parent: Manual Setup (single container)
+grand_parent: Manual Setup
 nav_order: 4
 ---
 
diff --git a/docs/installation/manual/advanced/index.md b/docs/installation/manual/advanced/index.md
index 053f671a5..7b9ef70b5 100644
--- a/docs/installation/manual/advanced/index.md
+++ b/docs/installation/manual/advanced/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Advanced
-parent: Manual Setup (single container)
+parent: Manual Setup
 nav_order: 2
 ---
 
diff --git a/docs/installation/manual/advanced/lifecycle.md b/docs/installation/manual/advanced/lifecycle.md
index 41851e6aa..2d37721a7 100644
--- a/docs/installation/manual/advanced/lifecycle.md
+++ b/docs/installation/manual/advanced/lifecycle.md
@@ -2,7 +2,7 @@
 layout: default
 title: Stop/start
 parent: Advanced
-grand_parent: Manual Setup (single container)
+grand_parent: Manual Setup
 nav_order: 2
 ---
 
diff --git a/docs/installation/manual/advanced/uninstall.md b/docs/installation/manual/advanced/uninstall.md
index c01d69578..9c97a2773 100644
--- a/docs/installation/manual/advanced/uninstall.md
+++ b/docs/installation/manual/advanced/uninstall.md
@@ -2,7 +2,7 @@
 layout: default
 title: Uninstall
 parent: Advanced
-grand_parent: Manual Setup (single container)
+grand_parent: Manual Setup
 nav_order: 4
 ---
 
diff --git a/docs/installation/manual/index.md b/docs/installation/manual/index.md
index ce8f8e8d1..52313f391 100644
--- a/docs/installation/manual/index.md
+++ b/docs/installation/manual/index.md
@@ -1,6 +1,6 @@
 ---
 layout: default
-title: Manual Setup (single container)
+title: Manual Setup
 parent: Self-host Install
 nav_order: 2
 ---
diff --git a/docs/installation/manual/troubleshooting.md b/docs/installation/manual/troubleshooting.md
index d94d90914..5467c4ab8 100644
--- a/docs/installation/manual/troubleshooting.md
+++ b/docs/installation/manual/troubleshooting.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Troubleshooting
-parent: Manual Setup (single container)
+parent: Manual Setup
 nav_order: 3
 ---
 
diff --git a/docs/installation/manual/update/index.md b/docs/installation/manual/update/index.md
index 4e459b7a4..2e73cc581 100644
--- a/docs/installation/manual/update/index.md
+++ b/docs/installation/manual/update/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Update
-parent: Manual Setup (single container)
+parent: Manual Setup
 nav_order: 1
 ---
 

From fd485b979c8473d6349f4cb3d6016f1e0bd1c8f4 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 15:58:52 +0200
Subject: [PATCH 16/33] Add 301 redirects to jekyll docs (#1181)

---
 docs/_config.yml                                       |  1 +
 .../{manual => docker-compose}/advanced/database.md    |  2 +-
 .../{manual => docker-compose}/advanced/index.md       |  2 +-
 .../{manual => docker-compose}/advanced/lifecycle.md   |  2 +-
 .../{manual => docker-compose}/advanced/uninstall.md   |  2 +-
 docs/installation/{manual => docker-compose}/index.md  |  8 ++++++--
 .../{manual => docker-compose}/troubleshooting.md      |  2 +-
 .../{manual => docker-compose}/update/index.md         |  2 +-
 docs/installation/index.md                             |  6 +++---
 .../advanced/build-from-source.md                      |  0
 .../{installer => script}/advanced/database.md         |  0
 .../{installer => script}/advanced/index.md            |  0
 .../{installer => script}/advanced/lifecycle.md        |  0
 .../{installer => script}/advanced/uninstall.md        |  0
 docs/installation/{installer => script}/index-bak.md   |  0
 docs/installation/{installer => script}/index.md       | 10 +++++-----
 .../{installer => script}/troubleshooting.md           |  3 +++
 .../installation/{installer => script}/update/index.md |  3 +++
 .../{installer => script}/update/v0.22.0.md            |  3 +++
 19 files changed, 30 insertions(+), 16 deletions(-)
 rename docs/installation/{manual => docker-compose}/advanced/database.md (97%)
 rename docs/installation/{manual => docker-compose}/advanced/index.md (91%)
 rename docs/installation/{manual => docker-compose}/advanced/lifecycle.md (94%)
 rename docs/installation/{manual => docker-compose}/advanced/uninstall.md (95%)
 rename docs/installation/{manual => docker-compose}/index.md (96%)
 rename docs/installation/{manual => docker-compose}/troubleshooting.md (98%)
 rename docs/installation/{manual => docker-compose}/update/index.md (98%)
 rename docs/installation/{installer => script}/advanced/build-from-source.md (100%)
 rename docs/installation/{installer => script}/advanced/database.md (100%)
 rename docs/installation/{installer => script}/advanced/index.md (100%)
 rename docs/installation/{installer => script}/advanced/lifecycle.md (100%)
 rename docs/installation/{installer => script}/advanced/uninstall.md (100%)
 rename docs/installation/{installer => script}/index-bak.md (100%)
 rename docs/installation/{installer => script}/index.md (96%)
 rename docs/installation/{installer => script}/troubleshooting.md (97%)
 rename docs/installation/{installer => script}/update/index.md (96%)
 rename docs/installation/{installer => script}/update/v0.22.0.md (97%)

diff --git a/docs/_config.yml b/docs/_config.yml
index 19d161758..2dd898807 100644
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -53,3 +53,4 @@ defaults:
 url: "https://docs.aliasvault.net"
 plugins:
   - jekyll-sitemap
+  - jekyll-redirect-from
diff --git a/docs/installation/manual/advanced/database.md b/docs/installation/docker-compose/advanced/database.md
similarity index 97%
rename from docs/installation/manual/advanced/database.md
rename to docs/installation/docker-compose/advanced/database.md
index a0463244e..e0047b0b4 100644
--- a/docs/installation/manual/advanced/database.md
+++ b/docs/installation/docker-compose/advanced/database.md
@@ -2,7 +2,7 @@
 layout: default
 title: Database Operations
 parent: Advanced
-grand_parent: Manual Setup
+grand_parent: Docker Compose
 nav_order: 4
 ---
 
diff --git a/docs/installation/manual/advanced/index.md b/docs/installation/docker-compose/advanced/index.md
similarity index 91%
rename from docs/installation/manual/advanced/index.md
rename to docs/installation/docker-compose/advanced/index.md
index 7b9ef70b5..ed60a1a69 100644
--- a/docs/installation/manual/advanced/index.md
+++ b/docs/installation/docker-compose/advanced/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Advanced
-parent: Manual Setup
+parent: Docker Compose
 nav_order: 2
 ---
 
diff --git a/docs/installation/manual/advanced/lifecycle.md b/docs/installation/docker-compose/advanced/lifecycle.md
similarity index 94%
rename from docs/installation/manual/advanced/lifecycle.md
rename to docs/installation/docker-compose/advanced/lifecycle.md
index 2d37721a7..6d2c9f414 100644
--- a/docs/installation/manual/advanced/lifecycle.md
+++ b/docs/installation/docker-compose/advanced/lifecycle.md
@@ -2,7 +2,7 @@
 layout: default
 title: Stop/start
 parent: Advanced
-grand_parent: Manual Setup
+grand_parent: Docker Compose
 nav_order: 2
 ---
 
diff --git a/docs/installation/manual/advanced/uninstall.md b/docs/installation/docker-compose/advanced/uninstall.md
similarity index 95%
rename from docs/installation/manual/advanced/uninstall.md
rename to docs/installation/docker-compose/advanced/uninstall.md
index 9c97a2773..f78244209 100644
--- a/docs/installation/manual/advanced/uninstall.md
+++ b/docs/installation/docker-compose/advanced/uninstall.md
@@ -2,7 +2,7 @@
 layout: default
 title: Uninstall
 parent: Advanced
-grand_parent: Manual Setup
+grand_parent: Docker Compose
 nav_order: 4
 ---
 
diff --git a/docs/installation/manual/index.md b/docs/installation/docker-compose/index.md
similarity index 96%
rename from docs/installation/manual/index.md
rename to docs/installation/docker-compose/index.md
index 52313f391..82905b87a 100644
--- a/docs/installation/manual/index.md
+++ b/docs/installation/docker-compose/index.md
@@ -1,11 +1,14 @@
 ---
 layout: default
-title: Manual Setup
+title: Docker Compose
 parent: Self-host Install
+redirect_from:
+  - /installation/advanced/manual-setup
+  - /installation/advanced/manual-setup.html
 nav_order: 2
 ---
 
-# Self-host using manual setup (single container)
+# Self-host using Docker Compose (single container)
 The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses `s6-overlay` to combine all AliasVault's services into one image for convenience. The only downside compared to the `install.sh` installer is that this version does NOT come with SSL/TLS support, so you'll have to make the container available through your own SSL/TLS proxy.
 
 {: .important-title }
@@ -45,6 +48,7 @@ services:
     environment:
       PUBLIC_REGISTRATION_ENABLED: "true"
       IP_LOGGING_ENABLED: "true"
+      FORCE_HTTPS_REDIRECT: "false"
       SUPPORT_EMAIL: ""
       PRIVATE_EMAIL_DOMAINS: ""
 ```
diff --git a/docs/installation/manual/troubleshooting.md b/docs/installation/docker-compose/troubleshooting.md
similarity index 98%
rename from docs/installation/manual/troubleshooting.md
rename to docs/installation/docker-compose/troubleshooting.md
index 5467c4ab8..2fed466a8 100644
--- a/docs/installation/manual/troubleshooting.md
+++ b/docs/installation/docker-compose/troubleshooting.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Troubleshooting
-parent: Manual Setup
+parent: Docker Compose
 nav_order: 3
 ---
 
diff --git a/docs/installation/manual/update/index.md b/docs/installation/docker-compose/update/index.md
similarity index 98%
rename from docs/installation/manual/update/index.md
rename to docs/installation/docker-compose/update/index.md
index 2e73cc581..0b96a1e83 100644
--- a/docs/installation/manual/update/index.md
+++ b/docs/installation/docker-compose/update/index.md
@@ -1,7 +1,7 @@
 ---
 layout: default
 title: Update
-parent: Manual Setup
+parent: Docker Compose
 nav_order: 1
 ---
 
diff --git a/docs/installation/index.md b/docs/installation/index.md
index c99294c81..694b4fc2e 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -6,9 +6,9 @@ nav_order: 2
 
 # Self-host Install
 
-AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself. For ease of use, we recommend using the Installer Script (Option 1).
+AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself.
 
-|                          | **Option 1: Install Script (multi-container)** | **Option 2: Manual Setup (single container)** |
+|                          | **Option 1: Install Script (multi-container)** | **Option 2: Docker Compose (single container)** |
 |--------------------------|---------------------------------------------------|-----------------------------------------------|
 | **Best for**             | ☁️ VPS/VM/Proxmox, cloud hosts, DigitalOcean, AWS/Azure | 🏠 NAS/Synology/Unraid, Raspberry Pi, home servers |
 | **Internet accessible**  | Direct internet access with ports 80/443         | Behind existing infrastructure                |
@@ -20,7 +20,7 @@ AliasVault can be self-hosted on your own servers using two different installati
 | **Setup style**          | Managed, opinionated, production-ready defaults  | Fits into existing homelab/stack tools (Portainer compatible) |
 | **Build from source**    | Optional (supported)                             | Pre-built container only                      |
 | **Choose if…**           | You want auto SSL and a managed stack            | You already have TLS and prefer manual control |
-|                          | [**Self-host via Installer Script →**](./installer){: .btn .btn-primary } | [**Self-host via Manual Setup →**](./manual){: .btn .btn-primary } |
+|                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } (Recommended) | [**Self-host via Manual Setup →**](./manual){: .btn .btn-primary } |
 
 
 ---
diff --git a/docs/installation/installer/advanced/build-from-source.md b/docs/installation/script/advanced/build-from-source.md
similarity index 100%
rename from docs/installation/installer/advanced/build-from-source.md
rename to docs/installation/script/advanced/build-from-source.md
diff --git a/docs/installation/installer/advanced/database.md b/docs/installation/script/advanced/database.md
similarity index 100%
rename from docs/installation/installer/advanced/database.md
rename to docs/installation/script/advanced/database.md
diff --git a/docs/installation/installer/advanced/index.md b/docs/installation/script/advanced/index.md
similarity index 100%
rename from docs/installation/installer/advanced/index.md
rename to docs/installation/script/advanced/index.md
diff --git a/docs/installation/installer/advanced/lifecycle.md b/docs/installation/script/advanced/lifecycle.md
similarity index 100%
rename from docs/installation/installer/advanced/lifecycle.md
rename to docs/installation/script/advanced/lifecycle.md
diff --git a/docs/installation/installer/advanced/uninstall.md b/docs/installation/script/advanced/uninstall.md
similarity index 100%
rename from docs/installation/installer/advanced/uninstall.md
rename to docs/installation/script/advanced/uninstall.md
diff --git a/docs/installation/installer/index-bak.md b/docs/installation/script/index-bak.md
similarity index 100%
rename from docs/installation/installer/index-bak.md
rename to docs/installation/script/index-bak.md
diff --git a/docs/installation/installer/index.md b/docs/installation/script/index.md
similarity index 96%
rename from docs/installation/installer/index.md
rename to docs/installation/script/index.md
index c64cfbc3f..daf6a6389 100644
--- a/docs/installation/installer/index.md
+++ b/docs/installation/script/index.md
@@ -2,11 +2,14 @@
 layout: default
 title: Install Script
 parent: Self-host Install
+redirect_from:
+  - /installation/install
+  - /installation/install.html
 nav_order: 1
 ---
 
-# Self-host using install script (multi-container)
-The following guide will walk you through the steps to install AliasVault on your own server using the AliasVault installer script: `install.sh`. Minimum experience with Docker and Linux is required. Estimated time: 5-15 minutes.
+# Self-host using Install Script (multi-container)
+The following guide will walk you through the steps to install AliasVault on your own server using the AliasVault installer script: `install.sh`. This script will pull pre-built Docker Images and do all the configuration for you while using `docker compose` in the background.
 
 {: .important-title }
 > Requirements:
@@ -19,9 +22,6 @@ The following guide will walk you through the steps to install AliasVault on you
 ---
 
 ## 1. Basic Installation
-To get AliasVault up and running quickly, run the install script to pull pre-built Docker images. The install script will also configure the .env file and start the AliasVault containers.
-
-### Installation steps
 1. Download the install script to a directory of your choice. All AliasVault files and directories will be created in this directory.
 ```bash
 # Download the install script
diff --git a/docs/installation/installer/troubleshooting.md b/docs/installation/script/troubleshooting.md
similarity index 97%
rename from docs/installation/installer/troubleshooting.md
rename to docs/installation/script/troubleshooting.md
index d7cb33eab..b022b2d95 100644
--- a/docs/installation/installer/troubleshooting.md
+++ b/docs/installation/script/troubleshooting.md
@@ -2,6 +2,9 @@
 layout: default
 title: Troubleshooting
 parent: Install Script
+redirect_from:
+  - /installation/troubleshooting
+  - /installation/troubleshooting.html
 nav_order: 5
 ---
 
diff --git a/docs/installation/installer/update/index.md b/docs/installation/script/update/index.md
similarity index 96%
rename from docs/installation/installer/update/index.md
rename to docs/installation/script/update/index.md
index 7734b8f56..fa5adbca9 100644
--- a/docs/installation/installer/update/index.md
+++ b/docs/installation/script/update/index.md
@@ -2,6 +2,9 @@
 layout: default
 title: Update
 parent: Install Script
+redirect_from:
+  - /installation/update
+  - /installation/update.html
 nav_order: 3
 ---
 
diff --git a/docs/installation/installer/update/v0.22.0.md b/docs/installation/script/update/v0.22.0.md
similarity index 97%
rename from docs/installation/installer/update/v0.22.0.md
rename to docs/installation/script/update/v0.22.0.md
index 1794103f2..fe12b5cb3 100644
--- a/docs/installation/installer/update/v0.22.0.md
+++ b/docs/installation/script/update/v0.22.0.md
@@ -3,6 +3,9 @@ layout: default
 title: Update to v0.22.0
 parent: Update
 grand_parent: Install Script
+redirect_from:
+  - /installation/update/v0.22.0
+  - /installation/update/v0.22.0.html
 nav_order: 1
 ---
 

