Add missing license for podspec

## Description

Lower cluster size threshold on discover page

.github/workflows/auth-crowdin-push.yml

@@ -5,7 +5,7 @@ on:
         branches: [main]
         paths:
             # Run workflow when auth's intl_en.arb is changed
-            - "auth/lib/l10n/arb/app_en.arb"
+            - "mobile/apps/auth/lib/l10n/arb/app_en.arb"
             # Or the workflow itself is changed
             - ".github/workflows/auth-crowdin.yml"
 

.github/workflows/auth-internal-release.yml

@@ -4,7 +4,7 @@ on:
     workflow_dispatch: # Allow manually running the action
 
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.32.8"
 
 permissions:
     contents: write

.github/workflows/auth-lint.yml

@@ -4,11 +4,11 @@ on:
     # Run on every pull request (open or push to it) that changes auth/
     pull_request:
         paths:
-            - "auth/**"
+            - "mobile/apps/auth/**"
             - ".github/workflows/auth-lint.yml"
 
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.32.8"
 
 permissions:
     contents: read

.github/workflows/auth-release.yml

@@ -29,7 +29,7 @@ on:
             - "auth-v*"
 
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.32.8"
 
 permissions:
     contents: write

.github/workflows/auth-win-sign.yml

@@ -1,70 +0,0 @@
-name: "Windows build & Sign (auth)"
-
-
-on:
-    workflow_dispatch: # Allow manually running the action
-
-env:
-    FLUTTER_VERSION: "3.24.3"
-
-permissions:
-    contents: write
-
-jobs:
-    build-windows:
-        runs-on: windows-latest
-        environment: "auth-win-build"
-
-        defaults:
-            run:
-                working-directory: mobile/apps/auth
-
-        steps:
-            - name: Checkout code and submodules
-              uses: actions/checkout@v4
-              with:
-                  submodules: recursive
-
-            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
-              uses: subosito/flutter-action@v2
-              with:
-                  channel: "stable"
-                  flutter-version: ${{ env.FLUTTER_VERSION  }}
-                  cache: true
-
-            - name: Create artifacts directory
-              run: mkdir artifacts
-
-            - name: Build Windows installer
-              run: |
-                  flutter config --enable-windows-desktop
-                  # dart pub global activate flutter_distributor
-                  dart pub global activate --source git https://github.com/ente-io/flutter_distributor_fork --git-ref develop --git-path packages/flutter_distributor
-                  make innoinstall
-                  flutter_distributor package --platform=windows --targets=exe --skip-clean
-                  mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
-
-            - name: Retain Windows EXE and DLLs
-              run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
-
-            - name: Sign files with Trusted Signing
-              uses: azure/trusted-signing-action@v0
-              with:
-                azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-                azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
-                azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-                endpoint: ${{ secrets.AZURE_ENDPOINT }}
-                trusted-signing-account-name: ${{ secrets.AZURE_CODE_SIGNING_NAME }}
-                certificate-profile-name: ${{ secrets.AZURE_CERT_PROFILE_NAME }}
-                files: |
-                      ${{ github.workspace }}/mobile/apps/auth/artifacts/ente-${{ github.ref_name }}-installer.exe
-                      ${{ github.workspace }}/mobile/apps/auth/ente-${{ github.ref_name }}-windows/auth.exe
-                file-digest: SHA256
-                timestamp-rfc3161: http://timestamp.acs.microsoft.com
-                timestamp-digest: SHA256  
-
-            - name: Zip Windows EXE and DLLs
-              run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows
-
-            - name: Generate checksums
-              run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows

.github/workflows/mobile-daily-internal.yml

@@ -0,0 +1,179 @@
+name: "Internal release (photos)"
+
+on:
+    schedule:
+        # Runs daily at 12:30 UTC (6:00 PM IST)
+        - cron: "30 12 * * *"
+    workflow_dispatch: # Allow manual trigger
+
+env:
+    FLUTTER_VERSION: "3.32.8"
+    RUST_VERSION: "1.86.0"
+
+permissions:
+    contents: read
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: mobile/apps/photos
+
+        steps:
+            - name: Checkout code and submodules
+              uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+
+            - name: Free up disk space
+              run: |
+                  echo "Initial disk usage:"
+                  df -h /
+                  # Get available space in KB
+                  INITIAL=$(df / | awk 'NR==2 {print $4}')
+                  
+                  echo -e "\n=== Removing .NET SDK (~20-25GB) ==="
+                  BEFORE=$(df / | awk 'NR==2 {print $4}')
+                  START=$(date +%s)
+                  sudo rm -rf /usr/share/dotnet
+                  END=$(date +%s)
+                  AFTER=$(df / | awk 'NR==2 {print $4}')
+                  FREED=$(( (AFTER - BEFORE) / 1048576 ))  # Convert KB to GB
+                  echo "Time: $((END-START))s | Freed: ${FREED}GB"
+                  
+                  echo -e "\n=== Removing cached tools (~5-10GB) ==="
+                  BEFORE=$(df / | awk 'NR==2 {print $4}')
+                  START=$(date +%s)
+                  sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+                  END=$(date +%s)
+                  AFTER=$(df / | awk 'NR==2 {print $4}')
+                  FREED=$(( (AFTER - BEFORE) / 1048576 ))
+                  echo "Time: $((END-START))s | Freed: ${FREED}GB"
+                  
+                  echo -e "\n=== Final Summary ==="
+                  FINAL=$(df / | awk 'NR==2 {print $4}')
+                  TOTAL_FREED=$(( (FINAL - INITIAL) / 1048576 ))
+                  echo "Total space freed: ${TOTAL_FREED}GB"
+                  echo "Final disk usage:"
+                  df -h /
+
+            - name: Setup JDK 17
+              uses: actions/setup-java@v1
+              with:
+                  java-version: 17
+
+            - name: Install Flutter ${{ env.FLUTTER_VERSION }}
+              uses: subosito/flutter-action@v2
+              with:
+                  channel: "stable"
+                  flutter-version: ${{ env.FLUTTER_VERSION }}
+                  cache: true
+
+            - name: Install Flutter Rust Bridge
+              run: cargo install flutter_rust_bridge_codegen
+
+            - name: Generate Rust bindings
+              run: flutter_rust_bridge_codegen generate
+
+            - name: Increment version code for build
+              run: |
+                  CURRENT_VERSION=$(grep '^version:' pubspec.yaml | sed 's/version: //')
+                  VERSION_NAME=$(echo $CURRENT_VERSION | cut -d'+' -f1)
+                  CURRENT_BUILD=$(echo $CURRENT_VERSION | cut -d'+' -f2)
+                  NEW_BUILD=$((CURRENT_BUILD + ${{ github.run_number }}))
+                  NEW_VERSION="${VERSION_NAME}+${NEW_BUILD}"
+
+                  sed -i "s/^version: .*/version: $NEW_VERSION/" pubspec.yaml
+                  echo "Building with version ${NEW_VERSION}"
+                  
+                  # Store version for later use
+                  echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV
+
+            - name: Prepare and validate changelog for Play Store
+              run: |
+                  mkdir -p whatsnew
+                  CHANGELOG_FILE="scripts/store_changes.txt"
+                  DISCORD_FILE="scripts/internal_changes.txt"
+                  OUTPUT_FILE="whatsnew/whatsnew-en-US"
+
+                  # Use provided changelog or fallback
+                  if [ -f "$CHANGELOG_FILE" ]; then
+                          head -c 500 "$CHANGELOG_FILE" > "$OUTPUT_FILE"
+                  else
+                          echo "Bug fixes and improvements" > "$OUTPUT_FILE"
+                  fi
+
+                  # Validate: file exists
+                  if [ ! -s "$OUTPUT_FILE" ]; then
+                          echo "❌ Changelog is empty."
+                          exit 1
+                  fi
+
+                  # Validate: <= 500 chars
+                  LENGTH=$(wc -m < "$OUTPUT_FILE")
+                  if [ "$LENGTH" -gt 500 ]; then
+                          echo "❌ Changelog exceeds 500 characters ($LENGTH)."
+                          exit 1
+                  fi
+
+                  # Validate: no markdown or HTML
+                  if grep -Eq '[\*\_\<\>\[\]\(\)]' "$OUTPUT_FILE"; then
+                          echo "❌ Changelog contains markdown/HTML formatting."
+                          exit 1
+                  fi
+
+                  echo "✅ Changelog valid:"
+                  cat "$OUTPUT_FILE"
+                  
+                  # Store changelog for Play Store (with escaped newlines)
+                  CHANGELOG_PLAYSTORE=$(cat "$OUTPUT_FILE" | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/"/\\"/g')
+                  echo "CHANGELOG=${CHANGELOG_PLAYSTORE}" >> $GITHUB_ENV
+                  
+                  # Store changelog for Discord (with proper newlines)
+                  CHANGELOG_DISCORD=$(cat "$DISCORD_FILE" | sed 's/"/\\"/g')
+                  echo "CHANGELOG_DISCORD<<EOF" >> $GITHUB_ENV
+                  echo "$CHANGELOG_DISCORD" >> $GITHUB_ENV
+                  echo "EOF" >> $GITHUB_ENV
+
+            - name: Setup keys
+              uses: timheuer/base64-to-file@v1
+              with:
+                  fileName: "keystore/ente_photos_key.jks"
+                  encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}
+
+            - name: Build PlayStore AAB
+              run: |
+                  flutter build appbundle --dart-define=cronetHttpNoPlay=true --release --flavor playstore
+              env:
+                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_photos_key.jks"
+                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
+                  SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
+                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
+
+            - name: Upload AAB to PlayStore
+              uses: r0adkll/upload-google-play@v1
+              with:
+                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
+                  packageName: io.ente.photos
+                  releaseFiles: mobile/apps/photos/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
+                  track: internal
+                  whatsNewDirectory: mobile/apps/photos/whatsnew
+                  mappingFile: mobile/apps/photos/build/app/outputs/mapping/playstoreRelease/mapping.txt
+
+            - name: Notify Discord
+              uses: sarisia/actions-status-discord@v1
+              with:
+                  webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
+                  nodetail: true
+                  title: "🏆 Daily release Photos v${{ env.NEW_VERSION }} (Branch: ${{ github.ref_name }})"
+                  description: |
+                      **Version:** ${{ env.NEW_VERSION }}
+                      **Flutter:** ${{ env.FLUTTER_VERSION }}
+                      **Commit:** [${{ github.sha }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})
+                      **Download:** [Play Store](https://play.google.com/store/apps/details?id=io.ente.photos)
+
+                      **Changes:**
+                      ${{ env.CHANGELOG_DISCORD }}
+                  color: 0x00ff00

.github/workflows/mobile-internal-release-rust.yml

@@ -1,77 +0,0 @@
-name: "Internal release (photos)"
-
-on:
-    workflow_dispatch: # Allow manually running the action
-
-env:
-    FLUTTER_VERSION: "3.24.3"
-    RUST_VERSION: "1.85.1"
-
-permissions:
-    contents: write
-
-jobs:
-    build:
-        runs-on: ubuntu-latest
-
-        defaults:
-            run:
-                working-directory: mobile/apps/photos
-
-        steps:
-            - name: Checkout code and submodules
-              uses: actions/checkout@v4
-              with:
-                  submodules: recursive
-
-            - name: Setup JDK 17
-              uses: actions/setup-java@v1
-              with:
-                  java-version: 17
-
-            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
-              uses: subosito/flutter-action@v2
-              with:
-                  channel: "stable"
-                  flutter-version: ${{ env.FLUTTER_VERSION  }}
-                  cache: true
-            
-            - name: Install Rust ${{ env.RUST_VERSION }}
-              uses: dtolnay/rust-toolchain@master
-              with:
-                toolchain: ${{ env.RUST_VERSION }}
-
-            - name: Install Flutter Rust Bridge
-              run: cargo install flutter_rust_bridge_codegen
-
-            - name: Setup keys
-              uses: timheuer/base64-to-file@v1
-              with:
-                  fileName: "keystore/ente_photos_key.jks"
-                  encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}
-
-            - name: Build PlayStore AAB
-              run: |
-                  flutter build appbundle --dart-define=cronetHttpNoPlay=true --release --flavor playstore
-              env:
-                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_photos_key.jks"
-                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
-                  SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
-                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
-
-            - name: Upload AAB to PlayStore
-              uses: r0adkll/upload-google-play@v1
-              with:
-                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
-                  packageName: io.ente.photos
-                  releaseFiles: mobile/apps/photos/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
-                  track: internal
-
-            - name: Notify Discord
-              uses: sarisia/actions-status-discord@v1
-              with:
-                  webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
-                  nodetail: true
-                  title: "🏆 Internal release available for Photos"
-                  description: "[Download](https://play.google.com/store/apps/details?id=io.ente.photos)"
-                  color: 0x00ff00

.github/workflows/mobile-internal-release.yml

@@ -1,68 +0,0 @@
-name: "Internal release (photos)"
-
-on:
-    workflow_dispatch: # Allow manually running the action
-
-env:
-    FLUTTER_VERSION: "3.24.3"
-
-permissions:
-    contents: write
-
-jobs:
-    build:
-        runs-on: ubuntu-latest
-
-        defaults:
-            run:
-                working-directory: mobile/apps/photos
-
-        steps:
-            - name: Checkout code and submodules
-              uses: actions/checkout@v4
-              with:
-                  submodules: recursive
-
-            - name: Setup JDK 17
-              uses: actions/setup-java@v1
-              with:
-                  java-version: 17
-
-            - name: Install Flutter ${{ env.FLUTTER_VERSION  }}
-              uses: subosito/flutter-action@v2
-              with:
-                  channel: "stable"
-                  flutter-version: ${{ env.FLUTTER_VERSION  }}
-                  cache: true
-
-            - name: Setup keys
-              uses: timheuer/base64-to-file@v1
-              with:
-                  fileName: "keystore/ente_photos_key.jks"
-                  encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}
-
-            - name: Build PlayStore AAB
-              run: |
-                  flutter build appbundle --dart-define=cronetHttpNoPlay=true --release --flavor playstore
-              env:
-                  SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_photos_key.jks"
-                  SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
-                  SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
-                  SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
-
-            - name: Upload AAB to PlayStore
-              uses: r0adkll/upload-google-play@v1
-              with:
-                  serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
-                  packageName: io.ente.photos
-                  releaseFiles: mobile/apps/photos/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
-                  track: internal
-
-            - name: Notify Discord
-              uses: sarisia/actions-status-discord@v1
-              with:
-                  webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
-                  nodetail: true
-                  title: "🏆 Internal release Photos (Branch: ${{ github.ref_name }})"
-                  description: "[Download](https://play.google.com/store/apps/details?id=io.ente.photos)"
-                  color: 0x00ff00

.github/workflows/mobile-lint.yml

@@ -8,7 +8,8 @@ on:
             - ".github/workflows/mobile-lint.yml"
 
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.32.8"
+    RUST_VERSION: "1.86.0"
 
 permissions:
     contents: read
@@ -31,7 +32,18 @@ jobs:
                   channel: "stable"
                   flutter-version: ${{ env.FLUTTER_VERSION  }}
                   cache: true
-
+                  
             - run: flutter pub get
+                  
+            - name: Install Rust ${{ env.RUST_VERSION }}
+              uses: dtolnay/rust-toolchain@master
+              with:
+                  toolchain: ${{ env.RUST_VERSION }}
+                  
+            - name: Install Flutter Rust Bridge
+              run: cargo install flutter_rust_bridge_codegen
+              
+            - name: Generate Rust bindings
+              run: flutter_rust_bridge_codegen generate
 
             - run: flutter analyze --no-fatal-infos

.github/workflows/mobile-release.yml

@@ -9,7 +9,7 @@ on:
             - "photos-v*"
 
 env:
-    FLUTTER_VERSION: "3.24.3"
+    FLUTTER_VERSION: "3.32.8"
 
 permissions:
     contents: write
@@ -28,6 +28,38 @@ jobs:
               with:
                   submodules: recursive
 
+            - name: Free up disk space
+              run: |
+                  echo "Initial disk usage:"
+                  df -h /
+                  # Get available space in KB
+                  INITIAL=$(df / | awk 'NR==2 {print $4}')
+                  
+                  echo -e "\n=== Removing .NET SDK (~20-25GB) ==="
+                  BEFORE=$(df / | awk 'NR==2 {print $4}')
+                  START=$(date +%s)
+                  sudo rm -rf /usr/share/dotnet
+                  END=$(date +%s)
+                  AFTER=$(df / | awk 'NR==2 {print $4}')
+                  FREED=$(( (AFTER - BEFORE) / 1048576 ))  # Convert KB to GB
+                  echo "Time: $((END-START))s | Freed: ${FREED}GB"
+                  
+                  echo -e "\n=== Removing cached tools (~5-10GB) ==="
+                  BEFORE=$(df / | awk 'NR==2 {print $4}')
+                  START=$(date +%s)
+                  sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+                  END=$(date +%s)
+                  AFTER=$(df / | awk 'NR==2 {print $4}')
+                  FREED=$(( (AFTER - BEFORE) / 1048576 ))
+                  echo "Time: $((END-START))s | Freed: ${FREED}GB"
+                  
+                  echo -e "\n=== Final Summary ==="
+                  FINAL=$(df / | awk 'NR==2 {print $4}')
+                  TOTAL_FREED=$(( (FINAL - INITIAL) / 1048576 ))
+                  echo "Total space freed: ${TOTAL_FREED}GB"
+                  echo "Final disk usage:"
+                  df -h /
+
             - name: Setup JDK 17
               uses: actions/setup-java@v1
               with:
@@ -40,6 +72,12 @@ jobs:
                   flutter-version: ${{ env.FLUTTER_VERSION  }}
                   cache: true
 
+            - name: Install Flutter Rust Bridge
+              run: cargo install flutter_rust_bridge_codegen
+
+            - name: Generate Rust bindings
+              run: flutter_rust_bridge_codegen generate
+
             - name: Setup keys
               uses: timheuer/base64-to-file@v1
               with:

.github/workflows/photos-internal-release.yml

@@ -0,0 +1,126 @@
+name: "Internal Release V2 (photos)"
+
+on:
+  workflow_dispatch: # Manual trigger only
+
+env:
+  FLUTTER_VERSION: "3.32.8"
+  ANDROID_KEYSTORE_PATH: "keystore/ente_photos_key.jks"
+
+jobs:
+  build:
+    runs-on: macos-latest # Required for iOS builds
+    environment: "ios-build"
+    permissions:
+      contents: write
+
+    defaults:
+      run:
+        working-directory: mobile/apps/photos
+
+    steps:
+      # Common Setup
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+
+      - name: Install Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          flutter-version: ${{ env.FLUTTER_VERSION }}
+          cache: true
+
+      # Android Build 
+      - name: Setup Android signing key
+        uses: timheuer/base64-to-file@v1
+        with:
+          fileName: ${{ env.ANDROID_KEYSTORE_PATH }}
+          encodedString: ${{ secrets.SIGNING_KEY_PHOTOS }}
+
+      # - name: Build Android AAB
+      #   run: |
+      #     flutter build appbundle \
+      #       --dart-define=cronetHttpNoPlay=true \
+      #       --release \
+      #       --flavor playstore
+      #   env:
+      #     SIGNING_KEY_PATH: ${{ env.ANDROID_KEYSTORE_PATH }}
+      #     SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS_PHOTOS }}
+      #     SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD_PHOTOS }}
+      #     SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD_PHOTOS }}
+
+      # iOS Build (new secure implementation)
+      - name: Install fastlane
+        run: gem install fastlane
+      
+      - name: Create ExportOptions.plist
+        run: |
+          cat <<EOF > ios/ExportOptions.plist
+          <?xml version="1.0" encoding="UTF-8"?>
+          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+          <plist version="1.0">
+          <dict>
+              <key>method</key>
+              <string>app-store</string>
+              <key>teamID</key>
+              <string>${{ secrets.IOS_TEAM_ID }}</string>
+          </dict>
+          </plist>
+          EOF
+
+      - name: Setup App Store Connect API Key
+        run: |
+          echo '${{ secrets.IOS_API_KEY }}' > api_key.json
+          chmod 600 api_key.json
+
+      - name: Build iOS IPA
+        run: |
+          flutter build ipa \
+            --release \
+            --export-options-plist=ExportOptions.plist \
+            --dart-define=cronetHttpNoPlay=true
+        env:
+          SIGNING_TEAM_ID: ${{ secrets.IOS_TEAM_ID }}
+
+      # Uploads
+      # - name: Upload to Play Store
+      #   uses: r0adkll/upload-google-play@v1
+      #   with:
+      #     serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
+      #     packageName: io.ente.photos
+      #     releaseFiles: build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
+      #     track: internal
+
+      - name: Upload to TestFlight
+        run: |
+          fastlane pilot upload \
+            --api_key_path api_key.json \
+            --ipa "build/ios/ipa/Ente Photos.ipa" \
+            --skip_waiting_for_build_processing \
+            --apple_id ${{ secrets.IOS_APPLE_ID }} \
+            --app_identifier "io.ente.photos"
+        env:
+          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.IOS_API_KEY_ID }}
+          APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.IOS_ISSUER_ID }}
+          FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.IOS_APP_SPECIFIC_PASSWORD }}
+
+      - name: Clean sensitive files
+        run: |
+          rm -f api_key.json
+          rm -f ${{ env.ANDROID_KEYSTORE_PATH }}
+
+      - name: Notify Discord
+        uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_INTERNAL_RELEASE_WEBHOOK }}
+          title: "🚀 Dual Platform Release Uploaded"
+          description: |
+            **Android**: [Play Store Internal](https://play.google.com/store/apps/details?id=io.ente.photos)
+            **iOS**: TestFlight build processing
+          color: 0x00ff00

.github/workflows/rust-lint.yml

@@ -0,0 +1,44 @@
+name: "Lint (rust)"
+
+on:
+    # Run on every pull request (open or push to it) that changes rust/
+    pull_request:
+        paths:
+            - "rust/**"
+            - ".github/workflows/rust-lint.yml"
+
+permissions:
+    contents: read
+
+# Cancel in-progress lint runs when a new commit is pushed.
+concurrency:
+    group: ${{ github.workflow }}-${{ github.ref }}
+    cancel-in-progress: true
+
+env:
+    RUSTFLAGS: -D warnings
+
+jobs:
+    lint:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: rust
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Cache
+              uses: actions/cache@v4
+              with:
+                  path: |
+                      ~/.cargo/registry
+                      ~/.cargo/git
+                      target
+                  key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+            - run: cargo fmt --check
+
+            - run: cargo clippy --all-targets --all-features
+
+            - run: cargo build

.github/workflows/web-deploy.yml

@@ -54,6 +54,18 @@ jobs:
                   apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                   command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/photos web/apps/photos/out
 
+            - name: Build custom-albums
+              run: yarn build:photos
+              env:
+                  NEXT_PUBLIC_ENTE_ONLY_SERVE_ALBUMS_APP: 1
+
+            - name: Publish custom-albums
+              uses: cloudflare/wrangler-action@v3
+              with:
+                  accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/custom-albums web/apps/photos/out
+
             - name: Build accounts
               run: yarn build:accounts
 

CONTRIBUTING.md

@@ -48,7 +48,11 @@ See [docs/](docs/README.md) for how to edit these documents.
 
