Docker story refactoring

2025-11-20 05:36:03 -05:00 · 2025-11-17 11:09:38 +02:00
52 changed files with 3025 additions and 576 deletions
--- a/.docker-backup/Dockerfile
+++ b/.docker-backup/Dockerfile
@@ -0,0 +1,113 @@
 FROM python:3.13.5-slim-bookworm AS build-image
 # Install system dependencies needed for downloading and extracting
 RUN apt-get update -y && \
    apt-get install -y --no-install-recommends wget xz-utils unzip && \
    rm -rf /var/lib/apt/lists/* && \
    apt-get purge --auto-remove && \
    apt-get clean
 RUN wget -q https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
 RUN mkdir -p ffmpeg-tmp && \
    tar -xf ffmpeg-release-amd64-static.tar.xz --strip-components 1 -C ffmpeg-tmp && \
    cp -v ffmpeg-tmp/ffmpeg ffmpeg-tmp/ffprobe ffmpeg-tmp/qt-faststart /usr/local/bin && \
    rm -rf ffmpeg-tmp ffmpeg-release-amd64-static.tar.xz
 # Install Bento4 in the specified location
 RUN mkdir -p /home/mediacms.io/bento4 && \
    wget -q http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip && \
    unzip Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip -d /home/mediacms.io/bento4 && \
    mv /home/mediacms.io/bento4/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/* /home/mediacms.io/bento4/ && \
    rm -rf /home/mediacms.io/bento4/Bento4-SDK-1-6-0-637.x86_64-unknown-linux && \
    rm -rf /home/mediacms.io/bento4/docs && \
    rm Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip
 ############ BASE RUNTIME IMAGE ############
 FROM python:3.13.5-slim-bookworm AS base
 SHELL ["/bin/bash", "-c"]
 ENV PYTHONUNBUFFERED=1
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV CELERY_APP='cms'
 ENV VIRTUAL_ENV=/home/mediacms.io
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 # Install system dependencies first
 RUN apt-get update -y && \
    apt-get -y upgrade && \
    apt-get install --no-install-recommends -y \
        supervisor \
        nginx \
        imagemagick \
        procps \
        build-essential \
        pkg-config \
        zlib1g-dev \
        zlib1g \
        libxml2-dev \
        libxmlsec1-dev \
        libxmlsec1-openssl \
        libpq-dev \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # Set up virtualenv first
 RUN mkdir -p /home/mediacms.io/mediacms/{logs} && \
    cd /home/mediacms.io && \
    python3 -m venv $VIRTUAL_ENV
 # Copy requirements files
 COPY requirements.txt requirements-dev.txt ./
 # Install Python dependencies using pip (within virtualenv)
 ARG DEVELOPMENT_MODE=False
 RUN pip install --no-cache-dir uv && \
    uv pip install --no-binary lxml --no-binary xmlsec -r requirements.txt && \
    if [ "$DEVELOPMENT_MODE" = "True" ]; then \
        echo "Installing development dependencies..." && \
        uv pip install -r requirements-dev.txt; \
    fi && \
    apt-get purge -y --auto-remove \
        build-essential \
        pkg-config \
        libxml2-dev \
        libxmlsec1-dev \
        libpq-dev
 # Copy ffmpeg and Bento4 from build image
 COPY --from=build-image /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
 COPY --from=build-image /usr/local/bin/ffprobe /usr/local/bin/ffprobe
 COPY --from=build-image /usr/local/bin/qt-faststart /usr/local/bin/qt-faststart
 COPY --from=build-image /home/mediacms.io/bento4 /home/mediacms.io/bento4
 # Copy application files
 COPY . /home/mediacms.io/mediacms
 WORKDIR /home/mediacms.io/mediacms
 # required for sprite thumbnail generation for large video files
 COPY deploy/docker/policy.xml /etc/ImageMagick-6/policy.xml
 # Set process control environment variables
 ENV ENABLE_UWSGI='yes' \
    ENABLE_NGINX='yes' \
    ENABLE_CELERY_BEAT='yes' \
    ENABLE_CELERY_SHORT='yes' \
    ENABLE_CELERY_LONG='yes' \
    ENABLE_MIGRATIONS='yes'
 EXPOSE 9000 80
 RUN chmod +x ./deploy/docker/entrypoint.sh
 ENTRYPOINT ["./deploy/docker/entrypoint.sh"]
 CMD ["./deploy/docker/start.sh"]
 ############ FULL IMAGE ############
 FROM base AS full
 COPY requirements-full.txt ./
 RUN mkdir -p /root/.cache/ && \
    chmod go+rwx /root/ && \
    chmod go+rwx /root/.cache/
 RUN uv pip install -r requirements-full.txt
--- a/.docker-backup/docker-compose-cert.yaml
+++ b/.docker-backup/docker-compose-cert.yaml
@@ -0,0 +1,119 @@
 version: "3"
 services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./deploy/docker/reverse_proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
  acme-companion:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    volumes_from:
      - nginx-proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
  migrations:
    image: mediacms/mediacms:latest
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ADMIN_USER: 'admin'
      ADMIN_EMAIL: 'Y'
      ADMIN_PASSWORD: 'X'
    command: "./deploy/docker/prestart.sh"
    restart: on-failure
    depends_on:
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
  web:
    image: mediacms/mediacms:latest
    deploy:
      replicas: 1
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
      VIRTUAL_HOST: 'X.mediacms.io'
      LETSENCRYPT_HOST: 'X.mediacms.io'
      LETSENCRYPT_EMAIL: 'X'
    depends_on:
      - migrations
  celery_beat:
    image: mediacms/mediacms:latest
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - redis
  celery_worker:
    image: mediacms/mediacms:full
    deploy:
      replicas: 1
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - migrations
  db:
    image: postgres:17.2-alpine
    volumes:
      - ../postgres_data:/var/lib/postgresql/data/
    restart: always
    environment:
      POSTGRES_USER: mediacms
      POSTGRES_PASSWORD: mediacms
      POSTGRES_DB: mediacms
      TZ: Europe/London
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: "redis:alpine"
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli","ping"]
      interval: 10s
      timeout: 5s
      retries: 3
 volumes:
  conf:
  vhost:
  html:
  dhparam:
  certs:
  acme:
--- a/.docker-backup/docker-compose-dev.yaml
+++ b/.docker-backup/docker-compose-dev.yaml
@@ -0,0 +1,89 @@
 version: "3"
 services:
  migrations:
    build:
      context: .
      dockerfile: ./Dockerfile
      target: base
      args:
        - DEVELOPMENT_MODE=True
    image: mediacms/mediacms-dev:latest
    volumes:
      - ./:/home/mediacms.io/mediacms/
    command: "./deploy/docker/prestart.sh"
    environment:
      DEVELOPMENT_MODE: True
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ADMIN_USER: 'admin'
      ADMIN_EMAIL: 'admin@localhost'
      ADMIN_PASSWORD: 'admin'
    restart: on-failure
    depends_on:
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
  frontend:
    image: node:20
    volumes:
      - ${PWD}/frontend:/home/mediacms.io/mediacms/frontend/
    working_dir: /home/mediacms.io/mediacms/frontend/
    command: bash -c "npm install && npm run start"
    env_file:
      - ${PWD}/frontend/.env
    ports:
      - "8088:8088"
    depends_on:
      - web
  web:
    image: mediacms/mediacms-dev:latest
    command: "python manage.py runserver 0.0.0.0:80"
    environment:
      DEVELOPMENT_MODE: True
    ports:
      - "80:80"
    volumes:
      - ./:/home/mediacms.io/mediacms/
    depends_on:
      - migrations
  db:
    image: postgres:17.2-alpine
    volumes:
      - ../postgres_data:/var/lib/postgresql/data/
    restart: always
    environment:
      POSTGRES_USER: mediacms
      POSTGRES_PASSWORD: mediacms
      POSTGRES_DB: mediacms
      TZ: Europe/London
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}", "--host=db", "--dbname=$POSTGRES_DB", "--username=$POSTGRES_USER"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: "redis:alpine"
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
  celery_worker:
    image: mediacms/mediacms-dev:latest
    deploy:
      replicas: 1
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - web
--- a/.docker-backup/docker-compose.yaml
+++ b/.docker-backup/docker-compose.yaml
@@ -0,0 +1,86 @@
 version: "3"
 services:
  migrations:
    image: mediacms/mediacms:latest
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ADMIN_USER: 'admin'
      ADMIN_EMAIL: 'admin@localhost'
      # ADMIN_PASSWORD: 'uncomment_and_set_password_here'
    command: "./deploy/docker/prestart.sh"
    restart: on-failure
    depends_on:
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
  web:
    image: mediacms/mediacms:latest
    deploy:
      replicas: 1
    ports:
      - "80:80"
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - migrations
  celery_beat:
    image: mediacms/mediacms:latest
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - redis
  celery_worker:
    image: mediacms/mediacms:latest
    deploy:
      replicas: 1
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - migrations
  db:
    image: postgres:17.2-alpine
    volumes:
      - ../postgres_data:/var/lib/postgresql/data/
    restart: always
    environment:
      POSTGRES_USER: mediacms
      POSTGRES_PASSWORD: mediacms
      POSTGRES_DB: mediacms
      TZ: Europe/London
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: "redis:alpine"
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli","ping"]
      interval: 10s
      timeout: 5s
      retries: 3
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,37 @@
 # Dependencies
 node_modules
-npm-debug.log
+npm-debug.log
 # Local development files - exclude uploaded content but keep placeholder images
 media_files/*
 !media_files/userlogos/
 media_files/userlogos/*
 !media_files/userlogos/*.jpg
 logs
 static_collected
 # Version control
 .git
 .github
 .gitignore
 # Development/testing
 .pytest_cache
 .qodo
 .claude
 # Docker
 .dockerignore
 Dockerfile
 docker-compose*.yml
 .docker-backup
 # Documentation (if you don't need it in the image)
 docs
 # Other
 *.pyc
 __pycache__
 .env
 .vscode
 .idea
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -21,8 +21,8 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Docker meta for base image
+      - name: Docker meta for web image
-        id: meta-base
+        id: meta-web
        uses: docker/metadata-action@v4
        with:
          images: |
@@ -40,39 +40,95 @@ jobs:
            org.opencontainers.image.source=https://github.com/mediacms-io/mediacms
            org.opencontainers.image.licenses=AGPL-3.0
-      - name: Docker meta for full image
+      - name: Build and push web image
-        id: meta-full
+        uses: docker/build-push-action@v4
        with:
          context: .
          target: web
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta-web.outputs.tags }}
          labels: ${{ steps.meta-web.outputs.labels }}
      - name: Docker meta for worker image
        id: meta-worker
        uses: docker/metadata-action@v4
        with:
          images: |
-            mediacms/mediacms
+            mediacms/mediacms-worker
          tags: |
-            type=raw,value=full,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-            type=semver,pattern={{version}}-full
+            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}-full
+            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}-full
+            type=semver,pattern={{major}}
          labels: |
-            org.opencontainers.image.title=MediaCMS Full
+            org.opencontainers.image.title=MediaCMS Worker
-            org.opencontainers.image.description=MediaCMS is a modern, fully featured open source video and media CMS, written in Python/Django and React, featuring a REST API. This is the full version with additional dependencies.
+            org.opencontainers.image.description=MediaCMS Celery worker for background task processing.
            org.opencontainers.image.vendor=MediaCMS
            org.opencontainers.image.url=https://mediacms.io/
            org.opencontainers.image.source=https://github.com/mediacms-io/mediacms
            org.opencontainers.image.licenses=AGPL-3.0
-      - name: Build and push full image
+      - name: Build and push worker image
        uses: docker/build-push-action@v4
        with:
          context: .
-          target: full
+          target: worker
          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta-full.outputs.tags }}
+          tags: ${{ steps.meta-worker.outputs.tags }}
-          labels: ${{ steps.meta-full.outputs.labels }}
+          labels: ${{ steps.meta-worker.outputs.labels }}
-      - name: Build and push base image
+      - name: Docker meta for worker-full image
        id: meta-worker-full
        uses: docker/metadata-action@v4
        with:
          images: |
            mediacms/mediacms-worker
          tags: |
            type=raw,value=latest-full,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
            type=semver,pattern={{version}}-full
            type=semver,pattern={{major}}.{{minor}}-full
            type=semver,pattern={{major}}-full
          labels: |
            org.opencontainers.image.title=MediaCMS Worker Full
            org.opencontainers.image.description=MediaCMS Celery worker with additional codecs for advanced transcoding features.
            org.opencontainers.image.vendor=MediaCMS
            org.opencontainers.image.url=https://mediacms.io/
            org.opencontainers.image.source=https://github.com/mediacms-io/mediacms
            org.opencontainers.image.licenses=AGPL-3.0
      - name: Build and push worker-full image
        uses: docker/build-push-action@v4
        with:
          context: .
-          target: base
+          target: worker-full
          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta-base.outputs.tags }}
+          tags: ${{ steps.meta-worker-full.outputs.tags }}
-          labels: ${{ steps.meta-base.outputs.labels }}
+          labels: ${{ steps.meta-worker-full.outputs.labels }}
      - name: Docker meta for nginx image
        id: meta-nginx
        uses: docker/metadata-action@v4
        with:
          images: |
            mediacms/mediacms-nginx
          tags: |
            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
          labels: |
            org.opencontainers.image.title=MediaCMS Nginx
            org.opencontainers.image.description=Nginx web server for MediaCMS, serving static and media files.
            org.opencontainers.image.vendor=MediaCMS
            org.opencontainers.image.url=https://mediacms.io/
            org.opencontainers.image.source=https://github.com/mediacms-io/mediacms
            org.opencontainers.image.licenses=AGPL-3.0
      - name: Build and push nginx image
        uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile.nginx
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta-nginx.outputs.tags }}
          labels: ${{ steps.meta-nginx.outputs.labels }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,10 @@
 cli-tool/.env
 frontend/package-lock.json
 custom/local_settings.py
 custom/static/images/*
 !custom/static/images/.gitkeep
 custom/static/css/*
 !custom/static/css/.gitkeep
 media_files/encoded/
 media_files/original/
 media_files/hls/
@@ -17,7 +22,7 @@ static/mptt/
 static/rest_framework/
 static/drf-yasg
 cms/local_settings.py
-deploy/docker/local_settings.py
+config/local_settings.py
 yt.readme.md
 /frontend-tools/video-editor/node_modules
 /frontend-tools/video-editor/client/node_modules
@@ -35,3 +40,4 @@ frontend-tools/video-editor/client/public/videos/sample-video.mp3
 frontend-tools/chapters-editor/client/public/videos/sample-video.mp3
 static/chapters_editor/videos/sample-video.mp3
 static/video_editor/videos/sample-video.mp3
 backups/
--- a/DOCKER_RESTRUCTURE_SUMMARY.md
+++ b/DOCKER_RESTRUCTURE_SUMMARY.md
@@ -0,0 +1,441 @@
 # MediaCMS Docker Restructure Summary - Version 7.3
 ## Overview
 MediaCMS 7.3 introduces a complete Docker architecture restructure, moving from a monolithic supervisord-based setup to modern microservices with proper separation of concerns.