From fd9e62591e13ee93b33cf70a5e5df3b5098cf6cf Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 15:59:21 +0200
Subject: [PATCH 17/33] Add optional http to https redirect env setting (#1181)

---
 dockerfiles/all-in-one/Dockerfile             |   4 +-
 dockerfiles/all-in-one/config/nginx-443.conf  | 126 ++++++++++++++++++
 .../config/{nginx.conf => nginx-80-443.conf}  |   3 +-
 dockerfiles/all-in-one/s6-scripts/nginx/run   |  10 ++
 dockerfiles/docker-compose.all-in-one.yml     |   1 +
 5 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 dockerfiles/all-in-one/config/nginx-443.conf
 rename dockerfiles/all-in-one/config/{nginx.conf => nginx-80-443.conf} (98%)

diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index d106f611d..4df3c4be5 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -134,7 +134,8 @@ COPY --from=dotnet-builder /app /app
 # Copy configuration files and scripts directly to their destinations
 COPY dockerfiles/all-in-one/reset-admin-password.sh /usr/local/bin/reset-admin-password.sh
 COPY apps/server/AliasVault.Client/nginx.conf /app/client/nginx.conf
-COPY dockerfiles/all-in-one/config/nginx.conf /etc/nginx/nginx.conf
+COPY dockerfiles/all-in-one/config/nginx-80-443.conf /etc/nginx/nginx-80-443.conf
+COPY dockerfiles/all-in-one/config/nginx-443.conf /etc/nginx/nginx-443.conf
 COPY apps/server/status.html /usr/share/nginx/html/status.html
 COPY dockerfiles/all-in-one/s6-scripts /etc/s6-overlay/s6-rc.d/
 
@@ -159,6 +160,7 @@ ENV ALIASVAULT_VERBOSITY=0 \
     POSTGRES_PORT=5432 \
     POSTGRES_USER=aliasvault \
     POSTGRES_DATABASE=aliasvault \
+    FORCE_HTTPS_REDIRECT=false \
     S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
     S6_VERBOSITY=0
 
diff --git a/dockerfiles/all-in-one/config/nginx-443.conf b/dockerfiles/all-in-one/config/nginx-443.conf
new file mode 100644
index 000000000..3a6da293d
--- /dev/null
+++ b/dockerfiles/all-in-one/config/nginx-443.conf
@@ -0,0 +1,126 @@
+# Nginx configuration for AliasVault all-in-one container with forced HTTP to HTTPS redirect
+# and uses a self-signed cert.
+events {
+    worker_connections 1024;
+}
+
+http {
+    client_max_body_size 25M;
+
+    upstream client {
+        server localhost:3000 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream api {
+        server localhost:3001 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream admin {
+        server localhost:3002 max_fails=1 fail_timeout=5s;
+    }
+
+    # Preserve any existing X-Forwarded-* headers, this is relevant if AliasVault
+    # is running behind another reverse proxy.
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Enable gzip compression, which reduces the amount of data that needs to be transferred
+    # to speed up WASM load times.
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    # HTTP server - redirects all traffic to HTTPS
+    server {
+        listen 80;
+        server_name _;
+
+        # Redirect all HTTP traffic to HTTPS
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS server
+    server {
+        listen 443 ssl;
+        server_name _;
+
+        # Include the appropriate SSL certificate configuration generated
+        # by the entrypoint script.
+        include /etc/nginx/ssl.conf;
+
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
+        # Root for static files
+        root /usr/share/nginx/html;
+
+        # Error page handler location (internal use only)
+        location = /status.html {
+            internal;
+            try_files /status.html =404;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+            add_header Pragma "no-cache";
+            add_header Expires "0";
+        }
+
+        # Admin interface
+        location /admin {
+            proxy_pass http://admin;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Prefix /admin/;
+
+            # Add WebSocket support for Blazor server
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 86400;
+
+            # Show status page if admin is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # API endpoints
+        location /api {
+            proxy_pass http://api;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if api is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # Client app (root path)
+        location / {
+            proxy_pass http://client;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if client is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+    }
+}
\ No newline at end of file
diff --git a/dockerfiles/all-in-one/config/nginx.conf b/dockerfiles/all-in-one/config/nginx-80-443.conf
similarity index 98%
rename from dockerfiles/all-in-one/config/nginx.conf
rename to dockerfiles/all-in-one/config/nginx-80-443.conf
index bd7e5f719..8e287a18c 100644
--- a/dockerfiles/all-in-one/config/nginx.conf
+++ b/dockerfiles/all-in-one/config/nginx-80-443.conf
@@ -1,5 +1,6 @@
 # This is the main Nginx configuration file for the AliasVault all-in-one container.
-# which exposes all AliasVault services via a single port 80.
+# which exposes all AliasVault services via both 80 (HTTP)
+# and optionally 443 (HTTPS) with self-signed cert.
 events {
     worker_connections 1024;
 }
diff --git a/dockerfiles/all-in-one/s6-scripts/nginx/run b/dockerfiles/all-in-one/s6-scripts/nginx/run
index 761d645d2..2f06ccd78 100644
--- a/dockerfiles/all-in-one/s6-scripts/nginx/run
+++ b/dockerfiles/all-in-one/s6-scripts/nginx/run
@@ -19,6 +19,16 @@ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
 ssl_prefer_server_ciphers off;
 SSLEOF
 
+# Configure nginx based on FORCE_HTTPS_REDIRECT environment variable
+FORCE_HTTPS_REDIRECT=${FORCE_HTTPS_REDIRECT:-false}
+if [[ "${FORCE_HTTPS_REDIRECT}" == "true" ]]; then
+    echo "Configuring nginx with HTTPS-only (443) - redirects HTTP to HTTPS"
+    cp /etc/nginx/nginx-443.conf /etc/nginx/nginx.conf
+else
+    echo "Configuring nginx with HTTP and HTTPS support (80+443)"
+    cp /etc/nginx/nginx-80-443.conf /etc/nginx/nginx.conf
+fi
+
 echo "Starting Nginx reverse proxy..."
 
 # Set nginx error log level based on verbosity
diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index dacda95c9..10747ba58 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -17,5 +17,6 @@ services:
     environment:
       PUBLIC_REGISTRATION_ENABLED: "true"
       IP_LOGGING_ENABLED: "true"
+      FORCE_HTTPS_REDIRECT: "false"
       SUPPORT_EMAIL: ""
       PRIVATE_EMAIL_DOMAINS: ""

From b6e7a2e77a3dd206e8ad620edbd9143c623d902d Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 17:40:47 +0200
Subject: [PATCH 18/33] Update admin first login message (#1181)

---
 .../AliasVault.Admin/Auth/Pages/Login.razor   | 32 +++-----
 apps/server/AliasVault.Admin/StartupTasks.cs  |  2 +-
 .../AliasVault.Admin/wwwroot/css/tailwind.css | 77 +++++++++++--------
 .../AliasVault.Client/Auth/Pages/Start.razor  | 16 +---
 .../Alerts/MessageInfo.razor                  | 35 +++++++++
 5 files changed, 92 insertions(+), 70 deletions(-)
 create mode 100644 apps/server/Shared/AliasVault.RazorComponents/Alerts/MessageInfo.razor

diff --git a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
index 7f3754cf8..3853a9afc 100644
--- a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
+++ b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
@@ -1,4 +1,5 @@
 @page "/user/login"
+@using AliasVault.RazorComponents.Alerts
 @using AliasVault.Shared.Models.Enums
 
 <LayoutPageTitle>Log in</LayoutPageTitle>
@@ -11,29 +12,14 @@
 
 @if (!IsAdminConfigured)
 {
-    <div class="mt-8 p-6 bg-yellow-50 dark:bg-yellow-900/20 border border-yellow-200 dark:border-yellow-800 rounded-lg">
-        <div class="flex items-start">
-            <div class="flex-shrink-0">
-                <svg class="w-5 h-5 text-yellow-600 dark:text-yellow-400" fill="currentColor" viewBox="0 0 20 20">
-                    <path fill-rule="evenodd" d="M8.257 3.099c.765-1.36 2.722-1.36 3.486 0l5.58 9.92c.75 1.334-.213 2.98-1.742 2.98H4.42c-1.53 0-2.493-1.646-1.743-2.98l5.58-9.92zM11 13a1 1 0 11-2 0 1 1 0 012 0zm-1-8a1 1 0 00-1 1v3a1 1 0 002 0V6a1 1 0 00-1-1z" clip-rule="evenodd" />
-                </svg>
-            </div>
-            <div class="ml-3">
-                <h3 class="text-sm font-medium text-yellow-800 dark:text-yellow-200">
-                    Admin User Not Configured
-                </h3>
-                <div class="mt-2 text-sm text-yellow-700 dark:text-yellow-300">
-                    <p class="mb-3">The admin user has not been configured yet. To set up admin access:</p>
-                    <ol class="list-decimal list-inside space-y-1 mb-3">
-                        <li>Connect to your Docker container: <code class="bg-yellow-100 dark:bg-yellow-800 px-1 py-0.5 rounded text-xs">docker exec -it [container-name] /bin/bash</code></li>
-                        <li>Run the password reset script: <code class="bg-yellow-100 dark:bg-yellow-800 px-1 py-0.5 rounded text-xs">reset-admin-password.sh</code></li>
-                        <li>Restart the container to apply changes: <code class="bg-yellow-100 dark:bg-yellow-800 px-1 py-0.5 rounded text-xs">docker restart [container-name]</code></li>
-                    </ol>
-                    <p class="text-xs">Replace <code class="bg-yellow-100 dark:bg-yellow-800 px-1 py-0.5 rounded">[container-name]</code> with your actual container name, e.g. "aliasvault".</p>
-                </div>
-            </div>
-        </div>
-    </div>
+    <MessageInfo Title="Admin User Not Configured">
+        The admin user has not been configured yet. To set up admin access:
+        <ol class="list-decimal list-inside space-y-1 mb-3">
+            <li>Connect to your Docker container: <code class="bg-orange-300 px-1 py-0.5 rounded text-xs">$ docker compose exec -it aliasvault /bin/bash</code></li>
+            <li>Run the password reset script: <code class="bg-orange-300  px-1 py-0.5 rounded text-xs">$ aliasvault reset-admin-password</code></li>
+            <li>Restart the container to apply changes: <code class="bg-orange-300  px-1 py-0.5 rounded text-xs">$ docker compose restart</code></li>
+        </ol>
+    </MessageInfo>
 }
 else
 {
diff --git a/apps/server/AliasVault.Admin/StartupTasks.cs b/apps/server/AliasVault.Admin/StartupTasks.cs
index ec77361d0..af727672d 100644
--- a/apps/server/AliasVault.Admin/StartupTasks.cs
+++ b/apps/server/AliasVault.Admin/StartupTasks.cs
@@ -48,7 +48,7 @@ public static class StartupTasks
         if (string.IsNullOrEmpty(config.AdminPasswordHash))
         {
             Console.WriteLine("Admin password hash not configured - skipping admin user creation.");
-            Console.WriteLine("Run 'reset-admin-password.sh' to configure the admin password.");
+            Console.WriteLine("Run '$ aliasvault reset-admin-password' to configure the admin password.");
             return;
         }
 
diff --git a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
index 4ecd3328d..932c15ea6 100644
--- a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
+++ b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
@@ -665,10 +665,6 @@ video {
   z-index: 1000;
 }
 
-.col-span-2 {
-  grid-column: span 2 / span 2;
-}
-
 .col-span-full {
   grid-column: 1 / -1;
 }
@@ -1080,10 +1076,6 @@ video {
   gap: 1.5rem;
 }
 
-.gap-8 {
-  gap: 2rem;
-}
-
 .space-x-1 > :not([hidden]) ~ :not([hidden]) {
   --tw-space-x-reverse: 0;
   margin-right: calc(0.25rem * var(--tw-space-x-reverse));
@@ -1370,6 +1362,11 @@ video {
   background-color: rgb(21 128 61 / var(--tw-bg-opacity));
 }
 
+.bg-orange-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 237 213 / var(--tw-bg-opacity));
+}
+
 .bg-orange-400 {
   --tw-bg-opacity: 1;
   background-color: rgb(251 146 60 / var(--tw-bg-opacity));
@@ -1450,10 +1447,29 @@ video {
   background-color: rgb(234 179 8 / var(--tw-bg-opacity));
 }
 
+.bg-yellow-400 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(250 204 21 / var(--tw-bg-opacity));
+}
+
+.bg-orange-200 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(254 215 170 / var(--tw-bg-opacity));
+}
+
+.bg-orange-300 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(253 186 116 / var(--tw-bg-opacity));
+}
+
 .bg-opacity-50 {
   --tw-bg-opacity: 0.5;
 }
 
+.fill-current {
+  fill: currentColor;
+}
+
 .fill-primary-600 {
   fill: #d68338;
 }
@@ -1774,11 +1790,21 @@ video {
   color: rgb(22 101 52 / var(--tw-text-opacity));
 }
 
+.text-orange-500 {
+  --tw-text-opacity: 1;
+  color: rgb(249 115 22 / var(--tw-text-opacity));
+}
+
 .text-orange-600 {
   --tw-text-opacity: 1;
   color: rgb(234 88 12 / var(--tw-text-opacity));
 }
 
