diff --git a/containers/ory/kratos/kratos.yml b/containers/ory/kratos/kratos.yml
index a8c732c6d8..a09ea1f065 100644
--- a/containers/ory/kratos/kratos.yml
+++ b/containers/ory/kratos/kratos.yml
@@ -9,6 +9,7 @@ serve:
       enabled: true
       allowed_origins:
         - http://127.0.0.1:13001
+        - http://127.0.0.1:13002
       allowed_methods:
         - POST
         - GET
@@ -58,7 +59,7 @@ selfservice:
       enabled: true
       ui_url: http://127.0.0.1:13001/account/recovery
       use: code
-          
+
     verification:
       enabled: false
       ui_url: http://127.0.0.1:13001/account/verification
@@ -113,6 +114,6 @@ identity:
 
 courier:
   smtp:
-    connection_uri: "smtp://mailhog:1025/?disable_starttls=true"
+    connection_uri: 'smtp://mailhog:1025/?disable_starttls=true'
     from_address: noreply@takaro.io
     from_name: Takaro
diff --git a/deploy/compose/docker-compose.yaml b/deploy/compose/docker-compose.yaml
deleted file mode 100644
index bf49dc100a..0000000000
--- a/deploy/compose/docker-compose.yaml
+++ /dev/null
@@ -1,208 +0,0 @@
-version: "3"
-services:
-  takaro_api:
-    image: ghcr.io/gettakaro/takaro-app-api:latest
-    networks:
-      - traefik
-      - backend
-    environment:
-      REDIS_HOST: redis
-      TAKARO_SERVICE: "app-api"
-      START_WORKERS: "false"
-      DISCORD_HANDLE_EVENTS: "false"
-    env_file:
-      - .env
-    restart: unless-stopped
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.takaro_api.rule=Host(`api.takaro.example.com`)"
-      - "traefik.http.routers.takaro_api.entrypoints=websecure"
-      - "traefik.http.routers.takaro_api.service=takaro_api"
-      - "traefik.http.services.takaro_api.loadbalancer.server.port=3000"
-
-      # The following helps with socket.io connections
-      - traefik.http.services.takaro_api.loadBalancer.sticky.cookie.name=server_id
-      - traefik.http.services.takaro_api.loadBalancer.sticky.cookie.httpOnly=true
-
-      - "traefik.docker.network=traefik"
-
-  takaro_worker:
-    image: ghcr.io/gettakaro/takaro-app-api:latest
-    networks:
-      - backend
-    environment:
-      REDIS_HOST: redis
-      TAKARO_SERVICE: "app-worker"
-      START_WORKERS: "true"
-      DISCORD_HANDLE_EVENTS: "false"
-    env_file:
-      - .env
-    restart: unless-stopped
-
-  takaro_discord:
-    image: ghcr.io/gettakaro/takaro-app-api:latest
-    networks:
-      - backend
-    environment:
-      REDIS_HOST: redis
-      TAKARO_SERVICE: "app-discord"
-      START_WORKERS: "false"
-      DISCORD_HANDLE_EVENTS: "true"
-    env_file:
-      - .env
-    restart: unless-stopped
- 
-  takaro_migrator:
-    image: ghcr.io/gettakaro/takaro-app-api:latest
-    container_name: takaro_migrator
-    networks:
-      - backend
-    command: npm -w packages/app-api run db:migrate
-    env_file:
-      - .env 
-      
-  takaro_connector:
-    image: ghcr.io/gettakaro/takaro-app-connector:latest
-    container_name: takaro_connector
-    networks:
-      - backend
-    environment:
-      REDIS_HOST: "redis"
-      TAKARO_SERVICE: "app-connector"  
-    env_file:
-      - .env      
-    restart: unless-stopped
-
-  takaro_web:
-    image: ghcr.io/gettakaro/takaro-web-main:latest
-    networks:
-      - traefik
-    environment:
-      VITE_API: https://api.takaro.example.com
-      VITE_ORY_URL: https://idp.takaro.example.com
-    restart: unless-stopped
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.takaro_web.rule=Host(`takaro.example.com`)"
-      - "traefik.http.routers.takaro_web.entrypoints=websecure"
-      - "traefik.http.routers.takaro_web.service=takaro_web"
-      - "traefik.http.services.takaro_web.loadbalancer.server.port=80"
-
-  postgresql:
-    image: postgres:15
-    networks:
-      - backend
-    ports:
-      - 127.0.0.1:5432:5432
-    volumes:
-      - ./_data/postgres/data:/var/lib/postgresql/data
-      - ./_data/postgres/logs:/var/lib/postgresql/data/pg_logs
-    env_file:
-      - .env
-    restart: unless-stopped
-
-  redis:
-    image: redis
-    restart: unless-stopped
-    ports:
-      - 127.0.0.1:6379:6379
-    networks:
-      - backend
-
-  kratos-migrate:
-    image: oryd/kratos:v1.0.0
-    environment:
-      - DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql_kratos:5432/kratos
-    volumes:
-      - ../../containers/ory/kratos:/etc/config/kratos
-    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
-    restart: on-failure
-    networks:
-      - backend    
-  kratos:
-    image: oryd/kratos:v1.0.0
-    ports:
-      - '127.0.0.1:4433:4433' # public
-      - '127.0.0.1:4434:4434' # admin
-    restart: on-failure
-    environment:
-      - DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql_kratos:5432/kratos
-    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
-    volumes:
-      - ../../containers/ory/kratos:/etc/config/kratos
-    networks:
-      - backend      
-  postgresql_kratos:
-    image: postgres:15
-    ports:
-      - 127.0.0.1:13101:5432
-    volumes:
-      - ./_data/kratos-db:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_DB: kratos
-    networks:
-      - backend
-
-  prometheus:
-    image: prom/prometheus:v2.52.0
-    networks:
-      - backend    
-    container_name: prometheus
-    command:
-      - '--config.file=/etc/prometheus/prometheus.yml'
-      - '--storage.tsdb.path=/prometheus'
-    ports:
-      - 9090:9090
-    volumes:
-      - ../../containers/prometheus:/etc/prometheus
-      - ./_data/prometheus:/prometheus      
-  pushgateway:
-    image: prom/pushgateway
-    container_name: pushgateway
-    ports:
-      - "9091:9091"
-    networks:
-      - backend      
-
-  traefik:
-    image: "traefik:v2.10.7"