 **⚠️ BREAKING CHANGES** - See [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md) for migration guide.
 ## Architecture Comparison
 ### Before (7.x) - Monolithic
 ```
 ┌─────────────────────────────────────┐
 │   Single Container                  │
 │   ┌──────────┐                     │
 │   │Supervisor│                     │
 │   └────┬─────┘                     │
 │        ├─── nginx (port 80)        │
 │        ├─── uwsgi (Django)         │
 │        ├─── celery beat            │
 │        ├─── celery workers         │
 │        └─── migrations             │
 │                                     │
 │  Volumes: ./ mounted to container  │
 └─────────────────────────────────────┘
 ```
 ### After (7.3) - Microservices
 ```
 ┌────────┐  ┌─────┐  ┌───────────┐  ┌──────────┐
 │ nginx  │→ │ web │  │celery_beat│  │  celery  │
 │        │  │uwsgi│  │           │  │ workers  │
 └────────┘  └─────┘  └───────────┘  └──────────┘
                │
        ┌───────┴────────┐
        │  db   │  redis │
        └───────┴────────┘
 Volumes: Named volumes + custom/ bind mount
 ```
 ## What Changed
 ### 1. Container Services
 | Component | Before (7.x) | After (7.3) |
 |-----------|-------------|-------------|
 | **nginx** | Inside main container | Separate container |
 | **Django/uWSGI** | Inside main container | Dedicated `web` container |
 | **Celery Beat** | Inside main container | Dedicated container |
 | **Celery Workers** | Inside main container | Separate containers (short/long) |
 | **Migrations** | Via environment flag | Init container (runs once) |
 ### 2. Volume Strategy
 | Data | Before (7.x) | After (7.3) |
 |------|-------------|-------------|
 | **Application code** | Bind mount `./` | **Built into image** |
 | **Media files** | `./media_files` | **Named volume** `media_files` |
 | **Static files** | `./static` | **Built into image** (collectstatic at build) |
 | **Logs** | `./logs` | **Named volume** `logs` |
 | **PostgreSQL** | `../postgres_data` | **Named volume** `postgres_data` |
 | **Custom config** | `cms/local_settings.py` | **Bind mount** `./custom/` |
 ### 3. Removed Components
 - ❌ supervisord and all supervisord configs
 - ❌ docker-entrypoint.sh (permission fixing script)
 - ❌ `ENABLE_*` environment variables
 - ❌ Runtime collectstatic
 - ❌ nginx from base image
 ### 4. New Components
 - ✅ `custom/` directory for user customizations
 - ✅ Multi-stage Dockerfile (base, web, worker, worker-full)
 - ✅ Separate nginx image (`Dockerfile.nginx`)
 - ✅ Build-time collectstatic
 - ✅ USER www-data (non-root containers)
 - ✅ Health checks for all services
 - ✅ Makefile with common tasks
 ## Key Improvements
 ### Security
 - ✅ Containers run as `www-data` (UID 33), not root
 - ✅ Read-only mounts where possible
 - ✅ Smaller attack surface per container
 - ✅ No privilege escalation needed
 ### Performance
 - ✅ Named volumes have better I/O than bind mounts
 - ✅ Static files built into image (no runtime collection)
 - ✅ Faster container startups
 - ✅ No chown on millions of files at startup
 ### Scalability
 - ✅ Scale web and workers independently
 - ✅ Ready for load balancing
 - ✅ Can use Docker Swarm or Kubernetes
 - ✅ Horizontal scaling: `docker compose scale celery_short=3`
 ### Maintainability
 - ✅ One process per container (proper separation)
 - ✅ Clear service dependencies
 - ✅ Standard Docker patterns
 - ✅ Easier debugging (service-specific logs)
 - ✅ Immutable images
 ### Developer Experience
 - ✅ Separate dev compose with hot reload
 - ✅ `custom/` directory for all customizations
 - ✅ Clear documentation and examples
 - ✅ Makefile targets for common tasks
 ## New Customization System
 ### The `custom/` Directory
 All user customizations now go in a dedicated directory:
 ```
 custom/
 ├── README.md                    # Full documentation
 ├── local_settings.py.example    # Template file
 ├── local_settings.py            # Your Django settings (gitignored)
 └── static/
    ├── images/                  # Custom logos (gitignored)
    │   └── logo_dark.png
    └── css/                     # Custom CSS (gitignored)
        └── custom.css
 ```
 **Benefits:**
 - Clear separation from core code
 - Works out-of-box (empty directory is fine)
 - Gitignored customizations
 - Well documented with examples
 See [`custom/README.md`](./custom/README.md) for usage guide.
 ## Docker Images
 ### Images to Build
 ```bash
 # Web image (Django + uWSGI)
 docker build --target web -t mediacms/mediacms:7.3 .
 # Worker image (Celery)
 docker build --target worker -t mediacms/mediacms-worker:7.3 .
 # Worker-full image (Celery with extra codecs)
 docker build --target worker-full -t mediacms/mediacms-worker:7.3-full .
 # Nginx image
 docker build -f Dockerfile.nginx -t mediacms/mediacms-nginx:7.3 .
 ```
 ### Image Sizes
 | Image | Approximate Size |
 |-------|-----------------|
 | mediacms:7.3 | ~800MB |
 | mediacms-worker:7.3 | ~800MB |
 | mediacms-worker:7.3-full | ~1.2GB |
 | mediacms-nginx:7.3 | ~50MB |
 ## Deployment Scenarios
 ### 1. Development
 ```bash
 docker compose -f docker-compose-dev.yaml up
 ```
 **Features:**
 - File mounts for live editing
 - Django runserver with DEBUG=True
 - Frontend hot reload
 - Immediate code changes
 ### 2. Production (HTTP)
 ```bash
 docker compose up -d
 ```
 **Features:**
 - Immutable images
 - Named volumes for data
 - Production-ready
 - Port 80
 ### 3. Production (HTTPS with Let's Encrypt)
 ```bash
 docker compose -f docker-compose.yaml -f docker-compose-cert.yaml up -d
 ```
 **Features:**
 - Automatic SSL certificates
 - Auto-renewal
 - nginx-proxy + acme-companion
 - Production-ready
 ## Minimal Deployment (No Code Required!)
 **Version 7.3 requires ONLY:**
 1. ✅ `docker-compose.yaml` file
 2. ✅ Docker images (from Docker Hub)
 3. ⚠️ `custom/` directory (optional, only if customizing)
 **No git repo needed!** Download docker-compose.yaml from release/docs and start.
 ## Migration Requirements
 ### Breaking Changes
 ⚠️ **Not backward compatible** - Manual migration required
 **What needs migration:**
 1. ✅ PostgreSQL database (dump and restore)
 2. ✅ Media files (copy to named volume)
 3. ✅ Custom settings → `custom/local_settings.py` (if you had them)
 4. ✅ Custom logos/CSS → `custom/static/` (if you had them)
 5. ⚠️ Backup scripts (new volume paths)
 6. ⚠️ Monitoring (new container names)
 ### Migration Steps
 See [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md) for complete guide.
 **Quick overview:**
 ```bash
 # 1. Backup
 docker compose exec db pg_dump -U mediacms mediacms > backup.sql
 tar -czf media_backup.tar.gz media_files/
 cp docker-compose.yaml docker-compose.yaml.old
 # 2. Download new docker-compose.yaml
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 # 3. Create custom/ if needed
 mkdir -p custom/static/{images,css}
 # Copy your old settings/logos if you had them
 # 4. Pull images and start
 docker compose pull
 docker compose up -d
 # 5. Restore data
 cat backup.sql | docker compose exec -T db psql -U mediacms mediacms
 # (See full guide for media migration)
 ```
 ## Configuration Files
 ### Created/Reorganized
 ```
 ├── Dockerfile                    # Multi-stage (base, web, worker)
 ├── Dockerfile.nginx             # Nginx image
 ├── docker-compose.yaml          # Production
 ├── docker-compose-cert.yaml     # Production + HTTPS
 ├── docker-compose-dev.yaml      # Development
 ├── Makefile                     # Common tasks
 ├── custom/                      # User customizations
 │   ├── README.md
 │   ├── local_settings.py.example
 │   └── static/
 ├── config/
 │   ├── imagemagick/policy.xml
 │   ├── nginx/
 │   │   ├── nginx.conf
 │   │   └── site.conf
 │   ├── nginx-proxy/
 │   │   └── client_max_body_size.conf
 │   └── uwsgi/
 │       └── uwsgi.ini
 └── scripts/
    └── run-migrations.sh
 ```
 ## Makefile Targets
 New Makefile with common operations:
 ```bash
 make backup-db              # PostgreSQL dump with timestamp
 make admin-shell            # Quick Django shell access
 make build-frontend         # Rebuild frontend assets
 make test                   # Run test suite
 ```
 ## Rollback Strategy
 If migration fails:
 ```bash
 # 1. Stop new version
 docker compose down
 # 2. Checkout old version
 git checkout main
 # 3. Restore old compose
 git checkout main docker-compose.yaml
 # 4. Restore data from backups
 # (See UPGRADE_TO_7.3.md for details)
 # 5. Start old version
 docker compose up -d
 ```
 ## Testing Checklist
 Before production deployment:
 - [ ] Migrations run successfully
 - [ ] Static files load correctly
 - [ ] Media files upload/download work
 - [ ] Video transcoding works (check celery_long logs)
 - [ ] Admin panel accessible
 - [ ] Custom settings loaded (if using custom/)
 - [ ] Database persists across restarts
 - [ ] Media persists across restarts
 - [ ] Logs accessible via `docker compose logs`
 - [ ] Health checks pass: `docker compose ps`
 ## Common Post-Upgrade Tasks
 ### View Logs
 ```bash
 # Before: tail -f logs/uwsgi.log
 # After:
 docker compose logs -f web
 docker compose logs -f celery_long
 ```
 ### Access Shell
 ```bash
 # Before: docker exec -it <container> bash
 # After:
 make admin-shell
 # Or: docker compose exec web bash
 ```
 ### Restart Service
 ```bash
 # Before: docker restart <container>
 # After:
 docker compose restart web
 ```
 ### Scale Workers
 ```bash
 # New capability:
 docker compose up -d --scale celery_short=3 --scale celery_long=2
 ```
 ### Database Backup
 ```bash
 # Before: Custom script
 # After:
 make backup-db
 ```
 ## Performance Considerations
 ### Startup Time
 - **Before**: Slower (chown on all files)
 - **After**: Faster (no permission fixing)
 ### I/O Performance
 - **Before**: Bind mount overhead
 - **After**: Named volumes (better performance)
 ### Memory Usage
 - **Before**: Single large container
 - **After**: Multiple smaller containers (better resource allocation)
 ## New Volume Management
 ### List Volumes
 ```bash
 docker volume ls | grep mediacms
 ```
 ### Inspect Volume
 ```bash
 docker volume inspect mediacms_media_files
 ```
 ### Backup Volume
 ```bash
 docker run --rm \
  -v mediacms_media_files:/data:ro \
  -v $(pwd):/backup \
  alpine tar czf /backup/media_backup.tar.gz -C /data .
 ```
 ## Documentation
 - **Upgrade Guide**: [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md)
 - **Customization**: [`custom/README.md`](./custom/README.md)
 - **Admin Docs**: `docs/admins_docs.md`
 ## Timeline Estimates
 | Instance Size | Expected Migration Time |
 |---------------|------------------------|
 | Small (<100 videos) | 30-60 minutes |
 | Medium (100-1000 videos) | 1-3 hours |
 | Large (>1000 videos) | 3-8 hours |
 **Plan accordingly and schedule during low-traffic periods!**
 ## Getting Help
 1. Read [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md) thoroughly
 2. Check [`custom/README.md`](./custom/README.md) for customization
 3. Search GitHub Issues
 4. Test in staging first
 5. Keep backups for at least 1 week post-upgrade
 ## Next Steps
 1. ✅ Read [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md)
 2. ✅ Test in development: `docker compose -f docker-compose-dev.yaml up`
 3. ✅ Backup production data
 4. ✅ Test migration in staging
 5. ✅ Plan maintenance window
 6. ✅ Execute migration
 7. ✅ Monitor for 24-48 hours
 ---
 **Ready to upgrade?** Start with: [`UPGRADE_TO_7.3.md`](./UPGRADE_TO_7.3.md)
--- a/81
+++ b/81
@@ -1,6 +1,5 @@
 FROM python:3.13.5-slim-bookworm AS build-image
 # Install system dependencies needed for downloading and extracting
 RUN apt-get update -y && \
    apt-get install -y --no-install-recommends wget xz-utils unzip && \
    rm -rf /var/lib/apt/lists/* && \
@@ -14,7 +13,6 @@ RUN mkdir -p ffmpeg-tmp && \
    cp -v ffmpeg-tmp/ffmpeg ffmpeg-tmp/ffprobe ffmpeg-tmp/qt-faststart /usr/local/bin && \
    rm -rf ffmpeg-tmp ffmpeg-release-amd64-static.tar.xz
 # Install Bento4 in the specified location
 RUN mkdir -p /home/mediacms.io/bento4 && \
    wget -q http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip && \
    unzip Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip -d /home/mediacms.io/bento4 && \
@@ -26,20 +24,21 @@ RUN mkdir -p /home/mediacms.io/bento4 && \
 ############ BASE RUNTIME IMAGE ############
 FROM python:3.13.5-slim-bookworm AS base
 LABEL org.opencontainers.image.version="7.3"
 LABEL org.opencontainers.image.title="MediaCMS"
 LABEL org.opencontainers.image.description="Modern, scalable and open source video platform"
 SHELL ["/bin/bash", "-c"]
-ENV PYTHONUNBUFFERED=1
+ENV PYTHONUNBUFFERED=1 \
-ENV PYTHONDONTWRITEBYTECODE=1
+    PYTHONDONTWRITEBYTECODE=1 \
-ENV CELERY_APP='cms'
+    CELERY_APP='cms' \
-ENV VIRTUAL_ENV=/home/mediacms.io
+    VIRTUAL_ENV=/home/mediacms.io \
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+    PATH="$VIRTUAL_ENV/bin:$PATH"
 # Install system dependencies first
 RUN apt-get update -y && \
    apt-get -y upgrade && \
    apt-get install --no-install-recommends -y \
        supervisor \
        nginx \
        imagemagick \
        procps \
        build-essential \
@@ -50,18 +49,16 @@ RUN apt-get update -y && \
        libxmlsec1-dev \
        libxmlsec1-openssl \
        libpq-dev \
        gosu \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
-# Set up virtualenv first
+RUN mkdir -p /home/mediacms.io/mediacms/{logs,media_files,static} && \
 RUN mkdir -p /home/mediacms.io/mediacms/{logs} && \
    cd /home/mediacms.io && \
    python3 -m venv $VIRTUAL_ENV
 # Copy requirements files
 COPY requirements.txt requirements-dev.txt ./
 # Install Python dependencies using pip (within virtualenv)
 ARG DEVELOPMENT_MODE=False
 RUN pip install --no-cache-dir uv && \
    uv pip install --no-binary lxml --no-binary xmlsec -r requirements.txt && \
@@ -76,38 +73,54 @@ RUN pip install --no-cache-dir uv && \
        libxmlsec1-dev \
        libpq-dev
 # Copy ffmpeg and Bento4 from build image
 COPY --from=build-image /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
 COPY --from=build-image /usr/local/bin/ffprobe /usr/local/bin/ffprobe
 COPY --from=build-image /usr/local/bin/qt-faststart /usr/local/bin/qt-faststart
 COPY --from=build-image /home/mediacms.io/bento4 /home/mediacms.io/bento4
-# Copy application files
+COPY --chown=www-data:www-data . /home/mediacms.io/mediacms
 COPY . /home/mediacms.io/mediacms
 WORKDIR /home/mediacms.io/mediacms
-# required for sprite thumbnail generation for large video files
+# Copy imagemagick policy for sprite thumbnail generation
-COPY deploy/docker/policy.xml /etc/ImageMagick-6/policy.xml
+COPY config/imagemagick/policy.xml /etc/ImageMagick-6/policy.xml
-# Set process control environment variables
+# Create www-data user directories and set permissions
-ENV ENABLE_UWSGI='yes' \
+RUN mkdir -p /var/run/mediacms && \
-    ENABLE_NGINX='yes' \
+    chown -R www-data:www-data /home/mediacms.io/mediacms/logs \
-    ENABLE_CELERY_BEAT='yes' \
+                                /home/mediacms.io/mediacms/media_files \
-    ENABLE_CELERY_SHORT='yes' \
+                                /home/mediacms.io/mediacms/static \
-    ENABLE_CELERY_LONG='yes' \
+                                /var/run/mediacms
    ENABLE_MIGRATIONS='yes'
-EXPOSE 9000 80
+# Collect static files during build
 RUN python manage.py collectstatic --noinput && \
    chown -R www-data:www-data /home/mediacms.io/mediacms/static
-RUN chmod +x ./deploy/docker/entrypoint.sh
+# Run container as www-data user
 USER www-data
-ENTRYPOINT ["./deploy/docker/entrypoint.sh"]
+############ WEB IMAGE (Django/uWSGI) ############
-CMD ["./deploy/docker/start.sh"]
+FROM base AS web
 # Install uWSGI
 RUN uv pip install uwsgi
 # Copy uWSGI configuration
 COPY config/uwsgi/uwsgi.ini /home/mediacms.io/mediacms/uwsgi.ini
 EXPOSE 9000
 CMD ["/home/mediacms.io/bin/uwsgi", "--ini", "/home/mediacms.io/mediacms/uwsgi.ini"]
 ############ WORKER IMAGE (Celery) ############
 FROM base AS worker
 # CMD will be overridden in docker-compose for different worker types
 ############ FULL WORKER IMAGE (Celery with extra codecs) ############
 FROM worker AS worker-full
 ############ FULL IMAGE ############
 FROM base AS full
 COPY requirements-full.txt ./
 RUN mkdir -p /root/.cache/ && \
    chmod go+rwx /root/ && \
-    chmod go+rwx /root/.cache/
+    chmod go+rwx /root/.cache/ && \
-RUN uv pip install -r requirements-full.txt
+    uv pip install -r requirements-full.txt
--- a/Dockerfile.nginx
+++ b/Dockerfile.nginx
@@ -0,0 +1,18 @@
 FROM nginx:alpine
 LABEL org.opencontainers.image.version="7.3"
 LABEL org.opencontainers.image.title="MediaCMS Nginx"
 LABEL org.opencontainers.image.description="Nginx server for MediaCMS"
 # Copy nginx configurations
 COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY config/nginx/site.conf /etc/nginx/conf.d/default.conf
 COPY config/nginx/uwsgi_params /etc/nginx/uwsgi_params
 # Create directories for static and media files (will be volumes)
 RUN mkdir -p /var/www/media /var/www/static && \
    chown -R nginx:nginx /var/www
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
--- a/15
+++ b/15
@@ -1,4 +1,4 @@
-.PHONY: admin-shell build-frontend
+.PHONY: admin-shell build-frontend backup-db
 admin-shell:
 	@container_id=$$(docker compose ps -q web); \
@@ -17,3 +17,16 @@ build-frontend:
 test:
 	docker compose -f docker-compose-dev.yaml exec --env TESTING=True -T web pytest
 backup-db:
 	@echo "Creating PostgreSQL database dump..."