+.text-orange-700 {
+  --tw-text-opacity: 1;
+  color: rgb(194 65 12 / var(--tw-text-opacity));
+}
+
 .text-primary-600 {
   --tw-text-opacity: 1;
   color: rgb(214 131 56 / var(--tw-text-opacity));
@@ -2255,6 +2281,16 @@ video {
   background-color: rgb(113 63 18 / 0.2);
 }
 
+.dark\:bg-yellow-400:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(250 204 21 / var(--tw-bg-opacity));
+}
+
+.dark\:bg-orange-300:is(.dark *) {
+  --tw-bg-opacity: 1;
+  background-color: rgb(253 186 116 / var(--tw-bg-opacity));
+}
+
 .dark\:bg-opacity-80:is(.dark *) {
   --tw-bg-opacity: 0.8;
 }
@@ -2359,11 +2395,6 @@ video {
   color: rgb(254 240 138 / var(--tw-text-opacity));
 }
 
-.dark\:text-yellow-300:is(.dark *) {
-  --tw-text-opacity: 1;
-  color: rgb(253 224 71 / var(--tw-text-opacity));
-}
-
 .dark\:text-yellow-400:is(.dark *) {
   --tw-text-opacity: 1;
   color: rgb(250 204 21 / var(--tw-text-opacity));
@@ -2519,18 +2550,10 @@ video {
     margin-right: 0.5rem;
   }
 
-  .sm\:inline {
-    display: inline;
-  }
-
   .sm\:flex {
     display: flex;
   }
 
-  .sm\:hidden {
-    display: none;
-  }
-
   .sm\:w-auto {
     width: auto;
   }
@@ -2609,18 +2632,10 @@ video {
     margin-right: 1.5rem;
   }
 
-  .md\:ml-2 {
-    margin-left: 0.5rem;
-  }
-
   .md\:block {
     display: block;
   }
 
-  .md\:inline-block {
-    display: inline-block;
-  }
-
   .md\:inline {
     display: inline;
   }
@@ -2653,10 +2668,6 @@ video {
     grid-template-columns: repeat(3, minmax(0, 1fr));
   }
 
-  .md\:grid-cols-4 {
-    grid-template-columns: repeat(4, minmax(0, 1fr));
-  }
-
   .md\:flex-row {
     flex-direction: row;
   }
diff --git a/apps/server/AliasVault.Client/Auth/Pages/Start.razor b/apps/server/AliasVault.Client/Auth/Pages/Start.razor
index 75b220d3b..4ebccb32f 100644
--- a/apps/server/AliasVault.Client/Auth/Pages/Start.razor
+++ b/apps/server/AliasVault.Client/Auth/Pages/Start.razor
@@ -32,19 +32,9 @@
                 </p>
                 @if (_isHttpWarning)
                 {
-                    <div class="bg-orange-100 border-l-4 border-orange-500 text-orange-700 p-4 mb-6" role="alert">
-                        <div class="flex">
-                            <div class="py-1">
-                                <svg class="fill-current h-6 w-6 text-orange-500 mr-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
-                                    <path d="M2.93 17.07A10 10 0 1 1 17.07 2.93 10 10 0 0 1 2.93 17.07zm12.73-1.41A8 8 0 1 0 4.34 4.34a8 8 0 0 0 11.32 11.32zM9 11V9h2v6H9v-4zm0-6h2v2H9V5z"/>
-                                </svg>
-                            </div>
-                            <div>
-                                <p class="font-bold">@Localizer["HttpsWarningTitle"]</p>
-                                <p class="text-sm">@Localizer["HttpsWarningMessage"]</p>
-                            </div>
-                        </div>
-                    </div>
+                    <MessageInfo Title="@Localizer["HttpsWarningTitle"]">
+                        @Localizer["HttpsWarningMessage"]
+                    </MessageInfo>
                 }
                 <div class="space-y-4">
                     @if (Config.PublicRegistrationEnabled)
diff --git a/apps/server/Shared/AliasVault.RazorComponents/Alerts/MessageInfo.razor b/apps/server/Shared/AliasVault.RazorComponents/Alerts/MessageInfo.razor
new file mode 100644
index 000000000..e1d1c1a11
--- /dev/null
+++ b/apps/server/Shared/AliasVault.RazorComponents/Alerts/MessageInfo.razor
@@ -0,0 +1,35 @@
+@inherits ComponentBase
+
+@if (ChildContent != null)
+{
+        <div class="bg-orange-100 border-l-4 border-orange-500 text-orange-700 p-4 mb-6" role="alert">
+        <div class="flex">
+            <div class="py-1">
+                <svg class="fill-current h-6 w-6 text-orange-500 mr-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
+                    <path d="M2.93 17.07A10 10 0 1 1 17.07 2.93 10 10 0 0 1 2.93 17.07zm12.73-1.41A8 8 0 1 0 4.34 4.34a8 8 0 0 0 11.32 11.32zM9 11V9h2v6H9v-4zm0-6h2v2H9V5z"/>
+                </svg>
+            </div>
+            <div>
+                @if (!string.IsNullOrEmpty(Title))
+                {
+                    <p class="font-bold">@Title</p>
+                }
+                <div class="text-sm">@ChildContent</div>
+            </div>
+        </div>
+    </div>
+}
+
+@code {
+    /// <summary>
+    /// Gets or sets the title to display.
+    /// </summary>
+    [Parameter]
+    public string? Title { get; set; }
+
+    /// <summary>
+    /// Gets or sets the child content to display.
+    /// </summary>
+    [Parameter]
+    public RenderFragment? ChildContent { get; set; }
+}

From 016a7e75599649fd0ef6c80a99f4f30e8171c872 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 17:41:11 +0200
Subject: [PATCH 19/33] Add aliasvault wrapper script to all-in-one Docker
 image (#1181)

---
 .github/workflows/docker-build.yml            |  4 +--
 dockerfiles/all-in-one/Dockerfile             | 15 +++++---
 .../all-in-one/s6-scripts/notification/run    |  2 +-
 dockerfiles/all-in-one/scripts/aliasvault.sh  | 35 +++++++++++++++++++
 .../{ => scripts}/reset-admin-password.sh     |  0
 .../docker-compose/troubleshooting.md         | 18 +++++-----
 docs/installation/index.md                    |  2 +-
 7 files changed, 59 insertions(+), 17 deletions(-)
 create mode 100644 dockerfiles/all-in-one/scripts/aliasvault.sh
 rename dockerfiles/all-in-one/{ => scripts}/reset-admin-password.sh (100%)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 29b53306d..36139c137 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -109,8 +109,8 @@ jobs:
           echo "🔧 Testing admin password reset flow..."
 
           # Run the reset password script with auto-confirm
-          echo "Running reset-admin-password.sh script..."
-          password_output=$(docker exec aliasvault-test reset-admin-password.sh -y 2>&1)
+          echo "Running reset-admin-password command..."
+          password_output=$(docker exec aliasvault-test "aliasvault reset-admin-password -y" 2>&1)
           echo "Script output:"
           echo "$password_output"
 
diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index 4df3c4be5..c756aade9 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -131,8 +131,8 @@ RUN apt-get update && \
 # Copy built applications and all configuration files from builder stage
 COPY --from=dotnet-builder /app /app
 
-# Copy configuration files and scripts directly to their destinations
-COPY dockerfiles/all-in-one/reset-admin-password.sh /usr/local/bin/reset-admin-password.sh
+# Copy all scripts from scripts directory to /usr/local/bin
+COPY dockerfiles/all-in-one/scripts/ /usr/local/bin/
 COPY apps/server/AliasVault.Client/nginx.conf /app/client/nginx.conf
 COPY dockerfiles/all-in-one/config/nginx-80-443.conf /etc/nginx/nginx-80-443.conf
 COPY dockerfiles/all-in-one/config/nginx-443.conf /etc/nginx/nginx-443.conf
@@ -141,9 +141,16 @@ COPY dockerfiles/all-in-one/s6-scripts /etc/s6-overlay/s6-rc.d/
 
 # Copy InstallCLI to /usr/local/bin and configure everything
 RUN cp -r /app/installcli /usr/local/bin/aliasvault-cli && \
-    chmod +x /usr/local/bin/aliasvault-cli/AliasVault.InstallCli \
-             /usr/local/bin/reset-admin-password.sh && \
+    chmod +x /usr/local/bin/aliasvault-cli/AliasVault.InstallCli && \
     ln -s /usr/local/bin/aliasvault-cli/AliasVault.InstallCli /usr/local/bin/aliasvault-cli.sh && \
+    # Make all scripts executable and create symlinks without .sh extension
+    for script in /usr/local/bin/*.sh; do \
+        if [ -f "$script" ]; then \
+            chmod +x "$script" && \
+            basename="$(basename "$script" .sh)" && \
+            ln -sf "$script" "/usr/local/bin/$basename"; \
+        fi; \
+    done && \
     find /etc/s6-overlay/s6-rc.d -type f \( -name "run" -o -name "up" -o -name "script" \) -exec chmod +x {} \; && \
     cd /etc/s6-overlay/s6-rc.d/user/contents.d && \
     touch init postgres api client admin smtp taskrunner nginx notification && \
diff --git a/dockerfiles/all-in-one/s6-scripts/notification/run b/dockerfiles/all-in-one/s6-scripts/notification/run
index 90f820baa..608e33e10 100755
--- a/dockerfiles/all-in-one/s6-scripts/notification/run
+++ b/dockerfiles/all-in-one/s6-scripts/notification/run
@@ -37,7 +37,7 @@ if [ "$VERBOSITY" -le 1 ]; then
             # Admin password hash exists - show the legacy warning
             echo "🔑 Admin Login:"
             echo "  • Username: admin"
-            echo "  • Password: (previously set - to reset the admin password, login to this container via \`docker exec -it [container-name] /bin/bash\` and run: reset-admin-password.sh)"
+            echo "  • Password: (previously set - to reset the admin password, login to this container via \`docker exec -it [container-name] /bin/bash\` and run: aliasvault reset-admin-password)"
             echo ""
         else
             # No admin password hash file - show setup instructions
diff --git a/dockerfiles/all-in-one/scripts/aliasvault.sh b/dockerfiles/all-in-one/scripts/aliasvault.sh
new file mode 100644
index 000000000..615af1a1f
--- /dev/null
+++ b/dockerfiles/all-in-one/scripts/aliasvault.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Simple AliasVault command dispatcher wrapper which allows
+# running AliasVault commands from the Docker container CLI
+# like `aliasvault reset-admin-password`.
+
+case "$1" in
+    reset-admin-password)
+        shift
+        exec /usr/local/bin/reset-admin-password.sh "$@"
+        ;;
+    hash-password)
+        shift
+        exec /usr/local/bin/aliasvault-cli/AliasVault.InstallCli hash-password "$@"
+        ;;
+    help|--help|-h|"")
+        echo "AliasVault Commands"
+        echo ""
+        echo "Usage: aliasvault <command> [options]"
+        echo ""
+        echo "Commands:"
+        echo "  reset-admin-password   Reset admin password"
+        echo "  hash-password          Hash a password"
+        echo "  help                   Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  aliasvault reset-admin-password -y"
+        echo "  aliasvault hash-password 'mypassword'"
+        ;;
+    *)
+        echo "Unknown command: $1"
+        echo "Run 'aliasvault help' for usage"
+        exit 1
+        ;;
+esac
diff --git a/dockerfiles/all-in-one/reset-admin-password.sh b/dockerfiles/all-in-one/scripts/reset-admin-password.sh
similarity index 100%
rename from dockerfiles/all-in-one/reset-admin-password.sh
rename to dockerfiles/all-in-one/scripts/reset-admin-password.sh
diff --git a/docs/installation/docker-compose/troubleshooting.md b/docs/installation/docker-compose/troubleshooting.md
index 2fed466a8..9fe8de762 100644
--- a/docs/installation/docker-compose/troubleshooting.md
+++ b/docs/installation/docker-compose/troubleshooting.md
@@ -20,17 +20,17 @@ For any issues you might encounter, the first step is to check the Docker contai
 
 1. Check the Docker container running status:
 ```bash
-docker compose ps
+$ docker compose ps
 ```
 
 2. Check the Docker container logs
-```
-docker compose logs
+```bash
+$ docker compose logs
 ```
 
 3. Try restarting the Docker container
 ```bash
-docker compose restart
+$ docker compose restart
 ```
 
 ---
@@ -39,7 +39,7 @@ docker compose restart
 All AliasVault services log information and errors to text files. These files are located in the `logs` directory. You can check the logs of a specific service by running the following command:
 