-    container_name: "traefik"
-    networks:
-      - traefik
-    command:
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.websecure.address=:443"
-   #   - "--log.level=DEBUG"
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedbydefault=false"
-
-      # Global HTTP -> HTTPS redirect
-      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
-      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
-
-
-      # TLS Settings
-      - "--certificatesresolvers.myresolver.acme.email=domains@takaro.example.com"
-      - "--certificatesresolvers.myresolver.acme.storage=/config/acme.json"
-      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # letsencrypt staging server
-      - "--certificatesResolvers.myresolver.acme.dnsChallenge.provider=cloudflare"
-      - "--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
-      - "--entrypoints.websecure.http.tls=true"
-      - "--entrypoints.websecure.http.tls.certresolver=myresolver"
-      - "--entrypoints.websecure.http.tls.domains[0].main=takaro.example.com"
-      - "--entrypoints.websecure.http.tls.domains[0].sans=*.takaro.example.com"
-
-    ports:
-      - "80:80"
-      - "443:443"
-      - "127.0.0.1:8080:8080"
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "/etc/traefik/config:/config"
-
-networks:
-  traefik:
-  backend:
diff --git a/deploy/compose/docker-compose.yml b/deploy/compose/docker-compose.yml
new file mode 100644
index 0000000000..d1d9ebf49e
--- /dev/null
+++ b/deploy/compose/docker-compose.yml
@@ -0,0 +1,135 @@
+version: "3"
+services:
+  takaro_api:
+    image: ghcr.io/gettakaro/takaro-app-api:latest
+    ports:
+      - 13000:3000    
+    environment:
+      REDIS_HOST: redis
+      TAKARO_SERVICE: "app-api"
+      START_WORKERS: "false"
+      DISCORD_HANDLE_EVENTS: "false"
+      POSTGRES_HOST: postgresql
+      CORS_ALLOWED_ORIGINS: http://127.0.0.1:13000,http://127.0.0.1:13001,http://127.0.0.1:13002
+    env_file:
+      - .env
+    restart: unless-stopped
+
+  takaro_worker:
+    image: ghcr.io/gettakaro/takaro-app-api:latest
+    environment:
+      REDIS_HOST: redis
+      TAKARO_SERVICE: "app-worker"
+      START_WORKERS: "true"
+      DISCORD_HANDLE_EVENTS: "false"
+      POSTGRES_HOST: postgresql
+    env_file:
+      - .env
+    restart: unless-stopped
+
+  takaro_discord:
+    image: ghcr.io/gettakaro/takaro-app-api:latest
+    environment:
+      REDIS_HOST: redis
+      TAKARO_SERVICE: "app-discord"
+      START_WORKERS: "false"
+      DISCORD_HANDLE_EVENTS: "true"
+      POSTGRES_HOST: postgresql
+    env_file:
+      - .env
+    restart: unless-stopped
+ 
+  takaro_migrator:
+    image: ghcr.io/gettakaro/takaro-app-api:latest
+    depends_on:
+      - postgresql
+    container_name: takaro_migrator
+    command: npm -w packages/app-api run db:migrate
+    env_file:
+      - .env 
+    environment:
+      POSTGRES_HOST: postgresql      
+  takaro_connector:
+    image: ghcr.io/gettakaro/takaro-app-connector:latest
+    container_name: takaro_connector
+    environment:
+      REDIS_HOST: "redis"
+      TAKARO_SERVICE: "app-connector"  
+      TAKARO_HOST: http://takaro_api:3000
+    env_file:
+      - .env      
+    restart: unless-stopped
+
+  takaro_web:
+    image: ghcr.io/gettakaro/takaro-web-main:latest
+    ports:
+      - 13001:80        
+    environment:
+      VITE_API: http://127.0.0.1:13000
+      VITE_ORY_URL: http://127.0.0.1:4433
+      VITE_POSTHOG_PUBLIC_API_KEY: "placeholder"
+      VITE_POSTHOG_API_URL: "placeholder"
+    restart: unless-stopped
+
+  postgresql:
+    image: postgres:15
+    ports:
+      - 127.0.0.1:15432:5432
+    volumes:
+      - ../../_data/db:/var/lib/postgresql/data
+    env_file:
+      - .env
+    restart: unless-stopped
+
+  redis:
+    image: redis
+    restart: unless-stopped
+    ports:
+      - 127.0.0.1:6379:6379
+
+  kratos-migrate:
+    image: oryd/kratos:v1.0.0
+    environment:
+      - DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql_kratos:5432/kratos
+    volumes:
+      - ../../containers/ory/kratos:/etc/config/kratos
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+    restart: on-failure 
+  kratos:
+    image: oryd/kratos:v1.0.0
+    ports:
+      - '127.0.0.1:4433:4433' # public
+      - '127.0.0.1:4434:4434' # admin
+    restart: on-failure
+    environment:
+      - DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql_kratos:5432/kratos
+    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
+    volumes:
+      - ../../containers/ory/kratos:/etc/config/kratos    
+  postgresql_kratos:
+    image: postgres:15
+    ports:
+      - 127.0.0.1:13101:5432
+    volumes:
+      - ../../_data/kratos-db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: kratos
+
+  prometheus:
+    image: prom/prometheus:v2.52.0 
+    container_name: prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+    ports:
+      - 9090:9090
+    volumes:
+      - ../../containers/prometheus:/etc/prometheus
+      - ../../_data/prometheus:/prometheus      
+  pushgateway:
+    image: prom/pushgateway
+    container_name: pushgateway
+    ports:
+      - "9091:9091"  
diff --git a/packages/web-docs/pages/advanced/self-hosting.mdx b/packages/web-docs/pages/advanced/self-hosting.mdx
index ad72a49321..ae33ba8e84 100644
--- a/packages/web-docs/pages/advanced/self-hosting.mdx
+++ b/packages/web-docs/pages/advanced/self-hosting.mdx
@@ -12,7 +12,7 @@ This guide will set up a basic Takaro instance on a single server. This guide as
 Docker and general server administration. We make a lot of assumptions about the
 environment in which Takaro is running, you will need to adapt this guide to your specific environment.
 