 ## Code contributions
 
-If you'd like to contribute code, it is best to start small. Consider some well-scoped changes, say like adding more [custom icons to auth](auth/docs/adding-icons.md), or fixing a specific bug.
+If you'd like to contribute code, it is best to start small. Consider some well-scoped changes, say like adding more [custom icons to auth](mobile/apps/auth/docs/adding-icons.md), or fixing a specific bug. There is a (possibly outdated) list of tasks with the ["help wanted" or "good first issue"](<https://github.com/ente-io/ente/issues?q=state%3Aopen%20(label%3A%22good%20first%20issue%22%20OR%20label%3A%22help%20wanted%22%20)>) label too.
+
+If you use any form of AI assistance, please include a co-author attribution in the commit for transparency.
+
+In your PR, please include before / after screenshots, and clearly indicate the tests that you performed.
 
 Code that changes the behaviour of the product might not get merged, at least not initially. The PR can serve as a discussion bed, but you might find it easier to just start a discussion instead, or post your perspective in the (likely) existing thread about the behaviour change or new feature you wish for.
 

cli/cmd/admin.go

@@ -142,6 +142,22 @@ var _updateFreeUserStorage = &cobra.Command{
 	},
 }
 
+var _sendMail = &cobra.Command{
+	Use:   "send-mail <to-email> <from-email> <from-name>",
+	Args:  cobra.ExactArgs(3),
+	Short: "Sends a test mail via the admin api",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		recoverWithLog()
+		var flags = &model.AdminActionForUser{}
+		cmd.Flags().VisitAll(func(f *pflag.Flag) {
+			if f.Name == "admin-user" {
+				flags.AdminEmail = f.Value.String()
+			}
+		})
+		return ctrl.SendTestMail(context.Background(), *flags, args[0], args[1], args[2])
+	},
+}
+
 func init() {
 	rootCmd.AddCommand(_adminCmd)
 	_ = _userDetailsCmd.MarkFlagRequired("admin-user")
@@ -159,5 +175,6 @@ func init() {
 	_updateFreeUserStorage.Flags().StringP("user", "u", "", "The email of the user to update subscription for. (required)")
 	// add a flag with no value --no-limit
 	_updateFreeUserStorage.Flags().String("no-limit", "True", "When true, sets 100TB as storage limit, and expiry to current date + 100 years")
-	_adminCmd.AddCommand(_userDetailsCmd, _disable2faCmd, _disablePasskeyCmd, _updateFreeUserStorage, _listUsers, _deleteUser)
+	_sendMail.Flags().StringP("admin-user", "a", "", "The email of the admin user. ")
+	_adminCmd.AddCommand(_userDetailsCmd, _disable2faCmd, _disablePasskeyCmd, _updateFreeUserStorage, _listUsers, _deleteUser, _sendMail)
 }

cli/cmd/root.go

@@ -2,11 +2,12 @@ package cmd
 
 import (
 	"fmt"
-	"github.com/ente-io/cli/pkg"
-	"github.com/spf13/cobra/doc"
 	"os"
 	"runtime"
 
+	"github.com/ente-io/cli/pkg"
+	"github.com/spf13/cobra/doc"
+
 	"github.com/spf13/viper"
 
 	"github.com/spf13/cobra"
@@ -20,11 +21,6 @@ var ctrl *pkg.ClICtrl
 var rootCmd = &cobra.Command{
 	Use:   "ente",
 	Short: "CLI tool for exporting your photos from ente.io",
-	// Uncomment the following line if your bare application
-	// has an action associated with it:
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Sprintf("Hello World")
-	},
 }
 
 func GenerateDocs() error {

cli/internal/api/admin.go

@@ -139,5 +139,28 @@ func (c *Client) UpdateFreePlanSub(ctx context.Context, userDetails *models.User
 		}
 	}
 	return nil
-
+}
+
+func (c *Client) SendTestMail(ctx context.Context, toEmail, fromEmail, fromName string) error {
+	body := map[string]interface{}{
+		"to":        []string{toEmail},
+		"fromName":  fromName,
+		"fromEmail": fromEmail,
+		"subject":   "Test mail from Ente",
+		"body":      "This is a test mail from Ente",
+	}
+	r, err := c.restClient.R().
+		SetContext(ctx).
+		SetBody(body).
+		Post("/admin/mail")
+	if err != nil {
+		return err
+	}
+	if r.IsError() {
+		return &ApiError{
+			StatusCode: r.StatusCode(),
+			Message:    r.String(),
+		}
+	}
+	return nil
 }

cli/pkg/admin_actions.go

@@ -156,6 +156,23 @@ func (c *ClICtrl) UpdateFreeStorage(ctx context.Context, params model.AdminActio
 	return nil
 }
 
+func (c *ClICtrl) SendTestMail(ctx context.Context, params model.AdminActionForUser, to, from, fromName string) error {
+	accountCtx, err := c.buildAdminContext(ctx, params.AdminEmail)
+	if err != nil {
+		return err
+	}
+	err = c.Client.SendTestMail(accountCtx, to, from, fromName)
+	if err != nil {
+		if apiErr, ok := err.(*api.ApiError); ok && apiErr.StatusCode == 400 && strings.Contains(apiErr.Message, "Token is too old") {
+			fmt.Printf("Error: old admin token, please re-authenticate using `ente account add` \n")
+			return nil
+		}
+		return err
+	}
+	fmt.Printf("Successfully sent test email to %s\n", to)
+	return nil
+}
+
 func (c *ClICtrl) buildAdminContext(ctx context.Context, adminEmail string) (context.Context, error) {
 	accounts, err := c.GetAccounts(ctx)
 	if err != nil {

desktop/.github/workflows/desktop-release.yml

@@ -44,8 +44,7 @@ jobs:
                   # If triggered by a tag, checkout photosd-$tag from the source
                   # repository. Otherwise checkout $source (default: "main").
                   repository: ente-io/ente
-                  ref:
-                      "${{ startsWith(github.ref, 'refs/tags/v') &&
+                  ref: "${{ startsWith(github.ref, 'refs/tags/v') &&
                       format('photosd-{0}', github.ref_name) || ( inputs.source
                       || 'main' ) }}"
 
@@ -110,8 +109,7 @@ jobs:
               env:
                   # macOS notarization credentials key details
                   APPLE_ID: ${{ secrets.APPLE_ID }}
-                  APPLE_APP_SPECIFIC_PASSWORD:
-                      ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+                  APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
                   APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
                   # Windows Azure Trusted Signing related values
                   # https://www.electron.build/code-signing-win#using-azure-trusted-signing-beta

desktop/.prettierrc.json

@@ -1,6 +1,5 @@
 {
     "tabWidth": 4,
-    "proseWrap": "always",
     "objectWrap": "collapse",
     "plugins": [
         "prettier-plugin-organize-imports",

desktop/CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## v1.7.15 (Unreleased)
 
+- Custom domains.
+- Support Czech translations.
 - .
 
 ## v1.7.14

docs/.prettierrc.json

@@ -1,4 +1,3 @@
 {
-    "tabWidth": 4,
-    "proseWrap": "always"
+    "tabWidth": 4
 }

docs/docs/.vitepress/config.ts

@@ -26,6 +26,9 @@ export default defineConfig({
             },
         },
         sidebar: sidebar,
+        outline: {
+            level: [2, 3],
+        },
         socialLinks: [
             { icon: "github", link: "https://github.com/ente-io/ente/" },
             { icon: "twitter", link: "https://twitter.com/enteio" },

docs/docs/.vitepress/sidebar.ts

@@ -26,6 +26,10 @@ export const sidebar = [
                         text: "Collecting photos",
                         link: "/photos/features/collect",
                     },
+                    {
+                        text: "Custom domains",
+                        link: "/photos/features/custom-domains/",
+                    },
                     {
                         text: "Deduplicate",
                         link: "/photos/features/deduplicate",
@@ -207,22 +211,22 @@ export const sidebar = [
                 text: "Migration",
                 collapsed: true,
                 items: [
-                    { text: "Introduction", link: "/auth/migration-guides/" },
+                    { text: "Introduction", link: "/auth/migration/" },
                     {
                         text: "From Authy",
-                        link: "/auth/migration-guides/authy/",
+                        link: "/auth/migration/authy/",
                     },
                     {
                         text: "From Steam",
-                        link: "/auth/migration-guides/steam/",
+                        link: "/auth/migration/steam/",
                     },
                     {
                         text: "From others",
-                        link: "/auth/migration-guides/import",
+                        link: "/auth/migration/import",
                     },
                     {
                         text: "Exporting your data",
-                        link: "/auth/migration-guides/export",
+                        link: "/auth/migration/export",
                     },
                 ],
             },
@@ -239,76 +243,84 @@ export const sidebar = [
         ],
     },
     {
-        text: "Self hosting",
+        text: "Self-hosting",
         collapsed: true,
         items: [
-            { text: "Getting started", link: "/self-hosting/" },
             {
-                text: "Connecting to custom server",
-                link: "/self-hosting/guides/custom-server/",
+                text: "Quickstart",
+                link: "/self-hosting/",
             },
             {
-                text: "Creating accounts",
-                link: "/self-hosting/creating-accounts",
-            },
-            {
-                text: "Configuring your server",
-                link: "/self-hosting/museum",
-            },
-            {
-                text: "Configuring S3",
-                link: "/self-hosting/guides/configuring-s3",
-            },
-            {
-                text: "Reverse proxy",
-                link: "/self-hosting/reverse-proxy",
-            },
-            {
-                text: "Guides",
+                text: "Installation",
                 collapsed: true,
                 items: [
-                    { text: "Introduction", link: "/self-hosting/guides/" },
                     {
-                        text: "Administering your server",
-                        link: "/self-hosting/guides/admin",
+                        text: "Requirements",
+                        link: "/self-hosting/installation/requirements",
                     },
                     {
-                        text: "Configuring CLI for your instance",
-                        link: "/self-hosting/guides/selfhost-cli",
+                        text: "Quickstart script (Recommended)",
+                        link: "/self-hosting/installation/quickstart",
                     },
                     {
-                        text: "Running Ente from source",
-                        link: "/self-hosting/guides/from-source",
+                        text: "Docker Compose",
+                        link: "/self-hosting/installation/compose",
                     },
                     {
-                        text: "Running Ente without Docker",
-                        link: "/self-hosting/guides/standalone-ente",
+                        text: "Manual setup (without Docker)",
+                        link: "/self-hosting/installation/manual",
+                    },
+                    {
+                        text: "Environment variables and defaults",
+                        link: "/self-hosting/installation/env-var",
+                    },
+                    {
+                        text: "Configuration",
+                        link: "/self-hosting/installation/config",
+                    },
+                    {
+                        text: "Post-installation steps",
+                        link: "/self-hosting/installation/post-install/",
+                    },
+                    {
+                        text: "Upgrade",
+                        link: "/self-hosting/installation/upgrade",
                     },
                 ],
             },
             {
-                text: "Troubleshooting",
+                text: "Administration",
                 collapsed: true,
                 items: [
                     {
-                        text: "General",
-                        link: "/self-hosting/troubleshooting/misc",
+                        text: "User management",
+                        link: "/self-hosting/administration/users",
                     },
                     {
-                        text: "Bucket CORS",
-                        link: "/self-hosting/troubleshooting/bucket-cors",
+                        text: "Reverse proxy",
+                        link: "/self-hosting/administration/reverse-proxy",
                     },
                     {
-                        text: "Uploads",
-                        link: "/self-hosting/troubleshooting/uploads",
+                        text: "Object storage",
+                        link: "/self-hosting/administration/object-storage",
                     },
                     {
-                        text: "Docker / quickstart",
-                        link: "/self-hosting/troubleshooting/docker",
+                        text: "Ente CLI",
+                        link: "/self-hosting/administration/cli",
                     },
                     {
-                        text: "Ente CLI secrets",
-                        link: "/self-hosting/troubleshooting/keyring",
+                        text: "Backup",
+                        link: "/self-hosting/administration/backup",
+                    },
+                ],
+            },
+            {
+                text: "Development",
+                collapsed: true,
+                items: [
+                    {
+                        text: "Building mobile apps",
+                        link: "/self-hosting/development/mobile-build",
                     },
                 ],
             },
@@ -321,31 +333,30 @@ export const sidebar = [
                         link: "/self-hosting/guides/tailscale",
                     },
                     {
-                        text: "Ente with External S3",
-                        link: "/self-hosting/guides/external-s3",
+                        text: "Running Ente using systemd",
+                        link: "/self-hosting/guides/systemd",
                     },
                 ],
             },
             {
-                text: "FAQ",
+                text: "Troubleshooting",
                 collapsed: true,
                 items: [
-                    { text: "General", link: "/self-hosting/faq/" },
                     {
-                        text: "Verification code",
-                        link: "/self-hosting/faq/otp",
+                        text: "General",
+                        link: "/self-hosting/troubleshooting/misc",
                     },
                     {
-                        text: "Shared albums",
-                        link: "/self-hosting/faq/sharing",
+                        text: "Docker / quickstart",
+                        link: "/self-hosting/troubleshooting/docker",
                     },
                     {
-                        text: "Backups",
-                        link: "/self-hosting/faq/backup",
+                        text: "Uploads",
+                        link: "/self-hosting/troubleshooting/uploads",
                     },
                     {
-                        text: "Environment variables",
-                        link: "/self-hosting/faq/environment",
+                        text: "Ente CLI",
+                        link: "/self-hosting/troubleshooting/cli",
                     },
                 ],
             },

docs/docs/auth/features/index.md

@@ -105,8 +105,7 @@ Ente Auth offers various import and export options for your codes.
   automatically via the CLI.
 - **Import:** Import codes from various other authentication apps.
 
-For detailed instructions, refer to the
-[migration guides](../migration-guides/).
+For detailed instructions, refer to the [migration guides](../migration/).
 
 ### Deduplicate codes
 

docs/docs/auth/migration/index.md

@@ -1,7 +1,6 @@
 ---
 title: Migrating to Ente Auth
-description:
-    Guides for migrating your existing 2FA tokens into or out of Ente Auth
+description: Guides for migrating your existing 2FA tokens into or out of Ente Auth
 ---
 
 # Migrating to/from Ente Auth

docs/docs/index.md

@@ -6,7 +6,7 @@ description: >
 
 # Welcome!
 
-![Ducky: Ente's Mascot](/public/ducky.png){width=50% style="margin: 0 auto"}
+![Ducky: Ente's Mascot](/ducky.png){width=50% style="margin: 0 auto"}
 
 ## Introduction
 
@@ -14,16 +14,16 @@ Ente (pronounced en-_tay_) is a end-to-end encrypted platform for privately,
 reliably, and securely storing your data on the cloud, over which 2 applications
 have been developed and made available for mobile, web and desktop, namely:
 
-- **Ente Photos** - An alternative to Google Photos and Apple Photos
-- **Ente Auth** - A free 2FA alternative to Authy
+- **Ente Photos** - An alternative to Google Photos and Apple Photos.
+- **Ente Auth** - A free 2FA alternative to Authy.
 
 ## History
 
-Ente was the founded by Vishnu Mohandas (he's also Ente's CEO) in response to
-privacy concerns with major tech companies. The underlying motivation was the
-understanding that big tech had no incentive to fix their act, but with
-end-to-end encrypted cross platform apps, there was a way for people to take
-back control over their own data without sacrificing on features.
+Ente was founded by Vishnu Mohandas (Ente's CEO) in response to privacy concerns
+with major tech companies. The underlying motivation was the understanding that
+big tech had no incentive to fix their act, but with end-to-end encrypted cross
+platform apps, there was a way for people to take back control over their own
+data without sacrificing on features.
 
 ### Origin of the name
 
@@ -76,7 +76,7 @@ and stay updated:
 
 If you encounter any issues with any of the products that's not answered by our
 documentation, please reach out to our team by sending an email to
-[support@ente.io](mailto:support@ente.io)
+[support@ente.io](mailto:support@ente.io).
 
-For community support, please post your queries on
-[Discord](https://discord.gg/z2YVKkycX3)
+For community support, please post your queries on our
+[Discord](https://discord.gg/z2YVKkycX3) server.

docs/docs/photos/faq/desktop.md

@@ -1,7 +1,6 @@
 ---
 title: Desktop app FAQ
-description:
-    An assortment of frequently asked questions about Ente Photos desktop app
+description: An assortment of frequently asked questions about Ente Photos desktop app
 ---
 
 # Desktop app FAQ

docs/docs/photos/faq/general.md

@@ -67,7 +67,7 @@ reliable as any one can be.
 If you would like to fund the development of this project, please consider
 [subscribing](https://ente.io/download).
 
-## How do I pronounce ente?
+## How do I pronounce Ente?
 
 It's like cafe 😊. kaf-_ay_. en-_tay_.
 

docs/docs/photos/faq/security-and-privacy.md

@@ -1,7 +1,6 @@
 ---
 title: Security and Privacy FAQ
-description:
-    Comprehensive information about security and privacy measures in Ente Photos
+description: Comprehensive information about security and privacy measures in Ente Photos
 ---
 
 # Security and Privacy FAQ

docs/docs/photos/features/cast/index.md

@@ -1,7 +1,6 @@
 ---
 title: Cast
-description:
-    Casting your photos on to a large screen or a TV or a Chromecast device
+description: Casting your photos on to a large screen or a TV or a Chromecast device
 ---
 
 # Cast

docs/docs/photos/features/custom-domains/index.md

@@ -0,0 +1,109 @@
+---
+title: Custom domains
+description: Use your own domain when sharing photos and videos stored in Ente Photos
+---
+
+# Custom domains
+
+Custom domains allow you to serve your public links with your own personalized domain.
+
+For example, if I have an Ente album and wish to share it with my friends, I can go to the album's sharing settings and create a public link. When I copy this link, it will of the form of
+
+```
+https://albums.ente.io/?t=...
+```
+
+The custom domains feature allows you to instead create a link that uses your own domain, say
+
+```
+https://pics.example.org/?t=...
+```
+
+You don't need to run any servers or manage any services, Ente will still host and serve your album for you, the only thing that changes is that you can serve your links using your personalized domain.
+
+## Availability
+
+The custom domains feature requires the ability to publicly share albums which for abuse prevention reasons can only be done by people with an active Ente subscription.
+
+## Setup
+
+The setup involves two steps:
+
+1. Letting Ente know about the domain you wish to use for serving your public links
+2. Updating your DNS settings to point your domain (or subdomain) to **my.ente.io**
+
+For people who are comfortable with changing DNS settings on their domain provider, this entire process is very simple will take a minute. For people who are not comfortable with changing DNS, we will provide a more detailed breakdown below.
+
+Let's dive in.
+
+To make the process concrete, let's assume we're trying to use _pics.example.org_ as our custom domain. Note that there is no restriction to use a subdomain, a top level domain can be used as a custom domain too. That is, either of _example.org_ or _subdomain.example.org_ is fine, Ente will work with both.
+
+### Step 1 - Link your domain
+
+The first step is to let Ente know about the domain or subdomain you wish to use by linking it to your account.
+
+> [!WARNING]
+>
+> Currently (Sep 2025) the ability to link a custom domain is only present in Ente's web app, [web.ente.io](https://web.ente.io).
+
+Head over to Preferences > Custom domains, in the domain field enter "pics.example.org" (replace with your subdomain) and press "Save". That's it. The linking is done.
+
+### Step 2 - Add DNS entry
+
+The second step is to add a CNAME entry in your DNS provider that forwards requests for pics.example.org (replace with your subdomain) to **my.ente.io**.
+
+Specifically, you need to add a `CNAME record` from the domain (or subdomain) of your choice to `my.ente.io`. You can leave the `TTL` at its default.
+
+| Record Type |            Name            |        Value | TTL            |
+| ----------- | :------------------------: | -----------: | -------------- |
+| CNAME       | Your subdomain, e.g `pics` | `my.ente.io` | Auto (default) |
+
+The exact steps for doing this depend on the DNS provider that you're using.
+
+> Your DNS provider usually is the service from which you bought your domain. The domain name seller will provide some sort of an admin panel where you can configure your DNS settings.
+
+As concrete examples, here is how this step would look for Cloudflare:
+
+![Adding a CNAME for custom domain in Cloudflare](cf.png)
+
+Note that orange proxy option is off. And here is how it would look for Namecheap:
+
+![Adding a CNAME for custom domain in Namecheap](nc.png)
+
+> [!NOTE]
+>
+> The examples are using "pics" as the subdomain, but that's just an example, you can use anything you like (or use "@" if you'd like to use the root domain itself).
+
+The time it takes for DNS records to update is dependent on your DNS provider. Usually the changes should start reflecting within a few minutes, and should almost always reflect within an hour.
+
+Once the DNS changes have been applied, then you can take any public link to your shared albums, replace `albums.ente.io` with your choice (e.g. `pics.example.org`), and the link will still work.
+
+You don't need to do this manually though, the apps will do it for you. More on this in the next section. But first, some troubleshooting tips.
+
+### Troubleshooting
+
+If your domain is not working, go through the following checklist.
+
+- The CNAME should be from your domain to my.ente.io, not the other way around. That is, `pics.example.org => my.ente.io`.
+
+- If you're using Cloudflare DNS, make sure that the "Orange" proxy status toggle is off, and the Proxy status is the "Grey" DNS only.
+
+## Using
+
+Using is trivial. When you go to an album's sharing options and copy the link to it, Ente will automatically copy the link that uses your configured domain.
+
+> [!WARNING]
+>
+> Currently (Sep 2025) the ability to automatically substitute your custom domain is present in Ente's web and mobile apps, but not in the desktop app (The next desktop version to be released will have that ability too).
+
+## Unsetting
+
+To stop using your custom domain, we need to undo the two steps we did during setup.
+
+1. Unlink your domain in Ente. This can be done just by going to Preferences > Custom Domains, clearing the value in the "Domain" input and pressing "Update".
+
+2. Remove the CNAME record you added during setup in your DNS provider.
+
+## Implementation
+
+Our engineers also wrote [explainer](https://ente.io/blog/custom-domains/) of how this works behind the scenes.

docs/docs/photos/features/deduplicate.md

@@ -6,7 +6,7 @@ description: Removing duplicates photos using Ente Photos
 # Deduplicate
 
 Ente performs two different duplicate detections: one during uploads, and one
-that can be manually run afterwards to remove duplicates across albums.
+that can be manually run afterwards to remove duplicates and very similar files across albums.
 
