diff --git a/.env.example b/.env.example
deleted file mode 100644
index 602e1c9..0000000
--- a/.env.example
+++ /dev/null
@@ -1,103 +0,0 @@
-##
-## Quark configuration
-##
-
-# MongoDB
-MONGODB=mongodb://database
-
-# Redis
-REDIS_URI=redis://redis/
-
-# Hostname used for Caddy
-# This should in most cases match REVOLT_APP_URL
-HOSTNAME=http://local.revolt.chat
-
-# URL to where the Revolt app is publicly accessible
-REVOLT_APP_URL=http://local.revolt.chat
-
-# URL to where the API is publicly accessible
-REVOLT_PUBLIC_URL=http://local.revolt.chat/api
-VITE_API_URL=http://local.revolt.chat/api
-
-# URL to where the WebSocket server is publicly accessible
-REVOLT_EXTERNAL_WS_URL=ws://local.revolt.chat/ws
-
-# URL to where Autumn is publicly available
-AUTUMN_PUBLIC_URL=http://local.revolt.chat/autumn
-
-# URL to where January is publicly available
-JANUARY_PUBLIC_URL=http://local.revolt.chat/january
-
-
-##
-## hCaptcha Settings
-##
-
-# If you are sure that you don't want to use hCaptcha, set to 1.
-REVOLT_UNSAFE_NO_CAPTCHA=1
-
-# hCaptcha API key (This is the "Secret key" from your User Settings page)
-# REVOLT_HCAPTCHA_KEY=0x0000000000000000000000000000000000000000
-
-# hCaptcha site key
-# REVOLT_HCAPTCHA_SITEKEY=10000000-ffff-ffff-ffff-000000000001
-
-
-##
-## Email Settings
-##
-
-# If you are sure that you don't want to use email verification, set to 1.
-REVOLT_UNSAFE_NO_EMAIL=1
-
-# SMTP host
-# REVOLT_SMTP_HOST=smtp.example.com
-
-# SMTP username
-# REVOLT_SMTP_USERNAME=noreply@example.com
-
-# SMTP password
-# REVOLT_SMTP_PASSWORD=CHANGEME
-
-# SMTP From header
-# REVOLT_SMTP_FROM=Revolt <noreply@example.com>
-
-
-##
-## Application Settings
-##
-
-# Whether to only allow users to sign up if they have an invite code
-REVOLT_INVITE_ONLY=0
-
-# Maximum number of people that can be in a group chat
-REVOLT_MAX_GROUP_SIZE=150
-
-# VAPID keys for push notifications
-# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid
-# --> Please replace these keys before going into production! <--
-REVOLT_VAPID_PRIVATE_KEY=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
-REVOLT_VAPID_PUBLIC_KEY=BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw=
-
-
-##
-## Autumn configuration
-##
-
-# S3 Region
-AUTUMN_S3_REGION=minio
-
-# S3 Endpoint
-AUTUMN_S3_ENDPOINT=http://minio:9000
-
-# MinIO Root User
-MINIO_ROOT_USER=minioautumn
-
-# MinIO Root Password
-MINIO_ROOT_PASSWORD=minioautumn
-
-# AWS Access Key ID
-AWS_ACCESS_KEY_ID=minioautumn
-
-# AWS Secret Key
-AWS_SECRET_ACCESS_KEY=minioautumn
diff --git a/.gitignore b/.gitignore
index 03fd174..f6a80ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 data*
 
 .env
+.env.web
 Revolt.toml
 
 compose.override.yml
diff --git a/README.md b/README.md
index 9a8d9c5..df526f0 100644
--- a/README.md
+++ b/README.md
@@ -21,23 +21,10 @@ This repository contains configurations and instructions that can be used for de
 > [!NOTE]
 > amd64 builds are only available for `backend` and `bonfire` images currently, more to come.
 
-## Quick Start
+## Quick Start (for advanced users)
 
-This repository provides reasonable defaults, so you can immediately get started with it on your local machine.
-
-> [!WARNING]
-> This is not fit for production usage; see below for the full guide.
-
-```bash
-git clone https://github.com/revoltchat/self-hosted revolt
-cd revolt
-cp .env.example .env
-docker compose up
-```
-
-Now navigate to http://local.revolt.chat in your browser.
-
-## Production Setup
+> [!IMPORTANT]
+> This guide is intended for system administrators that wish to know the bare minimum to deploy, please go to the [Deployment section](#deployment) for detailed instructions!
 