 	@mkdir -p backups
 	@timestamp=$$(date +%Y%m%d_%H%M%S); \
 	dump_file="backups/mediacms_dump_$${timestamp}.sql"; \
 	docker compose exec -T db pg_dump -U mediacms -d mediacms > "$${dump_file}"; \
 	if [ $$? -eq 0 ]; then \
 		echo "Database dump created successfully: $${dump_file}"; \
 	else \
 		echo "Database dump failed"; \
 		exit 1; \
 	fi
--- a/QUICKSTART.md
+++ b/QUICKSTART.md
@@ -0,0 +1,292 @@
 # MediaCMS 7.3 - Quick Start
 ## Minimal Deployment (No Code Required!)
 MediaCMS 7.3 can be deployed with **just 2 files**:
 1. `docker-compose.yaml`
 2. `custom/` directory (optional)
 **No git repo, no code checkout needed!** Everything runs from Docker images.
 ---
 ## Fresh Installation
 ### 1. Create deployment directory
 ```bash
 mkdir mediacms && cd mediacms
 ```
 ### 2. Download docker-compose.yaml
 ```bash
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 ```
 Or with curl:
 ```bash
 curl -O https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 ```
 ### 3. Start MediaCMS
 ```bash
 docker compose up -d
 ```
 ### 4. Access your site
 - **Frontend**: http://localhost
 - **Admin**: http://localhost/admin
  - Username: `admin`
  - Password: Check logs for auto-generated password:
    ```bash
    docker compose logs migrations | grep "password:"
    ```
 **That's it!** 🎉
 ---
 ## Optional: Customization
 ### Add Custom Settings
 ```bash
 # 1. Create custom directory
 mkdir -p custom/static/{images,css}
 # 2. Download example template
 wget -O custom/local_settings.py.example \
  https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/custom/local_settings.py.example
 # 3. Copy and edit
 cp custom/local_settings.py.example custom/local_settings.py
 nano custom/local_settings.py
 ```
 Example customizations:
 ```python
 # custom/local_settings.py
 DEBUG = False
 ALLOWED_HOSTS = ['media.example.com']
 PORTAL_NAME = "My Media Portal"
 ```
 ### Add Custom Logo
 ```bash
 # 1. Copy your logo
 cp ~/my-logo.png custom/static/images/logo_dark.png
 # 2. Reference in settings
 cat >> custom/local_settings.py <<EOF
 PORTAL_LOGO_DARK_PNG = "/custom/static/images/logo_dark.png"
 EOF
 # 3. Restart (no rebuild needed!)
 docker compose restart web
 ```
 ### Add Custom CSS
 ```bash
 # 1. Create CSS file
 cat > custom/static/css/custom.css <<EOF
 body {
    font-family: 'Arial', sans-serif;
 }
 EOF
 # 2. Reference in settings
 cat >> custom/local_settings.py <<EOF
 EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
 EOF
 # 3. Restart (no rebuild needed!)
 docker compose restart web
 ```
 **Note**: Both settings AND static files only need restart - nginx serves custom/ files directly!
 ---
 ## HTTPS with Let's Encrypt
 ### 1. Download cert overlay
 ```bash
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose-cert.yaml
 ```
 ### 2. Edit domains
 ```bash
 nano docker-compose-cert.yaml
 ```
 Change these lines:
 ```yaml
 VIRTUAL_HOST: 'media.example.com'        # Your domain
 LETSENCRYPT_HOST: 'media.example.com'    # Your domain
 LETSENCRYPT_EMAIL: 'admin@example.com'   # Your email
 ```
 ### 3. Start with SSL
 ```bash
 docker compose -f docker-compose.yaml -f docker-compose-cert.yaml up -d
 ```
 **SSL certificates are issued automatically!**
 ---
 ## File Structure
 Your deployment directory:
 ```
 mediacms/
 ├── docker-compose.yaml          # Required
 ├── docker-compose-cert.yaml     # Optional (for HTTPS)
 └── custom/                      # Optional (for customizations)
    ├── local_settings.py        # Django settings
    └── static/
        ├── images/              # Custom logos
        └── css/                 # Custom CSS
 ```
 **Named volumes** (managed by Docker):
 - `mediacms_postgres_data` - Database
 - `mediacms_media_files` - Uploaded media
 - `mediacms_static_files` - Static assets
 - `mediacms_logs` - Application logs
 ---
 ## Common Commands
 ### View logs
 ```bash
 docker compose logs -f web
 docker compose logs -f celery_long
 ```
 ### Access Django shell
 ```bash
 docker compose exec web python manage.py shell
 ```
 ### Create admin user
 ```bash
 docker compose exec web python manage.py createsuperuser
 ```
 ### Restart service
 ```bash
 docker compose restart web
 ```
 ### Stop everything
 ```bash
 docker compose down
 ```
 ### Update to newer version
 ```bash
 docker compose pull
 docker compose up -d
 ```
 ---
 ## Backup
 ### Database backup
 ```bash
 docker compose exec db pg_dump -U mediacms mediacms > backup_$(date +%Y%m%d).sql
 ```
 ### Media files backup
 ```bash
 docker run --rm \
  -v mediacms_media_files:/data:ro \
  -v $(pwd):/backup \
  alpine tar czf /backup/media_backup_$(date +%Y%m%d).tar.gz -C /data .
 ```
 ---
 ## Upgrading from 7.x?
 If you're upgrading from an older MediaCMS version, see:
 - **[UPGRADE_TO_7.3.md](./UPGRADE_TO_7.3.md)** - Complete migration guide
 - **[DOCKER_RESTRUCTURE_SUMMARY.md](./DOCKER_RESTRUCTURE_SUMMARY.md)** - What changed
 ---
 ## Documentation
 - **Customization**: Download [`custom/README.md`](https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/custom/README.md)
 - **Upgrade Guide**: [UPGRADE_TO_7.3.md](./UPGRADE_TO_7.3.md)
 - **Architecture**: [DOCKER_RESTRUCTURE_SUMMARY.md](./DOCKER_RESTRUCTURE_SUMMARY.md)
 - **Project Docs**: https://docs.mediacms.io
 ---
 ## Troubleshooting
 ### Can't access the site?
 Check services are running:
 ```bash
 docker compose ps
 ```
 All services should be "Up" or "Exited (0)" for migrations.
 ### Forgot admin password?
 Check logs:
 ```bash
 docker compose logs migrations | grep "password:"
 ```
 Or create new admin:
 ```bash
 docker compose exec web python manage.py createsuperuser
 ```
 ### Videos not encoding?
 Check celery workers:
 ```bash
 docker compose logs celery_long
 docker compose logs celery_short
 ```
 ### Port 80 already in use?
 Edit docker-compose.yaml to use different port:
 ```yaml
 nginx:
  ports:
    - "8080:80"  # Use port 8080 instead
 ```
 Then access at http://localhost:8080
 ---
 ## Support
 - **Issues**: https://github.com/mediacms-io/mediacms/issues
 - **Discussions**: https://github.com/mediacms-io/mediacms/discussions
 - **Docs**: https://docs.mediacms.io
 ---
 **🎉 Enjoy MediaCMS!**
--- a/UPGRADE_TO_7.3.md
+++ b/UPGRADE_TO_7.3.md
@@ -0,0 +1,477 @@
 # Upgrade Guide: MediaCMS 7.x to 7.3
 **IMPORTANT: This is a major architectural change. Read this entire guide before upgrading.**
 ---
 ## 🎯 Fresh Install (Not Upgrading)?
 If you're starting fresh with 7.3, you don't need this guide!
 **All you need:**
 ```bash
 # 1. Download docker-compose.yaml
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 # 2. Start (creates everything automatically)
 docker compose up -d
 # 3. Done! Visit http://localhost
 ```
 **Optional: Add customizations**
 ```bash
 # Create custom/ directory
 mkdir -p custom/static/{images,css}
 # Download example settings
 wget -O custom/local_settings.py.example \
  https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/custom/local_settings.py.example
 # Edit and use
 cp custom/local_settings.py.example custom/local_settings.py
 nano custom/local_settings.py
 # Restart
 docker compose restart web
 ```
 See [`custom/README.md`](https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/custom/README.md) for customization options.
 ---
 ## ⚠️ Upgrading from 7.x? Continue reading...
 ## What Changed in 7.3
 ### Architecture Changes
 - **Before**: Monolithic container (supervisor + nginx + uwsgi + celery in one)
 - **After**: Microservices (separate nginx, web, celery_beat, celery_short, celery_long containers)
 ### Volume Strategy Changes
 - **Before**: Entire project directory mounted (`./:/home/mediacms.io/mediacms/`)
 - **After**: Named volumes for data, bind mount only for `custom/` directory
 ### Specific Changes
 | Component | Before (7.x) | After (7.3) |
 |-----------|-------------|-------------|
 | media_files | Bind mount `./media_files` | Named volume `media_files` |
 | static files | Bind mount `./static` | Named volume `static_files` (built into image) |
 | logs | Bind mount `./logs` | Named volume `logs` |
 | postgres_data | `../postgres_data` | Named volume `postgres_data` |
 | Custom config | `cms/local_settings.py` in mounted dir | `custom/local_settings.py` bind mount |
 | Static collection | Runtime (via entrypoint) | Build time (in Dockerfile) |
 | User | Root with gosu switch | www-data from start |
 ## What You Need for 7.3
 **Minimal deployment - NO CODE REQUIRED:**
 1. ✅ `docker-compose.yaml` (download from release or docs)
 2. ✅ Docker images (pulled from Docker Hub)
 3. ⚠️ `custom/` directory (only if you have customizations)
 **That's it!** No git repo, no code checkout needed.
 ## Pre-Upgrade Checklist
 ### 1. Backup Everything
 ```bash
 # Stop services
 docker compose down
 # Backup media files
 tar -czf backup_media_$(date +%Y%m%d).tar.gz media_files/
 # Backup database
 docker compose up -d db
 docker compose exec db pg_dump -U mediacms mediacms > backup_db_$(date +%Y%m%d).sql
 docker compose down
 # Backup logs (optional)
 tar -czf backup_logs_$(date +%Y%m%d).tar.gz logs/
 # Backup local settings if you had them
 cp cms/local_settings.py backup_local_settings.py 2>/dev/null || echo "No local_settings.py found"
 # Backup current docker-compose.yaml
 cp docker-compose.yaml docker-compose.yaml.old
 ```
 ### 2. Document Current Setup
 ```bash
 # Save current docker-compose version
 git branch backup-pre-7.3-upgrade
 # Document current state
 docker compose ps > pre_upgrade_state.txt
 docker compose config > pre_upgrade_config.yaml
 df -h > pre_upgrade_disk_usage.txt
 ```
 ### 3. Check Disk Space
 You'll need enough space for:
 - Existing data (media_files, postgres_data)
 - New Docker volumes (will copy data here)
 - Database dump
 ```bash
 du -sh media_files/ postgres_data/ logs/
 df -h .
 ```
 ## Upgrade Methods
 ### Method 1: Clean Migration (Recommended)
 This method migrates your data to the new volume structure.
 #### Step 1: Get New docker-compose.yaml
 **Option A: Download from release**
 ```bash
 # Download docker-compose.yaml for 7.3
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 # Or using curl
 curl -O https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose.yaml
 # Optional: Download HTTPS version
 wget https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/docker-compose-cert.yaml
 ```
 **Option B: Copy from docs/release notes**
 - Copy the docker-compose.yaml content from release notes
 - Save as `docker-compose.yaml` in your deployment directory
 #### Step 2: Prepare Custom Configuration (if needed)
 ```bash
 # Create custom directory structure (only if you need customizations)
 mkdir -p custom/static/{images,css}
 touch custom/static/{images,css}/.gitkeep
 # If you had local_settings.py, create it in custom/
 if [ -f backup_local_settings.py ]; then
    # Copy your old settings
    cp backup_local_settings.py custom/local_settings.py
    echo "✓ Migrated local_settings.py"
 else
    # Download example template (optional)
    wget -O custom/local_settings.py.example \
      https://raw.githubusercontent.com/mediacms-io/mediacms/v7.3/custom/local_settings.py.example
    echo "Downloaded example template to custom/local_settings.py.example"
 fi
 # Copy any custom logos/css you had
 # (adjust paths as needed for your old setup)
 # cp my-old-logo.png custom/static/images/logo_dark.png
 # cp my-custom.css custom/static/css/custom.css
 ```
 #### Step 3: Start New Stack (Without Data)
 ```bash
 # Pull new images
 docker compose pull
 # Start database first
 docker compose up -d db redis
 # Wait for DB to be ready
 sleep 10
 ```
 #### Step 4: Restore Database
 ```bash
 # Copy backup into container
 docker compose cp backup_db_*.sql db:/tmp/backup.sql
 # Restore database
 docker compose exec db psql -U mediacms mediacms < /tmp/backup.sql
 # Or from host:
 cat backup_db_*.sql | docker compose exec -T db psql -U mediacms mediacms
 ```
 #### Step 5: Restore Media Files
 ```bash
 # Start all services (will create volumes)
 docker compose up -d
 # Find the volume name
 docker volume ls | grep media_files
 # Copy media files to volume
 # Method A: Using a temporary container
 docker run --rm \
  -v $(pwd)/media_files:/source:ro \
  -v mediacms_media_files:/dest \
  alpine sh -c "cp -av /source/* /dest/"
 # Method B: Using existing container
 docker compose exec web sh -c "exit"  # Ensure web is running
 # Then copy from host
 tar -C media_files -cf - . | docker compose exec -T web tar -C /home/mediacms.io/mediacms/media_files -xf -