 ## During uploads
 
@@ -16,7 +16,7 @@ When uploading, Ente will ignore exact duplicate files. This allows you to
 resume interrupted uploads, or drag and drop the same folder, or reinstall the
 app, and expect Ente to automatically skip duplicates and only add new files.
 
-The duplicate detection works slightly different on each platform, to cater to
+The duplicate detection works slightly differently on each platform, to cater to
 the platform's nuances.
 
 #### Mobile
@@ -48,7 +48,7 @@ to album", and the actual files are not re-uploaded.
 
 ## Manual deduplication
 
-Ente also provides a tool for manual de-duplication in _Settings → Backup →
+Ente provides a tool for manual de-duplication in _Settings → Backup → Free up space →
 Remove duplicates_. This is useful if you have an existing library with
 duplicates across different albums, but wish to keep only one copy.
 
@@ -57,6 +57,13 @@ single copy, and add symlinks to this copy within all existing albums. So your
 existing album structure remains unchanged, while the space consumed by the
 duplicate data is freed up.
 
+## Filtering similar images
+
+Ente also provides a tool for manual removal of images that are similar, but not the exact same, using our private ML. This feature can be found in _Settings → Backup → Free up space →
+Similar images_. This is useful if you've taken a lot of similar photos, potentiall even in different albums, and want to keep only the best ones.
+
+During this filtering process you can choose which photos to keep and which to delete for each set of similar images. Ente will then automatically add symlinks for the kept photos to any albums that only had the deleted images. This way you can easily prune similar images, without worrying about accidentally removing the best ones from a certain album.
+
 ## Adding to Ente album creates symlinks
 
 Note that once a file is in Ente, adding it to another Ente album will create a

docs/docs/photos/features/family-plans.md

@@ -1,7 +1,6 @@
 ---
 title: Family plans
-description:
-    Share your Ente Photos plan with your family members with no extra cost
+description: Share your Ente Photos plan with your family members with no extra cost
 ---
 
 # Family plans

docs/docs/photos/features/watch-folders.md

@@ -1,7 +1,6 @@
 ---
 title: Watch folder
-description:
-    Automatic syncing of selected folders using the Ente Photos desktop app
+description: Automatic syncing of selected folders using the Ente Photos desktop app
 ---
 
 # Watch folders

docs/docs/photos/migration/from-local-hard-disk.md

@@ -1,7 +1,6 @@
 ---
 title: Import from local hard disk
-description:
-    Migrating to Ente Photos by importing data from your local hard disk
+description: Migrating to Ente Photos by importing data from your local hard disk
 ---
 
 # Import photos from your local hard disk

docs/docs/photos/troubleshooting/desktop-install/index.md

@@ -99,3 +99,17 @@ If you do want to run it from the command line, you can do so by passing the
 
 For more details, see this upstream issue on
 [electron](https://github.com/electron/electron/issues/17972).
+
+### Application reporting offline despite Internet connectivity
+
+Due to unreliability of usage of `navigator.onLine` in Linux, the app may report that you are offline, even though the internet connection is functional.
+
+You can resolve the issue by adding a dummy network interface using the following command:
+
+```shell
+ip link add dummy0 type dummy
+ip addr add 10.10.10.1/24 dev dummy0
+ip link set dummy0 up
+```
+
+Once the interface is up, Ente correctly detects that the system is online.

docs/docs/photos/troubleshooting/files-not-uploading.md

@@ -1,7 +1,6 @@
 ---
 title: Files not uploading
-description:
-    Troubleshooting when files are not uploading from your Ente Photos app
+description: Troubleshooting when files are not uploading from your Ente Photos app
 ---
 
 # Files not uploading

docs/docs/self-hosting/administration/backup.md

@@ -0,0 +1,47 @@
+---
+title: Backups - Self-hosting
+description: General introduction to backing up your self hosted Ente instance
+---
+
+# Backing up your Ente instance
+
+A functional Ente backend needs three things:
+
+1. Museum (the API server)
+2. Postgres (the database)
+3. Object storage (any S3-compatible object storage)
+
+Thus, when thinking about backups:
+
+1. For Museum, you should backup your `museum.yaml`, `credentials.yaml` or any
+   other custom configuration that you created.
+2. The entire data volume needs to be backed up for the database and object
+   storage.
+
+A common oversight is taking a lot of care for backing up the object storage,
+even going as far as enabling replication and backing up the the multiple object
+storage volumes, but not applying the same care to the database backup.
+
+While the actual encrypted photos are indeed stored in the object storage,
+**this encrypted data will not be usable without the database** since the
+database contains information like a file specific encryption key.
+
+Viewed differently, to decrypt your data you need three pieces of information:
+
+1. The encrypted file data itself (which comes from the object storage backup).
+2. The encrypted file and collection specific encryption keys (which come from
+   the database backup).
+3. The master key (which comes from your password).
+
+If you're starting out with self hosting, we recommend keeping plaintext backup
+of your photos.
+
+[You can use the CLI or the desktop app to automate this](/photos/faq/export).
+
+Once you get more comfortable with the various parts, you can try backing up
+your instance.
+
+If you rely on your instance backup, ensure that you do full restoration to
+verify that you are able to access your data.
+
+As the industry saying goes, a backup without a restore is no backup at all.

docs/docs/self-hosting/administration/cli.md

@@ -0,0 +1,89 @@
+---
+title: Ente CLI for Self-hosted Instance - Self-hosting
+description: Guide to configuring Ente CLI for Self Hosted Instance
+---
+
+# Ente CLI for self-hosted instance
+
+If you are self-hosting, you can configure Ente CLI to export data & perform
+basic administrative actions.
+
+::: tip Installing Ente CLI
+
+For instructions on installing the Ente CLI, see the [README available on Github](https://github.com/ente-io/ente/tree/main/cli/README.md).
+
+:::
+
+## Step 1: Configure endpoint
+
+To do this, first configure the CLI to use your server's endpoint.
+
+Define `config.yaml` and place it in `~/.ente/` or directory specified by
+`ENTE_CLI_CONFIG_DIR` or directory where Ente CLI is present.
+
+```yaml
+# Set the API endpoint to your domain where Museum is being served.
+endpoint:
+    api: http://localhost:8080
+```
+
+## Step 2: Whitelist admins
+
+You can whitelist administrator users by following this
+[guide](/self-hosting/administration/users#whitelist-admins).
+
+## Step 3: Add an account
+
+::: info You can not create new accounts using Ente CLI.
+
+You can only log in to your existing accounts.
+
+To create a new account, use Ente Photos (or Ente Auth) web application, desktop
+or mobile.
+
+:::
+
+You can add your existing account using Ente CLI.
+
+```shell
+ente account add
+```
+
+This should prompt you for authentication details and export directory. Your
+account should be added after successful authentication.
+
+It can be used for exporting data (for plain-text backup), managing Ente Auth
+and performing administrative actions.
+
+## Step 4: Increase storage and account validity
+
+You can use `ente admin update-subscription` to increase storage quota and
+account validity (duration).
+
+For infinite storage and validity, use the following command:
+
+```shell
+ente admin update-subscription -a <admin-user-mail> -u <user-email-to-update> --no-limit
+
+# Set a limit
+ente admin update-subscription -a <admin-user-mail> -u <user-email-to-update> --no-limit False
+```
+
+::: info The users must be registered on the server with same e-mail address.
+
+If the commands are failing, ensure:
+
+1. `<admin-user-mail>` is whitelisted as administrator user in `museum.yaml`.
+   For more information, check this
+   [guide](/self-hosting/administration/users#whitelist-admins).
+2. `<user-email-to-update>` is a registered user with completed verification.
+
+:::
+
+For more information, check out the documentation for setting
+[storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
+using the CLI.
+
+## References
+
+1. [Ente CLI Documentation](https://github.com/ente-io/ente/blob/main/cli/docs/generated)

docs/docs/self-hosting/administration/object-storage.md

@@ -0,0 +1,142 @@
+---
+title: Configuring Object Storage - Self-hosting
+description:
+    Configure Object Storage for storing files along with some troubleshooting
+    tips
+---
+
+# Configuring Object Storage
+
+Ente relies on [S3-compatible](https://docs.aws.amazon.com/s3/) cloud storage
+for storing files (photos, thumbnails and videos) as objects.
+
+Ente ships MinIO as S3-compatible storage by default in quickstart and Docker
+Compose for quick testing.
+
+This document outlines configuration of S3 buckets and enabling replication for
+further usage.
+
+## Museum
+
+The S3-compatible buckets have to be configured in `museum.yaml` file.
+
+### General Configuration
+
+Some of the common configuration that can be done at top-level are:
+
+1. **SSL Configuration:** If you need to configure SSL (i. e., the buckets are
+   accessible via HTTPS), you'll need to set `s3.are_local_buckets` to `false`.
+2. **Path-style URLs:** Disabling `s3.are_local_buckets` also switches to the
+   subdomain-style URLs for the buckets. However, some S3 providers such as
+   MinIO do not support this.
+
+    Set `s3.use_path_style_urls` to `true` for such cases.
+
+### Replication
+
+> [!IMPORTANT]
+>
+> Replication works only if all 3 storage buckets are configured (2 hot and 1
+> cold storage).
+>
+> For more information, check
+> [this discussion](https://github.com/ente-io/ente/discussions/3167#discussioncomment-10585970)
+> and our article on ensuring [reliability](https://ente.io/reliability/).
+
+Replication is disabled by default in self-hosted instance. Only the first
+bucket (`b2-eu-cen`) is used.
+
+Only the names are specifically fixed, you can put any other keys in
+configuration body.
+
+Use the `s3.hot_storage.primary` option if you'd like to set one of the other
+pre-defined buckets as the primary bucket.
+
+### Bucket configuration
+
+The keys `b2-eu-cen` (primary storage), `wasabi-eu-central-2-v3` (secondary
+storage) and `scw-eu-fr-v3` (cold storage) are hardcoded, however, the keys and
+secret can be anything.
+
+It has no relation to Backblaze, Wasabi or Scaleway.
+
+Each bucket's endpoint, region, key and secret should be configured accordingly
+if using an external bucket.
+
+If a bucket has SSL support enabled, set `s3.are_local_buckets` to `false`. Enable path-style URL by setting `s3.use_path_style_urls` to `true`.
+
+::: note
+
+You can configure this for individual buckets over defining top-level configuration if you are using the latest server image (August 2025)
+
+:::
+
+A sample configuration for `b2-eu-cen` is provided, which can be used for other 2 buckets as well:
+
+```yaml
+b2-eu-cen:
+    are_local_buckets: true
+    use_path_style_urls: true
+    key: <key>
+    secret: <secret>
+    endpoint: localhost:3200
+    region: eu-central-2
+    bucket: b2-eu-cen
+```
+
+## CORS (Cross-Origin Resource Sharing)
+
+If you cannot upload a photo due to CORS error, you need to fix the CORS
+configuration of your bucket.
+
+Use the content provided below for creating a `cors.json` file:
+
+```json
+{
+    "CORSRules": [
+        {
+            "AllowedOrigins": ["*"],
+            "AllowedHeaders": ["*"],
+            "AllowedMethods": ["GET", "HEAD", "POST", "PUT", "DELETE"],
+            "MaxAgeSeconds": 3000,
+            "ExposeHeaders": ["Etag"]
+        }
+    ]
+}
+```
+
+You may have to change the `AllowedOrigins` to allow only certain origins (your
+Ente web apps and Museum) for security.
+
+Assuming you have AWS CLI on your system and that you have configured it with
+your access key and secret, you can execute the below command to set bucket
+CORS. Make sure to enter the right path for the `cors.json` file.
+
+```shell
+aws s3api put-bucket-cors --bucket YOUR_S3_BUCKET --cors-configuration /path/to/cors.json
+```
+
+### MinIO
+
+Assuming you have configured an alias for MinIO account using the command:
+
+```shell
+mc alias set storage-account-alias minio-endpoint minio-key minio-secret
+```
+
+where,
+
+1. `storage-account-alias` is a valid storage account alias name
+2. `minio-endpoint` is the endpoint where MinIO is being served without the
+   protocol (http or https). Example: `localhost:3200`
+3. `minio-key` is the MinIO username defined in `MINIO_ROOT_USER`
+4. `minio-secret` is the MinIO password defined in `MINIO_PASSWORD`
+
+To set the `AllowedOrigins` Header, you can use the following command:.
+
+```shell
+mc admin config set storage-account-alias api cors_allow_origin="*"
+```
+
+You can create also `.csv` file and dump the list of origins you would like to
+allow and replace the `*` with path to the CSV file.

docs/docs/self-hosting/administration/reverse-proxy.md

@@ -0,0 +1,101 @@
+---
+Title: Configuring Reverse Proxy - Self-hosting
+Description: Configuring reverse proxy for Museum and other services
+---
+
+# Reverse proxy
+
+Reverse proxy helps in making application services accessible via the Internet
+without exposing multiple ports for various services.
+
+It also allows configuration of HTTPS through SSL certificate management.
+
+We highly recommend using HTTPS for Museum (Ente's server). For security
+reasons, Museum will not accept incoming HTTP traffic.
+
+## Pre-requisites
+
+1.  **Reverse Proxy:** We recommend using Caddy for simplicity of configuration
+    and automatic certificate generation and management, although you can use
+    other alternatives such as NGINX, Traefik, etc.
+
+    Install Caddy using the following command on Debian/Ubuntu-based systems:
+
+    ```shell
+    sudo apt install caddy
+    ```
+
+    Start the service and enable it to start upon system boot.
+
+    ```shell
+    sudo systemctl start caddy
+    sudo systemctl enable caddy
+    ```
+
+## Step 1: Configure A or AAAA records
+
+Set up the appropriate records for the endpoints in your DNS management
+dashboard (usually associated with your domain registrar).
+
+`A` or `AAAA` records pointing to your server's IP address are sufficient.
+
+DNS propagation can take a few minutes to take effect.
+
+![cloudflare](/cloudflare.png)
+
+## Step 2: Configure reverse proxy
+
+After installing Caddy, `Caddyfile` is created at `/etc/caddy/`. Edit
+`/etc/caddy/Caddyfile` to configure reverse proxies.
+
+You can edit the minimal configuration provided below for your own needs.
+
+> yourdomain.tld is an example. Replace it with your own domain.
+
+```groovy
+# For Museum
+api.ente.yourdomain.tld {
+    reverse_proxy http://localhost:8080
+}
+
+# For Ente Photos web app
+web.ente.yourdomain.tld {
+    reverse_proxy http://localhost:3000
+}
+
+# For Ente Accounts web app
+accounts.ente.yourdomain.tld {
+    reverse_proxy http://localhost:3001
+}
+
+# For Ente Albums web app
+albums.ente.yourdomain.tld {
+    reverse_proxy http://localhost:3002
+}
+
+# For Ente Auth web app
+auth.ente.yourdomain.tld {
+    reverse_proxy http://localhost:3003
+}
+
+# For Ente Cast web app
+cast.ente.yourdomain.tld {
+    reverse_proxy http://localhost:3004
+}
+```
+
+## Step 3: Reload reverse proxy
+
+Reload Caddy for changes to take effect.
+
+```shell
+sudo systemctl caddy reload
+```
+
+## Step 4: Verify the setup
+
+Ente Photos web app should be up on https://web.ente.yourdomain.tld and Museum
+at https://api.ente.yourdomain.tld.
+
+> [!TIP] If you are using other reverse proxy servers such as NGINX, Traefik,
+> etc., please check out their documentation.

docs/docs/self-hosting/administration/users.md

@@ -0,0 +1,125 @@
+---
+title: User Management - Self-hosting
+description: Guide to configuring Ente CLI for Self Hosted Instance
+---
+
+# User Management
+
+You may wish to self-host Ente for your family or close circle. In such cases,
+you may wish to enable administrative access for few users, disable new
+registrations, manage one-time tokens (OTTs), etc.
+
+This document covers the details on how you can administer users on your server.
+
+## Whitelist admins
+
+The administrator users have to be explicitly whitelisted in `museum.yaml`. You
+can achieve this the following steps:
+
+1.  Connect to `ente_db` (the database used for storing data related to Ente).
+
+    ```shell
+    # Change the DB name and DB user name if you use different
+    # values.
+    # If using Docker
+    docker exec -it <postgres-ente-container-name> sh
+    psql -U pguser -d ente_db
+
+    # Or when using psql directly
+    psql -U pguser -d ente_db
+    ```
+
+2.  Get the user ID of the first user by running the following SQL query:
+
+    ```sql
+    SELECT * from users;
+    ```
+
+3.  Edit `internal.admins` or `internal.admin` (if you wish to whitelist only
+    single user) in `museum.yaml` to add the user ID you wish to whitelist.
+
+    - For multiple admins:
+
+    ```yaml
+    internal:
+        admins:
+            - <user_id>
+    ```
+
+    - For single admin:
+
+    ```yaml
+    internal:
+        admin: <user_id>
+    ```
+
+4.  Restart Museum by restarting the cluster
+
+::: tip Restart your Compose clusters whenever you make changes
+
+If you have edited the Compose file or configuration file (`museum.yaml`), make
+sure to recreate the cluster's containers.
+
+You can do this by the following command:
+
+```shell
+docker compose down && docker compose up -d
+```
+
+:::
+
+## Increase storage and account validity
+
+You can use Ente CLI for increasing storage quota and account validity for users
+on your instance. Check this guide for more
+[information](/self-hosting/administration/cli#step-4-increase-storage-and-account-validity)
+
+## Handle user verification codes
+
+Ente currently relies on verification codes for completion of registration.
+
+These are accessible in server logs. If using Docker Compose, they can be
+accessed by running `sudo docker compose logs` in the cluster folder where
+Compose file resides.
+
+However, you may wish to streamline this workflow. You can follow one of the 2
+methods if you wish to have many users in the system.
+
+### Use hardcoded OTTs
+
+You can configure to use hardcoded OTTs only for specific emails, or based on
+suffix.
+
+A sample configuration for the same is provided below, which is to be used in
+`museum.yaml`:
+
+```yaml
+internal:
+    hardcoded-ott:
+        emails:
+            - "example@example.org,123456"
+        local-domain-suffix: "@example.org"
+        local-domain-value: 012345
+```
+
+This sets OTT to 123456 for the email address example@example.com and 012345 for
+emails having @example.com as suffix.
+
+### Send email with verification code
+
+You can configure SMTP for sending verification code e-mails to users, if you do
+not wish to hardcode OTTs and have larger audience.
+
+For more information on configuring email, check out the
+[email configuration](/self-hosting/installation/config#email) section.
+
+## Disable registrations
+
+For security purposes, you may choose to disable registrations on your instance.
+You can disable new registrations by using the following configuration in
+`museum.yaml`.
+
+```yaml
+internal:
+    disable-registration: true
+```

docs/docs/self-hosting/creating-accounts.md

@@ -1,27 +0,0 @@
----
-title: Creating accounts
-description: Creating accounts on your deployment
----
-
-# Creating accounts
-
-Once Ente is up and running, the Ente Photos web app will be accessible on
-`http://localhost:3000`. Open this URL in your browser and proceed with creating
-an account.
-
-The default API endpoint for museum will be `localhost:8080`.
-
-![endpoint](/endpoint.png)
-
-To complete your account registration you will need to enter a 6-digit
-verification code.
-
-This code can be found in the server logs, which should already be shown in your
-quickstart terminal. Alternatively, you can open the server logs with the
-following command from inside the `my-ente` folder:
-
-```sh
-sudo docker compose logs
-```
-
-![otp](/otp.png)

docs/docs/self-hosting/faq/backup.md

@@ -1,65 +0,0 @@
----
-title: Backups
-description: General introduction to backing up your self hosted Ente instance
----
-
-# Backing up your Ente instance
-
-> [!WARNING]
->
-> This is not meant to be a comprehensive and bullet proof guide. There are many
-> moving parts, and small mistakes might make your backups unusable.
->
-> Please treat this only as a general introduction. And remember to test your
-> restores.
-
-At the minimum, a functional Ente backend needs three things:
-
-1. Museum (the API server)
-2. Postgres (the database)
-3. Object storage (any S3-compatible object storage)
-
-When thinking about backups, this translates into backing up the relevant state
-from each of these:
-
-1. For museum, you'd want to backup your `museum.yaml`, `credentials.yaml` or
-   any other custom configuration that you created. In particular, you should
-   backup the
-   [secrets that are specific to your instance](https://github.com/ente-io/ente/blob/74377a93d8e20e969d9a2531f32f577b5f0ef090/server/configurations/local.yaml#L188)
-   (`key.encryption`, `key.hash` and `jwt.secret`).
-
-2. For postgres, the entire data volume needs to be backed up.
-
-3. For object storage, the entire data volume needs to be backed up.
-
-A common oversight is taking a lot of care for backing up the object storage,
-even going as far as enabling replication and backing up the the multiple object
-storage volumes, but not applying the same care to the database backup.
-
-While the actual encrypted photos are indeed stored in the object storage,
-**this encrypted data will not be usable without the database** since the
-database contains information like a file specific encryption key.
-
-Viewed differently, to decrypt your data you need three pieces of information:
-
-1. The encrypted file data itself (which comes from the object storage backup).
-
-2. The ([encrypted](https://ente.io/architecture/)) file and collection specific
-   encryption keys (which come from the database backup).
-
-3. The master key (which comes from your password).
-
----
-
-If you're starting out with self hosting, our recommendation is to start by
-keeping a plaintext backup of your photos.
-[You can use the CLI or the desktop app to automate this](/photos/faq/export).
-
-Once you get more comfortable with the various parts, you can try backing up
-your instance. As a reference,
-[this document outlines how Ente itself treats backups](https://ente.io/reliability).
-
-If you stop doing plaintext backups and instead rely on your instance backup,
-ensure that you do the full restore process also to verify you can get back your
-data. As the industry saying goes, a backup without a restore is no backup at
-all.