 Prerequisites before continuing:
 
@@ -57,19 +44,122 @@ Copy `.env` and download `Revolt.toml`, then modify them according to your requi
 > The default configurations are intended exclusively for testing and will only work locally. If you wish to deploy to a remote server, you **must** edit the URLs in `.env` and `Revolt.toml`. Please reference the section below on [configuring a custom domain](#custom-domain).
 
 ```bash
-cp .env.example .env
+echo "HOSTNAME=http://local.revolt.chat" > .env.web
 wget -O Revolt.toml https://raw.githubusercontent.com/revoltchat/backend/main/crates/core/config/Revolt.toml
 ```
 
 Then start Revolt:
 
 ```bash
-docker compose up
+docker compose up -d
+```
+
+## Deployment
+
+To get started, find yourself a suitable server to deploy onto, we recommend starting with at least 2 vCPUs and 2 GB of memory.
+
+<!-- TODO: promo -->
+
+<!-- select location -->
+<!-- select ubuntu -->
+
+When asked, choose **Ubuntu Server** as your operating system, this is used by us in production and we recommend its use.
+
+<!-- anti virus upsell -->
+<!-- set secure root password (practice good security >64 chars) (OR disable password login, explained after) & RECOMMEND add ssh key (instructions provided by them) -->
+<!-- confirm everything is correct -->
+<!-- wait for setup! -->
+<!-- 7Aq4qTBMT1Gzt3K4J2oRzhzdqOn2wE5xvcu9ZpvxDeeO3tR32# -->
+
+After install, SSH into the machine:
+
+```bash
+# use the provided IP address to connect:
+ssh root@<ip address>
+# .. if you have a SSH key configured
+ssh root@<ip address> -i path/to/id_rsa
+```
+
+And now we can proceed with some basic configuration and securing the system:
+
+```bash
+# update the system
+apt-get update && apt-get upgrade -y
+
+# configure firewall
+ufw allow ssh
+ufw allow http
+ufw allow https
+ufw default deny
+ufw enable
+
+# if you have configured an SSH key, disable password authentication:
+sudo sed -E -i 's|^#?(PasswordAuthentication)\s.*|\1 no|' /etc/ssh/sshd_config
+if ! grep '^PasswordAuthentication\s' /etc/ssh/sshd_config; then echo 'PasswordAuthentication no' |sudo tee -a /etc/ssh/sshd_config; fi
+
+# reboot to apply changes
+reboot
+```
+
+Your system is now ready to proceed with installation, but before we continue you should configure your domain.
+
+<!-- screenshot -->
+
+Your domain (or a subdomain) should point to the server's IP (A and AAAA records) or CNAME to the hostname provided.
+
+Next, we must install the required dependencies:
+
+```bash
+# ensure Git and Docker are installed
+apt-get update
+apt-get install ca-certificates curl git micro
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+```
+
+Now, we can pull in the configuration for Revolt:
+
+```bash
+git clone https://github.com/revoltchat/self-hosted revolt
+cd revolt
+```
+
+Generate a configuration file by running:
+
+```bash
+./generate_config.sh your.domain
+```
+
+You can find [more options here](https://github.com/revoltchat/backend/blob/df074260196f5ed246e6360d8e81ece84d8d9549/crates/core/config/Revolt.toml), some noteworthy configuration options:
+
+- Email verification
+- Captcha
+- A custom S3 server
+
+If you'd like to edit the configuration, just run:
+
+```bash
+micro Revolt.toml
+```
+
+Finally, we can start up Revolt:
+
+```bash
+docker compose up -d
 ```
 
 ## Updating
 
-Before updating, ensure you consult the notices at the top of this README to check if there are any important changes to be aware of.
+Before updating, ensure you consult the notices at the top of this README to check if there are any important changes to be aware of **as well as** [the notices](#notices).
 