 ```
 #### Step 6: Verify and Test
 ```bash
 # Check logs
 docker compose logs -f web
 # Verify media files are accessible
 docker compose exec web ls -la /home/mediacms.io/mediacms/media_files/
 # Check database connection
 docker compose exec web python manage.py dbshell
 # Access the site
 curl http://localhost
 # Check admin panel
 # Visit http://localhost/admin
 ```
 ### Method 2: In-Place Migration with Symlinks (Advanced)
 **Warning**: This is more complex but avoids data copying.
 #### Step 1: Keep Old Data Locations
 ```bash
 # Modify docker-compose.yaml to mount old locations temporarily
 # Add to appropriate services:
 volumes:
  - ./media_files:/home/mediacms.io/mediacms/media_files
  - ./logs:/home/mediacms.io/mediacms/logs
  # Instead of named volumes
 ```
 #### Step 2: Gradually Migrate
 After confirming everything works:
 1. Copy data to named volumes
 2. Remove bind mounts
 3. Switch to named volumes
 ### Method 3: Fresh Install (If Possible)
 If your MediaCMS instance is new or test:
 ```bash
 # Backup what you need
 # ...
 # Clean slate
 docker compose down -v
 rm -rf media_files/ logs/ static/
 # Fresh start
 docker compose up -d
 ```
 ## Post-Upgrade Steps
 ### 1. Verify Everything Works
 ```bash
 # Check all services are running
 docker compose ps
 # Should see: migrations (exited 0), web, nginx, celery_beat, celery_short, celery_long, db, redis
 # Check logs for errors
 docker compose logs web
 docker compose logs nginx
 # Test upload functionality
 # Test video encoding (check celery_long logs)
 # Test frontend
 ```
 ### 2. Verify Media Files
 ```bash
 # Check media files are accessible
 docker compose exec web ls -lh /home/mediacms.io/mediacms/media_files/
 # Check file counts match
 # Old: ls media_files/ | wc -l
 # New: docker compose exec web sh -c "ls /home/mediacms.io/mediacms/media_files/ | wc -l"
 ```
 ### 3. Verify Database
 ```bash
 # Check users
 docker compose exec db psql -U mediacms mediacms -c "SELECT count(*) FROM users_user;"
 # Check videos
 docker compose exec db psql -U mediacms mediacms -c "SELECT count(*) FROM files_media;"
 ```
 ### 4. Update Backups
 ```bash
 # Update your backup scripts for new volume locations
 # Use: make backup-db (if Makefile target exists)
 # Or: docker compose exec db pg_dump ...
 ```
 ## Rollback Procedure
 If something goes wrong:
 ### Quick Rollback
 ```bash
 # Stop new version
 docker compose down
 # Restore old docker-compose file
 mv docker-compose.yaml.old docker-compose.yaml
 # Pull old images (if you had old image tags documented)
 docker compose pull
 # Start old version
 docker compose up -d
 ```
 ### Full Rollback with Data Restore
 ```bash
 # Stop everything
 docker compose down -v
 # Restore old docker-compose
 mv docker-compose.yaml.old docker-compose.yaml
 # Restore backups
 tar -xzf backup_media_*.tar.gz -C ./media_files
 cat backup_db_*.sql | docker compose exec -T db psql -U mediacms mediacms
 # Start old version
 docker compose up -d
 ```
 ## Common Issues & Solutions
 ### Issue: "Volume not found"
 **Solution**: Volumes are created with project name prefix. Check:
 ```bash
 docker volume ls
 # Look for: mediacms_media_files, mediacms_static_files, etc.
 ```
 ### Issue: "Permission denied" on media files
 **Solution**: Files must be owned by www-data (UID 33)
 ```bash
 docker compose exec web chown -R www-data:www-data /home/mediacms.io/mediacms/media_files
 ```
 ### Issue: Static files not loading
 **Solution**: Rebuild image (collectstatic runs at build time)
 ```bash
 docker compose down
 docker compose build --no-cache web
 docker compose up -d
 ```
 ### Issue: Database connection refused
 **Solution**: Check database is healthy
 ```bash
 docker compose logs db
 docker compose exec db pg_isready -U mediacms
 ```
 ### Issue: Custom settings not loading
 **Solution**: Check custom/local_settings.py exists and syntax
 ```bash
 docker compose exec web cat /home/mediacms.io/mediacms/custom/local_settings.py
 docker compose exec web python -m py_compile /home/mediacms.io/mediacms/custom/local_settings.py
 ```
 ## Performance Considerations
 ### New Volume Performance
 Named volumes are typically faster than bind mounts:
 - **Before**: Filesystem overhead on host
 - **After**: Direct container filesystem (better I/O)
 ### Monitoring Volume Usage
 ```bash
 # Check volume sizes
 docker system df -v
 # Check specific volume
 docker volume inspect mediacms_media_files
 ```
 ## New Backup Strategy
 With named volumes, backups change:
 ```bash
 # Database backup
 docker compose exec db pg_dump -U mediacms mediacms > backup.sql
 # Media files backup
 docker run --rm \
  -v mediacms_media_files:/data:ro \
  -v $(pwd):/backup \
  alpine tar czf /backup/media_backup_$(date +%Y%m%d).tar.gz -C /data .
 ```
 Or use the Makefile:
 ```bash
 make backup-db
 ```
 ## Getting Help
 If you encounter issues:
 1. **Check logs**: `docker compose logs <service>`
 2. **Check GitHub Issues**: Search for similar problems
 3. **Rollback**: Use the rollback procedure above
 4. **Report**: Open an issue with:
   - Your docker-compose.yaml
   - Output of `docker compose ps`
   - Relevant logs
   - Steps to reproduce
 ## Summary of Benefits
 After upgrading to 7.3:
 ✅ **Better separation of concerns** - each service has one job
 ✅ **Easier scaling** - scale web/workers independently
 ✅ **Better security** - containers run as www-data, not root
 ✅ **Faster deployments** - static files built into image
 ✅ **Cleaner customization** - dedicated custom/ directory
 ✅ **Easier SSL setup** - docker-compose-cert.yaml overlay
 ✅ **Better volume management** - named volumes instead of bind mounts
 ## Timeline Recommendation
 - **Small instance** (<100 videos): 30-60 minutes
 - **Medium instance** (100-1000 videos): 1-3 hours
 - **Large instance** (>1000 videos): Plan for several hours
 Schedule during low-traffic period!
--- a/cms/settings.py
+++ b/cms/settings.py
@@ -112,18 +112,22 @@ SITE_ID = 1
 # set new paths for svg or png if you want to override
 # svg has priority over png, so if you want to use
 # custom pngs and not svgs, remove the lines with svgs
-# or set as empty strings
+# Logo paths (served from /static/)
 # Default logos are built into the image
 # To customize: place files in custom/static/images/ and reference as /custom/static/images/file.png
 # or set as empty strings to disable
 # example:
 # PORTAL_LOGO_DARK_PNG = "/custom/static/images/my-logo.png"
 # PORTAL_LOGO_DARK_SVG = ""
 # PORTAL_LOGO_LIGHT_SVG = ""
 # place the files on static/images folder
 PORTAL_LOGO_DARK_SVG = "/static/images/logo_dark.svg"
 PORTAL_LOGO_DARK_PNG = "/static/images/logo_dark.png"
 PORTAL_LOGO_LIGHT_SVG = "/static/images/logo_light.svg"
 PORTAL_LOGO_LIGHT_PNG = "/static/images/logo_dark.png"
-# paths to extra css files to be included, eg "/static/css/custom.css"
+# Extra CSS files to include in templates
-# place css inside static/css folder
+# To add custom CSS: place files in custom/static/css/ and add paths here
 # Use /custom/static/ prefix for files in custom/ directory
 # Example: EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
 EXTRA_CSS_PATHS = []
 # protection agains anonymous users
 # per ip address limit, for actions as like/dislike/report
@@ -179,6 +183,10 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 STATIC_URL = "/static/"  # where js/css files are stored on the filesystem
 MEDIA_URL = "/media/"  # URL where static files are served from the server
 STATIC_ROOT = BASE_DIR + "/static/"
 # Additional locations for static files
 # Note: custom/static is NOT included here because it's served directly by nginx
 # at /custom/static/ and doesn't need collectstatic
 STATICFILES_DIRS = []
 # where uploaded + encoded media are stored
 MEDIA_ROOT = BASE_DIR + "/media_files/"
@@ -253,7 +261,7 @@ POST_UPLOAD_AUTHOR_MESSAGE_UNLISTED_NO_COMMENTARY = ""
 CANNOT_ADD_MEDIA_MESSAGE = "User cannot add media, or maximum number of media uploads has been reached."
 # mp4hls command, part of Bento4
-MP4HLS_COMMAND = "/home/mediacms.io/mediacms/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/bin/mp4hls"
+MP4HLS_COMMAND = "/home/mediacms.io/bento4/bin/mp4hls"
 # highly experimental, related with remote workers
 ADMIN_TOKEN = ""
@@ -370,41 +378,30 @@ FILE_UPLOAD_HANDLERS = [
    "django.core.files.uploadhandler.TemporaryFileUploadHandler",
 ]
 LOGS_DIR = os.path.join(BASE_DIR, "logs")
 error_filename = os.path.join(LOGS_DIR, "debug.log")
 if not os.path.exists(LOGS_DIR):
    try:
        os.mkdir(LOGS_DIR)
    except PermissionError:
        pass
 if not os.path.isfile(error_filename):
    open(error_filename, 'a').close()
 LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "formatters": {
        "verbose": {
            "format": "%(levelname)s %(asctime)s %(module)s "
            "%(process)d %(thread)d %(message)s"
        }
    },
    "handlers": {
-        "file": {
+        "console": {
-            "level": "ERROR",
+            "level": "DEBUG",
-            "class": "logging.FileHandler",
+            "class": "logging.StreamHandler",
-            "filename": error_filename,
+            "formatter": "verbose",
-        },
+        }
    },
    "loggers": {
        "django": {
            "handlers": ["file"],
            "level": "ERROR",
            "propagate": True,
        },
    },
    "root": {"level": "INFO", "handlers": ["console"]},
 }
-DATABASES = {"default": {"ENGINE": "django.db.backends.postgresql", "NAME": "mediacms", "HOST": "127.0.0.1", "PORT": "5432", "USER": "mediacms", "PASSWORD": "mediacms", "OPTIONS": {'pool': True}}}
+DATABASES = {"default": {"ENGINE": "django.db.backends.postgresql", "NAME": "mediacms", "HOST": "db", "PORT": "5432", "USER": "mediacms", "PASSWORD": "mediacms", "OPTIONS": {'pool': True}}}
-REDIS_LOCATION = "redis://127.0.0.1:6379/1"
+REDIS_LOCATION = "redis://redis:6379/1"
 CACHES = {
    "default": {
        "BACKEND": "django_redis.cache.RedisCache",
@@ -600,13 +597,15 @@ WHISPER_MODEL = "base"
 SIDEBAR_FOOTER_TEXT = ""
 try:
-    # keep a local_settings.py file for local overrides
+    # Load custom settings from custom/local_settings.py
-    from .local_settings import *  # noqa
+    import sys
    sys.path.insert(0, BASE_DIR)
    from custom.local_settings import *  # noqa
    # ALLOWED_HOSTS needs a url/ip
    ALLOWED_HOSTS.append(FRONTEND_HOST.replace("http://", "").replace("https://", ""))
 except ImportError:
-    # local_settings not in use
+    # custom/local_settings.py not in use or empty
    pass
 # Don't add new settings below that could be overridden in local_settings.py!!!
--- a/config/imagemagick/policy.xml
+++ b/config/imagemagick/policy.xml
--- a/deploy/docker/reverse_proxy/client_max_body_size.conf
+++ b/deploy/docker/reverse_proxy/client_max_body_size.conf
--- a/deploy/docker/nginx.conf
+++ b/deploy/docker/nginx.conf
@@ -1,4 +1,4 @@
-user www-data;
+user nginx;
 worker_processes auto;
 pid /run/nginx.pid;
@@ -23,8 +23,8 @@ http {
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
-    access_log /var/log/nginx/access.log;
+    access_log /var/log/mediacms/nginx-main.access.log;
-    error_log /var/log/nginx/error.log;
+    error_log /var/log/mediacms/nginx-main.error.log;
    gzip on;
    gzip_disable "msie6";
--- a/deploy/docker/nginx_http_only.conf
+++ b/deploy/docker/nginx_http_only.conf
@@ -2,20 +2,24 @@ server {
    listen 80 ;
    gzip on;
-    access_log /var/log/nginx/mediacms.io.access.log;
+    access_log /var/log/mediacms/nginx.access.log;
-    error_log  /var/log/nginx/mediacms.io.error.log  warn;
+    error_log  /var/log/mediacms/nginx.error.log  warn;
    location /static {
-        alias /home/mediacms.io/mediacms/static ;
+        alias /var/www/static ;
    }
    location /custom/static {
        alias /var/www/custom ;
    }
    location /media/original {
-        alias /home/mediacms.io/mediacms/media_files/original;
+        alias /var/www/media/original;
    }
    location /media {
-        alias /home/mediacms.io/mediacms/media_files ;
+        alias /var/www/media ;
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
@@ -28,7 +32,7 @@ server {
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
-        include /etc/nginx/sites-enabled/uwsgi_params;
+        include /etc/nginx/uwsgi_params;
-        uwsgi_pass 127.0.0.1:9000;
+        uwsgi_pass web:9000;
    }
 }
--- a/deploy/docker/uwsgi_params
+++ b/deploy/docker/uwsgi_params
--- a/deploy/docker/uwsgi.ini
+++ b/deploy/docker/uwsgi.ini
@@ -12,7 +12,7 @@ threads = 2
 master = true
-socket = 127.0.0.1:9000
+socket = 0.0.0.0:9000
 workers = 2
--- a/custom/.gitkeep
+++ b/custom/.gitkeep
--- a/custom/README.md
+++ b/custom/README.md
@@ -0,0 +1,238 @@
 # Custom Configuration
 This directory allows you to customize MediaCMS without modifying the codebase or rebuilding images.
 ## How It Works - Production Ready!
 **The Flow:**
 ```
 1. CI/CD builds base image:       docker build (no custom files)
                                  ↓
                                  Pushes to Docker Hub
 2. Production pulls image:        docker compose pull
                                  ↓
                                  Mounts custom/ directory
 3. You add files:                 custom/static/css/custom.css
                                  custom/static/images/logo.png
                                  ↓
                                  Nginx serves directly!
 4. You reference in settings:     EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
                                  PORTAL_LOGO_DARK_PNG = "/custom/static/images/logo.png"
                                  ↓
                                  Restart containers
 5. Done! No rebuild needed!
 ```
 **Key Points:**
 - ✅ Files go in `custom/static/` on your host
 - ✅ Nginx serves them directly from `/custom/static/` URL
 - ✅ **NO rebuild needed** - just restart containers!