docs/docs/self-hosting/faq/environment.md

@@ -1,52 +0,0 @@
----
-title: "Environment Variables and Ports"
-description:
-    "Information about all the Environment Variables needed to run Ente"
----
-
-# Environment variables and ports
-
-A self-hosted Ente instance requires specific endpoints in both Museum (the
-server) and web apps. This document outlines the essential environment variables
-and port mappings of the web apps.
-
-Here's the list of important variables that a self hoster should know about:
-
-### Museum
-
-1. `NEXT_PUBLIC_ENTE_ENDPOINT`
-
-The above environment variable is used to configure Museums endpoint. Where
-Museum is running and which port it is listening on. This endpoint should be
-configured for all the apps to connect to your self hosted endpoint.
-
-All the apps (regardless of platform) by default connect to api.ente.io - which
-is our production instance of Museum.
-
-### Web Apps
-
-> [!IMPORTANT] Web apps don't need to be configured with the below endpoints.
-> Web app environment variables are being documented here just so that the users
-> know everything in detail. Checkout
-> [Configuring your Server](/self-hosting/museum) to configure endpoints for
-> particular app.
-
-In Ente, all the web apps are separate NextJS applications. Therefore, they are
-all configured via environment variables. The photos app (Ente Photos) has
-information about and connects to other web apps like albums, cast, etc.
-
-1. `NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT`
-
-This environment variable is used to configure and declare the endpoint for the
-Albums web app.
-
-## Ports
-
-The below format is according to how ports are mapped in Docker.
-Typically,`<host>:<container-port>`
-
-1. `8080:8080`: Museum (Ente's server)
-2. `3000:3000`: Ente Photos web app
-3. `3001:3001`: Ente Accounts web app
-4. `3003:3003`: [Ente Auth web app](https://ente.io/auth/)
-5. `3004:3004`: [Ente Cast web app](http://ente.io/cast)

docs/docs/self-hosting/faq/index.md

@@ -1,47 +0,0 @@
----
-title: FAQ - Self hosting
-description: Frequently asked questions about self hosting Ente
----
-
-# Frequently Asked Questions
-
-### Do Ente Photos and Ente Auth share the same backend?
-
-Yes. The apps share the same backend, the same database and the same object
-storage namespace. The same user account works for both of them.
-
-### Can I just self host Ente Auth?
-
-Yes, if you wish, you can self-host the server and use it only for the 2FA auth
-app. The starter Docker compose will work fine for either Photos or Auth (or
-both!).
-
-> You currently don't need to configure the S3 object storage (e.g. minio
-> containers) if you're only using your self hosted Ente instance for auth.
-
-### Can I use the server with _X_ as the object storage?
-
-Yes. As long as whatever X you're using provides an S3 compatible API, you can
-use it as the underlying object storage. For example, the starter self-hosting
-Docker compose file we offer uses MinIO, and on our production deployments we
-use Backblaze/Wasabi/Scaleway. But that's not the full list - as long as the
-service you intend to use has a S3 compatible API, it can be used.
-
-### How do I increase storage space for users on my self hosted instance?
-
-See the [guide for administering your server](/self-hosting/guides/admin). In
-particular, you can use the `ente admin update-subscription` CLI command to
-increase the
-[storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
-of accounts on your instance.
-
-### How can I become an admin on my self hosted instance?
-
-The first user you create on your instance is treated as an admin.
-
-If you want, you can modify this behaviour by providing an explicit list of
-admins in the [configuration](/self-hosting/guides/admin#becoming-an-admin).
-
-### Can I disable registration of new accounts on my self hosted instance?
-
-Yes. See `internal.disable-registration` in local.yaml.

docs/docs/self-hosting/faq/otp.md

@@ -1,45 +0,0 @@
----
-title: Verification code
-description: Getting the OTP for a self hosted Ente
----
-
-# Verification code
-
-The self-hosted Ente by default does not send out emails, so you can pick the
-verification code by:
-
-- Getting it from the server logs, or
-
-- Reading it from the DB (otts table)
-
-The easiest option when getting started is to look for it in the server (museum)
-logs. If you're already running the docker compose cluster using the quickstart
-script, you should be already seeing the logs in your terminal. Otherwise you
-can go to the folder (e.g. `my-ente`) where your `compose.yaml` is, then run
-`docker compose logs museum --follow`. Once you can see the logs, look for a
-line like:
-
-```
-... Skipping sending email to email@example.com: *Verification code: 112089*
-```
-
-That is the verification code.
-
-> [!TIP]
->
-> You can also configure your instance to send out emails so that you can get
-> your verification code via emails by using the `smtp` section in the config.
-
-You can also set pre-defined hardcoded OTTs for certain users when running
-locally by creating a `museum.yaml` and adding the `internal.hardcoded-ott`
-configuration setting to it. See
-[local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml)
-in the server source code for details about how to define this.
-
-> [!NOTE]
->
-> If you're not able to get the OTP with the above methods, make sure that you
-> are actually connecting to your self hosted instance and not to Ente's
-> production servers. e.g. you can use the network requests tab in the browser
-> console to verify that the API requests are going to your server instead of
-> `api.ente.io`.

docs/docs/self-hosting/faq/sharing.md

@@ -1,104 +0,0 @@
----
-title: Album sharing
-description: Getting album sharing to work using an self-hosted Ente
----
-
-# Is public sharing available for self-hosted instances?
-
-Yes.
-
-You'll need to run two instances of the web app, one is regular web app, but
-another one is the same code but running on a different origin (i.e. on a
-different hostname or different port).
-
-Then, you need to tell the regular web app to use your second instance to
-service public links. You can do this by setting the
-`NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT` to point to your second instance when running
-or building the regular web app.
-
-For more details, see
-[.env](https://github.com/ente-io/ente/blob/main/web/apps/photos/.env) and
-[.env.development](https://github.com/ente-io/ente/blob/main/web/apps/photos/.env.development).
-
-As a concrete example, assuming we have a Ente server running on
-`localhost:8080`, we can start two instances of the web app, passing them
-`NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT` that points to the origin
-("scheme://host[:port]") of the second "albums" instance.
-
-The first one, the normal web app
-
-```sh
-NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080 \
-    NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=http://localhost:3002 \
-    yarn dev:photos
-```
-
-The second one, the same code but acting as the "albums" app (the only
-difference is the port it is running on):
-
-```sh
-NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080 \
-    NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=http://localhost:3002 \
-    yarn dev:albums
-```
-
-If you also want to change the prefix (the origin) in the generated public
-links, to use your custom albums endpoint in the generated public link instead
-of albums.ente.io, set `apps.public-albums` property in museum's configuration
-
-For example, when running using the starter docker compose file, you can do this
-by creating a `museum.yaml` and defining the following configuration there:
-
-```yaml
-apps:
-    public-albums: http://localhost:3002
-```
-
-(For more details, see
-[local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml)
-in the server's source code).
-
-## Dockerfile example
-
-Here is an example of a Dockerfile by @Dylanger on our community Discord. This
-runs a standalone self-hosted version of the public albums app in production
-mode.
-
-```Dockerfile
-FROM node:20-alpine as builder
-
-WORKDIR /app
-COPY . .
-
-ARG NEXT_PUBLIC_ENTE_ENDPOINT=https://your.ente.example.org
-ARG NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=https://your.albums.example.org
-
-RUN yarn install && yarn build
-
-FROM node:20-alpine
-
-WORKDIR /app
-COPY --from=builder /app/apps/photos/out .
-
-RUN npm install -g serve
-
-ENV PORT=3000
-EXPOSE ${PORT}
-
-CMD serve -s . -l tcp://0.0.0.0:${PORT}
-```
-
-Note that this only runs the public albums app, but the same principle can be
-used to run both the normal Ente photos app and the public albums app. There is
-a slightly more involved example showing how to do this also provided by in a
-community contributed guide about
-[configuring external S3](/self-hosting/guides/external-s3).
-
-You will also want to tell museum about your custom shared albums endpoint so
-that it uses that instead of the default URL when creating share links. You can
-configure that in museum's `config.yaml`:
-
-```
-apps:
-    public-albums: https://your.albums.example.org
-```

docs/docs/self-hosting/guides/admin.md

@@ -1,88 +0,0 @@
----
-title: Server admin
-description: Administering your custom self-hosted Ente instance using the CLI
----
-
-## Becoming an admin
-
-By default, the first user (and only the first user) created on the system is
-considered as an admin.
-
-This facility is provided as a convenience for people who are getting started
-with self hosting. For more serious deployments, we recommend creating an
-explicit whitelist of admins.
-
-> [!NOTE]
->
-> The first user is only treated as the admin if the list of admins in the
-> configuration is empty.
->
-> Also, if at some point you delete the first user, then you will need to define
-> a whitelist to make some other user as the admin if you wish (since the first
-> account has been deleted).
-
-To whitelist the user IDs that can perform admin actions on the server, use the
-following steps:
-
-- Create a `museum.yaml` in the directory where you're starting museum from. For
-  example, if you're running using `docker compose up`, then this file should be
-  in the same directory as `compose.yaml` (generally, `server/museum.yaml`).
-
-    > Docker might've created an empty `museum.yaml` _directory_ on your machine
-    > previously. If so, delete that empty directory and create a new file named
-    > `museum.yaml`.
-
-- In this `museum.yaml` we can add overrides over the default configuration.
-
-For whitelisting the admin userIDs we need to define an `internal.admins`. See
-the "internal" section in
-[local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml)
-in the server source code for details about how to define this.
-
-Here is an example. Suppose we wanted to whitelist a user with ID
-`1580559962386440`, we can create the following `museum.yaml`
-
-```yaml
-internal:
-    admins:
-        - 1580559962386440
-```
-
-You can use
-[account list](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_account_list.md)
-command to find the user id of any account.
-
-# Administering your custom server
-
-> [!NOTE] For the first user (admin) to perform administrative actions using the
-> CLI, their userID must be whitelisted in the `museum.yaml` configuration file
-> under `internal.admins`. While the first user is automatically granted admin
-> privileges on the server, this additional step is required for CLI operations.
-
-You can use
-[Ente's CLI](https://github.com/ente-io/ente/releases?q=tag%3Acli-v0) to
-administer your self hosted server.
-
-First we need to get your CLI to connect to your custom server. Define a
-config.yaml and put it either in the same directory as CLI or path defined in
-env variable `ENTE_CLI_CONFIG_PATH`
-
-```yaml
-endpoint:
-    api: "http://localhost:8080"
-```
-
-Now you should be able to
-[add an account](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_account_add.md),
-and subsequently increase the
-[storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
-using the CLI.
-
-> [!NOTE]
->
-> The CLI command to add an account does not create Ente accounts. It only adds
-> existing accounts to the list of (existing) accounts that the CLI can use.
-
-## Backups
-
-See this [FAQ](/self-hosting/faq/backup).

docs/docs/self-hosting/guides/configuring-s3.md

@@ -1,123 +0,0 @@
----
-title: Configuring S3 buckets
-description:
-    Configure S3 endpoints to fix upload errors or use your self hosted ente
-    from outside localhost
----
-
-# Architecture
-
-![Client, Museum, S3](/client-museum-s3.png)
-
-There are three components involved in uploading a file:
-
-1.  The client (e.g. the web app or the mobile app)
-2.  Ente's server (museum)
-3.  The S3-compatible object storage (e.g. MinIO in the default starter)
-
-For the uploads to work, all three of them need to be able to reach each other.
-This is because the client uploads directly to the object storage.
-
-A file upload flows as follows:
-
-1.  Client that wants to upload a file asks museum where it should upload the
-    file to
-2.  museum creates pre-signed URLs for the S3 bucket that was configured
-3.  Client directly uploads to the S3 buckets these URLs
-4.  Client finally informs museum that a file has been uploaded to this URL
-
-The upshot of this is that _both_ the client and museum should be able to reach
-your S3 bucket.
-
-## Configuring S3
-
-The URL for the S3 bucket is configured in
-[scripts/compose/credentials.yaml](https://github.com/ente-io/ente/blob/main/server/scripts/compose/credentials.yaml#L10).
-
-You can edit this file directly while testing, though it is more robust to
-create a `museum.yaml` (in the same folder as the Docker compose file) and to
-setup your custom configuration there.
-
-> [!TIP] For more details about these configuration objects, see the
-> documentation for the `s3` object in
-> [configurations/local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml).
-
-By default, you only need to configure the endpoint for the first bucket.
-
-The Docker compose file is shipped with MinIO as the self hosted S3 compatible
-storage. By default, MinIO server is served on `localhost:3200` and the MinIO UI
-on `localhost:3201`.
-
-For example, in a localhost network situation, the way this connection works is,
-museum (`1`) and MinIO (`2`) run on the same Docker network and the web app
-(`3`) will also be hosted on your localhost. This enables all the three
-components of the setup to communicate with each other seamlessly.
-
-The same principle applies if you're deploying to your custom domain.
-
-## Replication
-
-![Replication](/replication.png)
-
-<p align="center">Community contributed diagram of Ente's replication process</p>
-
-> [!IMPORTANT]
->
-> As of now, replication works only if all the 3 storage type needs are
-> fulfilled (1 hot, 1 cold and 1 glacier storage).
->
-> [Reference](https://github.com/ente-io/ente/discussions/3167#discussioncomment-10585970)
-
-If you're wondering why there are 3 buckets on the MinIO UI - that's because our
-production instance uses these to perform
-[replication](https://ente.io/reliability/).
-
-If you're also wondering about why the bucket names are specifically what they
-are, it's because that is exactly what we are using on our production instance.
-We use `b2-eu-cen` as hot, `wasabi-eu-central-2-v3` as cold (also the secondary
-hot) and `scw-eu-fr-v3` as glacier storage. As of now, all of this is hardcoded.
-Hence, the same hardcoded configuration is applied when you self host Ente.
-
-In a self hosted Ente instance replication is turned off by default. When
-replication is turned off, only the first bucket (`b2-eu-cen`) is used, and the
-other two are ignored. Only the names here are specifically fixed, but in the
-configuration body you can put any other keys. It does not have any relation
-with `b2`, `wasabi` or even `scaleway`.
-
-Use the `s3.hot_storage.primary` option if you'd like to set one of the other
-predefined buckets as the primary bucket.
-
-## SSL Configuration
-
-> [!NOTE]
->
-> If you need to configure SSL, you'll need to turn off `s3.are_local_buckets`
-> (which disables SSL in the default starter compose template).
-
-Disabling `s3.are_local_buckets` also switches to the subdomain style URLs for
-the buckets. However, not all S3 providers support these. In particular, MinIO
-does not work with these in default configuration. So in such cases you'll also
-need to enable `s3.use_path_style_urls`.
-
-## Summary
-
-Set the S3 bucket `endpoint` in `credentials.yaml` to a `yourserverip:3200` or
-some such IP / hostname that is accessible from both where you are running the
-Ente clients (e.g. the mobile app) and also from within the Docker compose
-cluster.
-
-### Example
-
-An example `museum.yaml` when you're trying to connect to museum running on your
-computer from your phone on the same WiFi network:
-
-```yaml
-s3:
-    are_local_buckets: true
-    b2-eu-cen:
-        key: test
-        secret: testtest
-        endpoint: http://<YOUR-WIFI-IP>:3200
-        region: eu-central-2
-        bucket: b2-eu-cen
-```

docs/docs/self-hosting/guides/custom-server/index.md

@@ -1,115 +0,0 @@
----
-title: Custom server
-description: Using a custom self-hosted server with Ente client apps and CLI
----
-
-# Connecting to a custom server
-
-You can modify various Ente client apps and CLI to connect to a self hosted
-custom server endpoint.
-
-[[toc]]
-
-## Mobile
-
-The pre-built Ente apps from GitHub / App Store / Play Store / F-Droid can be
-easily configured to use a custom server.
-
-You can tap 7 times on the onboarding screen to bring up a page where you can
-configure the endpoint the app should be connecting to.
-
-![Setting a custom server on the onboarding screen](custom-server.png)
-
-## Desktop and web
-
-Same as the mobile app, you can tap 7 times on the onboarding screen to
-configure the endpoint the app should connect to.
-
-<div align="center">
-
-![Setting a custom server on the onboarding screen on desktop or self-hosted web
-apps](web-dev-settings.png){width=400px}
-
-</div>
-
-This works on both the desktop app and web app (if you deploy on your own).
-
-To make it easier to identify when a custom server is being used, app will
-thereafter show the endpoint in use (if not Ente's production server) at the
-bottom of the login prompt:
-
-![Custom server indicator on the onboarding screen](web-custom-endpoint-indicator.png)
-
-Similarly, it'll be shown at other screens during the login flow. After login,
-you can also see it at the bottom of the sidebar.
-
-Note that the custom server configured this way is cleared when you reset the
-state during logout. In particular, the app also does a reset when you press the
-change email button during the login flow.
-
-### Building from source
-
-Alternatively (e.g. if you don't wish to configure this setting and just want to
-change the endpoint the client connects to by default), you can build the app
-from source and use the `NEXT_PUBLIC_ENTE_ENDPOINT` environment variable to tell
-it which server to connect to. For example:
-
-```sh
-NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080 yarn dev:photos
-```
-
-For more details, see
-[hosting the web app](https://help.ente.io/self-hosting/guides/web-app).
-
-## CLI
-
-> [!NOTE]
->
-> You can download the CLI from
-> [here](https://github.com/ente-io/ente/releases?q=tag%3Acli-v0)
-
-Define a config.yaml and put it either in the same directory as where you run
-the CLI from ("current working directory"), or in the path defined in env
-variable `ENTE_CLI_CONFIG_PATH`:
-
-```yaml
-endpoint:
-    api: "http://localhost:8080"
-```
-
-(Another
-[example](https://github.com/ente-io/ente/blob/main/cli/config.yaml.example))
-
-## Find the hostname of your server
-
-If you want to access your museum within your own network, you can use the
-`hostname` command to find a addressable local network hostname or IP for your
-computer, and then use it by suffixing it with the port number.
-
-First, run
-
-```sh
-hostname
-```
-
-The result will look something like this
-
-```sh
-my-computer.local
-```
-
-You will need to replace the server endpoint with an address that uses your
-server's hostname and the port number. Here's an example:
-
-```
-http://my-computer.local:8080
-```
-
-Note that this will only work within your network. To access it from outside the
-network, you need to use the public IP or hostname.
-
-> [!TIP]
->
-> If you're having trouble uploading from your mobile app, it is likely that
-> museum is not able to connect to your S3 storage. See the
-> [Configuring S3](/self-hosting/guides/configuring-s3) guide for more details.

docs/docs/self-hosting/guides/db-migration.md

@@ -1,158 +0,0 @@
----
-title: DB Migration
-description:
-    Migrating your self hosted Postgres 12 database to newer Postgres versions
----
-
-# Migrating Postgres 12 to 15
-
-The old sample docker compose file used Postgres 12, which is now nearing end of
-life, so we've updated it to Postgres 15. Postgres major versions changes
-require a migration step. This document mentions some approaches you can use.
-
-> [!TIP]
->
-> Ente itself does not use any specific Postgres 12 or Postgres 15 features, and
-> will talk to either happily. It should also work with newer Postgres versions,
-> but let us know if you run into any problems and we'll update this page.
-
-### Taking a backup
-
-`docker compose exec` allows us to run a command against a running container. We
-can use it to run the `pg_dumpall` command on the postgres container to create a
-plaintext backup.
-
-Assuming your cluster is already running, and you are in the `ente/server`
-directory, you can run the following (this command uses the default credentials,
-you'll need to change these to match your setup):
-
-```sh
-docker compose exec postgres env PGPASSWORD=pgpass PGUSER=pguser PG_DB=ente_db pg_dumpall >pg12.backup.sql
-```
-
-This will produce a `pg12.backup.sql` in your current directory. You can open it
-in a text editor (it can be huge!) to verify that it looks correct.
-
-We won't be needing this file, this backup is recommended just in case something
-goes amiss with the actual migration.
-
-> If you need to restore from this plaintext backup, you could subsequently run
-> something like:
->
-> ```sh
-> docker compose up postgres
-> cat pg12.backup.sql | docker compose exec -T postgres env PGPASSWORD=pgpass psql -U pguser -d ente_db
-> ```
-
-## The migration
-
-At the high level, the steps are
-
-1. Stop your cluster.
-
-2. Start just the postgres container after changing the image to
-   `pgautoupgrade/pgautoupgrade:15-bookworm`.
-
-3. Once the in-place migration completes, stop the container, and change the
-   image to `postgres:15`.
-
-#### 1. Stop the cluster
-
-Stop your running Ente cluster.
-
-```sh
-docker compose down
-```
-
-#### 2. Run `pgautoupgrade`
-
-Modify your `compose.yaml`, changing the image for the "postgres" container from
-"postgres:12" to "pgautoupgrade/pgautoupgrade:15-bookworm"
-
-```diff
-diff a/server/compose.yaml b/server/compose.yaml
-
-   postgres:
--    image: postgres:12
-+    image: pgautoupgrade/pgautoupgrade:15-bookworm
-     ports:
-```
-
-[pgautoupgrade](https://github.com/pgautoupgrade/docker-pgautoupgrade) is a
-community docker image that performs an in-place migration.
-
-After making the change, run only the `postgres` container in the cluster
-
-```sh
-docker compose up postgres
-```
-
-The container will start and peform an in-place migration. Once it is done, it
-will start postgres normally. You should see something like this is the logs
-
-```
-postgres-1  | Automatic upgrade process finished with no errors reported
-...
-postgres-1  | ...  starting PostgreSQL 15...
-```
-
-At this point, you can stop the container (`CTRL-C`).
-
-#### 3. Finish by changing image
-
-Modify `compose.yaml` again, changing the image to "postgres:15".
-
-```diff
-diff a/server/compose.yaml b/server/compose.yaml
-
-   postgres:
--    image: pgautoupgrade/pgautoupgrade:15-bookworm
-+    image: postgres:15
-     ports:
-```
-
-And cleanup the temporary containers by
-
-```sh
-docker compose down --remove-orphans
-```
-
-Migration is now complete. You can start your Ente cluster normally.
-
-```sh
-docker compose up
-```
-
-## Migration elsewhere
-
-The above instructions are for Postgres running inside docker, as the sample
-docker compose file does. There are myriad other ways to run Postgres, and the
-migration sequence then will depend on your exact setup.
-
-Two common approaches are
-
-1. Backup and restore, the `pg_dumpall` + `psql` import sequence described in
-   [Taking a backup](#taking-a-backup) above.
-
-2. In place migrations using `pg_upgrade`, which is what the
-   [pgautoupgrade](#the-migration) migration above does under the hood.
-
-The first method, backup and restore, is low tech and will work similarly in
-most setups. The second method is more efficient, but requires a bit more
-careful preparation.
-
-As another example, here is how one can migrate 12 to 15 when running Postgres
-on macOS, installed using Homebrew.
-
-1. Stop your postgres. Make sure there are no more commands shown by
-   `ps aux | grep '[p]ostgres'`.
-
-2. Install postgres15.
-
-3. Migrate data using `pg_upgrade`:
-
-    ```sh
-    /opt/homebrew/Cellar/postgresql@15/15.8/bin/pg_upgrade -b /opt/homebrew/Cellar/postgresql@12/12.18_1/bin -B /opt/homebrew/Cellar/postgresql@15/15.8/bin/ -d /opt/homebrew/var/postgresql@12 -D /opt/homebrew/var/postgresql@15
-    ```
-
-4. Start postgres 15 and verify version using `SELECT VERSION()`.