 Pull the latest version of this repository:
 
@@ -77,6 +167,8 @@ Pull the latest version of this repository:
 git pull
 ```
 
+Check if your configuration file is correct by opening [the reference config file](https://github.com/revoltchat/backend/blob/df074260196f5ed246e6360d8e81ece84d8d9549/crates/core/config/Revolt.toml) and your `Revolt.toml` and comparing for changes.
+
 Then pull all the latest images:
 
 ```bash
diff --git a/compose.yml b/compose.yml
index 1149a36..dc61b83 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,3 +1,5 @@
+name: revolt
+
 services:
   # MongoDB database
   database:
@@ -15,7 +17,6 @@ services:
   minio:
     image: minio/minio
     command: server /data
-    env_file: .env
     volumes:
       - ./data/minio:/data
     restart: always
@@ -24,7 +25,7 @@ services:
   caddy:
     image: caddy
     restart: always
-    env_file: .env
+    env_file: .env.web
     ports:
       - "80:80"
       - "443:443"
@@ -35,24 +36,20 @@ services:
 
   # API server (delta)
   api:
-    image: ghcr.io/revoltchat/server:20240929-1
-    env_file: .env
+    image: ghcr.io/revoltchat/server:20241024-1
     depends_on:
       - database
       - redis
-      - caddy
     volumes:
       - ./Revolt.toml:/Revolt.toml
     restart: always
 
   # Events service (quark)
   events:
-    image: ghcr.io/revoltchat/bonfire:20240929-1
-    env_file: .env
+    image: ghcr.io/revoltchat/bonfire:20241024-1
     depends_on:
       - database
       - redis
-      - caddy
     volumes:
       - ./Revolt.toml:/Revolt.toml
     restart: always
@@ -60,28 +57,23 @@ services:
   # Web App (revite)
   web:
     image: ghcr.io/revoltchat/client:master
-    env_file: .env
-    depends_on:
-      - caddy
     restart: always
 
   # File server (autumn)
   autumn:
-    image: ghcr.io/revoltchat/autumn:1.1.11
-    env_file: .env
+    image: ghcr.io/revoltchat/autumn:20241024-1
     depends_on:
       - database
       - createbuckets
-      - caddy
-    environment:
-      - AUTUMN_MONGO_URI=mongodb://database
+    volumes:
+      - ./Revolt.toml:/Revolt.toml
     restart: always
 
   # Metadata and image proxy (january)
   january:
-    image: ghcr.io/revoltchat/january:0.3.5
-    depends_on:
-      - caddy
+    image: ghcr.io/revoltchat/january:20241024-1
+    volumes:
+      - ./Revolt.toml:/Revolt.toml
     restart: always
 
   # Create buckets for minio.
@@ -89,7 +81,9 @@ services:
     image: minio/mc
     depends_on:
       - minio
-    env_file: .env
+    environment:
+      MINIO_ROOT_USER: minioautumn
+      MINIO_ROOT_PASSWORD: minioautumn
     entrypoint: >
       /bin/sh -c "
       /usr/bin/mc config host add minio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD;
diff --git a/generate_config.sh b/generate_config.sh
new file mode 100755
index 0000000..0693782
--- /dev/null
+++ b/generate_config.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+# hostnames
+echo "" >> Revolt.toml
+echo "[hosts]" >> Revolt.toml
+echo "app = \"https://$1\"" >> Revolt.toml
+echo "api = \"https://$1/api\"" >> Revolt.toml
+echo "events = \"wss://$1/ws\"" >> Revolt.toml
+echo "autumn = \"https://$1/autumn\"" >> Revolt.toml
+echo "january = \"https://$1/january\"" >> Revolt.toml
+
+# VAPID keys
+echo "" >> Revolt.toml
+echo "[api.vapid]" >> Revolt.toml
+openssl ecparam -name prime256v1 -genkey -noout -out vapid_private.pem
+echo "private_key = \"$(base64 vapid_private.pem)\"" >> Revolt.toml
+echo "public_key = \"$(openssl ec -in vapid_private.pem -outform DER|tail -c 65|base64|tr '/+' '_-'|tr -d '\n')\"" >> Revolt.toml
+
+# encryption key for files
+echo "" >> Revolt.toml
+echo "[files]" >> Revolt.toml
+echo "encryption_key = \"$(openssl rand -base64 32)\"" >> Revolt.toml