 - ✅ Works with pre-built images from Docker Hub
 - ✅ Perfect for production deployments
 ## Quick Start
 ### Option 1: No Customization (Default)
 Just run docker compose - everything works out of the box:
 ```bash
 docker compose up -d
 ```
 ### Option 2: With Customization
 Add your custom files, then restart:
 ```bash
 # 1. Copy example settings
 cp custom/local_settings.py.example custom/local_settings.py
 # 2. Edit settings
 nano custom/local_settings.py
 # 3. Restart containers (no rebuild!)
 docker compose restart web celery_beat celery_short celery_long
 ```
 ## Customization Options
 ### 1. Django Settings (`local_settings.py`)
 **Create the file:**
 ```bash
 cp custom/local_settings.py.example custom/local_settings.py
 ```
 **Edit with your settings:**
 ```python
 # custom/local_settings.py
 DEBUG = False
 ALLOWED_HOSTS = ['example.com']
 PORTAL_NAME = "My Media Site"
 ```
 **Apply changes (restart only - no rebuild):**
 ```bash
 docker compose restart web celery_beat celery_short celery_long
 ```
 ### 2. Custom Logo
 **Add your logo:**
 ```bash
 cp ~/my-logo.png custom/static/images/logo_dark.png
 ```
 **Reference it in settings:**
 ```bash
 cat >> custom/local_settings.py <<EOF
 PORTAL_LOGO_DARK_PNG = "/custom/static/images/logo_dark.png"
 EOF
 ```
 **Restart (no rebuild needed!):**
 ```bash
 docker compose restart web
 ```
 ### 3. Custom CSS
 **Create CSS file:**
 ```bash
 cat > custom/static/css/custom.css <<EOF
 body {
    font-family: 'Arial', sans-serif;
 }
 .header {
    background-color: #333;
 }
 EOF
 ```
 **Reference it in settings:**
 ```bash
 cat >> custom/local_settings.py <<EOF
 EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
 EOF
 ```
 **Restart (no rebuild needed!):**
 ```bash
 docker compose restart web
 ```
 ## Directory Structure
 ```
 custom/
 ├── README.md                    # This file
 ├── local_settings.py.example    # Template (copy to local_settings.py)
 ├── local_settings.py            # Your settings (gitignored)
 └── static/
    ├── images/                  # Custom logos (gitignored)
    │   └── logo_dark.png
    └── css/                     # Custom CSS (gitignored)
        └── custom.css
 ```
 ## Important Notes
 ✅ **No rebuild needed** - nginx serves custom/ files directly
 ✅ **Works with pre-built images** - perfect for production
 ✅ **Files are gitignored** - your customizations won't be committed
 ✅ **Settings need restart only** - just restart containers
 ✅ **Static files also just restart** - served directly by nginx
 ## Complete Example
 ```bash
 # 1. Create settings file
 cp custom/local_settings.py.example custom/local_settings.py
 # 2. Add custom logo
 cp ~/logo.png custom/static/images/logo_dark.png
 # 3. Add custom CSS
 echo "body { background: #f5f5f5; }" > custom/static/css/custom.css
 # 4. Configure settings to use them
 cat >> custom/local_settings.py <<EOF
 # Custom branding
 PORTAL_NAME = "My Media Portal"
 PORTAL_LOGO_DARK_PNG = "/custom/static/images/logo_dark.png"
 EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
 # Security
 DEBUG = False
 ALLOWED_HOSTS = ['media.example.com']
 EOF
 # 5. Apply changes (just restart!)
 docker compose restart web
 # Done! No rebuild needed.
 ```
 ## URL Paths Explained
 | Your file | nginx serves at | You reference as |
 |-----------|----------------|------------------|
 | `custom/static/css/custom.css` | `http://localhost/custom/static/css/custom.css` | `"/custom/static/css/custom.css"` |
 | `custom/static/images/logo.png` | `http://localhost/custom/static/images/logo.png` | `"/custom/static/images/logo.png"` |
 **Why `/custom/static/`?**
 - Distinguishes from core `/static/` (built into image)
 - Allows nginx to serve from different mount point
 - No rebuild needed when files change
 ## Troubleshooting
 **Changes not appearing?**
 - Restart containers: `docker compose restart web nginx`
 - Check nginx has custom/ mounted: `docker compose exec nginx ls /var/www/custom`
 - Check file exists: `docker compose exec nginx ls /var/www/custom/css/`
 - Test URL: `curl http://localhost/custom/static/css/custom.css`
 **Import errors?**
 - Make sure `local_settings.py` has valid Python syntax
 - Check logs: `docker compose logs web`
 **Logo not showing?**
 - Verify file is in `custom/static/images/`
 - Check path in `local_settings.py` uses `/custom/static/` prefix
 - Restart web container: `docker compose restart web`
 ## Advanced: Multiple CSS Files
 ```python
 # custom/local_settings.py
 EXTRA_CSS_PATHS = [
    "/custom/static/css/colors.css",
    "/custom/static/css/fonts.css",
    "/custom/static/css/layout.css",
 ]
 ```
 ## Advanced: Environment-Specific Settings
 ```python
 # custom/local_settings.py
 import os
 if os.getenv('ENVIRONMENT') == 'production':
    DEBUG = False
    ALLOWED_HOSTS = ['media.example.com']
 else:
    DEBUG = True
    ALLOWED_HOSTS = ['*']
 ```
 Then set in docker-compose.yaml:
 ```yaml
 web:
  environment:
    ENVIRONMENT: production
 ```
--- a/custom/local_settings.py.example
+++ b/custom/local_settings.py.example
@@ -0,0 +1,57 @@
 # MediaCMS Local Settings Example
 # Copy this file to local_settings.py and customize as needed:
 #   cp custom/local_settings.py.example custom/local_settings.py
 # ===== Basic Settings =====
 # DEBUG = False
 # ALLOWED_HOSTS = ['example.com', 'www.example.com']
 # PORTAL_NAME = "My Media Portal"
 # ===== Database Settings =====
 # DATABASES = {
 #     'default': {
 #         'ENGINE': 'django.db.backends.postgresql',
 #         'NAME': 'mediacms',
 #         'USER': 'mediacms',
 #         'PASSWORD': 'mediacms',
 #         'HOST': 'db',
 #         'PORT': '5432',
 #     }
 # }
 # ===== Custom Branding =====
 # Custom logos (place files in custom/static/images/)
 # Nginx serves these directly from /custom/static/ (no rebuild needed!)
 # PORTAL_LOGO_DARK_SVG = "/custom/static/images/logo_dark.svg"
 # PORTAL_LOGO_DARK_PNG = "/custom/static/images/logo_dark.png"
 # PORTAL_LOGO_LIGHT_SVG = "/custom/static/images/logo_light.svg"
 # PORTAL_LOGO_LIGHT_PNG = "/custom/static/images/logo_light.png"
 # Custom CSS (place files in custom/static/css/)
 # Nginx serves these directly from /custom/static/ (no rebuild needed!)
 # EXTRA_CSS_PATHS = ["/custom/static/css/custom.css"]
 # ===== Email Settings =====
 # EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
 # EMAIL_HOST = 'smtp.gmail.com'
 # EMAIL_PORT = 587
 # EMAIL_USE_TLS = True
 # EMAIL_HOST_USER = 'your-email@example.com'
 # EMAIL_HOST_PASSWORD = 'your-password'
 # DEFAULT_FROM_EMAIL = 'noreply@example.com'
 # ===== Security Settings =====
 # SECRET_KEY = 'your-secret-key-here'
 # SECURE_SSL_REDIRECT = True
 # SESSION_COOKIE_SECURE = True
 # CSRF_COOKIE_SECURE = True
 # ===== Other Settings =====
 # Any other Django setting can be overridden here
 # See cms/settings.py for available settings
--- a/custom/static/.gitkeep
+++ b/custom/static/.gitkeep
--- a/custom/static/css/.gitkeep
+++ b/custom/static/css/.gitkeep
--- a/custom/static/images/.gitkeep
+++ b/custom/static/images/.gitkeep
--- a/deic_setup_notes.md
+++ b/deic_setup_notes.md
@@ -1,7 +1,7 @@
 # MediaCMS: Document Changes for DEIC
 ## Configuration Changes
-The following changes are required in `deploy/docker/local_settings.py`:
+The following changes are required in `config/local_settings.py`:
 ```python
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -1,3 +0,0 @@
 # MediaCMS on Docker
 See: [Details](../../docs/Docker_deployment.md)
--- a/deploy/docker/entrypoint.sh
+++ b/deploy/docker/entrypoint.sh
@@ -1,38 +0,0 @@
 #!/bin/bash
 set -e
 # forward request and error logs to docker log collector
 ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && \
 ln -sf /dev/stdout /var/log/nginx/mediacms.io.access.log && ln -sf /dev/stderr /var/log/nginx/mediacms.io.error.log
 cp /home/mediacms.io/mediacms/deploy/docker/local_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
 mkdir -p /home/mediacms.io/mediacms/{logs,media_files/hls}
 touch /home/mediacms.io/mediacms/logs/debug.log
 mkdir -p /var/run/mediacms
 chown www-data:www-data /var/run/mediacms
 TARGET_GID=$(stat -c "%g" /home/mediacms.io/mediacms/)
 EXISTS=$(cat /etc/group | grep $TARGET_GID | wc -l)
 # Create new group using target GID and add www-data user
 if [ $EXISTS == "0" ]; then
    groupadd -g $TARGET_GID tempgroup
    usermod -a -G tempgroup www-data
 else
    # GID exists, find group name and add
    GROUP=$(getent group $TARGET_GID | cut -d: -f1)
    usermod -a -G $GROUP www-data
 fi
 # We should do this only for folders that have a different owner, since it is an expensive operation
 # Also ignoring .git folder to fix this issue https://github.com/mediacms-io/mediacms/issues/934
 # Exclude package-lock.json files that may not exist or be removed during frontend setup
 find /home/mediacms.io/mediacms ! \( -path "*.git*" -o -name "package-lock.json" \) -exec chown www-data:$TARGET_GID {} + 2>/dev/null || true
 chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh
 exec "$@"
--- a/deploy/docker/local_settings.py
+++ b/deploy/docker/local_settings.py
@@ -1,36 +0,0 @@
 import os
 FRONTEND_HOST = os.getenv('FRONTEND_HOST', 'http://localhost')
 PORTAL_NAME = os.getenv('PORTAL_NAME', 'MediaCMS')
 SECRET_KEY = os.getenv('SECRET_KEY', 'ma!s3^b-cw!f#7s6s0m3*jx77a@riw(7701**(r=ww%w!2+yk2')
 REDIS_LOCATION = os.getenv('REDIS_LOCATION', 'redis://redis:6379/1')
 DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.postgresql",
        "NAME": os.getenv('POSTGRES_NAME', 'mediacms'),
        "HOST": os.getenv('POSTGRES_HOST', 'db'),
        "PORT": os.getenv('POSTGRES_PORT', '5432'),
        "USER": os.getenv('POSTGRES_USER', 'mediacms'),
        "PASSWORD": os.getenv('POSTGRES_PASSWORD', 'mediacms'),
        "OPTIONS": {'pool': True},
    }
 }
 CACHES = {
    "default": {
        "BACKEND": "django_redis.cache.RedisCache",
        "LOCATION": REDIS_LOCATION,
        "OPTIONS": {
            "CLIENT_CLASS": "django_redis.client.DefaultClient",
        },
    }
 }
 # CELERY STUFF
 BROKER_URL = REDIS_LOCATION
 CELERY_RESULT_BACKEND = BROKER_URL
 MP4HLS_COMMAND = "/home/mediacms.io/bento4/bin/mp4hls"
 DEBUG = os.getenv('DEBUG', 'False') == 'True'
--- a/deploy/docker/prestart.sh
+++ b/deploy/docker/prestart.sh
@@ -1,71 +0,0 @@
 #!/bin/bash
 RANDOM_ADMIN_PASS=`python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))"`
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS}
 if [ X"$ENABLE_MIGRATIONS" = X"yes" ]; then
    echo "Running migrations service"
    python manage.py migrate
    EXISTING_INSTALLATION=`echo "from users.models import User; print(User.objects.exists())" |python manage.py shell`
    if [ "$EXISTING_INSTALLATION" = "True" ]; then
        echo "Loaddata has already run"
    else
        echo "Running loaddata and creating admin user"
        python manage.py loaddata fixtures/encoding_profiles.json
        python manage.py loaddata fixtures/categories.json
    	# post_save, needs redis to succeed (ie. migrate depends on redis)
        DJANGO_SUPERUSER_PASSWORD=$ADMIN_PASSWORD python manage.py createsuperuser \
            --no-input \
            --username=$ADMIN_USER \
            --email=$ADMIN_EMAIL \
            --database=default || true
        echo "Created admin user with password: $ADMIN_PASSWORD"
    fi
    echo "RUNNING COLLECTSTATIC"