-For simplicity, we will not cover certain aspects of running a production service in this guide, such as backups, monitoring, security hardening, scaling, etc.
+For simplicity, we will not cover certain aspects of running a production service in this guide, such as reverse proxy, backups, monitoring, security hardening, scaling, etc.
 
 ## Prerequisites
 
@@ -31,35 +31,20 @@ Clone the Takaro repository to your server:
 git clone https://github.com/gettakaro/takaro.git
 ```
 
-There is a reference Docker compose file at `deploy/compose/docker-compose.yaml`.
-Take a look at this file to see what we'll be deploying.
-
-```bash
-cd deploy/compose
-cat docker-compose.yaml
-```
-
-Let's replace the placeholder domain with your domain, we'll be using `sed` to do this:
-
-```bash
-sed -i 's/takaro.example.com/takaro.your-domain.com/g' docker-compose.yaml
-```
-
-The containers use a network called `takaro`, we need to create this network:
+The compose file will store a bunch of persistent data. Different containers need different permissions on these folders
 
 ```bash
-docker network create takaro
+./scripts/setup-data-folders.sh
 ```
 
-The compose file will store a bunch of persistent data. Different containers need different permissions on these folders
+There is a reference Docker compose file at `deploy/compose/docker-compose.yml`.
+Take a look at this file to see what we'll be deploying.
 
 ```bash
-./scripts/setup-data-folders.sh
+cd deploy/compose
+cat docker-compose.yml
 ```
 
-The compose file is set up to provision TLS certificates via Cloudflare. You will need to add an env var `CF_DNS_API_TOKEN` with your Cloudflare API token. You can get this token from the Cloudflare dashboard.
-There are other providers supported, see the [Traefik docs](https://doc.traefik.io/traefik/https/acme/#providers) for more info.
-
 Copy the example .env file from the repo and edit it as needed
 
 ```bash