 ```bash
-cat logs/[service-name].txt
+$ cat logs/[service-name].txt
 ```
 
 ---
@@ -58,19 +58,19 @@ Refer to the [installation guide](./#3-email-server-setup) for more information
 
 
 ### 2. Forgot AliasVault Admin Password
-If you have lost your admin password, you can reset it by running the install script with the `reset-admin-password` option. This will generate a new random password and update the .env file with it. After that it will restart the AliasVault containers to apply the changes.
+If you have lost your admin password, you can reset it by running the `aliasvault reset-admin-password` option. This will generate a new random password and update the secret. After that it will restart the AliasVault containers to apply the changes.
 
 1. SSH into the aliasvault container:
 ```bash
-docker compose exec -it aliasvault /bin/bash
+$ docker compose exec -it aliasvault /bin/bash
 ```
 2. Run the reset-admin-password.sh script:
 ```bash
-./reset-admin-password.sh
+$ aliasvault reset-admin-password
 ```
 3. Remember the password outputted by the step above. Then quit out of the SSH session (ctrl+C) and then restart the container:
 ```bash
-docker compose restart
+$ docker compose restart
 ```
 4. You can now login to the admin panel (/admin) with the new password.
 
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 694b4fc2e..2254105eb 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -20,7 +20,7 @@ AliasVault can be self-hosted on your own servers using two different installati
 | **Setup style**          | Managed, opinionated, production-ready defaults  | Fits into existing homelab/stack tools (Portainer compatible) |
 | **Build from source**    | Optional (supported)                             | Pre-built container only                      |
 | **Choose if…**           | You want auto SSL and a managed stack            | You already have TLS and prefer manual control |
-|                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } (Recommended) | [**Self-host via Manual Setup →**](./manual){: .btn .btn-primary } |
+|                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } (Recommended) | [**Self-host via Docker Compose →**](./docker-compose){: .btn .btn-primary } |
 
 
 ---

From 75d924957787c69e579461cec93044ab1580c5aa Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 18:09:02 +0200
Subject: [PATCH 20/33] Update styling (#1181)

---
 .../AliasVault.Admin/Auth/Pages/Login.razor   | 23 +++++++++++++++----
 .../AliasVault.Admin/wwwroot/css/tailwind.css | 20 ++++++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
index 3853a9afc..9f8e9081b 100644
--- a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
+++ b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
@@ -10,14 +10,29 @@
 
 <ServerValidationErrors @ref="ServerValidationErrors" />
 
-@if (!IsAdminConfigured)
+@if (!IsAdminConfigured || 1==1)
 {
     <MessageInfo Title="Admin User Not Configured">
         The admin user has not been configured yet. To set up admin access:
         <ol class="list-decimal list-inside space-y-1 mb-3">
-            <li>Connect to your Docker container: <code class="bg-orange-300 px-1 py-0.5 rounded text-xs">$ docker compose exec -it aliasvault /bin/bash</code></li>
-            <li>Run the password reset script: <code class="bg-orange-300  px-1 py-0.5 rounded text-xs">$ aliasvault reset-admin-password</code></li>
-            <li>Restart the container to apply changes: <code class="bg-orange-300  px-1 py-0.5 rounded text-xs">$ docker compose restart</code></li>
+            <li>
+                Connect to your Docker container:
+                <div>
+                    <code class="bg-gray-700 text-white px-1 py-0.5 rounded text-xs">$ docker compose exec -it aliasvault /bin/bash</code>
+                </div>
+            </li>
+            <li>
+                Run the password reset script:
+                <div>
+                    <code class="bg-gray-700 text-white px-1 py-0.5 rounded text-xs">$ aliasvault reset-admin-password</code>
+                </div>
+            </li>
+            <li>
+                Exit out of the container, then restart the container to apply changes:
+                <div>
+                    <code class="bg-gray-700 text-white px-1 py-0.5 rounded text-xs">$ docker compose restart</code>
+                </div>
+            </li>
         </ol>
     </MessageInfo>
 }
diff --git a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
index 932c15ea6..aac3cd66a 100644
--- a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
+++ b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
@@ -1462,6 +1462,26 @@ video {
   background-color: rgb(253 186 116 / var(--tw-bg-opacity));
 }
 
+.bg-orange-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(234 88 12 / var(--tw-bg-opacity));
+}
+
+.bg-orange-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(194 65 12 / var(--tw-bg-opacity));
+}
+
+.bg-orange-800 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(154 52 18 / var(--tw-bg-opacity));
+}
+
+.bg-yellow-600 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(202 138 4 / var(--tw-bg-opacity));
+}
+
 .bg-opacity-50 {
   --tw-bg-opacity: 0.5;
 }

From e3d2bec20383afdbe41026e13a96b98ec75886d0 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 18:51:18 +0200
Subject: [PATCH 21/33] Update database import/export compatibility (#1181)

---
 .../docker-compose/advanced/database.md       |  6 +-
 docs/installation/script/advanced/database.md |  4 +-
 install.sh                                    | 57 +++++++++++++++----
 3 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/docs/installation/docker-compose/advanced/database.md b/docs/installation/docker-compose/advanced/database.md
index e0047b0b4..f8239b636 100644
--- a/docs/installation/docker-compose/advanced/database.md
+++ b/docs/installation/docker-compose/advanced/database.md
@@ -13,7 +13,7 @@ This page explains how to import/export on the AliasVault server database via Do
 In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the following command. Run this command from the directory where your AliasVault `docker-compose.yml` is located.
 
 ```bash
-docker compose exec aliasvault pg_dump -U aliasvault aliasvault > backup.sql
+$ docker compose exec aliasvault pg_dump -U aliasvault aliasvault > backup.sql
 ```
 
 ## Database Import
@@ -25,8 +25,8 @@ To restore a previously exported database, you can use the following snippet. Ru
 docker compose exec -T aliasvault psql -U postgres -d postgres -c "DROP DATABASE IF EXISTS aliasvault WITH (FORCE);"
 
 # Create new empty database
-docker compose exec -T aliasvault psql -U postgres -d postgres -c "CREATE DATABASE aliasvault;"
+docker compose exec -T aliasvault psql -U postgres -d postgres -c "CREATE DATABASE aliasvault OWNER aliasvault;"
 
 # Import backup
-docker compose exec -T aliasvault psql -U postgres aliasvault < backup.sql
+docker compose exec -T aliasvault psql -U aliasvault aliasvault < backup.sql
 ```
diff --git a/docs/installation/script/advanced/database.md b/docs/installation/script/advanced/database.md
index 7d31dd49e..a604b7951 100644
--- a/docs/installation/script/advanced/database.md
+++ b/docs/installation/script/advanced/database.md
@@ -13,7 +13,7 @@ This page explains how to import/export on the AliasVault server database via th
 In order to backup the AliasVault server database (which includes all encrypted user vaults as well), you can use the `install.sh` script. This script will stop all services, export the database to a file, and then restart the services.
 
 ```bash
-./install.sh db-backup > backup.sql.gz
+$ ./install.sh db-export > backup.sql.gz
 ```
 
 ## Database Import
@@ -21,5 +21,5 @@ In order to backup the AliasVault server database (which includes all encrypted
 To restore a previously exported database, you can use the `install.sh` script. This script will stop all services, drop the database, import the database from a file, and then restart the services.
 
 ```bash
-./install.sh db-restore < backup.sql.gz
+$ ./install.sh db-import < backup.sql.gz
 ```
diff --git a/install.sh b/install.sh
index 6cde3c9fa..3b2a03c38 100755
--- a/install.sh
+++ b/install.sh
@@ -2727,9 +2727,10 @@ handle_db_export() {
         printf "Options:\n" >&2
         printf "  --dev    Export from development database\n" >&2
         printf "\n" >&2
-        printf "Example:\n" >&2
+        printf "Examples:\n" >&2
         printf "  ./install.sh db-export > my_backup_$(date +%Y%m%d).sql.gz\n" >&2
         printf "  ./install.sh db-export --dev > my_dev_backup_$(date +%Y%m%d).sql.gz\n" >&2
+        printf "\n" >&2
         exit 1
     fi
 
@@ -2791,7 +2792,15 @@ handle_db_import() {
 
     # Check if we're getting input from a pipe
     if [ -t 0 ]; then
-        printf "Usage: ./install.sh db-import [--dev] < backup.sql.gz\n"
+        printf "Usage: ./install.sh db-import [--dev] < backup_file\n"
+        printf "\n"
+        printf "Options:\n"
+        printf "  --dev    Import to development database\n"
+        printf "\n"
+        printf "Examples:\n"
+        printf "  ./install.sh db-import < backup.sql.gz    # Import gzipped backup\n"
+        printf "  ./install.sh db-import < backup.sql       # Import plain SQL backup\n"
+        printf "  ./install.sh db-import --dev < backup.sql # Import to dev database\n"
         exit 1
     fi
 
@@ -2840,15 +2849,25 @@ handle_db_import() {
     fi
     printf "database...${NC}\n"
 
-    # Create a temporary file to verify the gzip input
+    # Create a temporary file to store the input
     temp_file=$(mktemp)
     cat <&3 > "$temp_file"  # Read from fd 3 instead of stdin
     exec 3<&-  # Close fd 3
 
-    if ! gzip -t "$temp_file" 2>/dev/null; then
-        printf "${RED}Error: Input is not a valid gzip file${NC}\n"
-        rm "$temp_file"
-        exit 1
+    # Detect if the file is gzipped or plain SQL
+    is_gzipped=false
+    if gzip -t "$temp_file" 2>/dev/null; then
+        is_gzipped=true
+        printf "${CYAN}> Detected gzipped SQL backup${NC}\n"
+    else
+        # Check if it looks like SQL (basic validation)
+        if head -n 10 "$temp_file" | grep -qE '(^--|^CREATE |^INSERT |^ALTER |^DROP |^\\\\connect|^SET |^COMMENT |^GRANT |^REVOKE )'; then
+            printf "${CYAN}> Detected plain SQL backup${NC}\n"
+        else
+            printf "${RED}Error: Input is neither a valid gzip file nor a SQL file${NC}\n"
+            rm "$temp_file"
+            exit 1
+        fi
     fi
 
     if [ "$DEV_DB" = true ]; then
@@ -2856,24 +2875,40 @@ handle_db_import() {
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = 'aliasvault' AND pid <> pg_backend_pid();" && \
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "DROP DATABASE IF EXISTS aliasvault;" && \
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "CREATE DATABASE aliasvault OWNER aliasvault;" && \
-            gunzip -c "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault
+            if [ "$is_gzipped" = true ]; then
+                gunzip -c "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault
+            else
+                cat "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault
+            fi
         else
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = 'aliasvault' AND pid <> pg_backend_pid();" > /dev/null 2>&1 && \
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "DROP DATABASE IF EXISTS aliasvault;" > /dev/null 2>&1 && \
             docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault postgres -c "CREATE DATABASE aliasvault OWNER aliasvault;" > /dev/null 2>&1 && \
-            gunzip -c "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault > /dev/null 2>&1
+            if [ "$is_gzipped" = true ]; then
+                gunzip -c "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault > /dev/null 2>&1
+            else
+                cat "$temp_file" | docker compose -f dockerfiles/docker-compose.dev.yml -p aliasvault-dev exec -T postgres-dev psql -U aliasvault aliasvault > /dev/null 2>&1
+            fi
         fi
     else
         if [ "$VERBOSE" = true ]; then
             docker compose exec -T postgres psql -U aliasvault postgres -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = 'aliasvault' AND pid <> pg_backend_pid();" && \
             docker compose exec -T postgres psql -U aliasvault postgres -c "DROP DATABASE IF EXISTS aliasvault;" && \
             docker compose exec -T postgres psql -U aliasvault postgres -c "CREATE DATABASE aliasvault OWNER aliasvault;" && \
-            gunzip -c "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault
+            if [ "$is_gzipped" = true ]; then
+                gunzip -c "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault
+            else
+                cat "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault
+            fi
         else
             docker compose exec -T postgres psql -U aliasvault postgres -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = 'aliasvault' AND pid <> pg_backend_pid();" > /dev/null 2>&1 && \
             docker compose exec -T postgres psql -U aliasvault postgres -c "DROP DATABASE IF EXISTS aliasvault;" > /dev/null 2>&1 && \
             docker compose exec -T postgres psql -U aliasvault postgres -c "CREATE DATABASE aliasvault OWNER aliasvault;" > /dev/null 2>&1 && \
-            gunzip -c "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault > /dev/null 2>&1
+            if [ "$is_gzipped" = true ]; then
+                gunzip -c "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault > /dev/null 2>&1
+            else
+                cat "$temp_file" | docker compose exec -T postgres psql -U aliasvault aliasvault > /dev/null 2>&1
+            fi
         fi
     fi
 

From 961977c9e241e1e461a94ec3b30d12c48310d01b Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 18:51:39 +0200
Subject: [PATCH 22/33] Update docs (#1181)

---
 dockerfiles/all-in-one/s6-scripts/notification/run     | 8 ++++----
 docs/installation/docker-compose/advanced/lifecycle.md | 8 ++++----
 docs/installation/docker-compose/advanced/uninstall.md | 2 +-
 docs/installation/docker-compose/index.md              | 9 ++++++++-
 docs/installation/index.md                             | 2 +-
 docs/installation/script/advanced/build-from-source.md | 8 ++++----
 docs/installation/script/advanced/lifecycle.md         | 6 +++---
 docs/installation/script/advanced/uninstall.md         | 2 +-
 8 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/dockerfiles/all-in-one/s6-scripts/notification/run b/dockerfiles/all-in-one/s6-scripts/notification/run
index 608e33e10..372eb29ef 100755
--- a/dockerfiles/all-in-one/s6-scripts/notification/run
+++ b/dockerfiles/all-in-one/s6-scripts/notification/run
@@ -37,16 +37,16 @@ if [ "$VERBOSITY" -le 1 ]; then
             # Admin password hash exists - show the legacy warning
             echo "🔑 Admin Login:"
             echo "  • Username: admin"
-            echo "  • Password: (previously set - to reset the admin password, login to this container via \`docker exec -it [container-name] /bin/bash\` and run: aliasvault reset-admin-password)"
+            echo "  • Password: (previously set - to reset the admin password, login to this container via \`docker exec -it aliasvault /bin/bash\` and run: aliasvault reset-admin-password)"
             echo ""
         else
             # No admin password hash file - show setup instructions
             echo "🔑 Admin Setup:"
             echo "  • Admin user is not configured by default"
             echo "  • To configure admin access:"
-            echo "    1. docker exec -it [container-name] /bin/bash"
-            echo "    2. reset-admin-password.sh"
-            echo "    3. Restart the container"
+            echo "    1. $ docker exec -it aliasvault /bin/bash"
+            echo "    2. $ aliasvault reset-admin-password"
+            echo "    3. $ docker compose restart"
             echo ""
         fi
 
diff --git a/docs/installation/docker-compose/advanced/lifecycle.md b/docs/installation/docker-compose/advanced/lifecycle.md
index 6d2c9f414..823758ec4 100644
--- a/docs/installation/docker-compose/advanced/lifecycle.md
+++ b/docs/installation/docker-compose/advanced/lifecycle.md
@@ -12,19 +12,19 @@ You can stop and start AliasVault via the default docker compose commands. Run t
 ## Stop
 To stop AliasVault:
 ```bash
-docker compose down
+$ docker compose down
 ```
 