    python manage.py collectstatic --noinput
    # echo "Updating hostname ..."
    # TODO: Get the FRONTEND_HOST from cms/local_settings.py
    # echo "from django.contrib.sites.models import Site; Site.objects.update(name='$FRONTEND_HOST', domain='$FRONTEND_HOST')" | python manage.py shell
 fi
 # Setting up internal nginx server
 # HTTPS setup is delegated to a reverse proxy running infront of the application
 cp deploy/docker/nginx_http_only.conf /etc/nginx/sites-available/default
 cp deploy/docker/nginx_http_only.conf /etc/nginx/sites-enabled/default
 cp deploy/docker/uwsgi_params /etc/nginx/sites-enabled/uwsgi_params
 cp deploy/docker/nginx.conf /etc/nginx/
 #### Supervisord Configurations #####
 cp deploy/docker/supervisord/supervisord-debian.conf /etc/supervisor/conf.d/supervisord-debian.conf
 if [ X"$ENABLE_UWSGI" = X"yes" ] ; then
    echo "Enabling uwsgi app server"
    cp deploy/docker/supervisord/supervisord-uwsgi.conf /etc/supervisor/conf.d/supervisord-uwsgi.conf
 fi
 if [ X"$ENABLE_NGINX" = X"yes" ] ; then
    echo "Enabling nginx as uwsgi app proxy and media server"
    cp deploy/docker/supervisord/supervisord-nginx.conf /etc/supervisor/conf.d/supervisord-nginx.conf
 fi
 if [ X"$ENABLE_CELERY_BEAT" = X"yes" ] ; then
    echo "Enabling celery-beat scheduling server"
    cp deploy/docker/supervisord/supervisord-celery_beat.conf /etc/supervisor/conf.d/supervisord-celery_beat.conf
 fi
 if [ X"$ENABLE_CELERY_SHORT" = X"yes" ] ; then
    echo "Enabling celery-short task worker"
    cp deploy/docker/supervisord/supervisord-celery_short.conf /etc/supervisor/conf.d/supervisord-celery_short.conf
 fi
 if [ X"$ENABLE_CELERY_LONG" = X"yes" ] ; then
    echo "Enabling celery-long task worker"
    cp deploy/docker/supervisord/supervisord-celery_long.conf /etc/supervisor/conf.d/supervisord-celery_long.conf
    rm /var/run/mediacms/* -f # remove any stale id, so that on forced restarts of celery workers there are no stale processes that prevent new ones
 fi
--- a/deploy/docker/reverse_proxy/certs/localhost.crt
+++ b/deploy/docker/reverse_proxy/certs/localhost.crt
@@ -1,17 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIICwzCCAaugAwIBAgIJAOyvdwguJQd+MA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
 BAMTCWxvY2FsaG9zdDAeFw0yMTAxMjQxMjUwMzFaFw0zMTAxMjIxMjUwMzFaMBQx
 EjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAONswEwBzkgoO+lkewiKUnwvYqC54qleCUg9hidqjoyzd5XWKh1mIF7aaSCG
 rJGSxCce8CbqAqGkpvsgXzwwbY72l7FwmAXFHO5ObQfpmFhjt2fsKRM9MTCo/UyU
 liuhgP+Q+BNzUontTUC40NVHs8R7IHG4z8unB7qB/7zGK2tfilLB8JDqPTkc22vN
 C4P1YxiGyY5bm37wQrroC9zPJ8bqanrF9Y90QJHubibnPWqnZvK2HkDWjp5LYkn8
 IuzBycs1cLd8eMjU9aT72kweykvnGDDc3YbXFzT2zBTGSFEBROsVdPrNF9PaeE3j
 pu4UZ8Ge3Fp3VYd+04DnWtbQq0MCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxo
 b3N0MA0GCSqGSIb3DQEBBQUAA4IBAQAdm2aGn4evosbdWgBHgzr6oYWBIiPpf1SA
 GXizuf5OaMActFP0rZ0mogndLH5d51J2qqSfOtaWSA5qwlPvDSTn1nvJeHoVLfZf
 kQHaB7/DaOPGsZCQBELPhYHwl7+Ej3HYE+siiaRfjC2NVgf8P/pAsTlKbe2e+34l
 GwWSFol24w5xAmUezCF41JiZbqHoZhSh7s/PuJnK2RvhpjkrIot8GvxnbvOcKDIv
 JzEKo3qPq8pc5RBkpP7Kp2+EgAYn1xAn0CekxZracW/MY+tg2mCeFucZW2V1iwVs
 LpAw6GJnjYz5mbrQskPbrJ9t78JGUKQ0kL/VUTfryUHMHYCiJlvd
 -----END CERTIFICATE-----
--- a/deploy/docker/reverse_proxy/certs/localhost.key
+++ b/deploy/docker/reverse_proxy/certs/localhost.key
@@ -1,27 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA42zATAHOSCg76WR7CIpSfC9ioLniqV4JSD2GJ2qOjLN3ldYq
 HWYgXtppIIaskZLEJx7wJuoCoaSm+yBfPDBtjvaXsXCYBcUc7k5tB+mYWGO3Z+wp
 Ez0xMKj9TJSWK6GA/5D4E3NSie1NQLjQ1UezxHsgcbjPy6cHuoH/vMYra1+KUsHw
 kOo9ORzba80Lg/VjGIbJjlubfvBCuugL3M8nxupqesX1j3RAke5uJuc9aqdm8rYe
 QNaOnktiSfwi7MHJyzVwt3x4yNT1pPvaTB7KS+cYMNzdhtcXNPbMFMZIUQFE6xV0
 +s0X09p4TeOm7hRnwZ7cWndVh37TgOda1tCrQwIDAQABAoIBAQCmKKyOW7tlCNBN
 AzbI1JbTWKOMnoM2DxhlCV5cqgOgVPcIKEL428bGxniMZRjr+vkJRBddtxdZFj1R
 uSMbjJ5fF1dZMtQ/UvaCPhZ283p1CdXUPbz863ZnAPCf5Oea1RK0piw5ucYSM6h/
 owgg65Qx92uK6uYW+uAwqg440+ihNvnaZoVTx5CjZbL9KISkrlNJnuYiB5vzOD0i
 UVklO5Qz8VCuOcOVGZCA2SxHm4HAbg/aiQnpaUa9de4TsZ4ygF66pZh77T0wNOos
 sS1riKtHQpX+osJyoTI/rIKFAhycsZ+AA7Qpu6GW4xQlNS6K8vRiIbktwkC+IT0O
 RSn8Dg7BAoGBAPe5R8SpgXx9jKdA1eFa/Vjx5bmB96r2MviIOIWF8rs2K33xe+rj
 v+BZ2ZjdpVjcm2nRMf9r/eDq2ScNFWmKoZsUmdyT84Qq9yLcTSUdno+zCy+L0LNH
 DqJq5jIxJaV7amHeR/w10BVuiDmzhSsTmhfnXTUGRO/h2PjRyC3yEYdxAoGBAOsF
 2+gTsdOGlq6AVzW5MLZkreq8WCU2wWpZRiCPh6HJa8htuynYxO5AWUiNUbYKddj2
 0za9DFiXgH+Oo8wrkTYLEdN0T5/o+ScL5t3VG3m9R6pnuudLC2vmGQP0hNuZUpnF
 7FzdJ85h6taR2bM1zFzOfl81K0BhTHGxTU2r70vzAoGAVXuLJ3LyqtnMKn72DzDN
 0d6PTkdqBoW0qwyerHy/eRjFQ02MXE7BDJMUwmphv1tJCefVX/WNAwsnahFavTPI
 dnJSccpgMtB8vXvV5yPkbmPzTTHrD6JKi4Nl8hYBjqwa1rDUmFSdfHfK7FZlcqrt
 9qexAzYpnbmKnLoPYMNyhxECgYEAm5OCUeuPoL2MS7GLiXWwyFx3QFczZlcLzBGS
 uYUpvLBwF/qDlhz3p9uS/tMFzyK3hktF4Ate+9o2ZroOtd31PzgusbJh7zIylGVt
 i1VB3eGtaiFGeUuVIPTthE++Dvw80KxTXdnMOvNYmHduDBLF2H2c6/tvSSvfhbdf
 u9XgD38CgYAiLcVySxMKNpsXatuC31wjT+rnaH22SD/7pXe2q6MRW/s+bGOspu0v
 NeJSLoM98v8F99q0W0lgqesYJVI20Frru0DfXIp60ryaDolzve3Iwk8SOJUlcnUG
 cCtmPUkjyr18QAlrcCB4PozJGjpPWyabaY8gGwo8wAEpJWHrIJlHew==
 -----END RSA PRIVATE KEY-----
--- a/deploy/docker/start.sh
+++ b/deploy/docker/start.sh
@@ -1,17 +0,0 @@
 #! /usr/bin/env sh
 set -e
 # If there's a prestart.sh script in the /app directory, run it before starting
 PRE_START_PATH=deploy/docker/prestart.sh
 echo "Checking for script in $PRE_START_PATH"
 if [ -f $PRE_START_PATH ] ; then
    echo "Running script $PRE_START_PATH"
    . $PRE_START_PATH
 else
    echo "There is no script $PRE_START_PATH"
 fi
 # Start Supervisor, with Nginx and uWSGI
 echo "Starting server using supervisord..."
 exec /usr/bin/supervisord
--- a/deploy/docker/supervisord/supervisord-celery_beat.conf
+++ b/deploy/docker/supervisord/supervisord-celery_beat.conf
@@ -1,12 +0,0 @@
 [program:celery_beat]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 startsecs=0
 numprocs=1
 user=www-data
 directory=/home/mediacms.io/mediacms
 priority=300
 startinorder=true
 command=/home/mediacms.io/bin/celery beat --pidfile=/var/run/mediacms/beat%%n.pid --loglevel=INFO --logfile=/home/mediacms.io/mediacms/logs/celery_beat.log
--- a/deploy/docker/supervisord/supervisord-celery_long.conf
+++ b/deploy/docker/supervisord/supervisord-celery_long.conf
@@ -1,13 +0,0 @@
 [program:celery_long]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 startsecs=10
 numprocs=1
 user=www-data
 directory=/home/mediacms.io/mediacms
 priority=500
 startinorder=true
 startsecs=0
 command=/home/mediacms.io/bin/celery multi start long1 --pidfile=/var/run/mediacms/%%n.pid --loglevel=INFO --logfile=/home/mediacms.io/mediacms/logs/celery_long.log -Ofair --prefetch-multiplier=1 -Q long_tasks
--- a/deploy/docker/supervisord/supervisord-celery_short.conf
+++ b/deploy/docker/supervisord/supervisord-celery_short.conf
@@ -1,12 +0,0 @@
 [program:celery_short]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 startsecs=0
 numprocs=1
 user=www-data
 directory=/home/mediacms.io/mediacms
 priority=400
 startinorder=true
 command=/home/mediacms.io/bin/celery multi start short1 short2 --pidfile=/var/run/mediacms/%%n.pid --loglevel=INFO --logfile=/home/mediacms.io/mediacms/logs/celery_short.log --soft-time-limit=300 -c10 -Q short_tasks
--- a/deploy/docker/supervisord/supervisord-debian.conf
+++ b/deploy/docker/supervisord/supervisord-debian.conf
@@ -1,2 +0,0 @@
 [supervisord]
 nodaemon=true
--- a/deploy/docker/supervisord/supervisord-nginx.conf
+++ b/deploy/docker/supervisord/supervisord-nginx.conf
@@ -1,11 +0,0 @@
 [program:nginx]
 command=/usr/sbin/nginx -g 'daemon off;'
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 priority=200
 startinorder=true
 startsecs=0
 # Graceful stop, see http://nginx.org/en/docs/control.html
 stopsignal=QUIT
--- a/deploy/docker/supervisord/supervisord-uwsgi.conf
+++ b/deploy/docker/supervisord/supervisord-uwsgi.conf
@@ -1,9 +0,0 @@
 [program:uwsgi]
 command=/home/mediacms.io/bin/uwsgi --ini /home/mediacms.io/mediacms/deploy/docker/uwsgi.ini
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 priority=100
 startinorder=true
 startsecs=0
--- a/docker-compose-cert.yaml
+++ b/docker-compose-cert.yaml
@@ -0,0 +1,62 @@
 version: "3.8"
 # HTTPS/SSL certificate overlay for docker-compose.yaml
 # Uses nginx-proxy with Let's Encrypt via acme-companion
 #
 # Usage:
 #   docker compose -f docker-compose.yaml -f docker-compose-cert.yaml up -d
 #
 # Before running:
 #   1. Change VIRTUAL_HOST to your domain
 #   2. Change LETSENCRYPT_HOST to your domain
 #   3. Change LETSENCRYPT_EMAIL to your email
 services:
  # Reverse proxy with automatic SSL
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./config/nginx-proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
  # Let's Encrypt certificate manager
  acme-companion:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    restart: unless-stopped
    volumes_from:
      - nginx-proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
  # Override nginx to work with nginx-proxy
  nginx:
    expose:
      - "80"
    ports: []  # Remove ports, nginx-proxy handles external access
    environment:
      # CHANGE THESE VALUES:
      VIRTUAL_HOST: 'mediacms.example.com'
      LETSENCRYPT_HOST: 'mediacms.example.com'
      LETSENCRYPT_EMAIL: 'admin@example.com'
 volumes:
  # nginx-proxy volumes
  conf:
  vhost:
  html:
  dhparam:
  certs:
  acme:
--- a/docker-compose-dev.yaml
+++ b/docker-compose-dev.yaml
@@ -1,4 +1,7 @@
-version: "3"
+version: "3.8"
 # Development setup with hot-reload and file mounts
 # This is the ONLY compose file that mounts the source code
 services:
  migrations:
@@ -8,82 +11,126 @@ services:
      target: base
      args:
        - DEVELOPMENT_MODE=True
-    image: mediacms/mediacms-dev:latest
+    image: mediacms/mediacms-dev:7.3
-    volumes:
+    command: ["/bin/bash", "/home/mediacms.io/mediacms/scripts/run-migrations.sh"]
      - ./:/home/mediacms.io/mediacms/
    command: "./deploy/docker/prestart.sh"
    environment:
-      DEVELOPMENT_MODE: True
+      DEVELOPMENT_MODE: 'True'
-      ENABLE_UWSGI: 'no'
+      DEBUG: 'True'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ADMIN_USER: 'admin'
      ADMIN_EMAIL: 'admin@localhost'
      ADMIN_PASSWORD: 'admin'
-    restart: on-failure
+    restart: "no"
    depends_on:
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
  frontend:
    image: node:20
    volumes:
      - ${PWD}/frontend:/home/mediacms.io/mediacms/frontend/
    working_dir: /home/mediacms.io/mediacms/frontend/
    command: bash -c "npm install && npm run start"
    env_file:
      - ${PWD}/frontend/.env
    ports:
      - "8088:8088"
    depends_on:
      - web
  web:
    image: mediacms/mediacms-dev:latest
    command: "python manage.py runserver 0.0.0.0:80"
    environment:
      DEVELOPMENT_MODE: True
    ports:
      - "80:80"
    volumes:
      - ./:/home/mediacms.io/mediacms/
  web:
    image: mediacms/mediacms-dev:7.3
    restart: unless-stopped
    ports:
      - "80:8000"
    command: ["python", "manage.py", "runserver", "0.0.0.0:8000"]
    environment:
      DEVELOPMENT_MODE: 'True'
      DEBUG: 'True'
    depends_on:
-      - migrations
+      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
    volumes:
      - ./:/home/mediacms.io/mediacms/
  frontend:
    image: node:20-alpine
    working_dir: /home/mediacms.io/mediacms/frontend/
    command: sh -c "npm install && npm run start"
    ports:
      - "8088:8088"
    environment:
      - NODE_ENV=development
    env_file:
      - ./frontend/.env
    volumes:
      - ./frontend:/home/mediacms.io/mediacms/frontend/
    depends_on:
      - web
  celery_beat:
    image: mediacms/mediacms-dev:7.3
    restart: unless-stopped
    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "beat", "--loglevel=INFO"]
    environment:
      DEVELOPMENT_MODE: 'True'
      DEBUG: 'True'
    depends_on:
      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
    volumes:
      - ./:/home/mediacms.io/mediacms/
  celery_short:
    image: mediacms/mediacms-dev:7.3
    restart: unless-stopped
    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "short_tasks", "-c", "10", "--soft-time-limit=300", "--loglevel=INFO", "-n", "short@%h"]
    environment:
      DEVELOPMENT_MODE: 'True'
      DEBUG: 'True'
    depends_on:
      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
    volumes:
      - ./:/home/mediacms.io/mediacms/
  celery_long:
    image: mediacms/mediacms-dev:7.3
    restart: unless-stopped
    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "long_tasks", "-c", "1", "-Ofair", "--prefetch-multiplier=1", "--loglevel=INFO", "-n", "long@%h"]
    environment:
      DEVELOPMENT_MODE: 'True'
      DEBUG: 'True'
    depends_on:
      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
    volumes:
      - ./:/home/mediacms.io/mediacms/
  db:
    image: postgres:17.2-alpine
-    volumes:
+    restart: unless-stopped
      - ../postgres_data:/var/lib/postgresql/data/
    restart: always
    environment:
      POSTGRES_USER: mediacms
      POSTGRES_PASSWORD: mediacms
      POSTGRES_DB: mediacms
      TZ: Europe/London
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}", "--host=db", "--dbname=$POSTGRES_DB", "--username=$POSTGRES_USER"]
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
-    image: "redis:alpine"
+    image: redis:alpine
-    restart: always
+    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
-      interval: 30s
+      interval: 10s
-      timeout: 10s
+      timeout: 5s
      retries: 3
-  celery_worker:
+
-    image: mediacms/mediacms-dev:latest
+volumes:
-    deploy:
+  postgres_data:
      replicas: 1
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
      - web
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,86 +1,126 @@
-version: "3"
+version: "3.8"
 services:
  migrations:
-    image: mediacms/mediacms:latest
+    image: mediacms/mediacms:7.3
-    volumes:
+    command: ["/bin/bash", "/home/mediacms.io/mediacms/scripts/run-migrations.sh"]
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_CELERY_BEAT: 'no'
      ADMIN_USER: 'admin'
      ADMIN_EMAIL: 'admin@localhost'
-      # ADMIN_PASSWORD: 'uncomment_and_set_password_here'
+      ADMIN_PASSWORD: # ADMIN_PASSWORD: 'uncomment_and_set_password_here'
-    command: "./deploy/docker/prestart.sh"
+    restart: "no"
    restart: on-failure
    depends_on:
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
    volumes:
      - ./custom:/home/mediacms.io/mediacms/custom:ro
      - static_files:/home/mediacms.io/mediacms/static
      - media_files:/home/mediacms.io/mediacms/media_files
      - logs:/home/mediacms.io/mediacms/logs
  web:
-    image: mediacms/mediacms:latest
+    image: mediacms/mediacms:7.3
-    deploy:
+    restart: unless-stopped
-      replicas: 1
+    expose:
      - "9000"
    depends_on:
      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
      db:
        condition: service_healthy
    volumes:
      - ./custom:/home/mediacms.io/mediacms/custom:ro
      - static_files:/home/mediacms.io/mediacms/static
      - media_files:/home/mediacms.io/mediacms/media_files
      - logs:/home/mediacms.io/mediacms/logs
  nginx:
    image: mediacms/mediacms-nginx:7.3
    restart: unless-stopped
    ports:
      - "80:80"
    volumes:
      - ./:/home/mediacms.io/mediacms/
    environment:
      ENABLE_CELERY_BEAT: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
-      - migrations
+      - web
    volumes:
      - ./custom/static:/var/www/custom:ro
      - static_files:/var/www/static:ro
      - media_files:/var/www/media:ro
      - logs:/var/log/mediacms
  celery_beat:
-    image: mediacms/mediacms:latest
+    image: mediacms/mediacms-worker:7.3
-    volumes:
+    restart: unless-stopped
-      - ./:/home/mediacms.io/mediacms/
+    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "beat", "--loglevel=INFO", "--schedule=/home/mediacms.io/mediacms/logs/celerybeat-schedule"]
    environment:
      ENABLE_UWSGI: 'no'
      ENABLE_NGINX: 'no'
      ENABLE_CELERY_SHORT: 'no'
      ENABLE_CELERY_LONG: 'no'
      ENABLE_MIGRATIONS: 'no'
    depends_on:
-      - redis
+      migrations:
-  celery_worker:
+        condition: service_completed_successfully
-    image: mediacms/mediacms:latest
+      redis:
-    deploy:
+        condition: service_healthy
      replicas: 1
    volumes:
-      - ./:/home/mediacms.io/mediacms/
+      - ./custom:/home/mediacms.io/mediacms/custom:ro
-    environment:
+      - media_files:/home/mediacms.io/mediacms/media_files
-      ENABLE_UWSGI: 'no'
+      - logs:/home/mediacms.io/mediacms/logs
-      ENABLE_NGINX: 'no'
+
-      ENABLE_CELERY_BEAT: 'no'
+  celery_short:
-      ENABLE_MIGRATIONS: 'no'
+    image: mediacms/mediacms-worker:7.3
    restart: unless-stopped
    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "short_tasks", "-c", "10", "--soft-time-limit=300", "--loglevel=INFO", "-n", "short@%h"]
    depends_on:
-      - migrations
+      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
    volumes:
      - ./custom:/home/mediacms.io/mediacms/custom:ro
      - media_files:/home/mediacms.io/mediacms/media_files
      - logs:/home/mediacms.io/mediacms/logs
  celery_long:
    image: mediacms/mediacms-worker:7.3
    # To use extra codecs, change image to: mediacms/mediacms-worker:7.3-full
    restart: unless-stopped
    command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "long_tasks", "-c", "1", "-Ofair", "--prefetch-multiplier=1", "--loglevel=INFO", "-n", "long@%h"]
    depends_on:
      migrations:
        condition: service_completed_successfully
      redis:
        condition: service_healthy
    volumes:
      - ./custom:/home/mediacms.io/mediacms/custom:ro
      - media_files:/home/mediacms.io/mediacms/media_files
      - logs:/home/mediacms.io/mediacms/logs
  db:
    image: postgres:17.2-alpine
-    volumes:
+    restart: unless-stopped
      - ../postgres_data:/var/lib/postgresql/data/
    restart: always
    environment:
      POSTGRES_USER: mediacms
      POSTGRES_PASSWORD: mediacms
      POSTGRES_DB: mediacms
      TZ: Europe/London
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
-    image: "redis:alpine"
+    image: redis:alpine
-    restart: always
+    restart: unless-stopped
    healthcheck:
-      test: ["CMD", "redis-cli","ping"]
+      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
 volumes:
  postgres_data:
  static_files:
  media_files:
  logs:
--- a/docs/DOCKER_V7.3_MIGRATION.md
+++ b/docs/DOCKER_V7.3_MIGRATION.md
@@ -0,0 +1,367 @@
 # MediaCMS 7.3 Docker Architecture Migration Guide
 ## Overview
 MediaCMS 7.3 introduces a modernized Docker architecture that removes supervisord and implements Docker best practices with one process per container.