docs/docs/self-hosting/guides/external-s3.md

@@ -1,261 +0,0 @@
----
-title: External S3 buckets
-description:
-    Self hosting Ente's server and photos web app when using an external S3
-    bucket
----
-
-# Hosting server and web app using external S3
-
-> [!NOTE]
->
-> This is a community contributed guide, and some of these steps ~~might be~~
-> ARE out of sync with the upstream changes. This document is retained for
-> reference purposes, but if something is not working correctly, please see the
-> latest [READMEs](https://github.com/ente-io/ente/blob/main/server/README.md)
-> in the repository and/or other guides in [self-hosting](/self-hosting/).
-
-This guide is for self hosting the server and the web application of Ente Photos
-using docker compose and an external S3 bucket. So we assume that you already
-have the keys and secrets for the S3 bucket. The plan is as follows:
-
-1. Create a `compose.yaml` file
-2. Set up the `.credentials.env` file
-3. Run `docker-compose up`
-4. Create an account and increase storage quota
-5. Fix potential CORS issue with your bucket
-
-## 1. Create a `compose.yaml` file
-
-After cloning the main repository with
-
-```bash
-git clone https://github.com/ente-io/ente.git
-# Or git clone git@github.com:ente-io/ente.git
-cd ente
-```
-
-Create a `compose.yaml` file at the root of the project with the following
-content (there is nothing to change here):
-
-```yaml
-services:
-    museum:
-        build:
-            context: server
-            args:
-                GIT_COMMIT: local
-        ports:
-            - 8080:8080 # API
-            - 2112:2112 # Prometheus metrics
-        depends_on:
-            postgres:
-                condition: service_healthy
-
-        # Wait for museum to ping pong before starting the webapp.
-        healthcheck:
-            test: [
-                    "CMD",
-                    "echo",
-                    "1", # I don't know what to put here
-                ]
-        environment:
-            # no need to touch these
-            ENTE_DB_HOST: postgres
-            ENTE_DB_PORT: 5432
-            ENTE_DB_NAME: ente_db
-            ENTE_DB_USER: pguser
-            ENTE_DB_PASSWORD: pgpass
-        env_file:
-            - ./.credentials.env
-        volumes:
-            - custom-logs:/var/logs
-            - museum.yaml:/museum.yaml:ro
-        networks:
-            - internal
-
-    web:
-        build:
-            context: web
-        ports:
-            - 8081:80
-            - 8082:80
-        depends_on:
-            museum:
-                condition: service_healthy
-        env_file:
-            - ./.credentials.env
-
-    postgres:
-        image: postgres:12
-        ports:
-            - 5432:5432
-        environment:
-            POSTGRES_USER: pguser
-            POSTGRES_PASSWORD: pgpass
-            POSTGRES_DB: ente_db
-        # Wait for postgres to be accept connections before starting museum.
-        healthcheck:
-            test: ["CMD", "pg_isready", "-q", "-d", "ente_db", "-U", "pguser"]
-            interval: 1s
-            timeout: 5s
-            retries: 20
-        volumes:
-            - postgres-data:/var/lib/postgresql/data
-        networks:
-            - internal
-volumes:
-    custom-logs:
-    postgres-data:
-networks:
-    internal:
-```
-
-It maybe be added in the future, but if it does not exist, create a `Dockerfile`
-in the `web` directory with the following content:
-
-```Dockerfile
-# syntax=docker/dockerfile:1
-FROM node:21-bookworm-slim as ente-builder
-WORKDIR /app
-RUN apt update && apt install -y ca-certificates && rm -rf /var/lib/apt/lists/*
-COPY . .
-RUN yarn install
-ENV NEXT_PUBLIC_ENTE_ENDPOINT=DOCKER_RUNTIME_REPLACE_ENDPOINT
-ENV NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=DOCKER_RUNTIME_REPLACE_ALBUMS_ENDPOINT
-RUN yarn build
-
-
-FROM nginx:1.25-alpine-slim
-COPY --from=ente-builder /app/apps/photos/out /usr/share/nginx/html
-COPY <<EOF /etc/nginx/conf.d/default.conf
-server {
-  listen 80 default_server;
-  root /usr/share/nginx/html;
-  location / {
-      try_files \$uri \$uri.html \$uri/ =404;
-  }
-  error_page 404 /404.html;
-  location = /404.html {
-      internal;
-  }
-}
-EOF
-ARG ENDPOINT="http://localhost:8080"
-ENV ENDPOINT "$ENDPOINT"
-ARG ALBUMS_ENDPOINT="http://localhost:8082"
-ENV ALBUMS_ENDPOINT "$ALBUMS_ENDPOINT"
-COPY <<EOF /docker-entrypoint.d/replace_ente_endpoints.sh
-echo "Replacing endpoints"
-echo "  Endpoint: \$ENDPOINT"
-echo "  Albums Endpoint: \$ALBUMS_ENDPOINT"
-
-replace_enpoints() {
-  sed -i -e 's,DOCKER_RUNTIME_REPLACE_ENDPOINT,'"\$ENDPOINT"',g' \$1
-  sed -i -e 's,DOCKER_RUNTIME_REPLACE_ALBUMS_ENDPOINT,'"\$ALBUMS_ENDPOINT"',g' \$1
-}
-for jsfile in `find '/usr/share/nginx/html' -type f -name '*.js'`
-do
-    replace_enpoints "\$jsfile"
-done
-EOF
-
-RUN chmod +x /docker-entrypoint.d/replace_ente_endpoints.sh
-```
-
-This runs nginx inside to handle both the web & album URLs so we don't have to
-make two web images with different port.
-
-- `DOCKER_RUNTIME_REPLACE_ENDPOINT` this is your public museum API URL.
-- `DOCKER_RUNTIME_REPLACE_ALBUMS_ENDPOINT` this is the shared albums URL (for
-  more details about configuring shared albums, see
-  [faq/sharing](/self-hosting/faq/sharing)).
-
-Note how above we had updated the `compose.yaml` file for the server with
-
-```yaml
-web:
-    build:
-        context: web
-    ports:
-        - 8081:80
-        - 8082:80
-```
-
-so that web and album both point to the same container and nginx will handle it.
-
-## 2. Set up the `.credentials.env` file
-
-Create a `.credentials.env` file at the root of the project with the following
-content (here you need to set the correct value of each variable):
-
-<!-- The following code block should have language env, but vitepress currently
-doesn't support that language, so use sh as a reasonable fallback instead. -->
-
-```sh
-# run  `go run tools/gen-random-keys/main.go` in the server directory to generate the keys
-ENTE_KEY_ENCRYPTION=
-ENTE_KEY_HASH=
-ENTE_JWT_SECRET=
-
-# if you deploy it on a server under a domain, you need to set the correct value of the following variables
-# it can be changed later
-
-# The backend server URL (Museum) to be used by the webapp
-ENDPOINT=http://localhost:8080
-# The URL of the public albums webapp (also need to be updated in museum.yml so the correct links are generated)
-ALBUMS_ENDPOINT=http://localhost:8082
-```
-
-Create the `museum.yaml` with additional configuration, this will be mounted
-(read-only) into the container:
-
-```yaml
-s3:
-    are_local_buckets: false
-    # For some self-hosted S3 deployments you (e.g. Minio) you might need to disable bucket subdomains
-    use_path_style_urls: true
-    # The key must be named like so
-    b2-eu-cen:
-        key: $YOUR_S3_KEY
-        secret: $YOUR_S3_SECRET
-        endpoint: $YOUR_S3_ENDPOINT
-        region: $YOUR_S3_REGION
-        bucket: $YOUR_S3_BUCKET_NAME
-# The same value as the one specified in ALBUMS_ENDPOINT
-apps:
-    public-albums: http://localhost:8082
-```
-
-## 3. Run `docker-compose up`
-
-Run `docker-compose up` at the root of the project (add `-d` to run it in the
-background).
-
-## 4. Create an account and increase storage quota
-
-Open `http://localhost:8080` or whatever Endpoint you mentioned for the web app
-and create an account. If your SMTP related configurations are all set and
-right, you will receive an email with your OTT in it. There are two work arounds
-to retrieve the OTP, checkout
-[this document](https://help.ente.io/self-hosting/faq/otp) for getting your
-OTT's..
-
-If you successfully log in, select any plan and increase the storage quota with
-the following command:
-
-```bash
-docker compose exec -i postgres psql -U pguser -d ente_db -c "INSERT INTO storage_bonus (bonus_id, user_id, storage, type, valid_till) VALUES ('self-hosted-myself', (SELECT user_id FROM users), 1099511627776, 'ADD_ON_SUPPORT', 0)"
-```
-
-After few reloads, you should see 1 To of quota.
-
-## Related
-
-Some other users have also shared their setups.
-
-- [Using Traefik](https://github.com/ente-io/ente/pull/3663)
-
-- [Building custom images from source (Linux)](https://github.com/ente-io/ente/discussions/3778)
-
-- [Troubleshooting Bucket CORS](/self-hosting/troubleshooting/bucket-cors)

docs/docs/self-hosting/guides/from-source.md

@@ -1,229 +0,0 @@
----
-title: Ente from Source
-description: Getting started self hosting Ente Photos and/or Ente Auth
----
-
-# Ente from Source
-
-> [!WARNING] NOTE The below documentation will cover instructions about
-> self-hosting the web app manually. If you want to deploy Ente hassle free, use
-> the [one line](https://ente.io/blog/self-hosting-quickstart/) command to setup
-> Ente. This guide might be deprecated in the near future.
-
-## Installing Docker
-
-Refer to
-[How to install Docker from the APT repository](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository)
-for detailed instructions.
-
-## Start the server
-
-```sh
-git clone https://github.com/ente-io/ente
-cd ente/server
-docker compose up --build
-```
-
-> [!TIP]
->
-> You can also use a pre-built Docker image from `ghcr.io/ente-io/server`
-> ([More info](https://github.com/ente-io/ente/blob/main/server/docs/docker.md))
-
-Install the necessary dependencies for running the web client
-
-```sh
-# installing npm and yarn
-
-sudo apt update
-sudo apt install nodejs npm
-sudo npm install -g yarn // to install yarn globally
-```
-
-Then in a separate terminal, you can run (e.g) the web client
-
-```sh
-cd ente/web
-git submodule update --init --recursive
-yarn install
-NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080 yarn dev
-```
-
-That's about it. If you open http://localhost:3000, you will be able to create
-an account on a Ente Photos web app running on your machine, and this web app
-will be connecting to the server running on your local machine at
-`localhost:8080`.
-
-For the mobile apps, you don't even need to build, and can install normal Ente
-apps and configure them to use your
-[custom self-hosted server](/self-hosting/guides/custom-server/).
-
-> If you want to build the mobile apps from source, see the instructions
-> [here](/self-hosting/guides/mobile-build).
-
-## Web app with Docker and Compose
-
-The instructoins in previous section were just a temporary way to run the web
-app locally. To run the web apps as services, the user has to build a docker
-image manually.
-
-> [!IMPORTANT]
->
-> Recurring changes might be made by the team or from community if more
-> improvements can be made so that we are able to build a full-fledged docker
-> image.
-
-```dockerfile
-FROM node:20-bookworm-slim as builder
-
-WORKDIR ./ente
-
-COPY . .
-COPY apps/ .
-
-# Will help default to yarn versoin 1.22.22
-RUN corepack enable
-
-# Endpoint for Ente Server
-ENV NEXT_PUBLIC_ENTE_ENDPOINT=https://your-ente-endpoint.com
-ENV NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=https://your-albums-endpoint.com
-
-RUN yarn cache clean
-RUN yarn install --network-timeout 1000000000
-RUN yarn build:photos && yarn build:accounts && yarn build:auth && yarn build:cast
-
-FROM node:20-bookworm-slim
-
-WORKDIR /app
-
-COPY --from=builder /ente/apps/photos/out /app/photos
-COPY --from=builder /ente/apps/accounts/out /app/accounts
-COPY --from=builder /ente/apps/auth/out /app/auth
-COPY --from=builder /ente/apps/cast/out /app/cast
-
-RUN npm install -g serve
-
-ENV PHOTOS=3000
-EXPOSE ${PHOTOS}
-
-ENV ACCOUNTS=3001
-EXPOSE ${ACCOUNTS}
-
-ENV AUTH=3002
-EXPOSE ${AUTH}
-
-ENV CAST=3003
-EXPOSE ${CAST}
-
-# The albums app does not have navigable pages on it, but the
-# port will be exposed in-order to self up the albums endpoint
-# `apps.public-albums` in museum.yaml configuration file.
-ENV ALBUMS=3004
-EXPOSE ${ALBUMS}
-
-CMD ["sh", "-c", "serve /app/photos -l tcp://0.0.0.0:${PHOTOS} & serve /app/accounts -l tcp://0.0.0.0:${ACCOUNTS} & serve /app/auth -l tcp://0.0.0.0:${AUTH} & serve /app/cast -l tcp://0.0.0.0:${CAST}"]
-```
-
-The above is a multi-stage Dockerfile which creates a production ready static
-output of the 4 apps (Photos, Accounts, Auth and Cast) and serves the static
-content with Caddy.
-
-Looking at 2 different node base-images doing different tasks in the same
-Dockerfile would not make sense, but the Dockerfile is divided into two just to
-improve the build efficiency as building this Dockerfile will arguably take more
-time.
-
-Lets build a Docker image from the above Dockerfile. Copy and paste the above
-Dockerfile contents in the root of your web directory which is inside
-`ente/web`. Execute the below command to create an image from this Dockerfile.
-
-```sh
-# Build the image
-docker build -t <image-name>:<tag> --no-cache --progress plain .
-```
-
-You can always edit the Dockerfile and remove the steps for apps which you do
-not intend to install on your system (like auth or cast) and opt out of those.
-
-Regarding Albums App, take a note that they are not apps with navigable pages,
-if accessed on the web-browser they will simply redirect to ente.web.io.
-
-## compose.yaml
-
-Moving ahead, we need to paste the below contents into the compose.yaml inside
-`ente/server/compose.yaml` under the services section.
-
-```yaml
-ente-web:
-    image: <image-name> # name of the image you used while building
-    ports:
-        - 3000:3000
-        - 3001:3001
-        - 3002:3002
-        - 3003:3003
-        - 3004:3004
-    environment:
-        - NODE_ENV=development
-    restart: always
-```
-
-Now, we're good to go. All we are left to do now is start the containers.
-
-```sh
-docker compose up -d # --build
-
-# Accessing the logs
-docker compose logs <container-name>
-```
-
-## Configure App Endpoints
-
-> [!NOTE] Previously, this was dependent on the env variables
-> `NEXT_ENTE_PUBLIC_ACCOUNTS_ENDPOINT` and etc. Please check the below
-> documentation to update your setup configurations
-
-You can configure the web endpoints for the other apps including Accounts,
-Albums Family and Cast in your `museum.yaml` configuration file. Checkout
-[`local.yaml`](https://github.com/ente-io/ente/blob/543411254b2bb55bd00a0e515dcafa12d12d3b35/server/configurations/local.yaml#L76-L89)
-to configure the endpoints. Make sure to setup up your DNS Records accordingly
-to the similar URL's you set up in `museum.yaml`.
-
-Next part is to configure the web server.
-
-# Web server configuration
-
-The last step ahead is configuring reverse_proxy for the ports on which the apps
-are being served (you will have to make changes, if you have cusotmized the
-ports). The web server of choice in this guide is
-[Caddy](https://caddyserver.com) because with caddy you don't have to manually
-configure/setup SSL ceritifcates as caddy will take care of that.
-
-```groovy
-photos.yourdomain.com {
-	reverse_proxy http://localhost:3001
-    # for logging
-    log {
-        level error
-    }
-}
-
-auth.yourdomain.com {
-    reverse_proxy http://localhost:3002
-}
-# and so on ...
-```
-
-Next, start the caddy server :).
-
-```sh
-# If caddy service is not enabled
-sudo systemctl enable caddy
-
-sudo systemctl daemon-reload
-
-sudo systemctl start caddy
-```
-
-## Contributing
-
-Please start a discussion on the Github Repo if you have any suggestions for the
-Dockerfile, You can also share your setups on Github Discussions.

docs/docs/self-hosting/guides/index.md

@@ -1,5 +1,5 @@
 ---
-title: Self Hosting
+title: Guides - Self-hosting
 description: Guides for self hosting Ente Photos and/or Ente Auth
 ---
 
@@ -10,14 +10,12 @@ walkthroughs, tutorials and other FAQ pages in this directory.
 
 See the sidebar for existing guides. In particular:
 
-- If you're just looking to get started, see
-  [configure custom server](custom-server/).
+- If you're just looking to get started, see installation.
 
-- For various admin related tasks, e.g. increasing the storage quota on your
-  self hosted instance, see [administering your custom server](admin).
+- For various administrative tasks, e.g. increasing the storage quota for user
+  on your self-hosted instance, see
+  [user management](/self-hosting/administration/users).
 