 ## Start
 To start AliasVault:
 
 ```bash
-docker compose up -d
+$ docker compose up -d
 ```
 
 ## Restart
-To restart AliasVault:
+To restart AliasVault (note: when making changes to the `docker-compose.yml`, you'll need to manually stop and start to make the new changes be applied)
 
 ```bash
-docker compose restart
+$ docker compose restart
 ```
diff --git a/docs/installation/docker-compose/advanced/uninstall.md b/docs/installation/docker-compose/advanced/uninstall.md
index f78244209..c6ad92574 100644
--- a/docs/installation/docker-compose/advanced/uninstall.md
+++ b/docs/installation/docker-compose/advanced/uninstall.md
@@ -16,5 +16,5 @@ This will not delete any data stored in the database. If you wish to delete all
 ### Steps
 1. Run docker compose down and remove any local Docker images related to AliasVault.
 ```bash
-docker compose down --rmi all
+$ docker compose down --rmi all
 ```
diff --git a/docs/installation/docker-compose/index.md b/docs/installation/docker-compose/index.md
index 82905b87a..4bb5b91e1 100644
--- a/docs/installation/docker-compose/index.md
+++ b/docs/installation/docker-compose/index.md
@@ -170,7 +170,14 @@ After setting up your DNS, you have to configure AliasVault to let it know which
 # ...
 ```
 
-After updating the docker-compose.yml file, issue a `docker compose restart`. Afterwards, when you login to the AliasVault web app, you should now be able to create an alias with your domain and be able to receive email on it.
+After updating the docker-compose.yml file, restart the Docker Compose stack:
+```bash
+# To apply new environment variables, containers must be recreated.
+docker compose down
+docker compose up -d
+```
+
+Afterwards, when you login to the AliasVault web app, you should now be able to create an alias with your configured private domain and be able to receive email on it.
 
 {: .note }
 Important: DNS propagation can take up to 24-48 hours. During this time, email delivery might be inconsistent.
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 2254105eb..8393b5307 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -20,7 +20,7 @@ AliasVault can be self-hosted on your own servers using two different installati
 | **Setup style**          | Managed, opinionated, production-ready defaults  | Fits into existing homelab/stack tools (Portainer compatible) |
 | **Build from source**    | Optional (supported)                             | Pre-built container only                      |
 | **Choose if…**           | You want auto SSL and a managed stack            | You already have TLS and prefer manual control |
-|                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } (Recommended) | [**Self-host via Docker Compose →**](./docker-compose){: .btn .btn-primary } |
+|                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } | [**Self-host via Docker →**](./docker-compose){: .btn .btn-primary } |
 
 
 ---
diff --git a/docs/installation/script/advanced/build-from-source.md b/docs/installation/script/advanced/build-from-source.md
index 8c6112cc5..10ec0111e 100644
--- a/docs/installation/script/advanced/build-from-source.md
+++ b/docs/installation/script/advanced/build-from-source.md
@@ -19,13 +19,13 @@ Building from source requires more resources:
 ## Steps
 1. Clone the repository
 ```bash
-git clone https://github.com/aliasvault/aliasvault.git
-cd aliasvault
+$ git clone https://github.com/aliasvault/aliasvault.git
+$ cd aliasvault
 ```
 2. Make the build script executable and run it. This will create the .env file, build the Docker images locally from source, and start the AliasVault containers. Follow the on-screen prompts to configure AliasVault.
 ```bash
-chmod +x install.sh
-./install.sh build
+$ chmod +x install.sh
+$ ./install.sh build
 ```
 > **Note:** The complete build process can take a while depending on your hardware (5-15 minutes).
 
diff --git a/docs/installation/script/advanced/lifecycle.md b/docs/installation/script/advanced/lifecycle.md
index 7407b9caa..d91fa07c4 100644
--- a/docs/installation/script/advanced/lifecycle.md
+++ b/docs/installation/script/advanced/lifecycle.md
@@ -13,19 +13,19 @@ You can stop and start AliasVault easily by using the install script.
 To stop AliasVault, run the install script with the `stop` option. This will stop all running AliasVault containers.
 
 ```bash
-./install.sh stop
+$ ./install.sh stop
 ```
 
 ## Start
 To start AliasVault, run the install script with the `start` option. This will start all AliasVault containers.
 
 ```bash
-./install.sh start
+$ ./install.sh start
 ```
 
 ## Restart
 To restart AliasVault, run the install script with the `restart` option. This will restart all AliasVault containers.
 
 ```bash
-./install.sh restart
+$ ./install.sh restart
 ```
diff --git a/docs/installation/script/advanced/uninstall.md b/docs/installation/script/advanced/uninstall.md
index 53aefa50f..65dc8c6a6 100644
--- a/docs/installation/script/advanced/uninstall.md
+++ b/docs/installation/script/advanced/uninstall.md
@@ -16,5 +16,5 @@ This will not delete any data stored in the database. If you wish to delete all
 ### Steps
 1. Run the install script with the `uninstall` option
 ```bash
-./install.sh uninstall
+$ ./install.sh uninstall
 ```

From e669738e38c0730c4910ad240cf18e19e55a57be Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 8 Sep 2025 19:11:30 +0200
Subject: [PATCH 23/33] Update docker-build.yml (#1181)

---
 .github/workflows/docker-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 36139c137..88660582f 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -110,7 +110,7 @@ jobs:
 
           # Run the reset password script with auto-confirm
           echo "Running reset-admin-password command..."
-          password_output=$(docker exec aliasvault-test "aliasvault reset-admin-password -y" 2>&1)
+          password_output=$(docker exec aliasvault-test aliasvault reset-admin-password -y 2>&1)
           echo "Script output:"
           echo "$password_output"
 

From b543696fa9d1bc835a8a886027f42055580fe9a4 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 07:34:04 +0200
Subject: [PATCH 24/33] Update Admin login.razor (#1181)

---
 .../AliasVault.Admin/Auth/Pages/Login.razor   |  2 +-
 .../AliasVault.Admin/wwwroot/css/tailwind.css | 69 -------------------
 2 files changed, 1 insertion(+), 70 deletions(-)

diff --git a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
index 9f8e9081b..73c3f6795 100644
--- a/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
+++ b/apps/server/AliasVault.Admin/Auth/Pages/Login.razor
@@ -10,7 +10,7 @@
 
 <ServerValidationErrors @ref="ServerValidationErrors" />
 
-@if (!IsAdminConfigured || 1==1)
+@if (!IsAdminConfigured)
 {
     <MessageInfo Title="Admin User Not Configured">
         The admin user has not been configured yet. To set up admin access:
diff --git a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
index aac3cd66a..d1593281e 100644
--- a/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
+++ b/apps/server/AliasVault.Admin/wwwroot/css/tailwind.css
@@ -1262,11 +1262,6 @@ video {
   border-color: rgb(239 68 68 / var(--tw-border-opacity));
 }
 
-.border-yellow-200 {
-  --tw-border-opacity: 1;
-  border-color: rgb(254 240 138 / var(--tw-border-opacity));
-}
-
 .border-yellow-500 {
   --tw-border-opacity: 1;
   border-color: rgb(234 179 8 / var(--tw-border-opacity));
@@ -1447,41 +1442,6 @@ video {
   background-color: rgb(234 179 8 / var(--tw-bg-opacity));
 }
 
-.bg-yellow-400 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(250 204 21 / var(--tw-bg-opacity));
-}
-
-.bg-orange-200 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(254 215 170 / var(--tw-bg-opacity));
-}
-
-.bg-orange-300 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(253 186 116 / var(--tw-bg-opacity));
-}
-
-.bg-orange-600 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(234 88 12 / var(--tw-bg-opacity));
-}
-
-.bg-orange-700 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(194 65 12 / var(--tw-bg-opacity));
-}
-
-.bg-orange-800 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(154 52 18 / var(--tw-bg-opacity));
-}
-
-.bg-yellow-600 {
-  --tw-bg-opacity: 1;
-  background-color: rgb(202 138 4 / var(--tw-bg-opacity));
-}
-
 .bg-opacity-50 {
   --tw-bg-opacity: 0.5;
 }
@@ -1860,11 +1820,6 @@ video {
   color: rgb(255 255 255 / var(--tw-text-opacity));
 }
 
-.text-yellow-600 {
-  --tw-text-opacity: 1;
-  color: rgb(202 138 4 / var(--tw-text-opacity));
-}
-
 .text-yellow-700 {
   --tw-text-opacity: 1;
   color: rgb(161 98 7 / var(--tw-text-opacity));
@@ -2196,11 +2151,6 @@ video {
   border-color: rgb(234 179 8 / var(--tw-border-opacity));
 }
 
-.dark\:border-yellow-800:is(.dark *) {
-  --tw-border-opacity: 1;
-  border-color: rgb(133 77 14 / var(--tw-border-opacity));
-}
-
 .dark\:bg-blue-800:is(.dark *) {
   --tw-bg-opacity: 1;
   background-color: rgb(30 64 175 / var(--tw-bg-opacity));
@@ -2297,20 +2247,6 @@ video {
   background-color: rgb(113 63 18 / var(--tw-bg-opacity));
 }
 
-.dark\:bg-yellow-900\/20:is(.dark *) {
-  background-color: rgb(113 63 18 / 0.2);
-}
-
-.dark\:bg-yellow-400:is(.dark *) {
-  --tw-bg-opacity: 1;
-  background-color: rgb(250 204 21 / var(--tw-bg-opacity));
-}
-
-.dark\:bg-orange-300:is(.dark *) {
-  --tw-bg-opacity: 1;
-  background-color: rgb(253 186 116 / var(--tw-bg-opacity));
-}
-
 .dark\:bg-opacity-80:is(.dark *) {
   --tw-bg-opacity: 0.8;
 }
@@ -2415,11 +2351,6 @@ video {
   color: rgb(254 240 138 / var(--tw-text-opacity));
 }
 
-.dark\:text-yellow-400:is(.dark *) {
-  --tw-text-opacity: 1;
-  color: rgb(250 204 21 / var(--tw-text-opacity));
-}
-
 .dark\:placeholder-gray-400:is(.dark *)::-moz-placeholder {
   --tw-placeholder-opacity: 1;
   color: rgb(156 163 175 / var(--tw-placeholder-opacity));

From 7e4a0f6e07b44a506d12320064687b90bb98e454 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 07:40:48 +0200
Subject: [PATCH 25/33] Delete SolarLint.xml (#1181)

---
 SonarLint.xml | 13 -------------
 1 file changed, 13 deletions(-)
 delete mode 100644 SonarLint.xml

diff --git a/SonarLint.xml b/SonarLint.xml
deleted file mode 100644
index f03773dad..000000000
--- a/SonarLint.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<SonarLint>
-    <Rules>
-        <Rule>
-            <Key>S1135</Key>
-            <Parameters>
-                <Parameter>
-                    <Name>sonarlint.rule.enabled</Name>
-                    <Value>false</Value>
-                </Parameter>
-            </Parameters>
-        </Rule>
-    </Rules>
-</SonarLint>

From 58d6b4c67ce400a4f6d987e2be1ec9ae90895ad4 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 10:08:57 +0200
Subject: [PATCH 26/33] Update instructions (#1181)

---
 docs/installation/index.md | 43 ++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/docs/installation/index.md b/docs/installation/index.md
index 8393b5307..8fd9c1cd4 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -8,6 +8,14 @@ nav_order: 2
 
 AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself.
 
+## Which Installation Method to Choose?
+
+### 🚀 **Option 1: Install Script**
+The installer script is a **fully managed solution** that handles everything for you. Simply run it on a clean VM/LXC with Docker installed, and it will set up all required containers, configure SSL certificates and provide CLI helpers for easy updates and maintenance.
+
+### 🛠️ **Option 2: Docker Compose**
+If you prefer manual setup and **have existing SSL infrastructure**, use the all-in-one Docker image via Docker Compose. It works with your existing SSL proxy (Traefik, HAProxy, Caddy, etc.) and gives you full control over the configuration. Note: because this install method does not include a CLI, future updates may require some manual migrations.
+
 |                          | **Option 1: Install Script (multi-container)** | **Option 2: Docker Compose (single container)** |
 |--------------------------|---------------------------------------------------|-----------------------------------------------|
 | **Best for**             | ☁️ VPS/VM/Proxmox, cloud hosts, DigitalOcean, AWS/Azure | 🏠 NAS/Synology/Unraid, Raspberry Pi, home servers |
@@ -18,34 +26,29 @@ AliasVault can be self-hosted on your own servers using two different installati
 | **Updates**              | `install.sh` assisted updates & migrations                | `docker pull` (manual); occasional manual migrations |
 | **Admin actions**        | `install.sh` helpers for admin password reset              | SSH into container for certain tasks (e.g. password reset) |
 | **Setup style**          | Managed, opinionated, production-ready defaults  | Fits into existing homelab/stack tools (Portainer compatible) |
-| **Build from source**    | Optional (supported)                             | Pre-built container only                      |
+| **Build from source**    | Supported                             | Pre-built container only                      |