 ## What Changed
 ### Old Architecture (pre-7.3)
 - Single multi-purpose image with supervisord
 - Environment variables (`ENABLE_UWSGI`, `ENABLE_NGINX`, etc.) to control services
 - All services bundled in `deploy/docker/` folder
 - File mounts required for all deployments
 ### New Architecture (7.3+)
 - **Dedicated images** for each service:
  - `mediacms/mediacms:7.3` - Django/uWSGI application
  - `mediacms/mediacms-worker:7.3` - Celery workers
  - `mediacms/mediacms-worker:7.3-full` - Celery workers with extra codecs
  - `mediacms/mediacms-nginx:7.3` - Nginx web server
 - **No supervisord** - Native Docker process management
 - **Separated services**:
  - `migrations` - Runs database migrations on every startup
  - `nginx` - Serves static/media files and proxies to Django
  - `web` - Django application (uWSGI)
  - `celery_short` - Short-running tasks (thumbnails, etc.)
  - `celery_long` - Long-running tasks (video encoding)
  - `celery_beat` - Task scheduler
 - **No ENABLE_* environment variables**
 - **Config centralized** in `config/` directory
 - **File mounts only for development** (`docker-compose-dev.yaml`)
 ## Directory Structure
 ```
 config/
  ├── nginx/
  │   ├── nginx.conf              # Main nginx config
  │   ├── site.conf               # Virtual host config
  │   └── uwsgi_params            # uWSGI parameters
  ├── nginx-proxy/
  │   └── client_max_body_size.conf  # For production HTTPS proxy
  ├── uwsgi/
  │   └── uwsgi.ini               # uWSGI configuration
  └── imagemagick/
      └── policy.xml              # ImageMagick policy
 scripts/
  ├── entrypoint-web.sh           # Web container entrypoint
  ├── entrypoint-worker.sh        # Worker container entrypoint
  └── run-migrations.sh           # Migration script
 Dockerfile.new                    # Main Dockerfile (base, web, worker, worker-full)
 Dockerfile.nginx                  # Nginx Dockerfile
 docker-compose.yaml               # Production deployment
 docker-compose-cert.yaml          # Production with HTTPS
 docker-compose-dev.yaml           # Development with file mounts
 ```
 ## Migration Steps
 ### For Existing Production Systems
 #### Step 1: Backup your data
 ```bash
 # Backup database
 docker exec mediacms_db_1 pg_dump -U mediacms mediacms > backup.sql
 # Backup media files
 cp -r media_files media_files.backup
 ```
 #### Step 2: Update configuration location
 ```bash
 # The client_max_body_size.conf has moved
 # No action needed if you haven't customized it
 ```
 #### Step 3: Pull latest images
 ```bash
 docker pull mediacms/mediacms:7.3
 docker pull mediacms/mediacms-worker:7.3
 docker pull mediacms/mediacms-nginx:7.3
 ```
 #### Step 4: Update docker-compose file
 If using **docker-compose.yaml**:
 - No changes needed, just use the new version
 If using **docker-compose-cert.yaml** (HTTPS):
 - Update `VIRTUAL_HOST`, `LETSENCRYPT_HOST`, and `LETSENCRYPT_EMAIL` in the nginx service
 - Update the path to client_max_body_size.conf:
  ```yaml
  - ./config/nginx-proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
  ```
 #### Step 5: Restart services
 ```bash
 docker compose down
 docker compose up -d
 ```
 ### For Development Systems
 Development now requires the `-dev` compose file:
 ```bash
 # Old way (no longer works)
 docker compose up
 # New way (development)
 docker compose -f docker-compose-dev.yaml up
 ```
 ## Deployment Options
 ### Standard Deployment (HTTP)
 **File**: `docker-compose.yaml`
 **Command**:
 ```bash
 docker compose up -d
 ```
 **Features**:
 - Self-contained images (no file mounts)
 - Nginx serves on port 80
 - Separate containers for each service
 - Named volumes for persistence
 **Architecture**:
 ```
 Client → nginx:80 → web:9000 (uWSGI)
                 ↓
            static_files (volume)
            media_files (volume)
 ```
 ### Production Deployment (HTTPS with Let's Encrypt)
 **File**: `docker-compose-cert.yaml`
 **Prerequisites**:
 1. Domain name pointing to your server
 2. Ports 80 and 443 open
 **Setup**:
 ```bash
 # 1. Edit docker-compose-cert.yaml
 # Update these values in the nginx service:
 #   VIRTUAL_HOST: 'your-domain.com'
 #   LETSENCRYPT_HOST: 'your-domain.com'
 #   LETSENCRYPT_EMAIL: 'your-email@example.com'
 # 2. Start services
 docker compose -f docker-compose-cert.yaml up -d
 # 3. Check logs
 docker compose -f docker-compose-cert.yaml logs -f nginx-proxy acme-companion
 ```
 **Features**:
 - Automatic HTTPS via Let's Encrypt
 - Certificate auto-renewal
 - Reverse proxy handles SSL termination
 **Architecture**:
 ```
 Client → nginx-proxy:443 (HTTPS) → nginx:80 → web:9000 (uWSGI)
 ```
 ### Development Deployment
 **File**: `docker-compose-dev.yaml`
 **Command**:
 ```bash
 docker compose -f docker-compose-dev.yaml up
 ```
 **Features**:
 - Source code mounted for live editing
 - Django debug mode enabled
 - Django's `runserver` instead of uWSGI
 - Frontend hot-reload on port 8088
 - No nginx (direct Django access on port 80)
 **Ports**:
 - `80` - Django API
 - `8088` - Frontend dev server
 ## Configuration
 ### Environment Variables
 All configuration is done via environment variables or `cms/local_settings.py`.
 **Key Variables**:
 - `FRONTEND_HOST` - Your domain (e.g., `https://mediacms.example.com`)
 - `PORTAL_NAME` - Your portal name
 - `SECRET_KEY` - Django secret key
 - `POSTGRES_*` - Database credentials
 - `REDIS_LOCATION` - Redis connection string
 - `DEBUG` - Enable debug mode (development only)
 **Setting variables**:
 Option 1: In docker-compose file:
 ```yaml
 environment:
  FRONTEND_HOST: 'https://mediacms.example.com'
  PORTAL_NAME: 'My MediaCMS'
 ```
 Option 2: Using .env file (recommended):
 ```bash
 # Create .env file
 cat > .env << EOF
 FRONTEND_HOST=https://mediacms.example.com
 PORTAL_NAME=My MediaCMS
 SECRET_KEY=your-secret-key-here
 EOF
 ```
 ### Customizing Settings
 For advanced customization, you can build a custom image:
 ```dockerfile
 # Dockerfile.custom
 FROM mediacms/mediacms:7.3
 COPY my_local_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
 ```
 ## Celery Workers
 ### Standard Workers
 By default, `celery_long` uses the standard image:
 ```yaml
 celery_long:
  image: mediacms/mediacms-worker:7.3
 ```
 ### Full Workers (Extra Codecs)
 To enable extra codecs for better transcoding (including Whisper for subtitles):
 **Edit docker-compose file**:
 ```yaml
 celery_long:
  image: mediacms/mediacms-worker:7.3-full  # Changed from :7.3
 ```
 **Then restart**:
 ```bash
 docker compose up -d celery_long
 ```
 ### Scaling Workers
 You can scale workers independently:
 ```bash
 # Scale short task workers
 docker compose up -d --scale celery_short=3
 # Scale long task workers
 docker compose up -d --scale celery_long=2
 ```
 ## Troubleshooting
 ### Migrations not running
 ```bash
 # Check migrations container logs
 docker compose logs migrations
 # Manually run migrations
 docker compose run --rm migrations
 ```
 ### Static files not loading
 ```bash
 # Ensure migrations completed (it runs collectstatic)
 docker compose logs migrations
 # Check nginx can access volumes
 docker compose exec nginx ls -la /var/www/static
 ```
 ### Permission issues
 ```bash
 # Check volume ownership
 docker compose exec web ls -la /home/mediacms.io/mediacms/media_files
 # If needed, rebuild images
 docker compose build --no-cache
 ```
 ### Celery workers not processing tasks
 ```bash
 # Check worker logs
 docker compose logs celery_short celery_long
 # Check Redis connection
 docker compose exec redis redis-cli ping
 # Restart workers
 docker compose restart celery_short celery_long celery_beat
 ```
 ## Removed Components
 The following are **no longer used** in 7.3:
 - ❌ `deploy/docker/supervisord/` - Supervisord configs
 - ❌ `deploy/docker/start.sh` - Start script
 - ❌ `deploy/docker/entrypoint.sh` - Old entrypoint
 - ❌ Environment variables: `ENABLE_UWSGI`, `ENABLE_NGINX`, `ENABLE_CELERY_BEAT`, `ENABLE_CELERY_SHORT`, `ENABLE_CELERY_LONG`, `ENABLE_MIGRATIONS`
 **These are still available but moved**:
 - ✅ `config/nginx/` - Nginx configs (moved from `deploy/docker/`)
 - ✅ `config/uwsgi/` - uWSGI config (moved from `deploy/docker/`)
 - ✅ `config/nginx-proxy/` - Reverse proxy config (moved from `deploy/docker/reverse_proxy/`)
 ## Persistent Volumes
 MediaCMS 7.3 uses Docker named volumes for data persistence:
 - **`media_files`** - All uploaded media (videos, images, thumbnails, HLS streams)
  - Mounted on: migrations, web, nginx, celery_beat, celery_short, celery_long
  - Persists across container restarts, updates, and image removals
 - **`logs`** - Application and nginx logs
  - Mounted on: migrations, web, nginx, celery_beat, celery_short, celery_long
  - Nginx logs: `/var/log/mediacms/nginx.access.log`, `/var/log/mediacms/nginx.error.log`
  - Django/Celery logs: `/home/mediacms.io/mediacms/logs/`
  - Persists across container restarts, updates, and image removals
 - **`static_files`** - Django static files (CSS, JS, images)
  - Mounted on: migrations, web, nginx
  - Regenerated during migrations via `collectstatic`
 - **`postgres_data`** - PostgreSQL database
  - Mounted on: db
  - Persists across container restarts, updates, and image removals
 **Important**: Use `docker compose down -v` to remove volumes (⚠️ causes data loss!)
 ## Benefits of New Architecture
 1. **Better resource management** - Scale services independently
 2. **Easier debugging** - Clear separation of concerns
 3. **Faster restarts** - Restart only affected services
 4. **Production-ready** - No file mounts, immutable images
 5. **Standard Docker practices** - One process per container
 6. **Clearer logs** - Each service has isolated logs, persistent storage
 7. **Better health checks** - Per-service monitoring
 8. **Data persistence** - media_files and logs survive all container operations
 ## Support
 For issues or questions:
 - GitHub Issues: https://github.com/mediacms-io/mediacms/issues
 - Documentation: https://docs.mediacms.io
--- a/docs/admins_docs.md
+++ b/docs/admins_docs.md
@@ -164,53 +164,123 @@ Database is stored on ../postgres_data/ and media_files on media_files/
 ## 4. Docker Deployment options
-The mediacms image is built to use supervisord as the main process, which manages one or more services required to run mediacms. We can toggle which services are run in a given container by setting the environment variables below to `yes` or `no`:
+**⚠️ IMPORTANT**: MediaCMS 7.3 introduces a new Docker architecture. If you're upgrading from an earlier version, please see the [Migration Guide](DOCKER_V7.3_MIGRATION.md).
-* ENABLE_UWSGI
+### Architecture Overview
 * ENABLE_NGINX
 * ENABLE_CELERY_BEAT
 * ENABLE_CELERY_SHORT
 * ENABLE_CELERY_LONG
 * ENABLE_MIGRATIONS
-By default, all these services are enabled, but in order to create a scaleable deployment, some of them can be disabled, splitting the service up into smaller services.
+MediaCMS 7.3+ uses a modern microservices architecture with dedicated containers:
-Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings, eg. `FRONTEND_HOST` can also be overridden by updating the `deploy/docker/local_settings.py` file.
+- **nginx** - Web server for static/media files and reverse proxy
 - **web** - Django application (uWSGI)
 - **celery_short** - Short-running background tasks
 - **celery_long** - Long-running tasks (video encoding)
 - **celery_beat** - Task scheduler
 - **migrations** - Database migrations (runs on startup)
 - **db** - PostgreSQL database
 - **redis** - Cache and message broker
-To run, update the configs above if necessary, build the image by running `docker compose build`, then run `docker compose run`
+### Key Changes from Previous Versions
-### Simple Deployment, accessed as http://localhost
+- ✅ **No supervisord** - Native Docker process management
 - ✅ **Dedicated images** per service
 - ✅ **No ENABLE_* environment variables** - Services are separated into individual containers
 - ✅ **Production images** don't mount source code (immutable)
 - ✅ **config/** directory for centralized configuration
 - ✅ **Separate celery workers** for short and long tasks
-The main container runs migrations, mediacms_web, celery_beat, celery_workers (celery_short and celery_long services), exposed on port 80 supported by redis and postgres database.
+### Configuration
- The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://localhost, on the docker host machine.
+Application settings can be overridden using environment variables in your docker-compose file or by building a custom image with a modified `cms/local_settings.py` file.
-### Server with ssl certificate through letsencrypt service, accessed as https://my_domain.com
+Key environment variables:
-Before trying this out make sure the ip points to my_domain.com.
+- `FRONTEND_HOST` - Your domain (e.g., `https://mediacms.example.com`)
 - `PORTAL_NAME` - Portal name
 - `SECRET_KEY` - Django secret key
 - `DEBUG` - Enable debug mode (development only)
 - Database and Redis connection settings
-With this method [this deployment](../docker-compose-letsencrypt.yaml) is used.