 - For configuring your S3 buckets to get the object storage to work from your
   mobile device or for fixing an upload errors, see
-  [configuring S3](configuring-s3). There is also a longer
-  [community contributed guide](external-s3) for a more self hosted setup of
-  both the server and web app using external S3 buckets for object storage.
+  [object storage](/self-hosting/administration/object-storage).

docs/docs/self-hosting/guides/selfhost-cli.md

@@ -1,39 +0,0 @@
----
-title: CLI for Self Hosted Instance
-description: Guide to configuring Ente CLI for Self Hosted Instance
----
-
-## Self Hosting
-
-If you are self-hosting the server, you can still configure CLI to export data &
-perform basic admin actions.
-
-To do this, first configure the CLI to point to your server. Define a
-config.yaml and put it either in the same directory as CLI binary or path
-defined in env variable `ENTE_CLI_CONFIG_DIR`
-
-```yaml
-endpoint:
-    api: "http://localhost:8080"
-```
-
-You should be able to
-[add an account](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_account_add.md),
-and subsequently increase the
-[storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
-using the CLI.
-
-For the admin actions, you first need to whitelist admin users. You can create
-`server/museum.yaml`, and whitelist add the admin userID `internal.admins`. See
-[local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml#L211C1-L232C1)
-in the server source code for details about how to define this.
-
-You can use
-[account list](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_account_list.md)
-command to find the user id of any account.
-
-```yaml
-internal:
-    admins:
-        # - 1580559962386440
-```

docs/docs/self-hosting/guides/standalone-ente.md

@@ -1,116 +0,0 @@
----
-title: Installing Ente Standalone (without Docker)
-description: Installing and setting up Ente standalone without docker.
----
-
-# Installing and Deploying Ente Standalone (without Docker)
-
-## Running Museum (Ente's server) without Docker
-
-First, start by installing all the dependencies to get your machine ready for
-development.
-
-```sh
-# For MacOS
-brew tap homebrew/core
-brew update
-brew install go
-
-# For Ubuntu based distros
-sudo apt update && sudo apt upgrade
-sudo apt install golang-go
-```
-
-Alternatively, you can also download the latest binaries from
-['All Release'](https://go.dev/dl/) page from the official website.
-
-```sh
-brew install postgres@15
-# Link the postgres keg
-brew link postgresql@15
-
-brew install libsodium
-
-# For Ubuntu based distros
-sudo apt install postgresql
-sudo apt install libsodium23 libsodium-dev
-```
-
-The package `libsodium23` might be installed already in some cases.
-
-Installing pkg-config
-
-```sh
-brew install pkg-config
-
-# For Ubuntu based distros
-sudo apt install pkg-config
-```
-
-## Starting Postgres
-
-### With pg_ctl
-
-```sh
-pg_ctl -D /usr/local/var/postgres -l logfile start
-```
-
-Dependeing on the Operating System type the path for postgres binary or
-configuration file might be different, please check if the command keeps failing
-for you.
-
-Ideally, if you are on a Linux system with systemd as the init. You can also
-start postgres as a systemd service. After Installation execute the following
-commands:
-
-```sh
-sudo systemctl enable postgresql
-sudo systemctl daemon-reload && sudo systemctl start postgresql
-```
-
-### Create user
-
-```sh
-createuser -s postgres
-```
-
-## Start Museum
-
-Start by cloning ente to your system.
-
-```sh
-git clone https://github.com/ente-io/ente
-```
-
-```sh
-export ENTE_DB_USER=postgres
-cd ente/server
-go run cmd/museum/main.go
-```
-
-You can also add the export line to your shell's RC file, to avoid exporting the
-environment variable every time.
-
-For live reloads, install [air](https://github.com/air-verse/air#installation).
-Then you can just call air after declaring the required environment variables.
-For example,
-
-```sh
-ENTE_DB_USER=postgres
-air
-```
-
-## Museum as a background service
-
-Please check the below links if you want to run Museum as a service, both of
-them are battle tested.
-
-1. [How to run museum as a systemd service](https://gist.github.com/mngshm/a0edb097c91d1dc45aeed755af310323)
-2. [Museum.service](https://github.com/ente-io/ente/blob/23e678889189157ecc389c258267685934b83631/server/scripts/deploy/museum.service#L4)
-
-Once you are done with setting and running Museum, all you are left to do is run
-the web app and reverse_proxy it with a webserver. You can check the following
-resources for Deploying your web app.
-
-1. [Hosting the Web App](https://help.ente.io/self-hosting/guides/web-app).
-2. [Running Ente Web app as a systemd Service](https://gist.github.com/mngshm/72e32bd483c2129621ed0d74412492fd)

docs/docs/self-hosting/guides/system-requirements.md

@@ -1,14 +0,0 @@
----
-title: System requirements
-description: System requirements for running Ente's server
----
-
-# System requirements
-
-There aren't any "minimum" system requirements as such, the server process is
-very light weight - it's just a single go binary, and it doesn't do any server
-side ML, so I feel it should be able to run on anything reasonable.
-
-We've used the server quite easily on small cloud instances, old laptops etc. A
-community member also reported being able to run the server on
-[very low-end embedded devices](https://github.com/ente-io/ente/discussions/594).

docs/docs/self-hosting/guides/systemd.md

@@ -0,0 +1,23 @@
+---
+title: Running Ente using systemd - Self-hosting
+description: Running Ente services (Museum and web application) via systemd
+---
+
+# Running Ente using `systemd`
+
+On Linux distributions using `systemd` as initialization system, Ente can be
+configured to run as a background service, upon system startup by service files.
+
+## Museum as a background service
+
+Please check the below links if you want to run Museum as a service, both of
+them are battle tested.
+
+1. [How to run museum as a systemd service](https://gist.github.com/mngshm/a0edb097c91d1dc45aeed755af310323)
+2. [Museum.service](https://github.com/ente-io/ente/blob/23e678889189157ecc389c258267685934b83631/server/scripts/deploy/museum.service#L4)
+
+Once you are done with setting and running Museum, all you are left to do is run
+the web app and set up reverse proxy. Check out the documentation for
+[more information](/self-hosting/installation/manual#step-3-configure-web-application).
+
+> **Credits:** [mngshm](https://github.com/mngshm)

docs/docs/self-hosting/guides/tailscale.md

@@ -1,5 +1,5 @@
 ---
-title: Self Hosting with Tailscale (Community)
+title: Self-hosting with Tailscale - Self-hosting
 description: Guides for self-hosting Ente Photos and/or Ente Auth with Tailscale
 ---
 
@@ -347,3 +347,5 @@ This will list all account details. Copy Acount ID.
 > ente-museum-1 container from linux terminal. Run
 > `docker restart ente-museum-1`. All well, now you will have 100TB storage.
 > Repeat if for any other accounts you want to give unlimited storage access.
+
+> **Credits:** [A4alli](https://github.com/A4alli)

docs/docs/self-hosting/guides/web-app.md

@@ -1,195 +0,0 @@
----
-title: Hosting the web apps
-description:
-    Building and hosting Ente's web apps, connecting it to your self-hosted
-    server
----
-
-> [!WARNING] NOTE This page covers documentation around self-hosting the web app
-> manually. If you want to deploy Ente hassle free, please use the
-> [one line](https://ente.io/blog/self-hosting-quickstart/) command to setup
-> Ente. This guide might be deprecated in the near future.
-
-# Web app
-
-The getting started instructions mention using `yarn dev` (which is an alias of
-`yarn dev:photos`) to serve your web app.
-
-> [!IMPORTANT] Please note that Ente's Web App supports the Yarn version 1.22.xx
-> or 1.22.22 specifically. Make sure to install the right version or modify your
-> yarn installation to meet the requirements. The user might end up into unknown
-> version and dependency related errors if yarn is on different version.
-
-```sh
-cd ente/web
-yarn install
-NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080 yarn dev:photos
-```
-
-This is fine for trying the web app and verifying that your self-hosted server
-is working as expected etc. But if you would like to use the web app for a
-longer term, then it is recommended to follow the Docker approach.
-
-## With Docker/Docker Compose (Recommended)
-
-> [!IMPORTANT]
->
-> Recurring changes might be made by the team or from community if more
-> improvements can be made so that we are able to build a full-fledged docker
-> image.
-
-```dockerfile
-FROM node:20-bookworm-slim as builder
-
-WORKDIR ./ente
-
-COPY . .
-COPY apps/ .
-
-# Will help default to yarn versoin 1.22.22
-RUN corepack enable
-
-# Endpoint for Ente Server
-ENV NEXT_PUBLIC_ENTE_ENDPOINT=https://changeme.com
-ENV NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=https://changeme.com
-
-RUN yarn cache clean
-RUN yarn install --network-timeout 1000000000
-RUN yarn build:photos && yarn build:accounts && yarn build:auth && yarn build:cast
-
-FROM node:20-bookworm-slim
-
-WORKDIR /app
-
-COPY --from=builder /ente/apps/photos/out /app/photos
-COPY --from=builder /ente/apps/accounts/out /app/accounts
-COPY --from=builder /ente/apps/auth/out /app/auth
-COPY --from=builder /ente/apps/cast/out /app/cast
-
-RUN npm install -g serve
-
-ENV PHOTOS=3000
-EXPOSE ${PHOTOS}
-
-ENV ACCOUNTS=3001
-EXPOSE ${ACCOUNTS}
-
-ENV AUTH=3002
-EXPOSE ${AUTH}
-
-ENV CAST=3003
-EXPOSE ${CAST}
-
-# The albums app does not have navigable pages on it, but the
-# port will be exposed in-order to self up the albums endpoint
-# `apps.public-albums` in museum.yaml configuration file.
-ENV ALBUMS=3004
-EXPOSE ${ALBUMS}
-
-CMD ["sh", "-c", "serve /app/photos -l tcp://0.0.0.0:${PHOTOS} & serve /app/accounts -l tcp://0.0.0.0:${ACCOUNTS} & serve /app/auth -l tcp://0.0.0.0:${AUTH} & serve /app/cast -l tcp://0.0.0.0:${CAST}"]
-```
-
-The above is a multi-stage Dockerfile which creates a production ready static
-output of the 4 apps (Photos, Accounts, Auth and Cast) and serves the static
-content with Caddy.
-
-Looking at 2 different node base-images doing different tasks in the same
-Dockerfile would not make sense, but the Dockerfile is divided into two just to
-improve the build efficiency as building this Dockerfile will arguably take more
-time.
-
-Lets build a Docker image from the above Dockerfile. Copy and paste the above
-Dockerfile contents in the root of your web directory which is inside
-`ente/web`. Execute the below command to create an image from this Dockerfile.
-
-```sh
-# Build the image
-docker build -t <image-name>:<tag> --no-cache --progress plain .
-```
-
-You can always edit the Dockerfile and remove the steps for apps which you do
-not intend to install on your system (like auth or cast) and opt out of those.
-
-Regarding Albums App, please take a note that they are not web pages with
-navigable pages, if accessed on the web-browser they will simply redirect to
-ente.web.io.
-
-## compose.yaml
-
-Moving ahead, we need to paste the below contents into the compose.yaml inside
-`ente/server/compose.yaml` under the services section.
-
-```yaml
-ente-web:
-    image: <image-name> # name of the image you used while building
-    ports:
-        - 3000:3000
-        - 3001:3001
-        - 3002:3002
-        - 3003:3003
-        - 3004:3004
-    environment:
-        - NODE_ENV=development
-    restart: always
-```
-
-Now, we're good to go. All we are left to do now is start the containers.
-
-```sh
-docker compose up -d # --build
-
-# Accessing the logs
-docker compose logs <container-name>
-```
-
-## Configure App Endpoints
-
-> [!NOTE] Previously, this was dependent on the env variables
-> `NEXT_ENTE_PUBLIC_ACCOUNTS_ENDPOINT` and etc. Please check the below
-> documentation to update your setup configurations
-
-You can configure the web endpoints for the other apps including Accounts,
-Albums Family and Cast in your `museum.yaml` configuration file. Checkout
-[`local.yaml`](https://github.com/ente-io/ente/blob/543411254b2bb55bd00a0e515dcafa12d12d3b35/server/configurations/local.yaml#L76-L89)
-to configure the endpoints. Make sure to setup up your DNS Records accordingly
-to the similar URL's you set up in `museum.yaml`.
-
-Next part is to configure the web server.
-
-# Web server configuration
-
-The last step ahead is configuring reverse_proxy for the ports on which the apps
-are being served (you will have to make changes, if you have cusotmized the
-ports). The web server of choice in this guide is
-[Caddy](https://caddyserver.com) because with caddy you don't have to manually
-configure/setup SSL ceritifcates as caddy will take care of that.
-
-```sh
-photos.yourdomain.com {
-	reverse_proxy http://localhost:3001
-    # for logging
-    log {
-        level error
-    }
-}
-
-auth.yourdomain.com {
-    reverse_proxy http://localhost:3002
-}
-# and so on ...
-```
-
-Next, start the caddy server :).
-
-```sh
-# If caddy service is not enabled
-sudo systemctl enable caddy
-
-sudo systemctl daemon-reload
-sudo systemctl start caddy
-```
-
-## Contributing
-
-Please start a discussion on the Github Repo if you have any suggestions for the
-Dockerfile, You can also share your setups on Github Discussions.

docs/docs/self-hosting/index.md

@@ -1,37 +1,29 @@
 ---
-title: Self Hosting
-description: Getting started self hosting Ente Photos and/or Ente Auth
+title: Quickstart - Self-hosting
+description: Getting started with self-hosting Ente
 ---
 
-# Self Hosting
+# Quickstart
 
-The entire source code for Ente is open source,
-[including the servers](https://ente.io/blog/open-sourcing-our-server/). This is
-the same code we use for our own cloud service.
+If you're looking to spin up Ente on your server, you are in the right place!
+
+Our entire source code,
+[including the server](https://ente.io/blog/open-sourcing-our-server/) is open
+source. This is the same code we use on production.
+
+For a quick preview, make sure your system meets the requirements mentioned
+below. After trying the preview, you can explore other ways of self-hosting Ente
+on your server as described in the documentation.
 
 ## Requirements
 
-### Hardware
+- A system with at least 1 GB of RAM and 1 CPU core
+- [Docker Compose](https://docs.docker.com/compose/)
 
-The server is capable of running on minimal resource requirements as a
-lightweight Go binary, since most of the intensive computational tasks are done
-on the client. It performs well on small cloud instances, old laptops, and even
-[low-end embedded devices](https://github.com/ente-io/ente/discussions/594).
+> For more details, check out the
+> [requirements page](/self-hosting/installation/requirements).
 
-### Software
-
-#### Operating System
-
-Any Linux or \*nix operating system, Ubuntu or Debian is recommended to have a
-good Docker experience. Non-Linux operating systems tend to provide poor
-experience with Docker and difficulty with troubleshooting and assistance.
-
-#### Docker
-
-Required for running Ente's server, web application and dependent services
-(database and object storage)
-
-## Getting started
+## Set up the server
 
 Run this command on your terminal to setup Ente.
 