 | **Choose if…**           | You want auto SSL and a managed stack            | You already have TLS and prefer manual control |
 |                          | [**Self-host via Install Script →**](./script){: .btn .btn-primary } | [**Self-host via Docker →**](./docker-compose){: .btn .btn-primary } |
 
+### Quick Decision Guide
+
+**Go with the Install Script if:**
+- ✅ You have a fresh VM or VPS dedicated to AliasVault
+- ✅ You want automatic SSL setup without hassle
+- ✅ You prefer managed updates and maintenance
+- ✅ You're new to Docker or want the simplest setup
+
+**Go with Docker Compose if:**
+- ✅ You're already running other Docker containers on this host
+- ✅ You have existing SSL infrastructure (reverse proxy)
+- ✅ You want to integrate with your homelab tools (Portainer, etc.)
+- ✅ You prefer manual control over the configuration
+
 
 ---
 
 ## Frequently Asked Questions
 
-<details style="margin-bottom: 10px;">
-<summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">Which installation method should I choose?</summary>
-<div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">
-
-**Choose the Installer Script if:**
-- You have a dedicated VM or VPS for AliasVault
-- Your server is directly accessible from the internet
-- You want automatic SSL certificates via Let's Encrypt
-- You prefer a managed, production-ready setup with CLI helpers
-
-**Choose Manual Setup if:**
-- You're running a home server or NAS (Synology, Unraid, etc.)
-- You already have a reverse proxy handling SSL (Traefik, Nginx, Caddy)
-- You want to manage AliasVault alongside other Docker containers
-- You prefer using standard Docker commands and tools like Portainer
-
-</div>
-</details>
-
 <details style="margin-bottom: 10px;">
 <summary style="background-color: #4a5568; color: #ffffff; padding: 10px; border-radius: 5px; cursor: pointer;">What's the difference between multi-container and single container?</summary>
 <div style="background-color: #2d3748; color: #ffffff; padding: 15px; border-left: 3px solid #4299e1;" markdown="1">

From 56e82cd046e8c9b57c5818c2bcf7f8f2b53750b0 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 10:50:59 +0200
Subject: [PATCH 27/33] Add optional FORCE_HTTPS_REDIRECT flag to install.sh
 method (#1181)

---
 .env.example                  |   3 +
 apps/server/Dockerfile        |   4 +-
 apps/server/entrypoint.sh     |  11 +++
 apps/server/nginx-443.conf    | 143 ++++++++++++++++++++++++++++++++++
 apps/server/nginx-80-443.conf | 128 ++++++++++++++++++++++++++++++
 5 files changed, 287 insertions(+), 2 deletions(-)
 create mode 100644 apps/server/nginx-443.conf
 create mode 100644 apps/server/nginx-80-443.conf

diff --git a/.env.example b/.env.example
index 20533aca8..1f475fa73 100644
--- a/.env.example
+++ b/.env.example
@@ -26,6 +26,9 @@ HTTPS_PORT=443
 SMTP_PORT=25
 SMTP_TLS_PORT=587
 
+# Whether to force redirect all HTTP traffic (80) to HTTPS (443). Defaults to true.
+FORCE_HTTPS_REDIRECT=true
+
 # ===========================================
 # EMAIL SERVER CONFIGURATION
 # ===========================================
diff --git a/apps/server/Dockerfile b/apps/server/Dockerfile
index e8e8b0364..5fd29f990 100644
--- a/apps/server/Dockerfile
+++ b/apps/server/Dockerfile
@@ -10,8 +10,8 @@ LABEL org.opencontainers.image.description="Nginx reverse proxy for AliasVault.
 # Install OpenSSL
 RUN apk add --no-cache openssl
 
-# Copy configuration and entrypoint script
-COPY apps/server/nginx.conf /etc/nginx/nginx.conf
+# Copy all nginx configurations and entrypoint script
+COPY apps/server/nginx*.conf /etc/nginx/
 COPY apps/server/status.html /usr/share/nginx/html/status.html
 COPY apps/server/entrypoint.sh /docker-entrypoint.sh
 
diff --git a/apps/server/entrypoint.sh b/apps/server/entrypoint.sh
index 41ad6cd17..eb2a53f6b 100644
--- a/apps/server/entrypoint.sh
+++ b/apps/server/entrypoint.sh
@@ -3,6 +3,17 @@
 # Create SSL directory if it doesn't exist
 mkdir -p /etc/nginx/ssl
 
+# Select the appropriate nginx configuration based on FORCE_HTTPS_REDIRECT
+# Default to true (nginx-443.conf) for backward compatibility
+# Only disable redirect if explicitly set to "false"
+if [ "${FORCE_HTTPS_REDIRECT:-true}" = "false" ]; then
+    echo "Using nginx-80-443.conf (HTTP and HTTPS without redirect)"
+    cp /etc/nginx/nginx-80-443.conf /etc/nginx/nginx.conf
+else
+    echo "Using nginx-443.conf (HTTP to HTTPS redirect enabled - default)"
+    cp /etc/nginx/nginx-443.conf /etc/nginx/nginx.conf
+fi
+
 # Generate self-signed SSL certificate if not exists
 if [ ! -f /etc/nginx/ssl/cert.pem ] || [ ! -f /etc/nginx/ssl/key.pem ]; then
     echo "Generating new SSL certificate (10 years validity)..."
diff --git a/apps/server/nginx-443.conf b/apps/server/nginx-443.conf
new file mode 100644
index 000000000..69af1f4aa
--- /dev/null
+++ b/apps/server/nginx-443.conf
@@ -0,0 +1,143 @@
+# This is the Nginx configuration file for the AliasVault reverse-proxy container.
+# which exposes all AliasVault services via 443 (HTTPS) with a self-signed or Let's Encrypt certificate.
+# It also redirects all non-ACME challenge requests from HTTP to HTTPS.
+events {
+    worker_connections 1024;
+}
+
+http {
+    client_max_body_size 25M;
+
+    upstream client {
+        server client:3000 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream api {
+        server api:3001 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream admin {
+        server admin:3002 max_fails=1 fail_timeout=5s;
+    }
+
+    # Preserve any existing X-Forwarded-* headers, this is relevant if AliasVault
+    # is running behind another reverse proxy.
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Enable gzip compression, which reduces the amount of data that needs to be transferred
+    # to speed up WASM load times.
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    server {
+        listen 80;
+        server_name _;
+
+        # Handle ACME challenge for Let's Encrypt certificate validation
+        location /.well-known/acme-challenge/ {
+            allow all;
+            root /var/www/certbot;
+            try_files $uri =404;
+            default_type "text/plain";
+            add_header Cache-Control "no-cache";
+            break;
+        }
+
+        # Redirect all other HTTP traffic to HTTPS
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name _;
+
+        # Include the appropriate SSL certificate configuration generated
+        # by the entrypoint script.
+        include /etc/nginx/ssl.conf;
+
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
+        # Root for static files
+        root /usr/share/nginx/html;
+
+        # Error page handler location (internal use only)
+        location = /status.html {
+            internal;
+            try_files /status.html =404;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+            add_header Pragma "no-cache";
+            add_header Expires "0";
+        }
+
+        # Admin interface
+        location /admin {
+            proxy_pass http://admin;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Prefix /admin/;
+
+            # Rewrite HTTP redirects to HTTPS
+            proxy_redirect http:// https://;
+
+            # Add WebSocket support for Blazor server
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 86400;
+
+            # Show status page if admin is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # API endpoints
+        location /api {
+            proxy_pass http://api;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if api is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # Client app (root path)
+        location / {
+            proxy_pass http://client;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Rewrite HTTP redirects to HTTPS
+            proxy_redirect http:// https://;
+
+            # Show status page if client is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+    }
+}
diff --git a/apps/server/nginx-80-443.conf b/apps/server/nginx-80-443.conf
new file mode 100644
index 000000000..23dad877d
--- /dev/null
+++ b/apps/server/nginx-80-443.conf
@@ -0,0 +1,128 @@
+# This is the main Nginx configuration file for the AliasVault reverse-proxy container.
+# which exposes all AliasVault services via both 80 (HTTP)
+# and 443 (HTTPS) with either a self-signed or Let's Encrypt certificate.
+events {
+    worker_connections 1024;
+}
+
+http {
+    client_max_body_size 25M;
+
+    upstream client {
+        server client:3000 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream api {
+        server api:3001 max_fails=1 fail_timeout=5s;
+    }
+
+    upstream admin {
+        server admin:3002 max_fails=1 fail_timeout=5s;
+    }
+
+    # Preserve any existing X-Forwarded-* headers, this is relevant if AliasVault
+    # is running behind another reverse proxy.
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Enable gzip compression, which reduces the amount of data that needs to be transferred
+    # to speed up WASM load times.
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name _;
+
+        # Include the appropriate SSL certificate configuration generated
+        # by the entrypoint script (only applies to 443).
+        include /etc/nginx/ssl.conf;
+
+        # Security headers
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+        add_header Content-Security-Policy "frame-ancestors 'self'" always;
+
+        # Root for static files
+        root /usr/share/nginx/html;
+
+        # Handle ACME challenge for Let's Encrypt certificate validation
+        location /.well-known/acme-challenge/ {
+            allow all;
+            root /var/www/certbot;
+            try_files $uri =404;
+            default_type "text/plain";
+            add_header Cache-Control "no-cache";
+            break;
+        }
+
+        # Error page handler location (internal use only)
+        location = /status.html {
+            internal;
+            try_files /status.html =404;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+            add_header Pragma "no-cache";
+            add_header Expires "0";
+        }
+
+        # Admin interface
+        location /admin {
+            proxy_pass http://admin;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Prefix /admin/;
+
+            # Add WebSocket support for Blazor server
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 86400;
+
+            # Show status page if admin is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # API endpoints
+        location /api {
+            proxy_pass http://api;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if api is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+
+        # Client app (root path)
+        location / {
+            proxy_pass http://client;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Show status page if client is down
+            proxy_intercept_errors on;
+            error_page 502 503 504 =503 /status.html;
+        }
+    }
+}

From ace1bd7b0f0a7bf8edeed08a4e49e0480ebcf21d Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 13:03:56 +0200
Subject: [PATCH 28/33] Update docker-compose.all-in-one.yml (#1181)

---
 dockerfiles/docker-compose.all-in-one.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index 10747ba58..87bf335ca 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -6,6 +6,7 @@ services:
 
     ports:
       - "80:80"
+      - "443:443"
       - "25:25"
       - "587:587"
 

From c6906c8caf784b704aae20ec142bd3ea156e7c2a Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 13:56:40 +0200
Subject: [PATCH 29/33] Update README.md (#1181)

---
 README.md | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 8be1c9dad..22c328363 100644
--- a/README.md
+++ b/README.md
@@ -65,33 +65,31 @@ AliasVault is available on:
 [<img width="700" alt="Screenshot of AliasVault" src="docs/assets/img/screenshot.png">](https://app.aliasvault.net)
 
 ## Self-hosting
-For full control over your own data you can self-host and install AliasVault on your own servers.
+> [!NOTE]
+> **Requirements:** 1 vCPU, 1GB RAM, 16GB disk, Docker ≥ 20.10, 64-bit Linux
 
-### Install using install script
+AliasVault can be self-hosted on your own servers using two different installation methods. Both use Docker, but they differ in how much is automated versus how much you manage yourself.
 
-This method uses pre-built Docker images and works on minimal hardware specifications:
+- **Option 1: Install Script** - Managed solution with automatic SSL (recommended for VPS/cloud)
 
-- 64-bit Linux VM (Ubuntu/AlmaLinux) or Raspberry Pi, with root access
-- Minimum: 1 vCPU, 1GB RAM, 16GB disk
-- Docker ≥ 20.10 and Docker Compose ≥ 2.0
+- **Option 2: Docker Compose** - Single container with manual setup for use with existing SSL infrastructure (NAS, homelab)
 
+### Quick Start (Install Script)
 ```bash
-# Download install script from latest stable release
+# Download and run install script
 curl -L -o install.sh https://github.com/aliasvault/aliasvault/releases/latest/download/install.sh
 
