diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 20c3717c..ac2fc962 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -3,6 +3,8 @@ name: publish
 on:
   push:
     branches: [ "main" ]
+    tags:
+      - '*'
 
 env:
   REGISTRY: ghcr.io
@@ -40,18 +42,16 @@ jobs:
     needs: build-and-push-image
     name: deploy image
     runs-on: ubuntu-latest
-
     steps:
-      - name: Install ssh keys
-        run: |
-          install -m 600 -D /dev/null ~/.ssh/id_rsa
-          echo "${{ secrets.DEPLOY_PRIVATE_KEY }}" > ~/.ssh/id_rsa
-          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} > ~/.ssh/known_hosts
-          ssh-keyscan -H ${{ secrets.DEPLOY_JUMP_HOST }} > ~/.ssh/known_hosts
-
-      - name: Connect and pull
-        run: ssh -J ${{ secrets.DEPLOY_JUMP_USERNAME }}@${{ secrets.DEPLOY_JUMP_HOST }} ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} \
-          "cd ${{ secrets.DEPLOY_PATH }} && docker compose pull && docker compose up -d && exit"
-
-      - name: Cleanup
-        run: rm -rf ~/.ssh
+      - uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
+          proxy_host: ${{ secrets.DEPLOY_JUMP_HOST }}
+          proxy_username: ${{ secrets.DEPLOY_JUMP_USERNAME }}
+          proxy_key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
+          script: |
+            cd ${{ secrets.DEPLOY_PATH }}
+            docker compose pull
+            docker compose up -d
diff --git a/interweb-server/.env.example b/interweb-server/.env.example
index 4c80dc51..a42224e2 100644
--- a/interweb-server/.env.example
+++ b/interweb-server/.env.example
@@ -1,7 +1,12 @@
+QUARKUS_HTTP_PORT=8030
+
 QUARKUS_DATASOURCE_REACTIVE_URL=mariadb://localhost:3306/interweb
 QUARKUS_DATASOURCE_USERNAME=interweb
 QUARKUS_DATASOURCE_PASSWORD=
 
+JWT_PUBLIC_KEY=
+JWT_PRIVATE_KEY=
+
 CONNECTOR_BING_APIKEY=
 CONNECTOR_FLICKR_APIKEY=
 CONNECTOR_GIPHY_APIKEY=
diff --git a/interweb-server/src/main/resources/application.properties b/interweb-server/src/main/resources/application.properties
index 97c5c33f..6f059ebd 100644
--- a/interweb-server/src/main/resources/application.properties
+++ b/interweb-server/src/main/resources/application.properties
@@ -17,16 +17,16 @@ quarkus.hibernate-orm.log.sql=true
 quarkus.health.openapi.included=false
 quarkus.smallrye-jwt.enabled=true
 
-quarkus.jwt.issuer=https://l3s.de/interweb
-quarkus.jwt.public.key=
-quarkus.jwt.private.key=
+jwt.issuer=https://l3s.de/interweb
+jwt.public.key=
+jwt.private.key=
 
-smallrye.jwt.encrypt.key=${quarkus.jwt.public.key}
-smallrye.jwt.sign.key=${quarkus.jwt.private.key}
-smallrye.jwt.new-token.issuer=${quarkus.jwt.issuer}
+smallrye.jwt.encrypt.key=${jwt.public.key}
+smallrye.jwt.sign.key=${jwt.private.key}
+smallrye.jwt.new-token.issuer=${jwt.issuer}
 smallrye.jwt.new-token.lifespan=7200
-mp.jwt.verify.publickey=${quarkus.jwt.public.key}
-mp.jwt.verify.issuer=${quarkus.jwt.issuer}
+mp.jwt.verify.publickey=${jwt.public.key}
+mp.jwt.verify.issuer=${jwt.issuer}
 
 # OpenAPI, Swagger
 quarkus.swagger-ui.always-include=true