@@ -39,17 +31,60 @@ Run this command on your terminal to setup Ente.
 sh -c "$(curl -fsSL https://raw.githubusercontent.com/ente-io/ente/main/server/quickstart.sh)"
 ```
 
-The above `curl` command pulls the Docker image, creates a directory `my-ente`
-in the current working directory, prompts to start the cluster and starts all the containers required to run Ente.
+This creates a directory `my-ente` in the current working directory, prompts to
+start the cluster with needed containers after pulling the images required to
+run Ente.
 
-![quickstart](/quickstart.png)
+::: info
 
-![self-hosted-ente](/web-app.webp)
+Make sure to modify the default values in `compose.yaml` and `museum.yaml` if
+you wish to change endpoints, bucket configuration or server configuration.
 
-> [!TIP] Important:
-> If you have used quickstart for self-hosting Ente and are facing issues while > trying to run the cluster due to MinIO buckets not being created, please check [troubleshooting MinIO](/self-hosting/troubleshooting/docker#minio-provisioning-error)
-> 
-> 
+:::
+
+## Try the web app
+
+Open Ente Photos web app at `http://<machine-ip>:3000` (or
+`http://localhost:3000` if using on same local machine). Select **Don't have an
+account?** to create a new user.
+
+Follow the prompts to sign up.
+
+<div style="display: flex; gap: 10px;">
+  <img alt="Onboarding screen" src="/onboarding.png" style="width: 50%; height: auto;">
+  <img alt="Sign up page" src="/sign-up.png" style="width: 50%; height: auto;">
+</div>
+
+Enter the verification code by checking the cluster logs using
+`sudo docker compose logs`.
+
+![Verification Code](/otp.png)
+
+Upload a picture via the web user interface.
+
+Alternatively, if using Ente Auth, get started by adding an account (assuming
+you are running Ente Auth at `http://<machine-ip>:3002` or
+`http://localhost:3002`).
+
+## Try the mobile app
+
+You can install Ente Photos from [here](/photos/faq/installing) and Ente Auth
+from [here](/auth/faq/installing).
+
+Connect to your server from
+[mobile apps](/self-hosting/installation/post-install/#step-6-configure-apps-to-use-your-server).
+
+## What next?
+
+You may wish to install using a different way for your needs. Check the
+"Installation" section for information regarding that.
+
+You can import your pictures from Google Takeout or from other services to Ente
+Photos. For more information, check out our
+[migration guide](/photos/migration/) for more information.
+
+You can import your codes from other authenticator providers to Ente Auth. Check
+out our [migration guide](/auth/migration/) for more information.
 
 ## Queries?
 

docs/docs/self-hosting/installation/compose.md

@@ -0,0 +1,83 @@
+---
+title: Docker Compose - Self-hosting
+description: Running Ente with Docker Compose from source
+---
+
+# Docker Compose
+
+If you wish to run Ente via Docker Compose from source, do the following:
+
+## Requirements
+
+Check out the [requirements](/self-hosting/installation/requirements) page to
+get started.
+
+## Step 1: Clone the repository
+
+Clone the repository. Change into the `server/config` directory of the
+repository, where the Compose file for running the cluster is present.
+
+Run the following command for the same:
+
+```sh
+git clone https://github.com/ente-io/ente
+cd ente/server/config
+```
+
+## Step 2: Populate the configuration file and environment variables
+
+In order to run the cluster, you will have to provide environment variable
+values.
+
+Copy the configuration files for modification by the following command inside
+`server/config` directory of the repository.
+
+This allows you to modify configuration without having to face hassle while
+pulling in latest changes.
+
+```shell
+# Inside the cloned repository's directory (usually `ente`)
+cd server/config
+cp example.env .env
+cp example.yaml museum.yaml
+```
+
+Change the values present in `.env` file along with `museum.yaml` file
+accordingly.
+
+::: tip
+
+Make sure to enter the correct values for the database and object storage.
+
+You should consider generating values for JWT and encryption keys for emails if
+you intend to use for long-term needs.
+
+You can do by running the following command inside `ente/server`, assuming you
+cloned the repository to `ente`:
+
+```shell
+# Change into the ente/server
+cd ente/server
+# Generate secrets
+go run tools/gen-random-keys/main.go
+```
+
+:::
+
+## Step 3: Start the cluster
+
+Start the cluster by running the following command:
+
+```sh
+docker compose up --build
+```
+
+This builds Museum and web applications based on the Dockerfile and starts the
+containers needed for Ente.
+
+::: tip
+
+Check out [post-installations steps](/self-hosting/installation/post-install/)
+for further usage.
+
+:::

docs/docs/self-hosting/installation/config.md

@@ -0,0 +1,236 @@
+---
+title: Configuration - Self-hosting
+description:
+    "Information about all the configuration variables needed to run Ente with
+    museum.yaml"
+---
+
+# Configuration
+
+Museum is designed to be configured either via environment variables or via
+YAML. We recommend using YAML for maintaining your configuration as it can be
+backed up easily, helping in restoration.
+
+## Configuration File
+
+Museum's configuration file (`museum.yaml`) is responsible for making database
+configuration, bucket configuration, internal configuration, etc. accessible for
+other internal services.
+
+By default, Museum runs in local environment, thus `local.yaml` configuration is
+loaded.
+
+If `ENVIRONMENT` environment variable is set (say, to `production`), Museum will
+attempt to load `configurations/production.yaml`.
+
+If `credentials-file` is defined and found, it overrides the defaults.
+
+Use `museum.yaml` file for declaring configuration over `local.yaml`.
+
+All configuration values can be overridden via environment variables using the
+`ENTE_` prefix and replacing dots (`.`) or hyphens (`-`) with underscores (`_`).
+
+Museum reads configuration from `museum.yaml`. Any environment variables
+prefixed with `ENTE_` takes precedence.
+
+For example,
+
+```yaml
+s3:
+    b2-eu-cen:
+        endpoint:
+```
+
+in `museum.yaml` is read as `s3.b2-eu-cen.endpoint` by Museum.
+
+`ENTE_S3_B2_EU_CEN_ENDPOINT` declared as environment variable is same as the
+above and `ENTE_S3_B2_EU_CEN_ENDPOINT` overrides `s3.b2-eu-cen.endpoint`.
+
+### General Settings
+
+| Variable           | Description                                               | Default            |
+| ------------------ | --------------------------------------------------------- | ------------------ |
+| `credentials-file` | Path to optional credentials override file                | `credentials.yaml` |
+| `credentials-dir`  | Directory to look for credentials (TLS, service accounts) | `credentials/`     |
+| `log-file`         | Log output path. Required in production.                  | `""`               |
+
+### HTTP
+
+| Variable       | Description                       | Default |
+| -------------- | --------------------------------- | ------- |
+| `http.use-tls` | Enables TLS and binds to port 443 | `false` |
+
+### App Endpoints
+
+The web apps for Ente (Auth, Cast, Albums) use different endpoints.
+
+These endpoints are configurable in `museum.yaml` under the apps.\* section.
+
+Upon configuration, the application will start utilizing the specified endpoints
+instead of Ente's production instances or local endpoints (overridden values
+used for Compose and quickstart for ease of use.)
+
+| Variable             | Description                                             | Default                    |
+| -------------------- | ------------------------------------------------------- | -------------------------- |
+| `apps.public-albums` | Albums app base endpoint for public sharing             | `https://albums.ente.io`   |
+| `apps.cast`          | Cast app base endpoint                                  | `https://cast.ente.io`     |
+| `apps.accounts`      | Accounts app base endpoint (used for passkey-based 2FA) | `https://accounts.ente.io` |
+
+### Database
+
+The `db` section is used for configuring database connectivity. Ensure you
+provide correct credentials for proper connectivity within Museum.
+
+| Variable      | Description                | Default     |
+| ------------- | -------------------------- | ----------- |
+| `db.host`     | DB hostname                | `localhost` |
+| `db.port`     | DB port                    | `5432`      |
+| `db.name`     | Database name              | `ente_db`   |
+| `db.sslmode`  | SSL mode for DB connection | `disable`   |
+| `db.user`     | Database username          |             |
+| `db.password` | Database password          |             |
+| `db.extra`    | Additional DSN parameters  |             |
+
+### Object Storage
+
+The `s3` section within `museum.yaml` is by default configured to use local
+MinIO buckets when using `quickstart.sh` or Docker Compose.
+
+If you wish to use an external S3 provider with SSL, you can edit the configuration with
+your provider's credentials, and set `s3.are_local_buckets` to `false`. Additionally, you can configure this for specific buckets in the corresponding bucket sections in the Compose file.
+
+If you are using default MinIO, it is accessible at port `3200`. Web Console can
+be accessed by enabling port `3201` in the Compose file.
+
+For more information on object storage configuration, check our
+[documentation](/self-hosting/administration/object-storage).
+
+If you face any issues related to uploads then check out
+[CORS](/self-hosting/administration/object-storage#cors-cross-origin-resource-sharing)
+and [troubleshooting](/self-hosting/troubleshooting/uploads) sections.
+
+| Variable                               | Description                                  | Default |
+| -------------------------------------- | -------------------------------------------- | ------- |
+| `s3.b2-eu-cen`                         | Primary hot storage bucket configuration     |         |
+| `s3.wasabi-eu-central-2-v3.compliance` | Whether to disable compliance lock on delete | `true`  |
+| `s3.scw-eu-fr-v3`                      | Cold storage bucket configuration            |         |
+| `s3.wasabi-eu-central-2-v3`            | Secondary hot storage configuration          |         |
+| `s3.are_local_buckets`                 |                                              | `true`  |
+| `s3.use_path_style_urls`               | Enable path-style URLs for MinIO             | `false` |
+
+### Encryption Keys
+
+These values are used for encryption of user e-mails. Default values are
+provided by Museum.
+
+They are generated by random in quickstart script, so no intervention is
+necessary if using quickstart.
+
+However, if you are using Ente for long-term needs and you have not installed
+Ente via quickstart, consider generating values for these along with [JWT](#jwt)
+by following the steps described below:
+
+```shell
+# If you have not cloned already
+git clone https://github.com/ente-io/ente
+
+# Generate the values
+cd ente/server
+go run tools/gen-random-keys/main.go
+```
+
+| Variable         | Description                    | Default     |
+| ---------------- | ------------------------------ | ----------- |
+| `key.encryption` | Key for encrypting user emails | Pre-defined |
+| `key.hash`       | Hash key                       | Pre-defined |
+
+### JWT
+
+| Variable     | Description             | Default    |
+| ------------ | ----------------------- | ---------- |
+| `jwt.secret` | Secret for signing JWTs | Predefined |
+
+### Email
+
+You may wish to send emails for verification codes instead of
+[hardcoding them](/self-hosting/administration/users#use-hardcoded-otts). In
+such cases, you can configure SMTP (or Zoho Transmail, for bulk emails).
+
+Set the host and port accordingly with your credentials in `museum.yaml`
+
+You may skip the username and password if using a local relay server.
+
+```yaml
+smtp:
+    host:
+    port:
+    # Optional username and password if using local relay server
+    username:
+    password:
+    # Email address used for sending emails (this mail's credentials have to be provided)
+    email:
+    # Optional name for sender
+    sender-name:
+    # Optional encryption
+    encryption:
+```
+
+| Variable           | Description                  | Default |
+| ------------------ | ---------------------------- | ------- |
+| `smtp.host`        | SMTP server host             |         |
+| `smtp.port`        | SMTP server port             |         |
+| `smtp.username`    | SMTP auth username           |         |
+| `smtp.password`    | SMTP auth password           |         |
+| `smtp.email`       | Sender email address         |         |
+| `smtp.sender-name` | Custom name for email sender |         |
+| `smtp.encryption`  | Encryption method (tls, ssl) |         |
+| `transmail.key`    | Zeptomail API key            |         |
+
+### WebAuthn Passkey Support
+
+| Variable             | Description                  | Default                     |
+| -------------------- | ---------------------------- | --------------------------- |
+| `webauthn.rpid`      | Relying Party ID             | `localhost`                 |
+| `webauthn.rporigins` | Allowed origins for WebAuthn | `["http://localhost:3001"]` |
+
+### Internal
+
+| Variable                                     | Description                                   | Default |
+| -------------------------------------------- | --------------------------------------------- | ------- |
+| `internal.silent`                            | Suppress external effects (e.g. email alerts) | `false` |
+| `internal.health-check-url`                  | External healthcheck URL                      |         |
+| `internal.hardcoded-ott`                     | Predefined OTPs for testing                   |         |
+| `internal.hardcoded-ott.emails`              | E-mail addresses with hardcoded OTTs          | `[]`    |
+| `internal.hardcoded-ott.local-domain-suffix` | Suffix for which hardcoded OTT is to be used  |         |
+| `internal.hardcoded-ott.local-domain-value`  | Hardcoded OTT value for the above suffix      |         |
+| `internal.admins`                            | List of admin user IDs                        | `[]`    |
+| `internal.admin`                             | Single admin user ID                          |         |
+| `internal.disable-registration`              | Disable user registration                     | `false` |
+
+### Replication
+
+By default, replication of objects (photos, thumbnails, videos) is disabled and
+only one bucket is used.
+
+To enable replication, set `replication.enabled` to `true`. For this to work, 3
+buckets have to be configured in total.
+
+| Variable                   | Description                          | Default           |
+| -------------------------- | ------------------------------------ | ----------------- |
+| `replication.enabled`      | Enable replication across buckets    | `false`           |
+| `replication.worker-url`   | Cloudflare Worker for replication    |                   |
+| `replication.worker-count` | Number of goroutines for replication | `6`               |
+| `replication.tmp-storage`  | Temp directory for replication       | `tmp/replication` |
+
+### Background Jobs
+
+This configuration is for enabling background cron jobs for tasks such as
+sending mails, removing unused objects (clean up) and worker configuration for
+the same.
+
+| Variable                                      | Description                             | Default |
+| --------------------------------------------- | --------------------------------------- | ------- |
+| `jobs.cron.skip`                              | Skip all cron jobs                      | `false` |
+| `jobs.remove-unreported-objects.worker-count` | Workers for removing unreported objects | `1`     |
+| `jobs.clear-orphan-objects.enabled`           | Enable orphan cleanup                   | `false` |
+| `jobs.clear-orphan-objects.prefix`            | Prefix filter for orphaned objects      |         |

docs/docs/self-hosting/installation/env-var.md

@@ -0,0 +1,53 @@
+---
+title: Environment variables and defaults - Self-hosting
+description:
+    "Information about all the configuration variables needed to run Ente along
+    with description on default configuration"
+---
+
+# Environment variables and defaults
+
+The environment variables needed for running Ente and the default configuration
+are documented below:
+
+## Environment Variables
+
+A self-hosted Ente instance has to specify endpoints for both Museum (the
+server) and web apps.
+
+This document outlines the essential environment variables and port mappings of
+the web apps.
+
+Here's the list of environment variables that is used by the cluster:
+
+| Service    | Environment Variable  | Description                                                                                     | Default Value                   |
+| ---------- | --------------------- | ----------------------------------------------------------------------------------------------- | ------------------------------- |
+| `web`      | `ENTE_API_ORIGIN`     | Alias for `NEXT_PUBLIC_ENTE_ENDPOINT`. API Endpoint for Ente's API (Museum).                    | http://localhost:8080           |
+| `web`      | `ENTE_ALBUMS_ORIGIN`  | Alias for `NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT`. Base URL for Ente Album, used for public sharing. | http://localhost:3002           |
+| `postgres` | `POSTGRES_USER`       | Username for PostgreSQL database                                                                | `pguser`                        |
+| `postgres` | `POSTGRES_DB`         | Name of database for use with Ente                                                              | `ente_db`                       |
+| `postgres` | `POSTGRES_PASSWORD`   | Password for PostgreSQL database's user                                                         | Randomly generated (quickstart) |
+| `minio`    | `MINIO_ROOT_USER`     | Username for MinIO                                                                              | Randomly generated (quickstart) |
+| `minio`    | `MINIO_ROOT_PASSWORD` | Password for MinIO                                                                              | Randomly generated (quickstart) |
+
+## Default Configuration
+
+Self-hosted Ente clusters have certain default configuration for ease of use,
+which is documented below to understand its behavior:
+
+### Ports
+
+The below format is according to how ports are mapped in Docker when using the
+quickstart script. The mapping is of the format `<host-port>:<container-port>`
+in `ports` in compose file.
+
+| Service                                                 | Type     | Host Port | Container Port |
+| ------------------------------------------------------- | -------- | --------- | -------------- |
+| Museum                                                  | Server   | 8080      | 8080           |
+| Ente Photos                                             | Web      | 3000      | 3000           |
+| Ente Accounts                                           | Web      | 3001      | 3001           |
+| Ente Albums                                             | Web      | 3002      | 3002           |
+| [Ente Auth](https://ente.io/auth/)                      | Web      | 3003      | 3003           |
+| [Ente Cast](https://help.ente.io/photos/features/cast/) | Web      | 3004      | 3004           |
+| MinIO                                                   | S3       | 3200      | 3200           |
+| PostgreSQL                                              | Database |           | 5432           |

docs/docs/self-hosting/installation/manual.md

@@ -0,0 +1,234 @@
+---
+title: Manual setup (without Docker) - Self-hosting
+description: Installing and setting up Ente without Docker
+---
+
+# Manual setup (without Docker)
+
+If you wish to run Ente from source without using Docker, follow the steps
+described below:
+
+## Requirements
+
+1. **Go:** Install Go on your system. This is needed for building Museum (Ente's
+   server)
+
+    ```shell
+    sudo apt update && sudo apt upgrade
+    sudo apt install golang-go
+    ```
+
+    Alternatively, you can also download the latest binaries from the
+    [official website](https://go.dev/dl/).
+
+2. **PostgreSQL and `libsodium`:** Install PostgreSQL (database) and `libsodium`
+   (high level API for encryption) via package manager.
+
+    ```shell
+    sudo apt install postgresql
+    sudo apt install libsodium23 libsodium-dev
+    ```
+
+    Start the database using `systemd` automatically when the system starts.
+
+    ```shell
+    sudo systemctl enable postgresql
+    sudo systemctl start postgresql
+    ```
+
+    Ensure the database is running using
+
+    ```shell
+    sudo systemctl status postgresql
+    ```
+
+3. **`pkg-config`:** Install `pkg-config` for dependency handling.
+
+    ```shell
+    sudo apt install pkg-config
+    ```
+
+4. **yarn, npm and Node.js:** Needed for building the web application.
+
+    Install npm and Node using your package manager.
+
+    ```shell
+    sudo apt install npm nodejs
+    ```
+
+    Install yarn by following the
+    [official documentation](https://yarnpkg.com/getting-started/install)
+
+5. **Git:** Needed for cloning the repository and pulling in latest changes
+
+6. **Caddy:** Used for setting reverse proxy and file servers
+
+7. **Object Storage:** Ensure you have an object storage configured for usage,
+   needed for storing files. You can choose to run MinIO or Garage locally
+   without Docker, however, an external bucket will be reliable and suited for
+   long-term storage.
+
+## Step 1: Clone the repository
+
+Start by cloning Ente's repository from GitHub to your local machine.
+
+```shell
+git clone https://github.com/ente-io/ente
+```
+
+## Step 2: Configure Museum (Ente's server)
+
+1.  Install all the needed dependencies for the server.
+
+    ```shell
+    # Change into server directory, where the source code for Museum is
+    # present inside the repo
+    cd ente/server
+
+    # Install the needed dependencies
+    go mod tidy
+    ```
+
+2.  Build the server. The server binary should be available as `./main` relative
+    to `server` directory
+
+    ```shell
+    go build cmd/museum/main.go
+    ```
+
+3.  Create `museum.yaml` file inside `server` for configuring the needed
+    variables. You can copy the templated configuration file for editing with
+    ease.
+
+    ```shell
+    cp config/example.yaml ./museum.yaml
+    ```
+
+    ::: tip
+
+    Make sure to enter the correct values for the database and object storage.
+
+    You should consider generating values for JWT and encryption keys for emails
+    if you intend to use for long-term needs.
+
+    You can do by running the following command inside `ente/server`, assuming
+    you cloned the repository to `ente`:
+
+    ```shell
+    # Change into the ente/server
+    cd ente/server
+    # Generate secrets
+    go run tools/gen-random-keys/main.go
+    ```
+
+    :::
+
+4.  Run the server
+
+    ```shell
+    ./main
+    ```
+
+    Museum should be accessible at `http://localhost:8080`
+
+## Step 3: Configure Web Application
+
+1. Install the dependencies for web application. Enable corepack if prompted.
+
+    ```shell
+    # Change into web directory, this is where all the applications
+    # will be managed and built
+    cd web
+
+    # Install dependencies
+    yarn install
+    ```
+
+2. Configure the environment variables in your corresponding shell's
+   configuration file (`.bashrc`, `.zshrc`)
+    ```shell
+    # Replace this with actual endpoint for Museum
+    export NEXT_PUBLIC_ENTE_ENDPOINT=http://localhost:8080
+    # Replace this with actual endpoint for Albums
+    export NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=http://localhost:3002
+    ```
+3. Build the needed applications (Photos, Accounts, Auth, Cast) as per your
+   needs:
+
+    ```shell
+    # These commands are executed inside web directory
+    # Build photos. Build output to be served is present at apps/photos/out
+    yarn build
+
+    # Build accounts. Build output to be served is present at apps/accounts/out
+    yarn build:accounts
+
+    # Build auth. Build output to be served is present at apps/auth/out
+    yarn build:auth
+
+    # Build cast. Build output to be served is present at apps/cast/out
+    yarn build:cast
+    ```
+
+4. Copy the output files to `/var/www/ente/apps` for easier management.
+
+    ```shell
+    mkdir -p /var/www/ente/apps
+
+    # Photos
+    sudo cp -r apps/photos/out /var/www/ente/apps/photos
+    # Accounts
+    sudo cp -r apps/accounts/out /var/www/ente/apps/accounts
+    # Auth
+    sudo cp -r apps/auth/out /var/www/ente/apps/auth
+    # Cast
+    sudo cp -r apps/cast/out /var/www/ente/apps/cast
+    ```
+
+5. Set up file server using Caddy by editing `Caddyfile`, present at
+   `/etc/caddy/Caddyfile`.
+
+    ```groovy
+    # Replace the ports with domain names if you have subdomains configured and need HTTPS
+    :3000 {
+        root * /var/www/ente/apps/out/photos
+        file_server
+        try_files {path} {path}.html /index.html
+    }
+
+    :3001 {
+        root * /var/www/ente/apps/out/accounts
+        file_server
+        try_files {path} {path}.html /index.html
+    }
+
+    :3002 {
+        root * /var/www/ente/apps/out/photos
+        file_server
+        try_files {path} {path}.html /index.html
+    }
+
+    :3003 {
+        root * /var/www/ente/apps/out/auth
+        file_server
+        try_files {path} {path}.html /index.html
+    }
+
+    :3004 {
+        root * /var/www/ente/apps/out/cast
+        file_server
+        try_files {path} {path}.html /index.html
+    }
+    ```
+
+    The web application for Ente Photos should be accessible at
+    http://localhost:3000, check out the
+    [default ports](/self-hosting/installation/env-var#ports) for more
+    information.
+
+::: tip
+
+Check out [post-installations steps](/self-hosting/installation/post-install/)
+for further usage.
+
+:::

docs/docs/self-hosting/installation/post-install/index.md

@@ -0,0 +1,172 @@
+---
+title: Post-installation steps - Self-hosting
+description: Steps to be followed post-installation for smooth experience
+---
+
+# Post-installation steps
+
+A list of steps that should be done after installing Ente are described below:
+
+## Step 1: Creating first user
+
+The first user to be created will be treated as an admin user by default.
+
+Once Ente is up and running, the Ente Photos web app will be accessible on
+`http://localhost:3000`.
+
+Select **Don't have an account?** to create a new user. Follow the prompts to
+sign up.
+
+<div style="display: flex; gap: 10px;">
+  <img alt="Onboarding screen" src="/onboarding.png" style="width: 50%; height: auto;">
+  <img alt="Sign up page" src="/sign-up.png" style="width: 50%; height: auto;">
+</div>
+
+Enter the verification code to complete registration.
+
+This code can be found in the server logs, which should be shown in your
+terminal where you started the Docker Compose cluster.
+
+If not, access the server logs inside the folder where Compose file resides.
+
+```shell
+sudo docker compose logs
+```
+
+If running Museum without Docker, the code should be visible in the terminal
+(stdout).
+
+![otp](/otp.png)
+
+## Step 2: Whitelist admins
+
+1.  Connect to `ente_db` (the database used for storing data related to Ente).
+
+    ```shell
+    # Change the DB name and DB user name if you use different
+    # values.
+
+    # If using Docker docker exec -it <postgres-ente-container-name> sh
+    psql -U pguser -d ente_db
+
+    # Or when using psql directly
+    psql -U pguser -d ente_db
+    ```
+
+2.  Get the user ID of the first user by running the following PSQL command:
+
+    ```sql
+    SELECT * from users;
+    ```
+
+3.  Edit `internal.admins` or `internal.admin` (if you wish to whitelist only
+    single user) in `museum.yaml` to add the user ID you wish to whitelist.
+
+    - For multiple admins:
+
+    ```yaml
+    internal:
+        admins:
+            - <user_id>
+    ```
+
+    - For single admin:
+
+    ```yaml
+    internal:
+        admin: <user_id>
+    ```
+
+4.  Restart Museum by restarting the cluster
+
+::: tip Restart your Compose clusters whenever you make changes
+
+If you have edited the Compose file or configuration file (`museum.yaml`), make
+sure to recreate the cluster's containers.
+
+You can do this by the following command:
+
+```shell
+docker compose down && docker compose up -d
+```
+
+:::
+
+## Step 3: Configure application endpoints
+
+You may wish to access some of the applications such as Auth, Albums, Cast via
+your instance's endpoints through the application instead of our production
+instances.
+
+You can do so by editing the `apps` section in `museum.yaml` to use the base
+endpoints of the corresponding web applications.
+
+```yaml
+# Replace yourdomain.tld with actual domain
+apps:
+    public-albums: https://albums.ente.yourdomain.tld
+    cast: https://cast.ente.yourdomain.tld
+    auth: https://auth.ente.yourdomain.tld
+```
+
+## Step 4: Make it publicly accessible
+
+You may wish to access Ente on public Internet. You can do so by configuring a
+reverse proxy with software such as Caddy, NGINX, Traefik.
+
+Check out our [documentation](/self-hosting/administration/reverse-proxy) for
+more information.
+
+If you do not wish to make it accessible via Internet, we recommend you to use
+[Tailscale](/self-hosting/guides/tailscale) for convenience. Alternately, you
+can use your IP address for accessing the application in your local network,
+though this poses challenges with respect to object storage.
+
+## Step 5: Download mobile and desktop app
+
+You can install Ente Photos by following the
+[installation section](/photos/faq/installing).
+
+You can also install Ente Auth (if you are planning to use Auth) by following
+the [installation section](/auth/faq/installing).
+
+## Step 6: Configure apps to use your server
+
+You can modify Ente mobile apps and CLI to connect to your server.
+
+### Mobile
+
+Tap the onboarding screen 7 times to modify developer settings. Enter your Ente
+server's endpoint.
+
+<div style="display: flex; gap: 10px;">
+<img src="/developer-settings.png" alt="Developer Settings" height="50%" width="50%" />
+<img src="/developer-settings-endpoint.png" alt="Developer Settings - Server Endpoint" height="50%" width="50%" />
+</div>
+
+### Desktop
+
+Tap 7 times on the onboarding screen to configure the server endpoint to be
+used.
+
+<div align="center">
+
+![Setting a custom server on the onboarding screen on desktop or self-hosted web
+apps](web-dev-settings.png){width=400px}
+
+</div>
+
+## Step 7: Configure Ente CLI
+
+You can download Ente CLI from
+[here](https://github.com/ente-io/ente/releases?q=tag%3Acli).
+
+Check our [documentation](/self-hosting/administration/cli) on how to use Ente
+CLI for managing self-hosted instances.
+
+::: info For upgrading
+
+Check out our [upgrading documentation](/self-hosting/installation/upgrade) for
+various installation methods.
+
+:::

docs/docs/self-hosting/installation/quickstart.md

@@ -0,0 +1,42 @@
+---
+title: Quickstart script (Recommended) - Self-hosting
+description: Self-hosting Ente with quickstart script
+---
+
+# Quickstart script (Recommended)
+
+We provide a quickstart script which can be used for self-hosting Ente on your
+machine in less than a minute.
+
+## Requirements
+
+Check out the [requirements](/self-hosting/installation/requirements) page to
+get started.
+
+## Getting started
+
+Run this command on your terminal to setup Ente.
+
+```sh
+sh -c "$(curl -fsSL https://raw.githubusercontent.com/ente-io/ente/main/server/quickstart.sh)"
+```
+
+The above `curl` command does the following:
+
+1. Creates a directory `./my-ente` in working directory.
+2. Starts the containers required to run Ente upon prompting.
+
+You should be able to access the web application at
+[http://localhost:3000](http://localhost:3000) or
+[http://machine-ip:3000](http://<machine-ip>:3000)
+
+The data accessed by Museum is stored in `./data` folder inside `my-ente`
+directory. It contains extra configuration files that is to be used (push
+notification credentials, etc.)
+
+::: tip
+
+Check out [post-installation steps](/self-hosting/installation/post-install/)
+for further usage.
+
+:::

docs/docs/self-hosting/installation/requirements.md

@@ -0,0 +1,41 @@
+---
+title: Requirements - Self-hosting
+description: Requirements for self-hosting Ente
+---
+
+# Requirements
+
+Ensure your system meets these requirements and has the needed software
+installed for a smooth experience.
+
+## Hardware
+
+The server is capable of running on minimal resource requirements as a
+lightweight Go binary, since most of the intensive computational tasks are done
+on the client. It performs well on small cloud instances, old laptops, and even
+[low-end embedded devices](https://github.com/ente-io/ente/discussions/594).
+
+- **Storage:** An Unix-compatible filesystem such as ZFS, EXT4, BTRFS, etc. if
+  using PostgreSQL container as it requires a filesystem that supports
+  user/group permissions.
+- **RAM:** A minimum of 1 GB of RAM is required for running the cluster (if
+  using quickstart script).
+- **CPU:** A minimum of 1 CPU core is required.
+
+## Software
+
+- **Operating System:** Any Linux or \*nix operating system, Ubuntu or Debian is
+  recommended to have a good Docker experience. Non-Linux operating systems tend
+  to provide poor experience with Docker and difficulty with troubleshooting and
+  assistance.
+
+- **Docker:** Required for running Ente's server, web application and dependent
+  services (database and object storage). Ente also requires **Docker Compose
+  plugin** to be installed.
+
+> [!NOTE]
+>
+> Ente requires **Docker Compose version 2.30 or higher**.
+>
+> Furthermore, Ente uses the command `docker compose`, `docker-compose` is no
+> longer supported.

docs/docs/self-hosting/installation/upgrade.md

@@ -0,0 +1,77 @@
+---
+title: Upgrade - Self-hosting
+description: Upgrading self-hosted Ente
+---
+
+# Upgrade your server
+
+Upgrading Ente depends on the method of installation you have chosen.
+
+## Quickstart
+
+::: tip For Docker users
+
+You can free up some disk space by deleting older images that were used by
+obsolette containers.
+
+```shell
+docker image prune
+```
+
+:::
+
+Pull in the latest images in the directory where the Compose file resides.
+Restart the cluster to recreate containers with newer images.
+
+Run the following command inside `my-ente` directory (default name used in
+quickstart):
+
+```shell
+docker compose pull && docker compose up -d
+```
+
+## Docker Compose
+
+You can pull in the latest source code from Git and build a new cluster based on
+the updated source code.
+
+1. Pull the latest changes from `main`.
+
+    ```shell
+    # Assuming you have cloned repository to ente
+    cd ente
+    # Pull changes
+    git pull
+    ```
+
+2. Recreate the cluster.
+    ```shell
+    cd server/config
+    # Stop and remove containers if they are running
+    docker compose down
+    # Build with latest code
+    docker compose up --build
+    ```
+
+## Manual Setup
+
+You can pull in the latest source code from Git and build a new cluster based on
+the updated source code.
+
+1. Pull the latest changes from `main`.
+
+    ```shell
+    # Assuming you have cloned repository to ente
+    cd ente
+
+    # Pull changes and only keep changes from remote.
+    # This is needed to keep yarn.lock up-to-date.
+    # This resets all changes made in the local repository.
+    # Make sure to stash changes if you have made any.
+    git fetch origin
+    git reset --hard main
+    ```
+
+2. Follow the steps described in
+   [manual setup](/self-hosting/installation/manual#step-3-configure-web-application)
+   for Museum and web applications.

docs/docs/self-hosting/museum.md

@@ -1,77 +0,0 @@
----
-title: Configuring your server
-description: Guide to writing a museum.yaml
----
-
-# Configuring your server
-
-Ente's monolithic server is called **museum**.
-
-`museum.yaml` is a YAML configuration file used to configure museum. By default,
-[`local.yaml`](https://github.com/ente-io/ente/tree/main/server/configurations/local.yaml)
-is provided, but its settings are overridden with those from `museum.yaml`.
-
-If you used our quickstart script, your `my-ente` directory will include a
-`museum.yaml` file with preset configurations for encryption keys, secrets,
-PostgreSQL and MinIO.
-
-> [!TIP]
->
-> Always do `docker compose down` inside your `my-ente` directory. If you've
-> made changes to `museum.yaml`, restart the containers with
-> `docker compose up -d ` to see your changes in action.
-
-## S3 buckets
-
-The `s3` section within `museum.yaml` is by default configured to use local
-MinIO buckets.
-
-If you wish to use an external S3 provider, you can edit the configuration with
-your provider's credentials, and set `are_local_buckets` to `false`.
-
-Check out [Configuring S3](/self-hosting/guides/configuring-s3.md) to understand
-more about configuring S3 buckets.
-
-MinIO uses the port `3200` for API Endpoints and their web app runs over
-`:3201`. You can login to MinIO Web Console by opening `localhost:3201` in your
-browser.
-
-If you face any issues related to uploads then checkout
-[Troubleshooting bucket CORS](/self-hosting/troubleshooting/bucket-cors) and
-[Frequently encountered S3 errors](/self-hosting/guides/configuring-s3#frequently-encountered-errors).
-
-## Web apps
-
-The web apps for Ente Photos is divided into multiple sub-apps like albums,
-cast, auth, etc. These endpoints are configurable in `museum.yaml` under the
-`apps.*` section.
-
-For example,
-
-```yaml
-apps:
-    public-albums: https://albums.myente.xyz
-    cast: https://cast.myente.xyz
-    accounts: https://accounts.myente.xyz
-    family: https://family.myente.xyz
-```
-
-> [!IMPORTANT] By default, all the values redirect to our publicly hosted
-> production services. For example, if `public-albums` is not configured your
-> shared album will use the `albums.ente.io` URL.
-
-After you are done with filling the values, restart museum and the app will
-start utilizing those endpoints instead of Ente's production instances.
-
-Once you have configured all the necessary endpoints, `cd` into `my-ente` and
-stop all the Docker containers with `docker compose down` and restart them with
-`docker compose up -d`.
-
-Similarly, you can use the default
-[`local.yaml`](https://github.com/ente-io/ente/tree/main/server/configurations/local.yaml)
-as a reference for building a functioning `museum.yaml` for many other
-functionalities like SMTP, Discord notifications, Hardcoded-OTTs, etc.
-
-## References
-
-- [Environment variables and ports](/self-hosting/faq/environment)

docs/docs/self-hosting/reverse-proxy.md

@@ -1,53 +0,0 @@
----
-Title: Configuring Reverse Proxy
-Description: configuring reverse proxy for Museum and other endpoints
----
-
-# Reverse proxy
-
-Ente's server (museum) runs on port `:8080`, web app on `:3000` and the other
-apps from ports `3001-3004`.
-
-We highly recommend using HTTPS for Museum (`8080`). For security reasons museum
-will not accept incoming HTTP traffic.
-
-Head over to your DNS management dashboard and setup the appropriate records for
-the endpoints. Mostly, `A` or `AAAA` records targeting towards your server's IP
-address should be sufficient. The rest of the work will be done by the web
-server on your machine.
-
-![cloudflare](/cloudflare.png)
-
-### Caddy
-
-Setting up a reverse proxy with Caddy is easy and straightforward.
-
-Firstly, install Caddy on your server.
-
-```sh
-sudo apt install caddy
-```
-
-After the installation is complete, a `Caddyfile` is created on the path
-`/etc/caddy/`. This file is used to configure reverse proxies among other
-things.
-
-```groovy
-# Caddyfile - myente.xyz is just an example.
-
-api.myente.xyz {
-    reverse_proxy http://localhost:8080
-}
-
-ente.myente.xyz {
-    reverse_proxy http://localhost:3000
-}
-
-#...and so on for other endpoints
-```
-
-After a hard-reload, the Ente Photos web app should be up on
-https://ente.myente.xyz.
-
-If you are using a different tool for reverse proxy (like nginx), please check
-out their documentation.

docs/docs/self-hosting/troubleshooting/bucket-cors.md

@@ -1,70 +0,0 @@
----
-title: Bucket CORS
-description: Troubleshooting CORS issues with S3 Buckets
----
-
-# Fix potential CORS issues with your Buckets
-
-## For AWS S3
-
-If you cannot upload a photo due to a CORS issue, you need to fix the CORS
-configuration of your bucket.
-
-Create a `cors.json` file with the following content:
-
-```json
-{
-    "CORSRules": [
-        {
-            "AllowedOrigins": ["*"],
-            "AllowedHeaders": ["*"],
-            "AllowedMethods": ["GET", "HEAD", "POST", "PUT", "DELETE"],
-            "MaxAgeSeconds": 3000,
-            "ExposeHeaders": ["Etag"]
-        }
-    ]
-}
-```
-
-You may want to change the `AllowedOrigins` to a more restrictive value.
-
-If you are using AWS for S3, you can execute the below command to get rid of
-CORS. Make sure to enter the right path for the `cors.json` file.
-
-```bash
-aws s3api put-bucket-cors --bucket YOUR_S3_BUCKET --cors-configuration /path/to/cors.json
-```
-
-## For Self-hosted Minio Instance
-
-::: warning
-
-- MinIO does not support bucket CORS in the community edition which is used by
-  default. For more information, check
-  [this discussion](https://github.com/minio/minio/discussions/20841). However,
-  global CORS configuration is possible.
-- MinIO does not take JSON CORS file as the input, instead you will have to
-  build a CORS.xml file or just convert the above `cors.json` to XML.
-
-:::
-
-A minor requirement here is the tool `mc` for managing buckets via command line
-interface. Checkout the `mc set alias` document to configure alias for your
-instance and bucket. After this you will be prompted for your AccessKey and
-Secret, which is your username and password.
-
-```sh
-mc cors set <your-minio>/<your-bucket-name /path/to/cors.xml
-```
-
-or, if you just want to just set the `AllowedOrigins` Header, you can use the
-following command to do so.
-
-```sh
-mc admin config set <your-minio>/<your-bucket-name> api cors_allow_origin="*"
-```
-
-You can create also `.csv` file and dump the list of origins you would like to
-allow and replace the `*` with `path` to the CSV file.
-
-Now, uploads should be working fine.

docs/docs/self-hosting/troubleshooting/cli.md

@@ -0,0 +1,52 @@
+---
+title: Ente CLI - Self-hosting
+description: A quick hotfix for keyring errors while running Ente CLI.
+---
+
+# Ente CLI
+
+## Secrets
+
+Ente CLI makes use of your system keyring for storing sensitive information such
+as passwords.
+
+There are 2 ways to address keyring-related error:
+
+### Install system keyring
+
+This is the recommended method as it is considerably secure than the latter.
+
+If you are using Linux for accessing Ente CLI with, you can install a system
+keyring manager such as `gnome-keyring`, `kwallet`, etc. via your distribution's
+package manager.
+
+For Ubuntu/Debian based distributions, you can install `gnome-keyring` via `apt`
+
+```shell
+sudo apt install gnome-keyring
+```
+
+Now you can use Ente CLI for adding account, which will trigger your system's
+keyring.
+
+### Configure secrets path
+
+In case of using Ente CLI on server environment, you may not be able to install
+system keyring. In such cases, you can configure Ente CLI to use a text file for
+saving the secrets.
+
+Set `ENTE_CLI_SECRETS_PATH` environment variable in your shell's configuration
+file (`~/.bashrc`, `~/.zshrc`, or other corresponding file)
+
+```shell
+# Replace ./secrets.txt with the path to secrets file
+# that you are using for saving.
+# IMPORTANT: Make sure it is stored in a secure place.
+export ENTE_CLI_SECRETS_PATH=./secrets.txt
+```
+
+When you run Ente CLI, and if the file doesn't exist, Ente CLI will create it
+and fill it with a random 32 character encryption key.
+
+If you create the file, please fill it with a cryptographically generated 32
+byte string.

docs/docs/self-hosting/troubleshooting/docker.md

@@ -1,35 +1,36 @@
 ---
-title: Docker Errors
-description: Fixing docker related errors when trying to self host Ente
+title: Troubleshooting Docker-related errors - Self-hosting
+description: Fixing Docker-related errors when trying to self-host Ente
 ---
 
-# Docker
+# Troubleshooting Docker-related errors
 
-## configs
-
-Remember to restart your cluster to ensure changes that you make in the
-`configs` section in `compose.yaml` get picked up.
-
-```sh
-docker compose down
-docker compose up
-```
+> [!TIP] Restart after changes
+>
+> Remember to restart your cluster to ensure changes that you make in the
+> `compose.yaml` and `museum.yaml` get picked up.
+>
+> ```shell
+> docker compose down
+> docker compose up
+> ```
 
 ## post_start
 
-The `server/compose.yaml` Docker compose file uses the "post_start" lifecycle
-hook to provision the MinIO instance.
+The Docker compose file used if relying on quickstart script or installation
+using Docker Compose uses the "post_start" lifecycle hook to provision the MinIO
+instance.
 
 The lifecycle hook **requires Docker Compose version 2.30.0+**, and if you're
-using an older version of docker compose you will see an error like this:
+using an older version of Docker Compose you will see an error like this:
 