 # Make install script executable and run it. This will create the .env file, pull the Docker images, and start the AliasVault containers.
 chmod +x install.sh
+
 ./install.sh install
 ```
 
-The install script will output the URL where the app is available. By default this is:
-- Client: https://localhost
-- Admin portal: https://localhost/admin
+For other installation methods and more detailed steps, please read the [full installation guide](https://docs.aliasvault.net/installation) in the official docs.
 
-> Note: If you want to change the default AliasVault ports you can do so in the `.env` file.
-
-## Technical documentation
+## Documentation
 For more information about the installation process, manual setup instructions and other topics, please see the official documentation website:
+
 - [Documentation website (docs.aliasvault.net) 📚](https://docs.aliasvault.net)
 
 ## Security Architecture
@@ -135,7 +133,7 @@ Core features that are being worked on:
 👉 [View the full AliasVault roadmap here](https://github.com/aliasvault/aliasvault/issues/731)
 
 ### Got feedback or ideas?
-Feel free to open an issue or join our [Discord](https://discord.gg/DsaXMTEtpF)! Contributions are warmly welcomed—whether in feature development, testing, or spreading the word. Get in touch on Discord if you're interested in contributing.
+Feel free to open an issue or discussion on GitHub. We warmly welcome all contributions: whether it’s translating, testing, helping to build features, sharing feedback - or helping spread the word about AliasVault. Every bit of support helps the project grow, so don’t hesitate to jump in and [say hi to us on Discord](https://discord.gg/DsaXMTEtpF)!
 
 ### Support the mission
 Your donation helps me dedicate more time and resources to improving AliasVault, making the internet safer for everyone!

From 3a287ebc77dfe8a5c30a2b899b1f296329fbe2a7 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 9 Sep 2025 15:39:44 +0200
Subject: [PATCH 30/33] Add NAS specific docker compose template (#1181)

---
 dockerfiles/docker-compose.all-in-one.nas.yml | 35 +++++++++++++++++++
 dockerfiles/docker-compose.all-in-one.yml     |  5 +++
 2 files changed, 40 insertions(+)
 create mode 100644 dockerfiles/docker-compose.all-in-one.nas.yml

diff --git a/dockerfiles/docker-compose.all-in-one.nas.yml b/dockerfiles/docker-compose.all-in-one.nas.yml
new file mode 100644
index 000000000..b6833cdbf
--- /dev/null
+++ b/dockerfiles/docker-compose.all-in-one.nas.yml
@@ -0,0 +1,35 @@
+# Docker Compose file for the AliasVault all-in-one container
+#
+# Specific for NAS devices:
+# - Uses custom HTTP ports by default to avoid conflicts
+# - Uses named bind mounts for the database, logs and secrets to ensure they are persisted
+#
+version: "3"
+services:
+  aliasvault:
+    image: ghcr.io/aliasvault/aliasvault:latest
+    container_name: aliasvault
+    restart: unless-stopped
+
+    ports:
+      - "1080:80"
+      - "1443:443"
+      - "25:25"
+      - "587:587"
+
+    volumes:
+      - avdata:/database
+      - avlogs:/logs
+      - avsecrets:/secrets
+
+    environment:
+      PUBLIC_REGISTRATION_ENABLED: "true"
+      IP_LOGGING_ENABLED: "true"
+      FORCE_HTTPS_REDIRECT: "false"
+      SUPPORT_EMAIL: ""
+      PRIVATE_EMAIL_DOMAINS: ""
+
+volumes:
+  avdata:
+  avlogs:
+  avsecrets:
diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index 87bf335ca..6f28b5ac3 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -1,3 +1,8 @@
+# Docker Compose file for the AliasVault all-in-one container
+#
+# This is the general purpose template which uses local folder bind mounts for the database, logs and secrets.
+# - For NAS devices, its safer to use the docker-compose.all-in-one.nas.yml template instead.
+#
 services:
   aliasvault:
     image: ghcr.io/aliasvault/aliasvault:latest

From 835b350d53f0e823d1673184338970991c26b344 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 15 Sep 2025 14:39:40 +0200
Subject: [PATCH 31/33] Improve self-signed SSL cert generation to take into
 account HOSTNAME env var (#1181)

---
 .gitignore                                    |  1 +
 apps/server/entrypoint.sh                     | 51 +++++++++++--
 dockerfiles/all-in-one/s6-scripts/init/script | 74 +++++++++++++++---
 install.sh                                    | 76 ++++++++++++++-----
 4 files changed, 164 insertions(+), 38 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9468d6088..f9c85e684 100644
--- a/.gitignore
+++ b/.gitignore
@@ -404,6 +404,7 @@ certificates/**/*.crt
 certificates/**/*.key
 certificates/**/*.pfx
 certificates/**/*.pem
+certificates/**/.hostname_marker
 certificates/letsencrypt/**
 
 # Secrets
diff --git a/apps/server/entrypoint.sh b/apps/server/entrypoint.sh
index eb2a53f6b..235fa6ea9 100644
--- a/apps/server/entrypoint.sh
+++ b/apps/server/entrypoint.sh
@@ -14,17 +14,56 @@ else
     cp /etc/nginx/nginx-443.conf /etc/nginx/nginx.conf
 fi
 
-# Generate self-signed SSL certificate if not exists
-if [ ! -f /etc/nginx/ssl/cert.pem ] || [ ! -f /etc/nginx/ssl/key.pem ]; then
+# Function to check if certificate needs regeneration
+needs_cert_regeneration() {
+    # If cert doesn't exist, need to generate
+    if [ ! -f /etc/nginx/ssl/cert.pem ] || [ ! -f /etc/nginx/ssl/key.pem ]; then
+        return 0
+    fi
+
+    # Check if we have a hostname marker file
+    if [ -f /etc/nginx/ssl/.hostname_marker ]; then
+        STORED_HOSTNAME=$(cat /etc/nginx/ssl/.hostname_marker)
+        if [ "$STORED_HOSTNAME" != "${HOSTNAME:-localhost}" ]; then
+            echo "Hostname changed from '$STORED_HOSTNAME' to '${HOSTNAME:-localhost}', regenerating certificate..."
+            return 0
+        fi
+    else
+        # No marker file, regenerate to be safe
+        return 0
+    fi
+
+    return 1
+}
+
+# Generate self-signed SSL certificate if not exists or hostname changed
+if needs_cert_regeneration; then
     echo "Generating new SSL certificate (10 years validity)..."
-    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-        -keyout /etc/nginx/ssl/key.pem \
-        -out /etc/nginx/ssl/cert.pem \
-        -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
+
+    HOSTNAME_VALUE="${HOSTNAME:-localhost}"
+
+    if [ "$HOSTNAME_VALUE" = "localhost" ] || [ -z "$HOSTNAME_VALUE" ]; then
+        # Default localhost-only configuration
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+            -keyout /etc/nginx/ssl/key.pem \
+            -out /etc/nginx/ssl/cert.pem \
+            -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
+    else
+        # Generate certificate with the hostname and include localhost as SAN
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+            -keyout /etc/nginx/ssl/key.pem \
+            -out /etc/nginx/ssl/cert.pem \
+            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME_VALUE}" \
+            -addext "subjectAltName=DNS:${HOSTNAME_VALUE},DNS:localhost,IP:127.0.0.1"
+    fi
 
     # Set proper permissions
     chmod 644 /etc/nginx/ssl/cert.pem
     chmod 600 /etc/nginx/ssl/key.pem
+
+    # Store current hostname for change detection
+    echo "${HOSTNAME:-localhost}" > /etc/nginx/ssl/.hostname_marker
+    chmod 644 /etc/nginx/ssl/.hostname_marker
 fi
 
 # Create the appropriate SSL configuration based on LETSENCRYPT_ENABLED
diff --git a/dockerfiles/all-in-one/s6-scripts/init/script b/dockerfiles/all-in-one/s6-scripts/init/script
index 6e028ffaf..9684f715f 100644
--- a/dockerfiles/all-in-one/s6-scripts/init/script
+++ b/dockerfiles/all-in-one/s6-scripts/init/script
@@ -154,25 +154,75 @@ else
     chmod 700 /database/postgres
 fi
 
-# Generate SSL certificates if needed
-if [ ! -f /certificates/ssl/cert.pem ] || [ ! -f /certificates/ssl/key.pem ]; then
+# Function to check if certificate needs regeneration
+needs_cert_regeneration() {
+    # If cert doesn't exist, need to generate
+    if [ ! -f /certificates/ssl/cert.pem ] || [ ! -f /certificates/ssl/key.pem ]; then
+        return 0
+    fi
+
+    # Check if we have a hostname marker file
+    if [ -f /certificates/ssl/.hostname_marker ]; then
+        STORED_HOSTNAME=$(cat /certificates/ssl/.hostname_marker)
+        if [ "$STORED_HOSTNAME" != "${HOSTNAME:-localhost}" ]; then
+            log 0 "[init] Hostname changed from '$STORED_HOSTNAME' to '${HOSTNAME:-localhost}', regenerating certificate..."
+            return 0
+        fi
+    else
+        # No marker file, regenerate to be safe
+        return 0
+    fi
+
+    return 1
+}
+
+# Generate SSL certificates if needed or hostname changed
+if needs_cert_regeneration; then
     log 0 ""
     log 0 "[init] Generating SSL certificates..."
     mkdir -p /certificates/ssl
-    if [ "$VERBOSITY" -ge 2 ]; then
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-            -keyout /certificates/ssl/key.pem \
-            -out /certificates/ssl/cert.pem \
-            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}"
+
+    HOSTNAME_VALUE="${HOSTNAME:-localhost}"
+
+    if [ "$HOSTNAME_VALUE" = "localhost" ] || [ -z "$HOSTNAME_VALUE" ]; then
+        # Default localhost-only configuration
+        if [ "$VERBOSITY" -ge 2 ]; then
+            openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+                -keyout /certificates/ssl/key.pem \
+                -out /certificates/ssl/cert.pem \
+                -subj "/C=US/ST=State/L=City/O=AliasVault/CN=localhost"
+        else
+            openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+                -keyout /certificates/ssl/key.pem \
+                -out /certificates/ssl/cert.pem \
+                -subj "/C=US/ST=State/L=City/O=AliasVault/CN=localhost" \
+                >/dev/null 2>&1
+        fi
     else
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-            -keyout /certificates/ssl/key.pem \
-            -out /certificates/ssl/cert.pem \
-            -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME:-localhost}" \
-            >/dev/null 2>&1
+        # Generate certificate with the hostname and include localhost as SAN
+        if [ "$VERBOSITY" -ge 2 ]; then
+            openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+                -keyout /certificates/ssl/key.pem \
+                -out /certificates/ssl/cert.pem \
+                -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME_VALUE}" \
+                -addext "subjectAltName=DNS:${HOSTNAME_VALUE},DNS:localhost,IP:127.0.0.1"
+        else
+            openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+                -keyout /certificates/ssl/key.pem \
+                -out /certificates/ssl/cert.pem \
+                -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${HOSTNAME_VALUE}" \
+                -addext "subjectAltName=DNS:${HOSTNAME_VALUE},DNS:localhost,IP:127.0.0.1" \
+                >/dev/null 2>&1
+        fi
     fi
+
     chmod 600 /certificates/ssl/key.pem
     chmod 644 /certificates/ssl/cert.pem
+
+    # Store current hostname for change detection
+    echo "${HOSTNAME:-localhost}" > /certificates/ssl/.hostname_marker
+    chmod 644 /certificates/ssl/.hostname_marker
+
     log 0 "[init] Self-signed SSL certificates generated"
 else
     log 0 "[init] ✅ Self-signed SSL certificates already exist"
diff --git a/install.sh b/install.sh
index 3b2a03c38..45ae63596 100755
--- a/install.sh
+++ b/install.sh
@@ -871,9 +871,9 @@ main() {
             if [ $? -eq 0 ]; then
                 printf "${CYAN}> Restarting admin container...${NC}\n"
                 if [ "$VERBOSE" = true ]; then
-                    $(get_docker_compose_command) up -d --force-recreate admin
+                    eval "$(get_docker_compose_command) up -d --force-recreate admin"
                 else
-                    $(get_docker_compose_command) up -d --force-recreate admin > /dev/null 2>&1
+                    eval "$(get_docker_compose_command) up -d --force-recreate admin" > /dev/null 2>&1
                 fi
                 print_password_reset_message
             fi
@@ -1142,7 +1142,7 @@ create_env_file() {
 populate_hostname() {
     if ! grep -q "^HOSTNAME=" "$ENV_FILE" || [ -z "$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
         while true; do
-            read -p "Enter the (public) hostname where this AliasVault server can be accessed from (e.g. aliasvault.net): " USER_HOSTNAME
+            read -p "Enter the hostname where this AliasVault server can be accessed (e.g. aliasvault.example.com): " USER_HOSTNAME
             if [ -n "$USER_HOSTNAME" ]; then
                 HOSTNAME="$USER_HOSTNAME"
                 break
@@ -1583,13 +1583,13 @@ recreate_docker_containers() {
     if [ "$VERBOSE" = true ]; then
         printf "${CYAN}ℹ (Re)creating Docker containers...${NC}\n"
         printf "\b${NC}\n"
-        if ! $(get_docker_compose_command) up -d --force-recreate; then
+        if ! eval "$(get_docker_compose_command) up -d --force-recreate"; then
             log_error "Failed to recreate Docker containers"
             exit 1
         fi
     else
         (
-            $(get_docker_compose_command) up -d --force-recreate > /tmp/docker_recreate.log 2>&1 &
+            eval "$(get_docker_compose_command) up -d --force-recreate" > /tmp/docker_recreate.log 2>&1 &
             RECREATE_PID=$!
             show_spinner $RECREATE_PID "Recreating Docker containers "
             wait $RECREATE_PID
@@ -1793,13 +1793,13 @@ handle_build() {
     if [ "$VERBOSE" = true ]; then
         printf "${CYAN}ℹ Building Docker Compose stack...${NC}\n"
         printf "\b${NC}\n"
-        if ! $(get_docker_compose_command) build; then
+        if ! eval "$(get_docker_compose_command) build"; then
             log_error "Failed to build Docker Compose stack"
             exit 1
         fi
     else
         (
-            $(get_docker_compose_command) build > install_compose_build_output.log 2>&1 &
+            eval "$(get_docker_compose_command) build" > install_compose_build_output.log 2>&1 &
             BUILD_PID=$!
             show_spinner $BUILD_PID "Building Docker Compose stack "
             wait $BUILD_PID
@@ -1936,7 +1936,7 @@ handle_ssl_configuration() {
     printf "Hostname: ${CYAN}${CURRENT_HOSTNAME}${NC} (change via: ./install.sh configure-hostname)\n"
     printf "\n"
     printf "Choose an option:\n"
-    printf "1) Use Let's Encrypt certificate (recommended)\n"
+    printf "1) Use Let's Encrypt certificate (recommended for public domains)\n"
     printf "2) Use self-signed certificate\n"
     printf "3) Cancel\n"
     printf "\n"
@@ -2192,11 +2192,11 @@ configure_letsencrypt() {
 
     # Restart only the reverse proxy with new configuration so it loads the new certificate
     printf "${CYAN}> Restarting reverse proxy with Let's Encrypt configuration...${NC}\n"
-    $(get_docker_compose_command) up -d reverse-proxy --force-recreate
+    eval "$(get_docker_compose_command) up -d reverse-proxy --force-recreate"
 
     # Starting certbot container to renew certificates automatically
     printf "${CYAN}> Starting new certbot container to renew certificates automatically...${NC}\n"
-    $(get_docker_compose_command) up -d certbot
+    eval "$(get_docker_compose_command) up -d certbot"
 
     # Print success message
     printf "\n"
@@ -2210,17 +2210,27 @@ generate_self_signed_cert() {
     # Disable Let's Encrypt
     update_env_var "LETSENCRYPT_ENABLED" "false"
 
+    # Get current hostname from .env
+    HOSTNAME_VALUE=$(grep "^HOSTNAME=" "$ENV_FILE" | cut -d '=' -f2)
+
+    if [ -n "$HOSTNAME_VALUE" ] && [ "$HOSTNAME_VALUE" != "localhost" ]; then
+        printf "${CYAN}> Using configured hostname: ${HOSTNAME_VALUE}${NC}\n"
+        printf "${CYAN}> The certificate will include:${NC}\n"
+        printf "  ${GREEN}Primary CN:${NC} ${HOSTNAME_VALUE}\n"
+        printf "  ${GREEN}Alternative Names:${NC} localhost, 127.0.0.1\n\n"
+    fi
+
     # Stop existing containers
     printf "${CYAN}> Stopping existing containers...${NC}\n"
     docker compose down
 
-    # Remove existing certificates
-    rm -f ./certificates/ssl/cert.pem ./certificates/ssl/key.pem
+    # Remove existing certificates and hostname marker
+    rm -f ./certificates/ssl/cert.pem ./certificates/ssl/key.pem ./certificates/ssl/.hostname_marker
 
     # Remove Let's Encrypt directories
     rm -rf ./certificates/letsencrypt
 
-    # Start containers (which will generate new self-signed certs)
+    # Start containers (which will generate new self-signed cert with hostname)