+See the [Migration Guide](DOCKER_V7.3_MIGRATION.md) for detailed configuration options
-Edit this file and set `VIRTUAL_HOST` as my_domain.com, `LETSENCRYPT_HOST` as my_domain.com, and your email on `LETSENCRYPT_EMAIL`
+### Simple Deployment (HTTP)
-Edit `deploy/docker/local_settings.py` and set https://my_domain.com as `FRONTEND_HOST`
+Use `docker-compose.yaml` for a standard HTTP deployment on port 80:
-Now run `docker compose -f docker-compose-letsencrypt.yaml up`, when installation finishes you will be able to access https://my_domain.com using a valid Letsencrypt certificate!
+```bash
 docker compose up -d
 ```
-### Advanced Deployment, accessed as http://localhost:8000
+This starts all services (nginx, web, celery workers, database, redis) with the nginx container exposed on port 80. Access at http://localhost or http://your-server-ip.
-Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST.
+**Features:**
 - Production-ready with immutable images
 - Named volumes for data persistence
 - Separate containers for each service
-### Advanced Deployment, with reverse proxy, accessed as http://mediacms.io
+### Production Deployment with HTTPS (Let's Encrypt)
-Here we can use `jwilder/nginx-proxy` to reverse proxy to 1 or more instances of mediacms_web supported by other services as mentioned in the previous deployment. The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://mediacms.io, nginx-proxy has port 80 exposed. Clients can access the service on http://mediacms.io (Assuming DNS or the hosts file is setup correctly to point to the IP of the nginx-proxy instance). This is similar to [this deployment](../docker-compose-http-proxy.yaml).
+Use `docker-compose-cert.yaml` for automatic HTTPS with Let's Encrypt:
-### Advanced Deployment, with reverse proxy, accessed as https://localhost
+**Prerequisites:**
 - Domain name pointing to your server
 - Ports 80 and 443 open
-The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy or [LetsEncrypt Example](https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/) ). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml).
+**Setup:**
 1. Edit `docker-compose-cert.yaml` and update:
   - `VIRTUAL_HOST` - Your domain
   - `LETSENCRYPT_HOST` - Your domain
   - `LETSENCRYPT_EMAIL` - Your email
 2. Run:
 ```bash
 docker compose -f docker-compose-cert.yaml up -d
 ```
 This uses `nginxproxy/nginx-proxy` with `acme-companion` for automatic HTTPS certificate management. Access at https://your-domain.com.
 ### Development Deployment
 Use `docker-compose-dev.yaml` for development with live code reloading:
 ```bash
 docker compose -f docker-compose-dev.yaml up
 ```
 **Features:**
 - Source code mounted for live editing
 - Django debug mode enabled
 - Frontend dev server on port 8088
 - Direct Django access (no nginx) on port 80
 ### Scaling Workers
 Scale celery workers independently based on load:
 ```bash
 # Scale short task workers to 3 instances
 docker compose up -d --scale celery_short=3
 # Scale long task workers to 2 instances
 docker compose up -d --scale celery_long=2
 ```
 ### Using Extra Codecs (Full Image)
 For advanced transcoding features (including Whisper for automatic subtitles), use the full worker image:
 Edit your docker-compose file:
 ```yaml
 celery_long:
  image: mediacms/mediacms-worker:7.3-full  # Changed from :7.3
 ```
 Then restart:
 ```bash
 docker compose up -d celery_long
 ```
 ### A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes)
-The architecture below generalises all the deployment scenarios above, and provides a conceptual design for other deployments based on kubernetes and docker swarm. It allows for horizontal scaleability through the use of multiple mediacms_web instances and celery_workers. For large deployments, managed postgres, redis and storage may be adopted.
+The architecture below provides a conceptual design for deployments based on kubernetes and docker swarm. It allows for horizontal scaleability through the use of multiple web instances and celery workers. For large deployments, managed postgres, redis and storage may be adopted.
 ![MediaCMS](images/architecture.png)
@@ -218,24 +288,36 @@ The architecture below generalises all the deployment scenarios above, and provi
 ## 5. Configuration
 Several options are available on `cms/settings.py`, most of the things that are allowed or should be disallowed are described there.
-It is advisable to override any of them by adding it to `local_settings.py` .
+It is advisable to override any of them by adding it to `local_settings.py`.
-In case of a the single server installation, add to `cms/local_settings.py` .
+**Single server installation:** edit `cms/local_settings.py`, make changes and restart MediaCMS:
 In case of a docker compose installation, add to `deploy/docker/local_settings.py` . This will automatically overwrite `cms/local_settings.py` .
 Any change needs restart of MediaCMS in order to take effect.
 Single server installation: edit `cms/local_settings.py`, make a change and restart MediaCMS
 ```bash
-#systemctl restart mediacms
+systemctl restart mediacms celery_beat celery_short celery_long
 ```
-Docker Compose installation: edit `deploy/docker/local_settings.py`, make a change and restart MediaCMS containers
+**Docker installation:** Configuration can be done in two ways:
 1. **Environment variables** (recommended for simple changes):
   Add to your docker-compose file:
   ```yaml
   environment:
     FRONTEND_HOST: 'https://mediacms.example.com'
     PORTAL_NAME: 'My MediaCMS'
   ```
 2. **Custom image with local_settings.py** (for complex changes):
   - Create a custom Dockerfile:
   ```dockerfile
   FROM mediacms/mediacms:7.3
   COPY my_custom_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
   ```
   - Build and use your custom image
 After changes, restart the affected containers:
 ```bash
-#docker compose restart web celery_worker celery_beat
+docker compose restart web celery_short celery_long celery_beat
 ```
 ### 5.1 Change portal logo
--- a/docs/saml_entraid_setup.md
+++ b/docs/saml_entraid_setup.md
@@ -46,7 +46,7 @@ Before beginning, ensure the following:
 ## Step 1: Configure MediaCMS for SAML
-The first step in enabling SAML authentication is to modify the `local_settings.py` (for Docker: `./deploy/docker/local_settings.py`) file of your MediaCMS deployment. Add the following configuration block to enable SAML support, role-based access control (RBAC), and enforce secure communication settings:
+The first step in enabling SAML authentication is to modify the `local_settings.py` (for Docker: `./config/local_settings.py`) file of your MediaCMS deployment. Add the following configuration block to enable SAML support, role-based access control (RBAC), and enforce secure communication settings:
 ```python
 USE_RBAC = True
@@ -292,7 +292,7 @@ Another issue you might encounter is an **infinite redirect loop**. This can hap
  https://<MyDomainName>/accounts/saml/mediacms_entraid/login/
  ```
-* Add the following line to `./deploy/docker/local_settings.py`:
+* Add the following line to `./config/local_settings.py`:
  ```python
  LOGIN_URL = "/accounts/saml/mediacms_entraid/login/"
--- a/files/urls.py
+++ b/files/urls.py
@@ -110,7 +110,7 @@ urlpatterns = [
    re_path(r"^manage/users$", views.manage_users, name="manage_users"),
    # Media uploads in ADMIN created pages
    re_path(r"^tinymce/upload/", tinymce_handlers.upload_image, name="tinymce_upload_image"),
-    re_path("^(?P<slug>[\w.-]*)$", views.get_page, name="get_page"),  # noqa: W605
+    re_path(r"^(?P<slug>[\w.-]*)$", views.get_page, name="get_page"),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
--- a/frontend-tools/chapters-editor/client/src/hooks/useVideoChapters.tsx
+++ b/frontend-tools/chapters-editor/client/src/hooks/useVideoChapters.tsx
@@ -20,7 +20,7 @@ const useVideoChapters = () => {
        // Sort by start time to find chronological position
        const sortedSegments = allSegments.sort((a, b) => a.startTime - b.startTime);
        // Find the index of our new segment
-        const chapterIndex = sortedSegments.findIndex((seg) => seg.startTime === newSegmentStartTime);
+        const chapterIndex = sortedSegments.findIndex(seg => seg.startTime === newSegmentStartTime);
        return `Chapter ${chapterIndex + 1}`;
    };
@@ -28,18 +28,12 @@ const useVideoChapters = () => {
    const renumberAllSegments = (segments: Segment[]): Segment[] => {
        // Sort segments by start time
        const sortedSegments = [...segments].sort((a, b) => a.startTime - b.startTime);
-
+        
        // Renumber each segment based on its chronological position
-        // Only update titles that follow the default "Chapter X" pattern to preserve custom titles
+        return sortedSegments.map((segment, index) => ({
-        return sortedSegments.map((segment, index) => {
+            ...segment,
-            const currentTitle = segment.chapterTitle || '';
+            chapterTitle: `Chapter ${index + 1}`
-            const isDefaultTitle = /^Chapter \d+$/.test(currentTitle);
+        }));
            return {
                ...segment,
                chapterTitle: isDefaultTitle ? `Chapter ${index + 1}` : currentTitle,
            };
        });
    };
    // Helper function to parse time string (HH:MM:SS.mmm) to seconds
@@ -130,7 +124,9 @@ const useVideoChapters = () => {
                let initialSegments: Segment[] = [];
                // Check if we have existing chapters from the backend
-                const existingChapters = (typeof window !== 'undefined' && (window as any).MEDIA_DATA?.chapters) || [];
+                const existingChapters =
                    (typeof window !== 'undefined' && (window as any).MEDIA_DATA?.chapters) ||
                    [];
                if (existingChapters.length > 0) {
                    // Create segments from existing chapters
@@ -229,7 +225,7 @@ const useVideoChapters = () => {
            logger.debug('Adding Safari-specific event listeners for audio support');
            video.addEventListener('canplay', handleCanPlay);
            video.addEventListener('loadeddata', handleLoadedData);
-
+            
            // Additional timeout fallback for Safari audio files
            const safariTimeout = setTimeout(() => {
                if (video.duration && duration === 0) {
@@ -265,21 +261,21 @@ const useVideoChapters = () => {
    useEffect(() => {
        if (isSafari() && videoRef.current) {
            const video = videoRef.current;
-
+            
            const initializeSafariOnInteraction = () => {
                // Try to load video metadata by attempting to play and immediately pause
                const attemptInitialization = async () => {
                    try {
                        logger.debug('Safari: Attempting auto-initialization on user interaction');
-
+                        
                        // Briefly play to trigger metadata loading, then pause
                        await video.play();
                        video.pause();
-
+                        
                        // Check if we now have duration and initialize if needed
                        if (video.duration > 0 && clipSegments.length === 0) {
                            logger.debug('Safari: Successfully initialized metadata, creating default segment');
-
+                            
                            const defaultSegment: Segment = {
                                id: 1,
                                chapterTitle: '',
@@ -290,14 +286,14 @@ const useVideoChapters = () => {
                            setDuration(video.duration);
                            setTrimEnd(video.duration);
                            setClipSegments([defaultSegment]);
-
+                            
                            const initialState: EditorState = {
                                trimStart: 0,
                                trimEnd: video.duration,
                                splitPoints: [],
                                clipSegments: [defaultSegment],
                            };
-
+                            
                            setHistory([initialState]);
                            setHistoryPosition(0);
                        }
@@ -319,7 +315,7 @@ const useVideoChapters = () => {
            // Add listeners for various user interactions
            document.addEventListener('click', handleUserInteraction);
            document.addEventListener('keydown', handleUserInteraction);
-
+            
            return () => {
                document.removeEventListener('click', handleUserInteraction);
                document.removeEventListener('keydown', handleUserInteraction);
@@ -336,7 +332,7 @@ const useVideoChapters = () => {
                // This play/pause will trigger metadata loading in Safari
                await video.play();
                video.pause();
-
+                
                // The metadata events should fire now and initialize segments
                return true;
            } catch (error) {
@@ -568,11 +564,8 @@ const useVideoChapters = () => {
                    `Updating segments with action: ${actionType}, recordHistory: ${isSignificantChange ? 'true' : 'false'}`
                );
                // Renumber all segments to ensure proper chronological naming
                const renumberedSegments = renumberAllSegments(e.detail.segments);
                // Update segment state immediately for UI feedback
-                setClipSegments(renumberedSegments);
+                setClipSegments(e.detail.segments);
                // Always save state to history for non-intermediate actions
                if (isSignificantChange) {
@@ -580,7 +573,7 @@ const useVideoChapters = () => {
                    // ensure we capture the state properly
                    setTimeout(() => {
                        // Deep clone to ensure state is captured correctly
-                        const segmentsClone = JSON.parse(JSON.stringify(renumberedSegments));
+                        const segmentsClone = JSON.parse(JSON.stringify(e.detail.segments));
                        // Create a complete state snapshot
                        const stateWithAction: EditorState = {
@@ -926,10 +919,10 @@ const useVideoChapters = () => {
                const singleChapter = backendChapters[0];
                const startSeconds = parseTimeToSeconds(singleChapter.startTime);
                const endSeconds = parseTimeToSeconds(singleChapter.endTime);
-
+                
                // Check if this single chapter spans the entire video (within 0.1 second tolerance)
                const isFullVideoChapter = startSeconds <= 0.1 && Math.abs(endSeconds - duration) <= 0.1;
-
+                
                if (isFullVideoChapter) {
                    logger.debug('Manual save: Single chapter spans full video - sending empty array');
                    backendChapters = [];
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -0,0 +1,19 @@
 #!/bin/bash
 set -e
 # Fix permissions on mounted volumes if running as root
 if [ "$(id -u)" = "0" ]; then
    echo "Fixing permissions on data directories..."
    chown -R www-data:www-data /home/mediacms.io/mediacms/logs \
                                /home/mediacms.io/mediacms/media_files \
                                /home/mediacms.io/mediacms/static_files \
                                /var/run/mediacms 2>/dev/null || true
    # If command starts with python or celery, run as www-data
    if [ "${1:0:1}" != '-' ]; then
        exec gosu www-data "$@"
    fi
 fi
 # Execute the command
 exec "$@"
--- a/scripts/run-migrations.sh
+++ b/scripts/run-migrations.sh
@@ -0,0 +1,51 @@
 #!/bin/bash
 set -e
 echo "========================================="
 echo "MediaCMS Migrations Starting..."
 echo "========================================="
 # Ensure virtualenv is activated
 export VIRTUAL_ENV=/home/mediacms.io
 export PATH="$VIRTUAL_ENV/bin:$PATH"
 # Use explicit python path from virtualenv
 PYTHON="$VIRTUAL_ENV/bin/python"
 echo "Using Python: $PYTHON"
 $PYTHON --version
 # Run migrations
 echo "Running database migrations..."
 $PYTHON manage.py migrate
 # Check if this is a new installation
 EXISTING_INSTALLATION=$(echo "from users.models import User; print(User.objects.exists())" | $PYTHON manage.py shell)
 if [ "$EXISTING_INSTALLATION" = "True" ]; then
    echo "Existing installation detected, skipping initial data load"
 else
    echo "New installation detected, loading initial data..."
    # Load fixtures
    $PYTHON manage.py loaddata fixtures/encoding_profiles.json
    $PYTHON manage.py loaddata fixtures/categories.json
    # Create admin user
    RANDOM_ADMIN_PASS=$($PYTHON -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))")
    ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS}
    DJANGO_SUPERUSER_PASSWORD=$ADMIN_PASSWORD $PYTHON manage.py createsuperuser \
        --no-input \
        --username=${ADMIN_USER:-admin} \
        --email=${ADMIN_EMAIL:-admin@localhost} \
        --database=default || true
    echo "========================================="
    echo "Admin user created with password: $ADMIN_PASSWORD"
    echo "========================================="
 fi
 echo "========================================="
 echo "Migrations completed successfully!"
 echo "========================================="
--- a/static/chapters_editor/chapters-editor.js
+++ b/static/chapters_editor/chapters-editor.js
--- a/static/chapters_editor/chapters-editor.js.map
+++ b/static/chapters_editor/chapters-editor.js.map
		`@@ -1,3 +0,0 @@`
			`# MediaCMS on Docker`

			`See: [Details](../../docs/Docker_deployment.md)`