 ```
 validating compose.yaml: services.minio Additional property post_start is not allowed
 ```
 
-The easiest way to resolve this is to upgrade your Docker compose.
+The easiest way to resolve this is to upgrade your Docker Compose.
 
-If you cannot update your Docker compose version, then alternatively you can
+If you cannot update your Docker Compose version, then alternatively you can
 perform the same configuration by removing the "post_start" hook, and adding a
 new service definition:
 
@@ -45,15 +46,12 @@ minio-provision:
     entrypoint: |
         sh -c '
         #!/bin/sh
-
         while ! mc alias set h0 http://minio:3200 your_minio_user your_minio_pass
         do
           echo "waiting for minio..."
           sleep 0.5
         done
-
         cd /data
-
         mc mb -p b2-eu-cen
         mc mb -p wasabi-eu-central-2-v3
         mc mb -p scw-eu-fr-v3
@@ -73,11 +71,11 @@ supports the `start_interval` property on the health check.
 
 ## Postgres authentication failed
 
-If you're getting Postgres password authentication failures when starting your
+If you are getting Postgres password authentication failures when starting your
 cluster, then you might be using a stale Docker volume.
 
-In more detail, if you're getting an error of the following form (pasting a full
-example for easier greppability):
+If you are getting an error of the following form (pasting a full example for
+easier greppability):
 
 ```
 museum-1    | panic: pq: password authentication failed for user "pguser"
@@ -90,57 +88,53 @@ museum-1    |   /etc/ente/cmd/museum/main.go:124 +0x44c
 museum-1 exited with code 2
 ```
 
-Then the issue is that the password you're using is not the password postgres is
-expecting (duh), and a potential scenario where that can happen is something
-like this:
+Then the issue is that the password you're using is not the password PostgreSQL
+is expecting.
 
-1. On a machine, you create a new cluster with `quickstart.sh`.
+There are 2 possibilities:
 
-2. Later you delete that folder, but then create another cluster with
-   `quickstart.sh`. Each time `quickstart.sh` runs, it creates new credentials,
-   and then when it tries to spin up the docker compose cluster, use them to
-   connect to the postgres running within.
+1. If you are using Docker Compose for running Ente from source, you might not
+   have set the same credentials in `.env` and `museum.yaml` inside
+   `server/config` directory. Edit the values to make sure the correct
+   credentials are being used.
+2. When you have created a cluster in `my-ente` directory on running
+   `quickstart.sh` and later deleted it, only to create another cluster with
+   same `my-ente` directory.
 
-3. However, you would already have a docker volume from the first run of
-   `quickstart.sh`. Since the folder name is the same in both cases `my-ente`,
-   Docker will reuse the existing volumes (`my-ente_postgres-data`,
-   `my-ente_minio-data`). So your postgres is running off the old credentials,
-   and you're trying to connect to it using the new ones, and the error arises.
+    However, by deleting the directory, the Docker volumes are not deleted.
 
-The solution is to delete the stale docker volume. **Be careful**, this will
-delete all data in those volumes (any thing you uploaded etc), so first
-understand if this is the exact problem you are facing before deleting those
-volumes.
+    Thus the older volumes with previous cluster's credentials are used for new
+    cluster and the error arises.
 
-If you're sure of what you're doing, the volumes can be deleted by
+    Deletion of the stale Docker volume can solve this. **Be careful**, this
+    will delete all data in those volumes (any thing you uploaded etc). Do this
+    if you are sure this is the exact problem.
 
-```sh
-docker volume ls
-```
+    ```shell
+    docker volume ls
+    ```
 
-to list them, and then delete the ones that begin with `my-ente` using
-`docker volume rm`. You can delete all stale volumes by using
-`docker system prune` with the `--volumes` flag, but be _really_ careful,
-that'll delete all volumes (Ente or otherwise) on your machine that are not
-currently in use by a running docker container.
+    to list them, and then delete the ones that begin with `my-ente` using
+    `docker volume rm`. You can delete all stale volumes by using
+    `docker system prune` with the `--volumes` flag, but be _really_ careful,
+    that'll delete all volumes (Ente or otherwise) on your machine that are not
+    currently in use by a running Docker container.
 
-An alternative way is to delete the volumes along with removal of cluster's
-containers using `docker compose` inside `my-ente` directory.
+    An alternative way is to delete the volumes along with removal of cluster's
+    containers using `docker compose` inside `my-ente` directory.
 
-```sh
-docker compose down --volumes
-```
+    ```sh
+    docker compose down --volumes
+    ```
 
-If you're unsure about removing volumes, another alternative is to rename your
-`my-ente` folder. Docker uses the folder name to determine the volume name
-prefix, so giving it a different name will cause Docker to create a volume
-afresh for it.
+    If you're unsure about removing volumes, another alternative is to rename
+    your `my-ente` folder. Docker uses the folder name to determine the volume
+    name prefix, so giving it a different name will cause Docker to create a
+    volume afresh for it.
 
 ## MinIO provisioning error
 
-If you have used our quickstart script for self-hosting Ente (new users will be unaffected) and are using the default MinIO container for object storage, you may run into issues while starting the cluster after pulling latest images with provisioning MinIO and creating buckets.
-
-You may encounter similar logs while trying to start the cluster:
+If you encounter similar logs while starting your Docker Compose cluster
 
 ```
 my-ente-minio-1 ->  | Waiting for minio...
@@ -148,30 +142,19 @@ my-ente-minio-1 ->  | Waiting for minio...
 my-ente-minio-1 ->  | Waiting for minio...
 ```
 
-MinIO has deprecated the `mc config` command in favor of `mc alias set` resulting in failure in execution of the command for creating bucket using `post_start` hook.
-
-This can be resolved by changing `mc config host h0 add http://minio:3200 $minio_user $minio_pass` to `mc alias set h0 http://minio:3200  $minio_user $minio_pass`
+This could be due to usage of deprecated MinIO `mc config` command. Changing
+`mc config host h0 add` to `mc alias set h0` resolves this.
 
 Thus the updated `post_start` will look as follows for `minio` service:
 
-``` yaml
-    minio: 
+```yaml
+    minio:
         ...
         post_start:
         - command: |
             sh -c '
             #!/bin/sh
-
             while ! mc alias set h0 http://minio:3200 your_minio_user your_minio_pass 2>/dev/null
-            do
-                echo "Waiting for minio..."
-                sleep 0.5
-            done
-
-            cd /data
-
-            mc mb -p b2-eu-cen
-            mc mb -p wasabi-eu-central-2-v3
-            mc mb -p scw-eu-fr-v3
+            ...
             '
-```
+```

docs/docs/self-hosting/troubleshooting/keyring.md

@@ -1,39 +0,0 @@
----
-title: Ente CLI Secrets
-description: A quick hotfix for keyring errors while running Ente CLI.
----
-
-# Ente CLI Secrets
-
-Ente CLI makes use of system keyring for storing sensitive information like your
-passwords. And running the CLI straight out of the box might give you some
-errors related to keyrings in some case.
-
-Follow the below steps to run Ente CLI and also avoid keyrings errors.
-
-Run:
-
-```sh
-# export the secrets path
-
-export ENTE_CLI_SECRETS_PATH=./<path-to-secrets.txt>
-
-./ente-cli
-```
-
-You can also add the above line to your shell's rc file, to prevent the need to
-export manually every time.
-
-Then one of the following:
-
-1. If the file doesn't exist, Ente CLI will create it and fill it with a random
-   32 character encryption key.
-2. If you do create the file, please fill it with a cryptographically generated
-   32 byte string.
-
-And you are good to go.
-
-## Ref
-
-- [Ente CLI Secrets Path](https://www.reddit.com/r/selfhosted/comments/1gc09il/comment/lu2hox2/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
-- [Keyrings](https://man7.org/linux/man-pages/man7/keyrings.7.html)

docs/docs/self-hosting/troubleshooting/misc.md

@@ -1,8 +1,10 @@
 ---
-title: General troubleshooting cases
+title: General troubleshooting cases - Self-hosting
 description: Fixing various errors when trying to self host Ente
 ---
 
+# Troubleshooting
+
 ## Functionality not working on self hosted instance
 
 If some specific functionality (e.g. album listing, video playback) does not

docs/docs/self-hosting/troubleshooting/uploads.md

@@ -1,5 +1,5 @@
 ---
-title: Uploads
+title: Uploads - Self-hosting
 description: Fixing upload errors when trying to self host Ente
 ---
 
@@ -9,23 +9,14 @@ Here are some errors our community members frequently encountered with the
 context and potential fixes.
 
 Fundamentally in most situations, the problem is because of minor mistakes or
-misconfiguration. Please make sure to reverse proxy museum and MinIO API
+misconfiguration. Please make sure to reverse proxy Museum and MinIO API
 endpoint to a domain and check your S3 credentials and whole configuration file
 for any minor misconfigurations.
 
 It is also suggested that the user setups bucket CORS or global CORS on MinIO or
 any external S3 service provider they are connecting to. To setup bucket CORS,
-please [read this](/self-hosting/troubleshooting/bucket-cors).
-
-## What is S3 and how is it incorporated in Ente ?
-
-S3 is an cloud storage protocol made by Amazon (specifically AWS). S3 is
-designed to store files and data as objects inside buckets and it is mostly used
-for online backups and storing different types of files.
-
-Ente's Docker setup is shipped with [MinIO](https://min.io/) as its default S3
-provider. MinIO supports the Amazon S3 protocol and leverages your disk storage
-to dump all the uploaded files as encrypted object blobs.
+please
+[read this](/self-hosting/administration/object-storage#cors-cross-origin-resource-sharing).
 
 ## 403 Forbidden
 

docs/docs/self-hosting/troubleshooting/yarn.md

@@ -1,14 +0,0 @@
----
-title: Yarn errors
-description: Fixing yarn install errors when trying to self host Ente
----
-
-# Yarn
-
-If `yarn install` is failing, make sure you are using Yarn v1 (also known as
-"Yarn Classic"):
-
-- https://classic.yarnpkg.com/lang/en/docs/install
-
-For more details, see the
-[getting started instructions](https://github.com/ente-io/ente/blob/main/web/docs/new.md).

infra/services/caddy/Caddyfile

@@ -0,0 +1,15 @@
+{
+	email custom-domains@ente.io
+	on_demand_tls {
+		ask https://api.ente.io/custom-domain
+	}
+}
+
+https:// {
+	tls {
+		on_demand
+	}
+	reverse_proxy https://custom-albums.ente.io {
+		header_up Host {upstream_hostport}
+	}
+}

infra/services/caddy/README.md

@@ -0,0 +1,19 @@
+# Caddy
+
+Caddy is used to terminate TLS and manage certificates for custom domains.
+
+## Installation
+
+```sh
+sudo mkdir -p /root/caddy/conf
+sudo mv Caddyfile /root/caddy/conf
+sudo chown root:root /root/caddy/conf/Caddyfile
+```
+
+Rest of it works like our other systemd services.
+
+If the Caddyfile changes, the running instance can be updated without restarts by using `sudo systemctl reload caddy`.
+
+## Backups
+
+The entire `/root/caddy` directory can be backed up and contains the everything needed to resurrect the same setup.

infra/services/caddy/caddy.service

@@ -0,0 +1,17 @@
+[Unit]
+Documentation=https://caddyserver.com/docs/running
+Requires=docker.service
+After=docker.service
+
+[Service]
+ExecStartPre=docker pull caddy
+ExecStartPre=-docker stop caddy
+ExecStartPre=-docker rm caddy
+ExecStart=docker run --name caddy \
+    --cap-add NET_ADMIN \
+    -p 80:80 -p 443:443 -p 443:443/udp \
+    -v /root/caddy/conf:/etc/caddy \
+    -v /root/caddy/data:/data \
+    -v /root/caddy/config:/config \
+    caddy
+ExecReload=docker exec -w /etc/caddy caddy caddy reload

infra/staff/.prettierrc.json

@@ -1,6 +1,5 @@
 {
     "tabWidth": 4,
-    "proseWrap": "always",
     "plugins": [
         "prettier-plugin-organize-imports",
         "prettier-plugin-packagejson"