     printf "${CYAN}> Restarting services...${NC}\n"
     docker compose up -d
 
@@ -2232,7 +2242,7 @@ generate_self_signed_cert() {
 # New functions to handle container lifecycle:
 handle_start() {
     printf "${CYAN}> Starting AliasVault containers...${NC}\n"
-    $(get_docker_compose_command) up -d
+    eval "$(get_docker_compose_command) up -d"
     printf "${GREEN}> AliasVault containers started successfully.${NC}\n"
 }
 
@@ -2243,14 +2253,14 @@ handle_stop() {
         exit 0
     fi
 
-    $(get_docker_compose_command) down
+    eval "$(get_docker_compose_command) down"
     printf "${GREEN}> AliasVault containers stopped successfully.${NC}\n"
 }
 
 handle_restart() {
     printf "\n${CYAN}> Restarting AliasVault containers...${NC}\n"
-    $(get_docker_compose_command) down
-    $(get_docker_compose_command) up -d
+    eval "$(get_docker_compose_command) down"
+    eval "$(get_docker_compose_command) up -d"
     printf "${GREEN}> AliasVault containers restarted successfully.${NC}\n"
 }
 
@@ -2943,8 +2953,7 @@ handle_hostname_configuration() {
     fi
 
     printf "The hostname is the domain name where your AliasVault server will be accessible.\n"
-    printf "A valid hostname is required for Let's Encrypt SSL certificate generation.\n"
-    printf "The hostname must be a real domain that points to this server (not localhost).\n"
+    printf "This hostname will be used for both Let's Encrypt and self-signed certificates.\n"
     printf "\n"
 
     # Get current hostname
@@ -2954,7 +2963,7 @@ handle_hostname_configuration() {
 
     # Ask for new hostname
     while true; do
-        read -p "Enter new hostname (e.g. aliasvault.net): " NEW_HOSTNAME
+        read -p "Enter new hostname (e.g. aliasvault.example.com): " NEW_HOSTNAME
         if [ -n "$NEW_HOSTNAME" ]; then
             break
         else
@@ -2962,9 +2971,36 @@ handle_hostname_configuration() {
         fi
     done
 
+    # Check if hostname changed
+    HOSTNAME_CHANGED=false
+    if [ "$CURRENT_HOSTNAME" != "$NEW_HOSTNAME" ]; then
+        HOSTNAME_CHANGED=true
+    fi
+
     # Update the hostname
     update_env_var "HOSTNAME" "$NEW_HOSTNAME"
 
+    # If using self-signed cert and hostname changed, offer to regenerate
+    if [ "$HOSTNAME_CHANGED" = true ]; then
+        LETSENCRYPT_ENABLED=$(grep "^LETSENCRYPT_ENABLED=" "$ENV_FILE" | cut -d '=' -f2)
+        if [ "$LETSENCRYPT_ENABLED" != "true" ]; then
+            printf "\n${YELLOW}Hostname changed. The self-signed certificate needs to be regenerated.${NC}\n"
+            read -p "Regenerate certificate now? (y/n): " REGEN_CERT
+            if [ "$REGEN_CERT" = "y" ] || [ "$REGEN_CERT" = "Y" ]; then
+                # Remove the hostname marker to force regeneration
+                rm -f ./certificates/ssl/.hostname_marker
+
+                printf "\n${YELLOW}Restarting services to regenerate certificate...${NC}\n"
+                handle_restart
+            else
+                printf "${YELLOW}Please restart services manually to apply the new certificate.${NC}\n"
+            fi
+        else
+            printf "\n${YELLOW}Note: You're using Let's Encrypt. Make sure the new hostname has proper DNS records.${NC}\n"
+            printf "${YELLOW}You may need to reconfigure Let's Encrypt for the new hostname.${NC}\n"
+        fi
+    fi
+
     printf "\n"
     print_success_box "Hostname updated successfully to ${NEW_HOSTNAME}!"
 }

From 3f12bdad9dabeaabe130c67b27ce714f9a4c4f61 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 15 Sep 2025 16:05:22 +0200
Subject: [PATCH 32/33] Add instructions for using self-signed SSL cert with
 mobile apps (#1181)

---
 dockerfiles/all-in-one/Dockerfile             |  1 +
 dockerfiles/all-in-one/s6-scripts/init/script |  2 +-
 dockerfiles/docker-compose.all-in-one.nas.yml |  1 +
 dockerfiles/docker-compose.all-in-one.yml     |  1 +
 docs/installation/docker-compose/index.md     |  1 +
 docs/mobile-apps/android/ssl-setup.md         | 65 +++++++++++++++++
 docs/mobile-apps/ios/ssl-setup.md             | 71 +++++++++++++++++++
 7 files changed, 141 insertions(+), 1 deletion(-)
 create mode 100644 docs/mobile-apps/android/ssl-setup.md
 create mode 100644 docs/mobile-apps/ios/ssl-setup.md

diff --git a/dockerfiles/all-in-one/Dockerfile b/dockerfiles/all-in-one/Dockerfile
index c756aade9..5785b3700 100644
--- a/dockerfiles/all-in-one/Dockerfile
+++ b/dockerfiles/all-in-one/Dockerfile
@@ -163,6 +163,7 @@ ENV ALIASVAULT_VERBOSITY=0 \
     IP_LOGGING_ENABLED=true \
     SUPPORT_EMAIL="" \
     PRIVATE_EMAIL_DOMAINS="" \
+    HOSTNAME=localhost \
     POSTGRES_HOST=localhost \
     POSTGRES_PORT=5432 \
     POSTGRES_USER=aliasvault \
diff --git a/dockerfiles/all-in-one/s6-scripts/init/script b/dockerfiles/all-in-one/s6-scripts/init/script
index 9684f715f..ecff5bea2 100644
--- a/dockerfiles/all-in-one/s6-scripts/init/script
+++ b/dockerfiles/all-in-one/s6-scripts/init/script
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/command/with-contenv sh
 
 # AliasVault Container Initialization Script
 # This script runs once at container startup and handles all initialization tasks
diff --git a/dockerfiles/docker-compose.all-in-one.nas.yml b/dockerfiles/docker-compose.all-in-one.nas.yml
index b6833cdbf..35a340c20 100644
--- a/dockerfiles/docker-compose.all-in-one.nas.yml
+++ b/dockerfiles/docker-compose.all-in-one.nas.yml
@@ -23,6 +23,7 @@ services:
       - avsecrets:/secrets
 
     environment:
+      HOSTNAME: "localhost"
       PUBLIC_REGISTRATION_ENABLED: "true"
       IP_LOGGING_ENABLED: "true"
       FORCE_HTTPS_REDIRECT: "false"
diff --git a/dockerfiles/docker-compose.all-in-one.yml b/dockerfiles/docker-compose.all-in-one.yml
index 6f28b5ac3..caf414981 100644
--- a/dockerfiles/docker-compose.all-in-one.yml
+++ b/dockerfiles/docker-compose.all-in-one.yml
@@ -21,6 +21,7 @@ services:
       - ./secrets:/secrets
 
     environment:
+      HOSTNAME: "localhost"
       PUBLIC_REGISTRATION_ENABLED: "true"
       IP_LOGGING_ENABLED: "true"
       FORCE_HTTPS_REDIRECT: "false"
diff --git a/docs/installation/docker-compose/index.md b/docs/installation/docker-compose/index.md
index 4bb5b91e1..0cd17e4de 100644
--- a/docs/installation/docker-compose/index.md
+++ b/docs/installation/docker-compose/index.md
@@ -46,6 +46,7 @@ services:
       - ./secrets:/secrets
 
     environment:
+      HOSTNAME: "localhost"
       PUBLIC_REGISTRATION_ENABLED: "true"
       IP_LOGGING_ENABLED: "true"
       FORCE_HTTPS_REDIRECT: "false"
diff --git a/docs/mobile-apps/android/ssl-setup.md b/docs/mobile-apps/android/ssl-setup.md
new file mode 100644
index 000000000..d997776cf
--- /dev/null
+++ b/docs/mobile-apps/android/ssl-setup.md
@@ -0,0 +1,65 @@
+---
+layout: page
+title: Self-Signed SSL Setup
+parent: Android App
+grand_parent: Mobile Apps
+nav_order: 3
+---
+
+# Self-Signed SSL Certificate Setup for Android
+
+By default, the AliasVault Android app only supports connecting to servers with a valid SSL certificate from a trusted external authority. If you want to use your own self-signed certificate, you must manually install and trust the certificate on your Android device by following these steps.
+
+## Server Setup
+
+### Standard Installation
+Configure your hostname and restart AliasVault:
+```bash
+./install.sh configure-hostname
+./install.sh restart
+```
+
+### All-in-One Docker
+Update your `docker-compose.yml`:
+```yaml
+environment:
+  HOSTNAME: "192.168.3.2"  # Your server IP/hostname
+```
+Then restart: `docker compose down && docker compose up -d`
+
+## Step 1: Get the Certificate
+
+### Option A: From Browser
+1. Open Chrome, go to your AliasVault instance (e.g., `https://192.168.3.2`)
+2. Click the padlock icon → inspect certificate
+3. Export the certificate and send it to your phone
+
+### Option B: From Server
+Copy from your AliasVault installation directory:
+```bash
+cp [aliasvault-install-dir]/certificates/ssl/cert.pem ~/aliasvault.crt
+```
+Transfer to your Android device.
+
+## Step 2: Install Certificate (Android 10+)
+
+1. **Open Settings** → search for "Certificate"
+2. **Tap "Install a certificate"** → **"CA certificate"**
+3. **Browse to Downloads** → select your certificate file
+4. **Enter your PIN/password** when prompted
+5. **Name it "AliasVault"** and tap **OK**
+
+## Step 3: Configure AliasVault App
+
+1. **Open the AliasVault app**
+2. **Go to Settings** → **Server Configuration**
+3. **Enter your server URL**: `https://192.168.3.2/api` (use your configured hostname)
+4. **Test connection** - should work without SSL errors
+
+## Troubleshooting
+
+**Certificate not trusted**: Verify it's installed under Settings → Security → Trusted credentials → User tab
+
+**App can't connect**: Ensure the hostname in the app matches your server configuration exactly
+
+**Installation fails**: Make sure you have a screen lock set up on your device
\ No newline at end of file
diff --git a/docs/mobile-apps/ios/ssl-setup.md b/docs/mobile-apps/ios/ssl-setup.md
new file mode 100644
index 000000000..b0e667efa
--- /dev/null
+++ b/docs/mobile-apps/ios/ssl-setup.md
@@ -0,0 +1,71 @@
+---
+layout: page
+title: Self-Signed SSL Setup
+parent: iOS App
+grand_parent: Mobile Apps
+nav_order: 3
+---
+
+# Self-Signed SSL Certificate Setup for iOS
+
+By default, the AliasVault iOS app only supports connecting to servers with a valid SSL certificate from a trusted external authority. If you want to use your own self-signed certificate, you must manually install and trust the certificate on your iOS device by following these steps.
+
+## Server Setup
+
+### Standard Installation
+Configure your hostname and restart AliasVault:
+```bash
+./install.sh configure-hostname
+./install.sh restart
+```
+
+### All-in-One Docker
+Update your `docker-compose.yml`:
+```yaml
+environment:
+  HOSTNAME: "192.168.3.2"  # Your server IP/hostname
+```
+Then restart: `docker compose down && docker compose up -d`
+
+## Step 1: Get the Certificate
+
+### Option A: From Browser
+1. Open Chrome on your computer, go to your AliasVault instance (e.g., `https://192.168.3.2`)
+2. Click the padlock icon → inspect certificate
+3. Export the certificate and send it to your device (e.g. via email)
+
+### Option B: From Server
+Copy from your AliasVault installation directory:
+```bash
+cp [aliasvault-install-dir]/certificates/ssl/cert.pem ~/aliasvault.crt
+```
+
+## Step 2: Install Certificate Profile
+
+1. Open the certificate on your iOS device
+1. **Tap "Install"** in the top right corner
+2. **Enter your passcode** when prompted
+3. **Tap "Install"** again to confirm the warning
+4. **Tap "Done"** when complete
+
+## Step 3: Enable Certificate Trust (Critical!)
+
+1. **Settings** → **General** → **About** → **Certificate Trust Settings**
+2. **Find your certificate** (listed by hostname like "192.168.3.2")
+3. **Toggle the switch to ON**
+4. **Tap "Continue"** in the warning
+
+## Step 4: Configure AliasVault App
+
+1. **Open the AliasVault app**
+2. **Go to Settings** → **Server Configuration**
+3. **Enter your server URL**: `https://192.168.3.2/api` (use your configured hostname)
+4. **Test connection** - should work without SSL errors
+
+## Troubleshooting
+
+**SSL errors**: Ensure you completed Step 3 (Certificate Trust) - this is the most commonly missed step
+
+**Certificate Trust Settings not visible**: You must install a certificate profile first
+
+**App can't connect**: Verify the hostname in the app matches your server configuration exactly
\ No newline at end of file

From 68214becad0eff9f0b1cb26085a94e60ee913635 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 15 Sep 2025 18:48:02 +0200
Subject: [PATCH 33/33] Add v0.23.0 update docs with new docker image locations
 (#1181)

---
 docs/installation/script/update/index.md   |   1 +
 docs/installation/script/update/v0.22.0.md |   2 +-
 docs/installation/script/update/v0.23.0.md | 107 +++++++++++++++++++++
 3 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 docs/installation/script/update/v0.23.0.md

diff --git a/docs/installation/script/update/index.md b/docs/installation/script/update/index.md
index fa5adbca9..cdba4c42c 100644
--- a/docs/installation/script/update/index.md
+++ b/docs/installation/script/update/index.md
@@ -39,6 +39,7 @@ For most version updates, you can use the standard update process:
 ## Version-Specific Upgrade Guides
 Upgrading from certain earlier versions require additional steps during upgrade. If you are upgrading from an older version, please check the relevant articles below if it applies to your server:
 
+- [Updating to 0.23.0](v0.23.0.html) - Update Docker Image locations due to new AliasVault GitHub organization
 - [Updating to 0.22.0](v0.22.0.html) - Move secrets from .env to file based secrets
 
 ## Additional Update Options
diff --git a/docs/installation/script/update/v0.22.0.md b/docs/installation/script/update/v0.22.0.md
index fe12b5cb3..1c97c17d7 100644
--- a/docs/installation/script/update/v0.22.0.md
+++ b/docs/installation/script/update/v0.22.0.md
@@ -6,7 +6,7 @@ grand_parent: Install Script
 redirect_from:
   - /installation/update/v0.22.0
   - /installation/update/v0.22.0.html
-nav_order: 1
+nav_order: 2
 ---
 
 # Updating to v0.22.0
diff --git a/docs/installation/script/update/v0.23.0.md b/docs/installation/script/update/v0.23.0.md
new file mode 100644
index 000000000..5b606ca1e
--- /dev/null
+++ b/docs/installation/script/update/v0.23.0.md
@@ -0,0 +1,107 @@
+---
+layout: default
+title: Update to v0.23.0
+parent: Update
+grand_parent: Install Script
+redirect_from:
+  - /installation/update/v0.23.0
+  - /installation/update/v0.23.0.html
+nav_order: 1
+---
+
+# Updating to v0.23.0
+{: .no_toc }
+
+Since v0.23.0, AliasVault has moved from `lanedirt/aliasvault` to the new `aliasvault/aliasvault` GitHub organization, and Docker image names have been simplified.
+
+## Update Methods
+
+### 1. Installed via install.sh
+
+If you have installed AliasVault using the official `install.sh` method, you don't need to do anything. Running the built-in `install.sh update` command will take care of all necessary changes for you.
+
+```bash
+./install.sh update
+```
+
+### 2. Manually installed
+
+If you have manually installed AliasVault via a custom `docker-compose.yml` file or other Docker management interface such as Portainer, you need to update your Docker image references.
+
+#### Docker Image Name Changes
+
+Update all Docker image references in your `docker-compose.yml` file according to this mapping:
+
+| Old Image Name | New Image Name |
+|----------------|----------------|
+| ghcr.io/lanedirt/aliasvault-postgres | ghcr.io/aliasvault/postgres |
+| ghcr.io/lanedirt/aliasvault-reverse-proxy | ghcr.io/aliasvault/reverse-proxy |
+| ghcr.io/lanedirt/aliasvault-api | ghcr.io/aliasvault/api |
+| ghcr.io/lanedirt/aliasvault-client | ghcr.io/aliasvault/client |
+| ghcr.io/lanedirt/aliasvault-admin | ghcr.io/aliasvault/admin |
+| ghcr.io/lanedirt/aliasvault-smtp | ghcr.io/aliasvault/smtp |
+| ghcr.io/lanedirt/aliasvault-task-runner | ghcr.io/aliasvault/task-runner |
+
+#### Example docker-compose.yml Update
+
+**Before (v0.22.0 and earlier):**
+```yaml
+services:
+  postgres:
+    image: ghcr.io/lanedirt/aliasvault-postgres:0.22.0
+
+  reverse-proxy:
+    image: ghcr.io/lanedirt/aliasvault-reverse-proxy:0.22.0
+
+  api:
+    image: ghcr.io/lanedirt/aliasvault-api:0.22.0
+
+  client:
+    image: ghcr.io/lanedirt/aliasvault-client:0.22.0
+
+  admin:
+    image: ghcr.io/lanedirt/aliasvault-admin:0.22.0
+
+  smtp:
+    image: ghcr.io/lanedirt/aliasvault-smtp:0.22.0
+
+  task-runner:
+    image: ghcr.io/lanedirt/aliasvault-task-runner:0.22.0
+```
+
+**After (v0.23.0 and later):**
+```yaml
+services:
+  postgres:
+    image: ghcr.io/aliasvault/postgres:0.23.0
+
+  reverse-proxy:
+    image: ghcr.io/aliasvault/reverse-proxy:0.23.0
+
+  api:
+    image: ghcr.io/aliasvault/api:0.23.0
+
+  client:
+    image: ghcr.io/aliasvault/client:0.23.0
+
+  admin:
+    image: ghcr.io/aliasvault/admin:0.23.0
+
+  smtp:
+    image: ghcr.io/aliasvault/smtp:0.23.0
+
+  task-runner:
+    image: ghcr.io/aliasvault/task-runner:0.23.0
+```
+
+#### Update and restart
+
+After updating your `docker-compose.yml`, pull the latest images and restart your containers:
+
+```bash
+docker-compose pull
+docker-compose down
+docker-compose up -d
+```
+
+If you encounter any issues during the upgrade, please join the AliasVault Discord, create an issue on GitHub or contact us by email.
\ No newline at end of file